From d9cbb0f0a62bba345ed26ac68364bb441f41d35d Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Fri, 12 May 2006 09:40:56 +0000 Subject: Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN block Patch By Max Kanat-Alexander r=LpSolit, a=myk --- Bugzilla/Auth/Verify/DB.pm | 96 ++++++++++++---------------------------------- 1 file changed, 25 insertions(+), 71 deletions(-) (limited to 'Bugzilla/Auth/Verify/DB.pm') diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 405a737b8..88ad78d54 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -28,97 +28,51 @@ # Erik Stambaugh package Bugzilla::Auth::Verify::DB; - use strict; +use base qw(Bugzilla::Auth::Verify); -use Bugzilla::Config; use Bugzilla::Constants; +use Bugzilla::Token; use Bugzilla::Util; use Bugzilla::User; -my $edit_options = { - 'new' => 1, - 'userid' => 0, - 'login_name' => 1, - 'realname' => 1, -}; +sub check_credentials { + my ($self, $login_data) = @_; + my $dbh = Bugzilla->dbh; -sub can_edit { - my ($class, $type) = @_; - return $edit_options->{$type}; -} + my $username = $login_data->{username}; + my $user_id = login_to_id($username); -sub authenticate { - my ($class, $username, $passwd) = @_; + return { failure => AUTH_NO_SUCH_USER } unless $user_id; - return (AUTH_NODATA) unless defined $username && defined $passwd; + $login_data->{bz_username} = $username; + my $password = $login_data->{password}; - my $userid = Bugzilla::User::login_to_id($username); - return (AUTH_LOGINFAILED) unless $userid; + trick_taint($username); + my ($real_password_crypted) = $dbh->selectrow_array( + "SELECT cryptpassword FROM profiles WHERE userid = ?", + undef, $user_id); - return (AUTH_LOGINFAILED, $userid) - unless $class->check_password($userid, $passwd); + # Using the internal crypted password as the salt, + # crypt the password the user entered. + my $entered_password_crypted = crypt($password, $real_password_crypted); + + return { failure => AUTH_LOGINFAILED } + if $entered_password_crypted ne $real_password_crypted; # The user's credentials are okay, so delete any outstanding # password tokens they may have generated. - require Bugzilla::Token; - Bugzilla::Token::DeletePasswordTokens($userid, "user_logged_in"); - - # Account may have been disabled - my $disabledtext = $class->get_disabled($userid); - return (AUTH_DISABLED, $userid, $disabledtext) - if $disabledtext ne ''; - - return (AUTH_OK, $userid); -} - -sub get_disabled { - my ($class, $userid) = @_; - my $dbh = Bugzilla->dbh; - my $sth = $dbh->prepare_cached("SELECT disabledtext FROM profiles " . - "WHERE userid=?"); - my ($text) = $dbh->selectrow_array($sth, undef, $userid); - return $text; -} - -sub check_password { - my ($class, $userid, $passwd) = @_; - my $dbh = Bugzilla->dbh; - my $sth = $dbh->prepare_cached("SELECT cryptpassword FROM profiles " . - "WHERE userid=?"); - my ($realcryptpwd) = $dbh->selectrow_array($sth, undef, $userid); - - # Get the salt from the user's crypted password. - my $salt = $realcryptpwd; - - # Using the salt, crypt the password the user entered. - my $enteredCryptedPassword = crypt($passwd, $salt); + Bugzilla::Token::DeletePasswordTokens($user_id, "user_logged_in"); - return $enteredCryptedPassword eq $realcryptpwd; + return $login_data; } sub change_password { - my ($class, $userid, $password) = @_; + my ($self, $user, $password) = @_; my $dbh = Bugzilla->dbh; my $cryptpassword = bz_crypt($password); - $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?", - undef, $cryptpassword, $userid); + $dbh->do("UPDATE profiles SET cryptpassword = ? WHERE userid = ?", + undef, $cryptpassword, $user->id); } 1; - -__END__ - -=head1 NAME - -Bugzilla::Auth::Verify::DB - database authentication for Bugzilla - -=head1 SUMMARY - -This is an L for -Bugzilla, which logs the user in using the password stored in the C -table. This is the most commonly used authentication module. - -=head1 SEE ALSO - -L -- cgit v1.2.3-24-g4f1b