git-shell-verify: only check read-only mode for receive-pack
[girocco.git] / cgi / pwproj.cgi
blobf7676eedba68f1beb667c87c24e20773610e03af
1 #!/usr/bin/perl
2 # (c) Petr Baudis <pasky@suse.cz>
3 # Portions Copyright (c) Kyle J. McKay <mackyle@gmail.com>
4 # GPLv2
6 use strict;
7 use warnings;
9 use lib "__BASEDIR__";
10 use Girocco::CGI;
11 use Girocco::Config;
12 use Girocco::Project;
13 use Girocco::Util;
15 my $gcgi = Girocco::CGI->new('Forgotten Project Password');
16 my $cgi = $gcgi->cgi;
18 unless ($Girocco::Config::project_passwords) {
19 print "<p>I don't manage passwords.</p>";
20 exit;
23 my $name = $cgi->param('name');
25 unless (defined $name) {
26 print "<p>I need the project name as an argument.</p>\n";
27 exit;
30 if (!Girocco::Project::does_exist($name,1) && !Girocco::Project::valid_name($name)) {
31 print "<p>Invalid project name. Go away, sorcerer.</p>\n";
32 exit;
35 if (!Girocco::Project::does_exist($name,1)) {
36 print "<p>Sorry but this project does not exist. Now, how did you <em>get</em> here?!</p>\n";
37 exit;
40 if (my $romsg=check_readonly(1)) {
41 print "<p>$romsg</p>\n";
42 exit;
45 my $proj = Girocco::Project->load($name);
46 if (!$proj) {
47 print "<p>not found project $name, that's really weird!</p>\n";
48 exit;
50 my $escname = $name;
51 $escname =~ s/[+]/%2B/g;
53 my $mail = $proj->{email};
55 my $y0 = $cgi->param('y0') || '';
56 if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') {
57 # submitted
59 valid_email($proj->{email}) && !$proj->is_password_locked()
60 or die "Sorry, this project's password cannot be changed.";
62 my $auth = $proj->gen_auth('PWD');
64 defined(my $MAIL = mailer_pipe '-s',
65 "[$Girocco::Config::name] Password change authorization for project $name", $mail)
66 or die "Cannot spawn mailer: $!";
67 print $MAIL <<EOT;
68 Hello,
70 Somebody asked for a password change authorization code to be sent for
71 project $name on $Girocco::Config::name. Since you are the project admin,
72 you receive the authorization code. If you don't want to actually change
73 the password for project $name, just ignore this e-mail. Otherwise use
74 this code within 24 hours:
76 $auth
78 In case you did not request a password change authorization code, we
79 apologize.
81 Should you run into any problems, please let us know.
83 Have fun!
84 EOT
85 close $MAIL or die "mail $mail for $name died? $!";
87 print <<EOT;
88 <p>The project admin should shortly receive an e-mail containing a project
89 password change authorization code. Please enter this code below to change
90 the password for project $name on $Girocco::Config::name. The code will
91 expire in 24 hours or after you have used it to successfully change the
92 password.</p>
93 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
94 <input type="hidden" name="name" value="$name" />
95 <p>Authorization code: <input name="auth" size="50" /></p>
96 <p><input type="submit" name="y0" value="Validate code" /></p>
97 </form>
98 EOT
99 exit;
101 if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') {
102 # validation & change
104 $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'PWD' or do {
105 print <<EOT;
106 <p>There currently isn't any project password change authorization code on file for
107 project $name. Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
108 >generate one</a>.</p>
110 exit;
112 my $auth = $gcgi->wparam('auth');
113 if ($auth ne $proj->{auth}) {
114 print <<EOT;
115 <p>Invalid authorization code, please re-enter or
116 <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
117 >generate a new one</a>.</p>
118 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
119 <input type="hidden" name="name" value="$name" />
120 <p>Authorization code: <input name="auth" size="50" /></p>
121 <p><input type="submit" name="y0" value="Validate code" /></p>
122 </form>
124 exit;
126 if ($y0 eq 'Change password') {
127 # changing password
128 my $pwd = $cgi->param('pwd');
129 my $pwd2 = $cgi->param('pwd2');
130 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
131 if ($pwd ne $pwd2) {
132 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
133 } elsif ($pwd eq '') {
134 $gcgi->err("Empty passwords are not permitted.");
135 } else {
136 $proj->del_auth;
137 $proj->update_password($pwd);
138 print <<EOT;
139 <p>The project password for project $name has been successfully changed.</p>
140 <p>You may now use the new password to edit the project settings
141 <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
142 >here</a>.</p>
143 <p>Have a nice day.</p>
145 exit;
148 print <<EOT;
149 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
150 <input type="hidden" name="name" value="$name" />
151 <input type="hidden" name="auth" value="$auth" />
152 <table class="form">
153 <tr><td class="formlabel">Project name:</td><td class="formdata">$name.git</td></tr>
154 <tr><td class="formlabel">New admin password (twice):</td><td><input type="password" name="pwd" /><br />
155 <input type="password" name="pwd2" /></td></tr>
156 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Change password" /></td></tr>
157 </table>
158 </form>
160 exit;
163 if ($cgi->request_method eq 'POST') {
164 print "<p>Invalid data. Go away, sorcerer.</p>\n";
165 exit;
168 print <<EOT;
169 <p>You are trying to make me change the password for project $name. I will send
170 an authorization code to change the password to the project admin &lt;$mail&gt;.</p>
171 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
172 <input type="hidden" name="name" value="$name" />
173 <p><input type="submit" name="y0" value="Send authorization code" /></p>
174 </form>