2 # (c) Petr Baudis <pasky@suse.cz>
3 # Portions Copyright (c) Kyle J. McKay <mackyle@gmail.com>
15 my $gcgi = Girocco
::CGI
->new('Forgotten Project Password');
18 unless ($Girocco::Config
::project_passwords
) {
19 print "<p>I don't manage passwords.</p>";
23 my $name = $cgi->param('name');
25 unless (defined $name) {
26 print "<p>I need the project name as an argument.</p>\n";
30 if (!Girocco
::Project
::does_exist
($name,1) && !Girocco
::Project
::valid_name
($name)) {
31 print "<p>Invalid project name. Go away, sorcerer.</p>\n";
35 if (!Girocco
::Project
::does_exist
($name,1)) {
36 print "<p>Sorry but this project does not exist. Now, how did you <em>get</em> here?!</p>\n";
40 my $proj = Girocco
::Project
->load($name);
42 print "<p>not found project $name, that's really weird!</p>\n";
46 $escname =~ s/[+]/%2B/g;
48 my $mail = $proj->{email
};
50 my $y0 = $cgi->param('y0') || '';
51 if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') {
54 valid_email
($proj->{email
}) && !$proj->is_password_locked()
55 or die "Sorry, this project's password cannot be changed.";
57 my $auth = $proj->gen_auth('PWD');
59 defined(my $MAIL = mailer_pipe
'-s',
60 "[$Girocco::Config::name] Password change authorization for project $name", $mail)
61 or die "Cannot spawn mailer: $!";
65 Somebody asked for a password change authorization code to be sent for
66 project $name on $Girocco::Config::name. Since you are the project admin,
67 you receive the authorization code. If you don't want to actually change
68 the password for project $name, just ignore this e-mail. Otherwise use
69 this code within 24 hours:
73 In case you did not request a password change authorization code, we
76 Should you run into any problems, please let us know.
80 close $MAIL or die "mail $mail for $name died? $!";
83 <p>The project admin should shortly receive an e-mail containing a project
84 password change authorization code. Please enter this code below to change
85 the password for project $name on $Girocco::Config::name. The code will
86 expire in 24 hours or after you have used it to successfully change the
88 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
89 <input type="hidden" name="name" value="$name" />
90 <p>Authorization code: <input name="auth" size="50" /></p>
91 <p><input type="submit" name="y0" value="Validate code" /></p>
96 if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') {
99 $proj->{auth
} && $proj->{authtype
} && $proj->{authtype
} eq 'PWD' or do {
101 <p>There currently isn't any project password change authorization code on file for
102 project $name. Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
103 >generate one</a>.</p>
107 my $auth = $gcgi->wparam('auth');
108 if ($auth ne $proj->{auth
}) {
110 <p>Invalid authorization code, please re-enter or
111 <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
112 >generate a new one</a>.</p>
113 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
114 <input type="hidden" name="name" value="$name" />
115 <p>Authorization code: <input name="auth" size="50" /></p>
116 <p><input type="submit" name="y0" value="Validate code" /></p>
121 if ($y0 eq 'Change password') {
123 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
124 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
126 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
127 } elsif ($pwd eq '') {
128 $gcgi->err("Empty passwords are not permitted.");
131 $proj->update_password($pwd);
133 <p>The project password for project $name has been successfully changed.</p>
134 <p>You may now use the new password to edit the project settings
135 <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
137 <p>Have a nice day.</p>
143 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
144 <input type="hidden" name="name" value="$name" />
145 <input type="hidden" name="auth" value="$auth" />
147 <tr><td class="formlabel">Project name:</td><td class="formdata">$name.git</td></tr>
148 <tr><td class="formlabel">New admin password (twice):</td><td><input type="password" name="pwd" /><br />
149 <input type="password" name="pwd2" /></td></tr>
150 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Change password" /></td></tr>
157 if ($cgi->request_method eq 'POST') {
158 print "<p>Invalid data. Go away, sorcerer.</p>\n";
163 <p>You are trying to make me change the password for project $name. I will send
164 an authorization code to change the password to the project admin <$mail>.</p>
165 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
166 <input type="hidden" name="name" value="$name" />
167 <p><input type="submit" name="y0" value="Send authorization code" /></p>