From a7bd24b7b9c55e21ee998a751fd6771b9e71cb46 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 13 May 2015 23:06:52 -0400 Subject: [PATCH] fix up session cookie --- IkiWiki/Plugin/emailauth.pm | 51 ++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm index 3266e21ab..57100a2d7 100644 --- a/IkiWiki/Plugin/emailauth.pm +++ b/IkiWiki/Plugin/emailauth.pm @@ -64,7 +64,7 @@ sub email_auth ($$$$) { }); } - my $token=gentoken($email); + my $token=gentoken($email, $session); my $template=template("emailauth.tmpl"); $template->param( wikiname => $config{wikiname}, @@ -96,19 +96,10 @@ sub cgi ($$) { my $email=$cgi->param('e'); my $v=$cgi->param('v'); if (defined $email && defined $v && length $email && length $v) { - # Need to lock the wiki before getting a session. - IkiWiki::lockwiki(); - IkiWiki::loadindex(); - my $session=IkiWiki::cgi_getsession(); - my $token=gettoken($email); if ($token eq $v) { - print STDERR "SUCCESS $email!!\n"; cleartoken($email); - $session->param(name => $email); - my $nickname=$email; - $nickname=~s/@.*//; - $session->param(nickname => Encode::decode_utf8($nickname)); + my $session=getsession($email); IkiWiki::cgi_postsignin($cgi, $session); } elsif (length $token ne length $cgi->param('v')) { @@ -123,16 +114,22 @@ sub cgi ($$) { # Generates the token that will be used in the authurl to log the user in. # This needs to be hard to guess, and relatively short. Generating a cgi # session id will make it as hard to guess as any cgi session. -sub gentoken ($) { +# +# Store token in userinfo; this allows the user to log in +# using a different browser session, if it takes a while for the +# email to get to them. +# +# The postsignin value from the session is also stored in the userinfo +# to allow resuming in a different browser session. +sub gentoken ($$) { my $email=shift; + my $session=shift; eval q{use CGI::Session}; error($@) if $@; my $token = CGI::Session->new->id; - # Store token in userinfo; this allows the user to log in - # using a different browser session, if it takes a while for the - # email to get to them. IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24)); IkiWiki::userinfo_set($email, "emailauth", $token); + IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : ""); return $token; } @@ -147,6 +144,30 @@ sub gettoken ($) { return $val; } +# Generate a session to use after successful login. +sub getsession ($) { + my $email=shift; + + IkiWiki::lockwiki(); + IkiWiki::loadindex(); + my $session=IkiWiki::cgi_getsession(); + + my $postsignin=IkiWiki::userinfo_get($email, "emailauthpostsignin"); + IkiWiki::userinfo_set($email, "emailauthpostsignin", ""); + if (defined $postsignin && length $postsignin) { + $session->param(postsignin => $postsignin); + } + + $session->param(name => $email); + my $nickname=$email; + $nickname=~s/@.*//; + $session->param(nickname => Encode::decode_utf8($nickname)); + + IkiWiki::cgi_savesession($session); + + return $session; +} + sub cleartoken ($) { my $email=shift; IkiWiki::userinfo_set($email, "emailauthexpire", 0); -- 2.39.5