git-*-verify: sanitize log messages before output
[girocco.git] / cgi / pwproj.cgi
blob72cc5a0ec182f55f2cfe094e80c61b0bcb1e88e1
1 #!/usr/bin/perl
2 # (c) Petr Baudis <pasky@suse.cz>
3 # Portions Copyright (c) Kyle J. McKay <mackyle@gmail.com>
4 # GPLv2
6 use strict;
7 use warnings;
9 use lib "__BASEDIR__";
10 use Girocco::CGI;
11 use Girocco::Config;
12 use Girocco::Project;
13 use Girocco::Util;
15 my $gcgi = Girocco::CGI->new('Forgotten Project Password');
16 my $cgi = $gcgi->cgi;
18 unless ($Girocco::Config::project_passwords) {
19 print "<p>I don't manage passwords.</p>";
20 exit;
23 my $name = $cgi->param('name');
25 unless (defined $name) {
26 print "<p>I need the project name as an argument.</p>\n";
27 exit;
30 if (!Girocco::Project::does_exist($name,1) && !Girocco::Project::valid_name($name)) {
31 print "<p>Invalid project name. Go away, sorcerer.</p>\n";
32 exit;
35 if (!Girocco::Project::does_exist($name,1)) {
36 print "<p>Sorry but this project does not exist. Now, how did you <em>get</em> here?!</p>\n";
37 exit;
40 my $proj = Girocco::Project->load($name);
41 if (!$proj) {
42 print "<p>not found project $name, that's really weird!</p>\n";
43 exit;
45 my $escname = $name;
46 $escname =~ s/[+]/%2B/g;
48 my $mail = $proj->{email};
50 my $y0 = $cgi->param('y0') || '';
51 if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') {
52 # submitted
54 valid_email($proj->{email}) && !$proj->is_password_locked()
55 or die "Sorry, this project's password cannot be changed.";
57 my $auth = $proj->gen_auth('PWD');
59 defined(my $MAIL = mailer_pipe '-s',
60 "[$Girocco::Config::name] Password change authorization for project $name", $mail)
61 or die "Cannot spawn mailer: $!";
62 print $MAIL <<EOT;
63 Hello,
65 Somebody asked for a password change authorization code to be sent for
66 project $name on $Girocco::Config::name. Since you are the project admin,
67 you receive the authorization code. If you don't want to actually change
68 the password for project $name, just ignore this e-mail. Otherwise use
69 this code within 24 hours:
71 $auth
73 In case you did not request a password change authorization code, we
74 apologize.
76 Should you run into any problems, please let us know.
78 Have fun!
79 EOT
80 close $MAIL or die "mail $mail for $name died? $!";
82 print <<EOT;
83 <p>The project admin should shortly receive an e-mail containing a project
84 password change authorization code. Please enter this code below to change
85 the password for project $name on $Girocco::Config::name. The code will
86 expire in 24 hours or after you have used it to successfully change the
87 password.</p>
88 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
89 <input type="hidden" name="name" value="$name" />
90 <p>Authorization code: <input name="auth" size="50" /></p>
91 <p><input type="submit" name="y0" value="Validate code" /></p>
92 </form>
93 EOT
94 exit;
96 if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') {
97 # validation & change
99 $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'PWD' or do {
100 print <<EOT;
101 <p>There currently isn't any project password change authorization code on file for
102 project $name. Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
103 >generate one</a>.</p>
105 exit;
107 my $auth = $gcgi->wparam('auth');
108 if ($auth ne $proj->{auth}) {
109 print <<EOT;
110 <p>Invalid authorization code, please re-enter or
111 <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
112 >generate a new one</a>.</p>
113 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
114 <input type="hidden" name="name" value="$name" />
115 <p>Authorization code: <input name="auth" size="50" /></p>
116 <p><input type="submit" name="y0" value="Validate code" /></p>
117 </form>
119 exit;
121 if ($y0 eq 'Change password') {
122 # changing password
123 my $pwd = $cgi->param('pwd');
124 my $pwd2 = $cgi->param('pwd2');
125 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
126 if ($pwd ne $pwd2) {
127 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
128 } elsif ($pwd eq '') {
129 $gcgi->err("Empty passwords are not permitted.");
130 } else {
131 $proj->del_auth;
132 $proj->update_password($pwd);
133 print <<EOT;
134 <p>The project password for project $name has been successfully changed.</p>
135 <p>You may now use the new password to edit the project settings
136 <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
137 >here</a>.</p>
138 <p>Have a nice day.</p>
140 exit;
143 print <<EOT;
144 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
145 <input type="hidden" name="name" value="$name" />
146 <input type="hidden" name="auth" value="$auth" />
147 <table class="form">
148 <tr><td class="formlabel">Project name:</td><td class="formdata">$name.git</td></tr>
149 <tr><td class="formlabel">New admin password (twice):</td><td><input type="password" name="pwd" /><br />
150 <input type="password" name="pwd2" /></td></tr>
151 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Change password" /></td></tr>
152 </table>
153 </form>
155 exit;
158 if ($cgi->request_method eq 'POST') {
159 print "<p>Invalid data. Go away, sorcerer.</p>\n";
160 exit;
163 print <<EOT;
164 <p>You are trying to make me change the password for project $name. I will send
165 an authorization code to change the password to the project admin &lt;$mail&gt;.</p>
166 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
167 <input type="hidden" name="name" value="$name" />
168 <p><input type="submit" name="y0" value="Send authorization code" /></p>
169 </form>