From 70690ee7411cda5be2095f88415f1fa89d36f367 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Wed, 16 Apr 2014 04:32:14 -0700 Subject: [PATCH] pwproj.cgi: instead of resetting the password send an auth code Allowing the project password to be reset by anyone invites abuse. Instead of actually resetting the password to a random value, send an authorization code that allows the password to be changed. Although it's still possible for random individuals to generate these authorization code emails, now all the project admin has to do is ignore them rather than dealing with a changed password. --- cgi/pwproj.cgi | 122 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 98 insertions(+), 24 deletions(-) diff --git a/cgi/pwproj.cgi b/cgi/pwproj.cgi index f0a4f97..36fb6be 100755 --- a/cgi/pwproj.cgi +++ b/cgi/pwproj.cgi @@ -1,5 +1,6 @@ #!/usr/bin/perl # (c) Petr Baudis +# Portions Copyright (c) Kyle J. McKay # GPLv2 use strict; @@ -11,16 +12,14 @@ use Girocco::Config; use Girocco::Project; use Girocco::Util; - -sub genpwd { - # FLUFFY! - substr(crypt(rand, rand), 2); -} - - my $gcgi = Girocco::CGI->new('Forgotten Project Password'); my $cgi = $gcgi->cgi; +unless ($Girocco::Config::project_passwords) { + print "

I don't manage passwords.

"; + exit; +} + my $name = $cgi->param('name'); unless (defined $name) { @@ -46,44 +45,119 @@ $escname =~ s/[+]/%2B/g; my $mail = $proj->{email}; my $y0 = $cgi->param('y0') || ''; -if ($y0 eq 'Reset Password' && $cgi->request_method eq 'POST') { +if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') { # submitted - my $newpwd = genpwd(); + my $auth = $proj->gen_auth('PWD'); - defined(my $MAIL = mailer_pipe '-s', "[$Girocco::Config::name] New password for project $name", $mail) + defined(my $MAIL = mailer_pipe '-s', + "[$Girocco::Config::name] Password change authorization for project $name", $mail) or die "Cannot spawn mailer: $!"; print $MAIL <update_password($newpwd); + print <The project admin should shortly receive an e-mail containing a project +password change authorization code. Please enter this code below to change +the password for project $name on $Girocco::Config::name. The code will +expire in 24 hours or after you have used it to successfully change the +password.

+
+ +

Authorization code:

+

+
+EOT + exit; +} +if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') { + # validation & change + + $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'PWD' or do { + print <There currently isn't any project password change authorization code on file for +project $name. Please generate one.

+EOT + exit; + }; + my $auth = $gcgi->wparam('auth'); + if ($auth ne $proj->{auth}) { + print <Invalid authorization code, please re-enter or +generate a new one.

+
+ +

Authorization code:

+

+
+EOT + exit; + } + if ($y0 eq 'Change password') { + # changing password + my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2')); + $pwd ||= ''; $pwd2 ||= ''; + if ($pwd ne $pwd2) { + $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other."); + } elsif (!$pwd || !$pwd2) { + $gcgi->err("Empty passwords are not permitted."); + } else { + $proj->del_auth; + $proj->update_password($pwd); + print <The project password for project $name has been successfully changed.

+

You may now use the new password to edit the project settings +here.

+

Have a nice day.

+EOT + exit; + } + } + print < + + + + + + +
Project name:$name.git
New admin password (twice):
+
+ +EOT + exit; +} - print "

Project password has been reset. Have a nice day.

\n"; +if ($cgi->request_method eq 'POST') { + print "

Invalid data. Go away, sorcerer.

\n"; exit; } print <You are trying to make me reset password for project $name. I will send the new -password to the project admin <$mail>.

+

You are trying to make me change the password for project $name. I will send +an authorization code to change the password to the project admin <$mail>.

-

+

EOT - -- 2.11.4.GIT