};
use constant NOT_FOUND => [404, ['X-Forever' => 1, 'Content-Type' => 'text/plain'], ['Not found']];
-use constant FORBIDDEN => [401, ['Content-Type' => 'text/plain', 'WWW-Authenticate' => 'Basic realm="Gruntmaster 6000"'], ['Forbidden']];
sub development() { ($ENV{PLACK_ENV} // 'development') eq 'development' }
sub db { $env->{'gruntmaster.dbic'} }
sub remote_user {
- my $user = $env->{'gruntmaster.user'};
+ my $user = $env->{REMOTE_USER};
$user &&= db->user($user);
$user
}
my ($condition) = @_;
$privacy = 'private' if $condition;
return if !$condition || admin;
- unwind FORBIDDEN, SUB UP
+ unwind $env->{authcomplex}->unauthorized, SUB UP
}
sub dispatch_request{
},
sub (POST) {
- sub (/action/register + %:username=&:password=&:confirm_password=&:name=&:email=&:phone=&:town=&:university=&:country=&:level=) {
- return reply 'Parameter too long' if grep { length > 200 } values %_;
- return reply 'Bad username. Allowed characters are letters, digits and underscores, and the username must be between 2 and 20 characters long.' unless $_{username} =~ USER_REGEX;
- return reply 'Username already in use' if db->user($_{username});
- return reply 'The two passwords do not match' unless $_{password} eq $_{confirm_password};
-
- db->users->create({id => $_{username}, name => $_{name}, email => $_{email}, phone => $_{phone}, town => $_{town}, university => $_{university}, country => $_{country}, level => $_{level}});
- db->user($_{username})->set_passphrase($_{password});
-
- reply 'Registered successfully';
- },
-
- sub (/action/passwd + %:password=&:new_password=&:confirm_new_password=) {
- forbid !remote_user;
- return reply 'Incorrect password' unless remote_user->check_passphrase($_{password});
- return reply 'The two passwords do not match' unless $_{new_password} eq $_{confirm_new_password};
- remote_user->set_passphrase($_{new_password});
- reply 'Password changed successfully';
- },
-
sub (/action/submit + %:problem=&:contest~&:prog_format=&:source_code~ + *prog~) {
my (undef, undef, $prog) = @_;
forbid !remote_user;
[303, [Location => '/log/' . $newjob->id], []]
},
-
- sub (/action/request-reset + %:username=) {
- return reply 'Password resets are disabled' unless $ENV{GRUNTMASTER_RESET_FROM};
- my $user = db->user($_{username});
- return reply 'No such user' unless $user;
- my $token = join ':', $user->make_reset_hmac;
- my $body = <<EOF;
-Someone has requested a password reset for your account.
-
-To reset your password, please submit the reset password form on the
-website using the following information:
-
-Username: $_{username}
-Password: <your new password>
-Reset token: $token
-
-The token is valid for 24 hours.
-EOF
- my $email = Email::Simple->create(
- header => [
- From => $ENV{GRUNTMASTER_RESET_FROM},
- To => $user->email,
- Subject => 'Password reset token',
- ],
- body => $body,
- );
-
- my $ok = 0;
- eval {
- sendmail $email;
- $ok = 1;
- };
- return reply 'Email sent' if $ok;
- reply "Failure sending email: $@";
- },
-
- sub (/action/reset + %:username=&:password=&:token=) {
- my $user = db->user($_{username});
- return reply 'No such user' unless $user;
- my ($token, $exp) = split ':', $_{token};
- return reply 'Reset token is expired' if time >= $exp;
- return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
- $user->set_passphrase($_{password});
- reply 'Password reset successfully';
- },
}
}
projects / gruntmaster-page.git / blobdiff