From acd44bb7a50c7bc3d0d7ea65e47a89f780a5a41d Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Wed, 16 Apr 2014 02:07:32 -0700 Subject: [PATCH] delproj: update code to handle more than one auth type In preparation for using authorization codes to change a project's password, allow the type of authorization code to be set in the same way that edituser/deluser work. Make delproj.cgi aware of the type of authorization code and require that type ('DEL') to delete a project successfully. --- Girocco/Project.pm | 21 ++++++++++++++------- cgi/delproj.cgi | 4 ++-- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Girocco/Project.pm b/Girocco/Project.pm index 6d732b8..4ed13ef 100644 --- a/Girocco/Project.pm +++ b/Girocco/Project.pm @@ -137,11 +137,14 @@ sub _properties_load { $val = ($val eq 'false') ? 0 : 1; $self->{statusupdates} = $val; delete $self->{auth}; - $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config "gitweb.delauth"`; + $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config "gitweb.repoauth"`; chomp $val; - if ($val =~ /^# DELAUTH ([0-9a-f]+) (\d+)/) { - my $expire = $2; - $self->{auth} = $1 unless (time >= $expire); + if ($val =~ /^# ([A-Z]+)AUTH ([0-9a-f]+) (\d+)/) { + my $expire = $3; + if (time < $expire) { + $self->{authtype} = $1; + $self->{auth} = $2; + } } } @@ -706,14 +709,17 @@ sub set_HEAD { sub gen_auth { my $self = shift; + my ($type) = @_; + $type = 'REPO' unless $type && $type =~ /^[A-Z]+$/; + $self->{authtype} = $type; { no warnings; $self->{auth} = sha1_hex(time . $$ . rand() . join(':',%$self)); } my $expire = time + 24 * 3600; - my $propval = "# DELAUTH $self->{auth} $expire"; - system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'gitweb.delauth', $propval); + my $propval = "# ${type}AUTH $self->{auth} $expire"; + system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', 'gitweb.repoauth', $propval); $self->{auth}; } @@ -721,7 +727,8 @@ sub del_auth { my $self = shift; delete $self->{auth}; - system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', '--unset', 'gitweb.delauth'); + delete $self->{authtype}; + system($Girocco::Config::git_bin, '--git-dir='.$self->{path}, 'config', '--unset', 'gitweb.repoauth'); } sub remove_user { diff --git a/cgi/delproj.cgi b/cgi/delproj.cgi index 4ff9129..3ecc6d0 100755 --- a/cgi/delproj.cgi +++ b/cgi/delproj.cgi @@ -52,7 +52,7 @@ if ($y0 && $cgi->request_method eq 'POST' && $proj->authenticate($gcgi)) { exit; } - my $auth = $proj->gen_auth; + my $auth = $proj->gen_auth('DEL'); # Send auth mail defined(my $MAIL = mailer_pipe '-s', "[$Girocco::Config::name] Project removal authorization", $proj->{email}) or @@ -95,7 +95,7 @@ EOT exit; } if (!$proj->{mirror} && !$isempty) { - $proj->{auth} or do { + $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'DEL' or do { print <There currently isn't any project removal authorization code on file for project $name. Please