little more secure login ・ 2a7dbe7 ・ Gitprep

- little more secure login;
- Browse files
- Yuki Kimoto commited on 2013-03-16
- 1 parent 1df905f
  
  commit 2a7dbe701beaf58d150c4779b7e69effc99299c5

Showing 4 changed files with 27 additions and 2 deletions

lib/Gitprep.pm

@@ -9,6 +9,7 @@ use DBIx::Custom;
 use Validator::Custom;
 use Encode qw/encode decode/;
 use Mojo::JSON;
+use Gitprep::API;
 
 has 'git';
 has 'dbi';
@@ -167,6 +168,9 @@ EOS
   # Validator
   my $validator = Validator::Custom->new;
   $self->validator($validator);
+  
+  # Helper
+  $self->helper(gitprep_api => sub { Gitprep::API->new(shift) });
 }
 
 1;

+17

lib/Gitprep/API.pm

View

@@ -51,5 +51,22 @@ sub users {
   return $users;
 }
 
+sub logined {
+  my $self = shift;
+  
+  my $c = $self->cntl;
+  
+  my $dbi = $c->app->dbi;
+  
+  my $id = $c->session('user_id');
+  my $password = $c->session('user_password');
+  
+  my $row = $dbi->model('user')->select('config', id => $id)->one;
+  return unless $row;
+  my $config = $self->json($row->{config});
+  
+  return $password eq $config->{password};
+}
+
 1;
 

+2 -2

templates/include/header.html.ep

View

@@ -1,9 +1,9 @@
 <%
-  my $user_id = session('user_id');
+  my $api = gitprep_api;
 %>
 
 <div class="container">
-  % if (defined $user_id) {
+  % if ($api->logined) {
     <div>
       <ul>
         <li><a href="<%= url_for('/') %>">GitPrep</a></li>

templates/main/login.html.ep

View

@@ -13,6 +13,7 @@
   my $dbi = $self->app->dbi;
   
   if ($op eq 'login') {
+    sleep 3;
     $state = 'login';
     
     my $params = {
@@ -55,11 +56,14 @@
     if ($vresult->is_ok) {
       my $valid_params = $vresult->data;
       my $id = $valid_params->{id};
+      my $password = $valid_params->{password};
+      my $password_md5 = md5_sum $password;
       
       my $config_json = $self->app->dbi->model('user')->select('config', id => $id)->value;
       my $config = $api->json($config_json);
       my $admin = $config->{admin};
       session(user_id => $id);
+      session(user_password => $password_md5);
       
       if ($admin) {
         $self->redirect_to('/_admin');

...	...	@@ -9,6 +9,7 @@ use DBIx::Custom;
9	9	use Validator::Custom;
10	10	use Encode qw/encode decode/;
11	11	use Mojo::JSON;
	12	+use Gitprep::API;
12	13
13	14	has 'git';
14	15	has 'dbi';
...	...	@@ -167,6 +168,9 @@ EOS
167	168	# Validator
168	169	my $validator = Validator::Custom->new;
169	170	$self->validator($validator);
	171	+
	172	+ # Helper
	173	+ $self->helper(gitprep_api => sub { Gitprep::API->new(shift) });
170	174	}
171	175
172	176	1;

...	...	@@ -51,5 +51,22 @@ sub users {
51	51	return $users;
52	52	}
53	53
	54	+sub logined {
	55	+ my $self = shift;
	56	+
	57	+ my $c = $self->cntl;
	58	+
	59	+ my $dbi = $c->app->dbi;
	60	+
	61	+ my $id = $c->session('user_id');
	62	+ my $password = $c->session('user_password');
	63	+
	64	+ my $row = $dbi->model('user')->select('config', id => $id)->one;
	65	+ return unless $row;
	66	+ my $config = $self->json($row->{config});
	67	+
	68	+ return $password eq $config->{password};
	69	+}
	70	+
54	71	1;
55	72

...	...	@@ -1,9 +1,9 @@
1	1	<%
2		- my $user_id = session('user_id');
	2	+ my $api = gitprep_api;
3	3	%>
4	4
5	5	<div class="container">
6		- % if (defined $user_id) {
	6	+ % if ($api->logined) {
7	7	<div>
8	8	<ul>
9	9	<li><a href="<%= url_for('/') %>">GitPrep</a></li>

...	...	@@ -13,6 +13,7 @@
13	13	my $dbi = $self->app->dbi;
14	14
15	15	if ($op eq 'login') {
	16	+ sleep 3;
16	17	$state = 'login';
17	18
18	19	my $params = {
...	...	@@ -55,11 +56,14 @@
55	56	if ($vresult->is_ok) {
56	57	my $valid_params = $vresult->data;
57	58	my $id = $valid_params->{id};
	59	+ my $password = $valid_params->{password};
	60	+ my $password_md5 = md5_sum $password;
58	61
59	62	my $config_json = $self->app->dbi->model('user')->select('config', id => $id)->value;
60	63	my $config = $api->json($config_json);
61	64	my $admin = $config->{admin};
62	65	session(user_id => $id);
	66	+ session(user_password => $password_md5);
63	67
64	68	if ($admin) {
65	69	$self->redirect_to('/_admin');