[Bps-public-commit] r10922 - RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler
ruz at bestpractical.com
ruz at bestpractical.com
Fri Feb 22 15:15:09 EST 2008
Author: ruz
Date: Fri Feb 22 15:14:58 2008
New Revision: 10922
Modified:
RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
Log:
* flush the current session if user tries to login using bitcard
* use new generic method to get An::BC object
* check email and username, as we require both
* better error handling
Modified: RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth
==============================================================================
--- RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth (original)
+++ RT-Authen-Bitcard/html/Callbacks/Bitcard/autohandler/Auth Fri Feb 22 15:14:58 2008
@@ -1,19 +1,26 @@
<%INIT>
- die 'No Bitcard auth token provided as $BitcardToken in the RT configuration file on this server.'
- unless $RT::BitcardToken;
-
# if we aren't processing a bc request, there's nothing to do here,
# so bail quickly
return unless exists $ARGS{bc_id};
- use Authen::Bitcard;
- my $bc = Authen::Bitcard->new;
- $bc->token($RT::BitcardToken);
+ # flush the current session if user tries to login using bitcard
+ %session = (_session_id => $session{'_session_id'});
+
+ use RT::Authen::Bitcard;
+ my $bc = RT::Authen::Bitcard->handler;
# We have to use octets as Authen::Bitcard doesn't support perl strings
# to avoid converting back from perl string to octets we use request_args
- my $user = $bc->verify( scalar $m->request_args )
- or $RT::Logger->warning("Bitcard verify() returned null: @{[$bc->errstr]}");
+ my $user = $bc->verify( scalar $m->request_args );
+
+ # bitcard user verify error. abort abort abort!
+ unless ( $user ) {
+ $RT::Logger->warning( "Bitcard verify() returned undef: ". $bc->errstr );
+ my $qs = $m->comp('/Elements/QueryString',
+ Error => $bc->errstr );
+ $m->redirect( $RT::WebPath . '/?' . $qs);
+ $m->abort();
+ }
# upgrade octets returned by An::BC into perl strings
use Encode ();
@@ -25,43 +32,48 @@
### URL from a previous successful Bitcard login.
# if the user isn't logged in and we got credentials from Bitcard, load the user
- if ( (! $session{'CurrentUser'}) && (defined $user->{'email'}) ) {
-
- # set a global user so we know elsewhere we're using Bitcard for auth
- $session{'BitcardUser'} = $user;
-
- # Bitcard has verified that the user has control of this e-mail address,
- # so it's okay to use it to get a valid RT user
-
- # we've got a valid user, so try to load
- $session{'CurrentUser'} = RT::CurrentUser->new();
- $session{'CurrentUser'}->LoadByEmail( $user->{'email'} );
- if ( not $session{'CurrentUser'}->id ) {
- my $UserObj = RT::User->new($RT::SystemUser);
- my ($id, $msg)
- = $UserObj->Create(
- Name => $user->{'username'},
- RealName => $user->{'name'},
- EmailAddress => $user->{'email'},
- Privileged => 1,
- );
- if ( $UserObj->id ) {
- # created the user, now load them as the current user
- $session{'CurrentUser'}->Load($UserObj->id);
- $m->comp('/Elements/Callback', %ARGS, _CallbackName => 'NewUser');
-
- # redirect the user to their preference page to add more info
- $m->redirect($RT::WebPath . '/User/Prefs.html');
- }
- else {
- # we couldn't create the user. abort abort abort!
- delete $session{'CurrentUser'};
- delete $session{'BitcardUser'};
- my $qs = $m->comp('/Elements/QueryString',
- Error => loc("Cannot create user: [_1]", $msg));
- $m->redirect($RT::WebPath . '/?' . $qs);
- $m->abort();
- }
+ unless ( defined $user->{'email'} && defined $user->{'username'} ) {
+ $RT::Logger->error("Bitcard server didn't provided email and user name, but signature is correct");
+ my $qs = $m->comp('/Elements/QueryString',
+ Error => loc("Couldn't login using Bitcard. Contact system administrator") );
+ $m->redirect( $RT::WebPath . '/?' . $qs);
+ $m->abort();
+ }
+
+ # set a global user so we know elsewhere we're using Bitcard for auth
+ $session{'BitcardUser'} = $user;
+
+ # Bitcard has verified that the user has control of this e-mail address,
+ # so it's okay to use it to get a valid RT user
+
+ # we've got a valid user, so try to load
+ $session{'CurrentUser'} = RT::CurrentUser->new();
+ $session{'CurrentUser'}->LoadByEmail( $user->{'email'} );
+ if ( not $session{'CurrentUser'}->id ) {
+ my $UserObj = RT::User->new( $RT::SystemUser );
+ my ($id, $msg) = $UserObj->Create(
+ Name => $user->{'username'},
+ RealName => $user->{'name'},
+ EmailAddress => $user->{'email'},
+ Privileged => 1,
+ );
+ if ( $UserObj->id ) {
+ # created the user, now load them as the current user
+ $session{'CurrentUser'}->Load($UserObj->id);
+ $m->comp('/Elements/Callback', %ARGS, _CallbackName => 'NewUser');
+
+ # redirect the user to their preference page to add more info
+ $m->redirect($RT::WebPath . '/User/Prefs.html');
+ $m->abort();
+ }
+ else {
+ # we couldn't create the user. abort abort abort!
+ delete $session{'CurrentUser'};
+ delete $session{'BitcardUser'};
+ my $qs = $m->comp('/Elements/QueryString',
+ Error => loc("Cannot create user: [_1]", $msg));
+ $m->redirect($RT::WebPath . '/?' . $qs);
+ $m->abort();
}
- }
+ }
</%INIT>
More information about the Bps-public-commit
mailing list