]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/passwordauth.pm
cherry-pick uri security fix
[git.ikiwiki.info.git] / IkiWiki / Plugin / passwordauth.pm
index 3007dd4ffd092f858b9fc0d4599ef4444a31e7c1..af16c27542257de13251adae31acdd6578d31b95 100644 (file)
@@ -4,7 +4,7 @@ package IkiWiki::Plugin::passwordauth;
 
 use warnings;
 use strict;
-use IkiWiki;
+use IkiWiki 2.00;
 
 sub import { #{{{
         hook(type => "formbuilder_setup", id => "passwordauth",
@@ -21,14 +21,26 @@ sub formbuilder_setup (@) { #{{{
        my $cgi=$params{cgi};
 
        if ($form->title eq "signin" || $form->title eq "register") {
-               $form->field(name => "name", required => 0, size => 50);
+               $form->field(name => "name", required => 0);
                $form->field(name => "password", type => "password", required => 0);
                
                if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
                        $form->field(name => "confirm_password", type => "password");
+                       $form->field(name => "account_creation_password", type => "password") if (length $config{account_creation_password});
                        $form->field(name => "email", size => 50);
                        $form->title("register");
                        $form->text("");
+               
+                       $form->field(name => "confirm_password",
+                               validate => sub {
+                                       shift eq $form->field("password");
+                               },
+                       );
+                       $form->field(name => "password",
+                               validate => sub {
+                                       shift eq $form->field("confirm_password");
+                               },
+                       );
                }
 
                if ($form->submitted) {
@@ -46,11 +58,12 @@ sub formbuilder_setup (@) { #{{{
        
                        if ($submittype eq "Create Account") {
                                $form->field(
-                                       name => "confirm_password",
+                                       name => "account_creation_password",
                                        validate => sub {
-                                               shift eq $form->field("password");
+                                               shift eq $config{account_creation_password};
                                        },
-                               );
+                                       required => 1,
+                               ) if (length $config{account_creation_password});
                                $form->field(
                                        name => "email",
                                        validate => "EMAIL",
@@ -101,21 +114,26 @@ sub formbuilder_setup (@) { #{{{
                }
                else {
                        # First time settings.
-                       $form->field(name => "name", comment => gettext("(use FirstnameLastName)"));
+                       $form->field(name => "name");
                        if ($session->param("name")) {
                                $form->field(name => "name", value => $session->param("name"));
                        }
                }
        }
        elsif ($form->title eq "preferences") {
-               $form->field(name => "name", disabled => 1, value =>
-                       $session->param("name"), force => 1);
-               $form->field(name => "password", type => "password");
+               $form->field(name => "name", disabled => 1, 
+                       value => $session->param("name"), force => 1,
+                       fieldset => "login");
+               $form->field(name => "password", type => "password",
+                       fieldset => "login",
+                       validate => sub {
+                               shift eq $form->field("confirm_password");
+                       }),
                $form->field(name => "confirm_password", type => "password",
+                       fieldset => "login",
                        validate => sub {
                                shift eq $form->field("password");
-                       });
-               
+                       }),
        }
 }
 
@@ -187,14 +205,12 @@ sub formbuilder (@) { #{{{
                        my $user_name=$form->field('name');
                        foreach my $field (qw(password)) {
                                if (defined $form->field($field) && length $form->field($field)) {
-                                       userinfo_set($user_name, $field, $form->field($field)) || error("failed to set $field");
+                                       IkiWiki::userinfo_set($user_name, $field, $form->field($field)) ||
+                                               error("failed to set $field");
                                }
                        }
                }
        }
-       
-       IkiWiki::printheader($session);
-       print IkiWiki::misctemplate($form->title, $form->render(submit => $buttons));
 } #}}}
 
 1