X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/1fc3f034191d3eec78b4d5da343e282092a221be..740c909abbe97151f14768de9476505c1f06badd:/IkiWiki/Plugin/passwordauth.pm diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm index 0cf2a26ea..cfa3ad418 100644 --- a/IkiWiki/Plugin/passwordauth.pm +++ b/IkiWiki/Plugin/passwordauth.pm @@ -113,7 +113,7 @@ sub gentoken ($$;$) { eval q{use CGI::Session}; error($@) if $@; - my $token = CGI::Session->new->id; + my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id; if (! $reversable) { setpassword($user, $token, $tokenfield); } @@ -231,7 +231,7 @@ sub formbuilder_setup (@) { $form->field( name => "password", validate => sub { - checkpassword($form->field("name"), shift); + checkpassword(scalar $form->field("name"), shift); }, ); } @@ -251,6 +251,12 @@ sub formbuilder_setup (@) { my $name=shift; length $name && $name=~/$config{wiki_file_regexp}/ && + # don't allow registering + # accounts that look like + # openids, or email + # addresses, even if the + # file regexp allows it + $name!~/[\/:\@]/ && ! IkiWiki::userinfo_get($name, "regdate"); }, ); @@ -277,7 +283,7 @@ sub formbuilder_setup (@) { } elsif ($form->title eq "preferences") { my $user=$session->param("name"); - if (! IkiWiki::openiduser($user)) { + if (! IkiWiki::openiduser($user) && ! IkiWiki::emailuser($user)) { $form->field(name => "name", disabled => 1, value => $user, force => 1, fieldset => "login"); @@ -299,7 +305,7 @@ sub formbuilder_setup (@) { noimageinline => 1)); } else { - $form->text("text(" "edit", page => $userpage). "\">".gettext("Create your user page").""); } @@ -319,16 +325,20 @@ sub formbuilder (@) { if ($form->title eq "signin" || $form->title eq "register") { if (($form->submitted && $form->validate) || $do_register) { + my $user_name = $form->field('name'); + if ($form->submitted eq 'Login') { - $session->param("name", $form->field("name")); + $session->param("name", $user_name); IkiWiki::cgi_postsignin($cgi, $session); } elsif ($form->submitted eq 'Create Account') { - my $user_name=$form->field('name'); + my $email = $form->field('email'); + my $password = $form->field('password'); + if (IkiWiki::userinfo_setall($user_name, { - 'email' => $form->field('email'), + 'email' => $email, 'regdate' => time})) { - setpassword($user_name, $form->field('password')); + setpassword($user_name, $password); $form->field(name => "confirm_password", type => "hidden"); $form->field(name => "email", type => "hidden"); $form->text(gettext("Account creation successful. Now you can Login.")); @@ -338,7 +348,6 @@ sub formbuilder (@) { } } elsif ($form->submitted eq 'Reset Password') { - my $user_name=$form->field("name"); my $email=IkiWiki::userinfo_get($user_name, "email"); if (! length $email) { error(gettext("No email address, so cannot email password reset instructions.")); @@ -349,7 +358,7 @@ sub formbuilder (@) { my $template=template("passwordmail.tmpl"); $template->param( user_name => $user_name, - passwordurl => IkiWiki::cgiurl_abs( + passwordurl => IkiWiki::cgiurl_abs_samescheme( 'do' => "reset", 'name' => $user_name, 'token' => $token, @@ -388,8 +397,9 @@ sub formbuilder (@) { elsif ($form->title eq "preferences") { if ($form->submitted eq "Save Preferences" && $form->validate) { my $user_name=$form->field('name'); - if (defined $form->field("password") && length $form->field("password")) { - setpassword($user_name, $form->field('password')); + my $password=$form->field('password'); + if (defined $password && length $password) { + setpassword($user_name, $password); } } }