search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
*.cgi: improve "not found that's really wierd" error
[girocco.git] / cgi / pwproj.cgi
blob70eb888fe783e649fc677cd175ea6debb069e10c
1 #!/usr/bin/perl
2 # (c) Petr Baudis <pasky@suse.cz>
3 # Portions Copyright (c) Kyle J. McKay <mackyle@gmail.com>
4 # GPLv2
5
6 use strict;
7 use warnings;
8
9 use lib ".";
10 use Girocco::CGI;
11 use Girocco::Config;
12 use Girocco::Project;
13 use Girocco::Util;
14
15 my $gcgi = Girocco::CGI->new('Forgotten Project Password');
16 my $cgi = $gcgi->cgi;
17
18 unless ($Girocco::Config::project_passwords) {
19 print "<p>I don't manage passwords.</p>";
20 exit;
21 }
22
23 my $name = $cgi->param('name');
24
25 unless (defined $name) {
26 print "<p>I need the project name as an argument.</p>\n";
27 exit;
28 }
29
30 if (!Girocco::Project::does_exist($name,1) && !Girocco::Project::valid_name($name)) {
31 print "<p>Invalid project name. Go away, sorcerer.</p>\n";
32 exit;
33 }
34
35 if (!Girocco::Project::does_exist($name,1)) {
36 print "<p>Sorry but this project does not exist. Now, how did you <em>get</em> here?!</p>\n";
37 exit;
38 }
39
40 my $proj = Girocco::Project->load($name);
41 if (!$proj) {
42 print "<p>not found project $name, that's really weird!</p>\n";
43 exit;
44 }
45 my $escname = $name;
46 $escname =~ s/[+]/%2B/g;
47
48 my $mail = $proj->{email};
49
50 my $y0 = $cgi->param('y0') || '';
51 if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') {
52 # submitted
53
54 my $auth = $proj->gen_auth('PWD');
55
56 defined(my $MAIL = mailer_pipe '-s',
57 "[$Girocco::Config::name] Password change authorization for project $name", $mail)
58 or die "Cannot spawn mailer: $!";
59 print $MAIL <<EOT;
60 Hello,
61
62 Somebody asked for a password change authorization code to be sent for
63 project $name on $Girocco::Config::name. Since you are the project admin,
64 you receive the authorization code. If you don't want to actually change
65 the password for project $name, just ignore this e-mail. Otherwise use
66 this code within 24 hours:
67
68 $auth
69
70 In case you did not request a password change authorization code, we
71 apologize.
72
73 Should you run into any problems, please let us know.
74
75 Have fun!
76 EOT
77 close $MAIL or die "mail $mail for $name died? $!";
78
79 print <<EOT;
80 <p>The project admin should shortly receive an e-mail containing a project
81 password change authorization code. Please enter this code below to change
82 the password for project $name on $Girocco::Config::name. The code will
83 expire in 24 hours or after you have used it to successfully change the
84 password.</p>
85 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
86 <input type="hidden" name="name" value="$name" />
87 <p>Authorization code: <input name="auth" size="50" /></p>
88 <p><input type="submit" name="y0" value="Validate code" /></p>
89 </form>
90 EOT
91 exit;
92 }
93 if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') {
94 # validation & change
95
96 $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'PWD' or do {
97 print <<EOT;
98 <p>There currently isn't any project password change authorization code on file for
99 project $name. Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
100 >generate one</a>.</p>
101 EOT
102 exit;
103 };
104 my $auth = $gcgi->wparam('auth');
105 if ($auth ne $proj->{auth}) {
106 print <<EOT;
107 <p>Invalid authorization code, please re-enter or
108 <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
109 >generate a new one</a>.</p>
110 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
111 <input type="hidden" name="name" value="$name" />
112 <p>Authorization code: <input name="auth" size="50" /></p>
113 <p><input type="submit" name="y0" value="Validate code" /></p>
114 </form>
115 EOT
116 exit;
117 }
118 if ($y0 eq 'Change password') {
119 # changing password
120 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
121 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
122 if ($pwd ne $pwd2) {
123 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
124 } elsif ($pwd eq '') {
125 $gcgi->err("Empty passwords are not permitted.");
126 } else {
127 $proj->del_auth;
128 $proj->update_password($pwd);
129 print <<EOT;
130 <p>The project password for project $name has been successfully changed.</p>
131 <p>You may now use the new password to edit the project settings
132 <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
133 >here</a>.</p>
134 <p>Have a nice day.</p>
135 EOT
136 exit;
137 }
138 }
139 print <<EOT;
140 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
141 <input type="hidden" name="name" value="$name" />
142 <input type="hidden" name="auth" value="$auth" />
143 <table class="form">
144 <tr><td class="formlabel">Project name:</td><td class="formdata">$name.git</td></tr>
145 <tr><td class="formlabel">New admin password (twice):</td><td><input type="password" name="pwd" /><br />
146 <input type="password" name="pwd2" /></td></tr>
147 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Change password" /></td></tr>
148 </table>
149 </form>
150 EOT
151 exit;
152 }
153
154 if ($cgi->request_method eq 'POST') {
155 print "<p>Invalid data. Go away, sorcerer.</p>\n";
156 exit;
157 }
158
159 print <<EOT;
160 <p>You are trying to make me change the password for project $name. I will send
161 an authorization code to change the password to the project admin &lt;$mail&gt;.</p>
162 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
163 <input type="hidden" name="name" value="$name" />
164 <p><input type="submit" name="y0" value="Send authorization code" /></p>
165 </form>
166 EOT
The repo.or.cz duct tape "Girocco"