]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
projects / git.ikiwiki.info.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 95e1e51)
fix up session cookie
authorJoey Hess <joeyh@joeyh.name>
Thu, 14 May 2015 03:06:52 +0000 (23:06 -0400)
committerJoey Hess <joeyh@joeyh.name>
Thu, 14 May 2015 03:06:52 +0000 (23:06 -0400)
IkiWiki/Plugin/emailauth.pm patch | blob | history

diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm
index 3266e21abcabe6ae2bf7c2c7bb40fbfad2a50d82..57100a2d74915c5c6537984b7b45e67e71abac07 100644 (file)
--- a/IkiWiki/Plugin/emailauth.pm
+++ b/IkiWiki/Plugin/emailauth.pm
@@ -64,7 +64,7 @@ sub email_auth ($$$$) {
                });
        }
 
-       my $token=gentoken($email);
+       my $token=gentoken($email, $session);
        my $template=template("emailauth.tmpl");
        $template->param(
                wikiname => $config{wikiname},
@@ -96,19 +96,10 @@ sub cgi ($$) {
        my $email=$cgi->param('e');
        my $v=$cgi->param('v');
        if (defined $email && defined $v && length $email && length $v) {
-               # Need to lock the wiki before getting a session.
-               IkiWiki::lockwiki();
-               IkiWiki::loadindex();
-               my $session=IkiWiki::cgi_getsession();
-
                my $token=gettoken($email);
                if ($token eq $v) {
-                       print STDERR "SUCCESS $email!!\n";
                        cleartoken($email);
-                       $session->param(name => $email);
-                       my $nickname=$email;
-                       $nickname=~s/@.*//;
-                       $session->param(nickname => Encode::decode_utf8($nickname));
+                       my $session=getsession($email);
                        IkiWiki::cgi_postsignin($cgi, $session);
                }
                elsif (length $token ne length $cgi->param('v')) {
@@ -123,16 +114,22 @@ sub cgi ($$) {
 # Generates the token that will be used in the authurl to log the user in.
 # This needs to be hard to guess, and relatively short. Generating a cgi
 # session id will make it as hard to guess as any cgi session.
-sub gentoken ($) {
+#
+# Store token in userinfo; this allows the user to log in
+# using a different browser session, if it takes a while for the
+# email to get to them.
+#
+# The postsignin value from the session is also stored in the userinfo
+# to allow resuming in a different browser session.
+sub gentoken ($$) {
        my $email=shift;
+       my $session=shift;
        eval q{use CGI::Session};
        error($@) if $@;
        my $token = CGI::Session->new->id;
-       # Store token in userinfo; this allows the user to log in
-       # using a different browser session, if it takes a while for the
-       # email to get to them.
        IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
        IkiWiki::userinfo_set($email, "emailauth", $token);
+       IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
        return $token;
 }
 
@@ -147,6 +144,30 @@ sub gettoken ($) {
        return $val;
 }
 
+# Generate a session to use after successful login.
+sub getsession ($) {
+       my $email=shift;
+
+       IkiWiki::lockwiki();
+       IkiWiki::loadindex();
+       my $session=IkiWiki::cgi_getsession();
+
+       my $postsignin=IkiWiki::userinfo_get($email, "emailauthpostsignin");
+       IkiWiki::userinfo_set($email, "emailauthpostsignin", "");
+       if (defined $postsignin && length $postsignin) {
+               $session->param(postsignin => $postsignin);
+       }
+
+       $session->param(name => $email);
+       my $nickname=$email;
+       $nickname=~s/@.*//;
+       $session->param(nickname => Encode::decode_utf8($nickname));
+
+       IkiWiki::cgi_savesession($session);
+
+       return $session;
+}
+
 sub cleartoken ($) {
        my $email=shift;
        IkiWiki::userinfo_set($email, "emailauthexpire", 0);
Unnamed repository; edit this file 'description' to name the repository.