cgi/pwproj.cgi

   1 #!/usr/bin/perl
   2 # (c) Petr Baudis <pasky@suse.cz>
   3 # Portions Copyright (c) Kyle J. McKay <mackyle@gmail.com>
   4 # GPLv2
   5
   6 use strict;
   7 use warnings;
   8
   9 use lib "__BASEDIR__";
  10 use Girocco::CGI;
  11 use Girocco::Config;
  12 use Girocco::Project;
  13 use Girocco::Util;
  14
  15 my $gcgi = Girocco::CGI->new('Forgotten Project Password');
  16 my $cgi = $gcgi->cgi;
  17
  18 unless ($Girocco::Config::project_passwords) {
  19         print "<p>I don't manage passwords.</p>";
  20         exit;
  21 }
  22
  23 my $name = $cgi->param('name');
  24
  25 unless (defined $name) {
  26         print "<p>I need the project name as an argument.</p>\n";
  27         exit;
  28 }
  29
  30 if (!Girocco::Project::does_exist($name,1) && !Girocco::Project::valid_name($name)) {
  31         print "<p>Invalid project name. Go away, sorcerer.</p>\n";
  32         exit;
  33 }
  34
  35 if (!Girocco::Project::does_exist($name,1)) {
  36         print "<p>Sorry but this project does not exist. Now, how did you <em>get</em> here?!</p>\n";
  37         exit;
  38 }
  39
  40 if (my $romsg=check_readonly(1)) {
  41         print "<p>$romsg</p>\n";
  42         exit;
  43 }
  44
  45 my $proj = Girocco::Project->load($name);
  46 if (!$proj) {
  47         print "<p>not found project $name, that's really weird!</p>\n";
  48         exit;
  49 }
  50 my $escname = $name;
  51 $escname =~ s/[+]/%2B/g;
  52
  53 my $mail = $proj->{email};
  54
  55 my $y0 = $cgi->param('y0') || '';
  56 if ($y0 eq 'Send authorization code' && $cgi->request_method eq 'POST') {
  57         # submitted
  58
  59         valid_email($proj->{email}) && !$proj->is_password_locked()
  60                 or die "Sorry, this project's password cannot be changed.";
  61
  62         my $auth = $proj->gen_auth('PWD');
  63
  64         defined(my $MAIL = mailer_pipe '-s',
  65                 "[$Girocco::Config::name] Password change authorization for project $name", $mail)
  66                 or die "Cannot spawn mailer: $!";
  67         print $MAIL <<EOT;
  68 Hello,
  69
  70 Somebody asked for a password change authorization code to be sent for
  71 project $name on $Girocco::Config::name.  Since you are the project admin,
  72 you receive the authorization code.  If you don't want to actually change
  73 the password for project $name, just ignore this e-mail.  Otherwise use
  74 this code within 24 hours:
  75
  76         $auth
  77
  78 In case you did not request a password change authorization code, we
  79 apologize.
  80
  81 Should you run into any problems, please let us know.
  82
  83 Have fun!
  84 EOT
  85         close $MAIL or die "mail $mail for $name died? $!";
  86
  87         print <<EOT;
  88 <p>The project admin should shortly receive an e-mail containing a project
  89 password change authorization code.  Please enter this code below to change
  90 the password for project $name on $Girocco::Config::name.  The code will
  91 expire in 24 hours or after you have used it to successfully change the
  92 password.</p>
  93 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
  94 <input type="hidden" name="name" value="$name" />
  95 <p>Authorization code: <input name="auth" size="50" /></p>
  96 <p><input type="submit" name="y0" value="Validate code" /></p>
  97 </form>
  98 EOT
  99         exit;
 100 }
 101 if (($y0 eq 'Validate code' || $y0 eq 'Change password') && $cgi->request_method eq 'POST') {
 102         # validation & change
 103
 104         $proj->{auth} && $proj->{authtype} && $proj->{authtype} eq 'PWD' or do {
 105                 print <<EOT;
 106 <p>There currently isn't any project password change authorization code on file for
 107 project $name.  Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
 108 >generate one</a>.</p>
 109 EOT
 110                 exit;
 111         };
 112         my $auth = $gcgi->wparam('auth');
 113         if ($auth ne $proj->{auth}) {
 114                 print <<EOT;
 115 <p>Invalid authorization code, please re-enter or
 116 <a href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
 117 >generate a new one</a>.</p>
 118 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
 119 <input type="hidden" name="name" value="$name" />
 120 <p>Authorization code: <input name="auth" size="50" /></p>
 121 <p><input type="submit" name="y0" value="Validate code" /></p>
 122 </form>
 123 EOT
 124                 exit;
 125         }
 126         if ($y0 eq 'Change password') {
 127                 # changing password
 128                 my $pwd = $cgi->param('pwd');
 129                 my $pwd2 = $cgi->param('pwd2');
 130                 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
 131                 if ($pwd ne $pwd2) {
 132                         $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
 133                 } elsif ($pwd eq '') {
 134                         $gcgi->err("Empty passwords are not permitted.");
 135                 } else {
 136                         $proj->del_auth;
 137                         $proj->update_password($pwd);
 138                         print <<EOT;
 139 <p>The project password for project $name has been successfully changed.</p>
 140 <p>You may now use the new password to edit the project settings
 141 <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
 142 >here</a>.</p>
 143 <p>Have a nice day.</p>
 144 EOT
 145                         exit;
 146                 }
 147         }
 148         print <<EOT;
 149 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
 150 <input type="hidden" name="name" value="$name" />
 151 <input type="hidden" name="auth" value="$auth" />
 152 <table class="form">
 153 <tr><td class="formlabel">Project name:</td><td class="formdata">$name.git</td></tr>
 154 <tr><td class="formlabel">New admin password (twice):</td><td><input type="password" name="pwd" /><br />
 155 <input type="password" name="pwd2" /></td></tr>
 156 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Change password" /></td></tr>
 157 </table>
 158 </form>
 159 EOT
 160         exit;
 161 }
 162
 163 if ($cgi->request_method eq 'POST') {
 164         print "<p>Invalid data. Go away, sorcerer.</p>\n";
 165         exit;
 166 }
 167
 168 print <<EOT;
 169 <p>You are trying to make me change the password for project $name.  I will send
 170 an authorization code to change the password to the project admin &lt;$mail&gt;.</p>
 171 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi">
 172 <input type="hidden" name="name" value="$name" />
 173 <p><input type="submit" name="y0" value="Send authorization code" /></p>
 174 </form>
 175 EOT