Changeset 2365
- Timestamp:
- 05/16/08 19:51:05 (21 months ago)
- Location:
- branches/release-38
- Files:
-
- 6 modified
-
extras/examples/plugins/CommentByGoogleAccount/lib/CommentByGoogleAccount.pm (modified) (2 diffs)
-
lib/MT/App.pm (modified) (6 diffs)
-
lib/MT/App/Comments.pm (modified) (8 diffs)
-
lib/MT/Auth/OpenID.pm (modified) (1 diff)
-
lib/MT/Auth/TypeKey.pm (modified) (5 diffs)
-
lib/MT/Comment.pm (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/release-38/extras/examples/plugins/CommentByGoogleAccount/lib/CommentByGoogleAccount.pm
r2062 r2365 39 39 my $nick_escaped = escape_unicode($nick); 40 40 $nick = encode_text($nick, 'utf-8', undef); 41 $session = $app->make_commenter_session($app->make_magic_token, $email,42 $name, $nick_escaped);43 unless ($session) {44 $app->error($app->errstr() || $app->translate("Couldn't save the session"));45 return 0;46 }47 41 $cmntr = $app->_make_commenter( 48 42 email => $email, … … 52 46 auth_type => $auth_type, 53 47 ); 48 49 $session = $app->make_commenter_session($cmntr); 50 unless ($session) { 51 $app->error($app->errstr() || $app->translate("Couldn't save the session")); 52 return 0; 53 } 54 54 } else { 55 55 # If there's no signature, then we trust the cookie. -
branches/release-38/lib/MT/App.pm
r2322 r2365 12 12 use File::Spec; 13 13 use MT::Request; 14 use MT::Util qw( encode_html offset_time_list decode_html encode_url is_valid_email is_url ); 14 use MT::Util qw( encode_html offset_time_list decode_html encode_url 15 is_valid_email is_url escape_unicode ); 15 16 use MT::I18N qw( encode_text wrap_text ); 16 17 … … 1017 1018 sub make_commenter_session { 1018 1019 my $app = shift; 1019 my ($session_key, $email, $name, $nick, $id, $url, $timeout, $blog_id) = @_; 1020 my ($session_key, $email, $name, $nick, $id, $url) = @_; 1021 my $user; 1022 1023 # support for old signature; new signature is $session_key, $user_obj 1024 if ( ref($session_key) && $session_key->isa('MT::Author') ) { 1025 $user = $session_key; 1026 $session_key = $app->make_magic_token; 1027 $email = $user->email; 1028 $name = $user->name; 1029 $nick = $user->nickname || $app->translate('(Display Name not set)'); 1030 $id = $user->id; 1031 $url = $user->url; 1032 } 1033 # test 1034 $session_key = $app->param('sig') if $user->auth_type eq 'TypeKey'; 1035 1036 require MT::Session; 1037 my $sess_obj = MT::Session->new(); 1038 $sess_obj->id($session_key); 1039 $sess_obj->email($email); 1040 $sess_obj->name($name); 1041 $sess_obj->start(time); 1042 $sess_obj->kind("SI"); 1043 $sess_obj->set('author_id', $user->id) if $user; 1044 $sess_obj->save() 1045 or return $app->error($app->translate("The login could not be confirmed because of a database error ([_1])", $sess_obj->errstr)); 1020 1046 1021 1047 my $enc = $app->charset; … … 1023 1049 my $nick_escaped = MT::Util::escape_unicode( $nick ); 1024 1050 1025 $timeout = '+' . $app->config->CommentSessionTimeout . 's' unless defined $timeout; 1051 my $timeout; 1052 if ( $user->auth_type eq 'MT' ) { 1053 $timeout = '+' . $app->config->UserSessionTimeout . 's'; 1054 } else { 1055 $timeout = '+' . $app->config->CommentSessionTimeout . 's'; 1056 } 1057 1026 1058 my %kookee = (-name => COMMENTER_COOKIE_NAME(), 1027 1059 -value => $session_key, … … 1034 1066 ($timeout ? (-expires => $timeout) : ())); 1035 1067 $app->bake_cookie(%name_kookee); 1036 if (defined $id) { 1037 my $banned = 0; 1038 my $perm = MT::Permission->load({ blog_id => $blog_id, author_id => $id }); 1039 if ($perm) { 1040 if (!$perm->can_administer_blog && $perm->is_restricted('comment')) { 1041 $banned = 1; 1042 } 1043 } 1044 1045 # my %id_kookee = (-name => "commenter_id", 1046 # -value => $id . ':' . $blog_ids, 1047 # -path => '/', 1048 # ($timeout ? (-expires => $timeout) : ())); 1049 # $app->bake_cookie(%id_kookee); 1050 } 1051 # if (defined($url) && $url) { 1052 # my %id_kookee = (-name => "commenter_url", 1053 # -value => $url, 1054 # -path => '/', 1055 # ($timeout ? (-expires => $timeout) : ())); 1056 # $app->bake_cookie(%id_kookee); 1057 # } 1058 1059 require MT::Session; 1060 my $sess_obj = MT::Session->new(); 1061 $sess_obj->id($session_key); 1062 $sess_obj->email($email); 1063 $sess_obj->name($name); 1064 $sess_obj->start(time); 1065 $sess_obj->kind("SI"); 1066 $sess_obj->save() 1067 or return $app->error($app->translate("The login could not be confirmed because of a database error ([_1])", $sess_obj->errstr)); 1068 1068 1069 return $session_key; 1069 1070 } … … 1084 1085 1085 1086 # need to clear commenter_name for writeCommenterGreeting 1086 my $timeout = $app->config->CommentSessionTimeout;1087 1087 my %name_kookee = (-name => 'commenter_name', 1088 1088 -value => '', 1089 1089 -path => '/', 1090 -expires => " +${timeout}s");1090 -expires => "Thu, 01-Jan-70 00:00:01 GMT"); 1091 1091 $app->bake_cookie(%name_kookee); 1092 1093 # my %kookee = (-name => COMMENTER_COOKIE_NAME(), 1094 # -value => '', 1095 # -path => '/', 1096 # -expires => "+${timeout}s"); 1097 # $app->bake_cookie(%kookee); 1098 # my %url_kookee = (-name => 'commenter_url', 1099 # -value => '', 1100 # -path => '/', 1101 # -expires => "+${timeout}s"); 1102 # $app->bake_cookie(%url_kookee); 1103 # my %id_kookee = (-name => 'commenter_id', 1104 # -value => '', 1105 # -path => '/', 1106 # -expires => "+${timeout}s"); 1107 # $app->bake_cookie(%id_kookee); 1092 my %kookee = (-name => COMMENTER_COOKIE_NAME(), 1093 -value => '', 1094 -path => '/', 1095 -expires => "Thu, 01-Jan-70 00:00:01 GMT"); 1096 $app->bake_cookie(%kookee); 1108 1097 } 1109 1098 … … 1449 1438 # Presence of 'password' indicates this is a login request; 1450 1439 # do session/cookie management. 1451 $app->make_commenter_session( 1452 $app->make_magic_token, 1453 $author->email, 1454 $author->name, 1455 ($author->nickname || $app->translate('(Display Name not set)')), 1456 $author->id, 1457 undef, 1458 $ctx->{permanent} ? '+10y' : 0 1459 ); 1440 $app->make_commenter_session($author); 1460 1441 1461 1442 if ($commenter_blog_id) { -
branches/release-38/lib/MT/App/Comments.pm
r2350 r2365 130 130 my $cfg = $app->config; 131 131 require MT::Session; 132 my $sess_obj = MT::Session->load( { id => $session_key } );132 my $sess_obj = MT::Session->load( { id => $session_key, kind => 'SI' } ); 133 133 my $timeout = $cfg->CommentSessionTimeout; 134 my $user; 135 136 if ( $sess_obj 137 && ( $user = MT::Author->load( { name => $sess_obj->name } ) ) ) 138 { 139 return ( $session_key, $user ) if $user->type eq MT::Author::AUTHOR(); 140 } 134 my $user_id = $sess_obj->get('author_id') if $sess_obj; 135 my $user = MT::Author->load( $user_id ) if $user_id; 136 141 137 if ( !$sess_obj 142 138 || ( $sess_obj->start() + $timeout < time ) 139 || ( !$user_id ) 140 || ( !$user ) 143 141 ) 144 142 { 143 $app->log("session is invalid; sess_obj = $sess_obj; key = $session_key; user_id = $user_id; user = $user"); 145 144 $app->_invalidate_commenter_session( \%cookies ); 146 145 return ( undef, undef ); 147 146 } 148 else { 149 # session is valid! 150 return ( $session_key, $user ); 151 } 147 148 # session is valid! 149 return ( $session_key, $user ); 152 150 } 153 151 … … 298 296 MT::Auth->new_login( $app, $commenter ); 299 297 if ( $app->_check_commenter_author( $commenter, $blog_id ) ) { 300 $app->make_commenter_session( $app->make_magic_token, 301 $commenter->email, $commenter->name, 302 ($commenter->nickname || $app->translate('(Display Name not set)')), 303 $commenter->id, undef, $ctx->{permanent} ? '+10y' : 0, $blog_id ); 298 $app->make_commenter_session( $commenter ); 304 299 return $app->redirect_to_target; 305 300 } … … 706 701 return 0; # Put a collar on that puppy. 707 702 } 703 704 return 1 unless $cfg->ShowIPInformation; 705 706 # If IP banning is enabled, check for lots of comments from 707 # the user's IP within the throttle period * 10; if they 708 # exceed 8 comments within that period, ban the IP. 709 708 710 @ts = MT::Util::offset_time_list( time - $throttle_period * 10 - 1, 709 711 $entry->blog_id ); … … 1108 1110 my $session_key = $cookies{$cookie_name}->value() || ""; 1109 1111 $session_key =~ y/+/ /; 1110 my $sessobj = MT::Session->load( $session_key);1112 my $sessobj = MT::Session->load({ id => $session_key, kind => 'SI' }); 1111 1113 return 1112 1114 if … … 1344 1346 ); 1345 1347 foreach (@old_sessions) { 1346 $_->remove() || die "couldn't remove sessions because " . $_->errstr();1348 $_->remove(); 1347 1349 } 1348 1350 } … … 1439 1441 if ( $blog_id && $blog ) { 1440 1442 my ( $session, $commenter ) = $app->_get_commenter_session(); 1443 use Data::Dumper; 1441 1444 if ( $session && $commenter ) { 1442 1445 my $blog_perms = $commenter->blog_perm($blog_id); … … 1445 1448 $banned ||= 1 if $commenter->status == MT::Author::BANNED(); 1446 1449 1447 my $sessobj = MT::Session->load( $session);1450 my $sessobj = MT::Session->load({ id => $session, kind => 'SI' }); 1448 1451 if ($banned) { 1449 1452 $sessobj->remove; 1450 1453 } else { 1451 1454 $sessobj->start( time + 1452 $app->config->CommentSessionTimeout); # extend by timeou 1455 $app->config->CommentSessionTimeout); # extend by timeout 1453 1456 $sessobj->save(); 1454 1457 } … … 1821 1824 } 1822 1825 if ($renew_session) { 1823 $app->make_commenter_session( $app->make_magic_token, $cmntr->email, 1824 $cmntr->name, 1825 ($cmntr->nickname || $app->translate('(Display Name not set)')), 1826 $cmntr->id ); 1826 $app->make_commenter_session( $cmntr ); 1827 1827 } 1828 1828 -
branches/release-38/lib/MT/Auth/OpenID.pm
r2062 r2365 114 114 115 115 # Signature was valid, so create a session, etc. 116 my $enc = $app->{cfg}->PublishCharset || ''; 117 my $nick_escaped = escape_unicode($nick); 118 $nick = encode_text($nick, 'utf-8', undef); 119 $session = $app->make_commenter_session($app->make_magic_token, q(), 120 $name, $nick_escaped, undef, $name); 116 $session = $app->make_commenter_session($cmntr); 121 117 unless ($session) { 122 118 $app->error($app->errstr() || $app->translate("Couldn't save the session")); -
branches/release-38/lib/MT/Auth/TypeKey.pm
r2062 r2365 14 14 my $class = shift; 15 15 my ($app, $auth_type) = @_; 16 my $q = $app-> {query};16 my $q = $app->param; 17 17 18 18 my $sig_str = $q->param('sig'); … … 34 34 my $cmntr; 35 35 my $session; 36 if ($sig_str) { 37 if (!$class->_validate_signature($app, $sig_str, 38 token => $blog->effective_remote_auth_token, 39 email => decode_url($email), 40 name => decode_url($name), 41 nick => decode_url($nick), 42 ts => $ts)) 43 { 44 # Signature didn't match, or timestamp was out of date. 45 # This implies tampering, not a user mistake. 46 $app->error($app->translate("The sign-in validation failed.")); 47 return 0; 48 } 49 50 if ($blog->require_typekey_emails && !is_valid_email($email)) { 51 $q->param('email', ''); # blank out email address since it's invalid 52 $app->error($app->translate("This weblog requires commenters to pass an email address. If you'd like to do so you may log in again, and give the authentication service permission to pass your email address.")); 53 return 0; 54 } 55 56 my $url = $app->{cfg}->IdentityURL; 57 $url .= "/" unless $url =~ m|/$|; 58 $url .= $name; 59 60 # Signature was valid, so create a session, etc. 61 my $enc = $app->{cfg}->PublishCharset || ''; 62 my $nick_escaped = escape_unicode($nick); 63 $nick = encode_text($nick, 'utf-8', undef); 64 $session = $app->make_commenter_session($sig_str, $email, 65 $name, $nick_escaped, undef, $url); 66 unless ($session) { 67 $app->error($app->errstr() || $app->translate("Couldn't save the session")); 68 return 0; 69 } 70 $cmntr = $app->_make_commenter( 71 email => $email, 72 nickname => $nick, 73 name => $name, 74 url => $url, 75 auth_type => $auth_type, 76 ); 77 } else { 78 # If there's no signature, then we trust the cookie. 79 my %cookies = $app->cookies(); 80 my $cookie_name = MT::App::COMMENTER_COOKIE_NAME(); 81 if ($cookies{$cookie_name} 82 && ($session = $cookies{$cookie_name}->value())) 83 { 84 require MT::Session; 85 require MT::Author; 86 my $sess = MT::Session->load({id => $session}) 87 or return 0; 88 $cmntr = MT::Author->load({name => $sess->name, 89 type => MT::Author::COMMENTER(), 90 auth_type => $auth_type}) 91 or return 0; 92 if ($blog->require_typekey_emails 93 && !is_valid_email($cmntr->email)) 94 { 95 $app->error($app->translate("This blog requires commenters to provide an email address")); 96 return 0; 97 } 98 } 36 37 if (!$class->_validate_signature($app, $sig_str, 38 token => $blog->effective_remote_auth_token, 39 email => decode_url($email), 40 name => decode_url($name), 41 nick => decode_url($nick), 42 ts => $ts)) 43 { 44 # Signature didn't match, or timestamp was out of date. 45 # This implies tampering, not a user mistake. 46 $app->error($app->translate("The sign-in validation failed.")); 47 return 0; 48 } 49 50 if ($blog->require_typekey_emails && !is_valid_email($email)) { 51 $q->param('email', ''); # blank out email address since it's invalid 52 $app->error($app->translate("This weblog requires commenters to pass an email address. If you'd like to do so you may log in again, and give the authentication service permission to pass your email address.")); 53 return 0; 54 } 55 56 my $url = $app->config('IdentityURL'); 57 $url .= "/" unless $url =~ m|/$|; 58 $url .= $name; 59 60 # Signature was valid, so create a session, etc. 61 $cmntr = $app->_make_commenter( 62 email => $email, 63 nickname => $nick, 64 name => $name, 65 url => $url, 66 auth_type => $auth_type, 67 ); 68 $session = $app->make_commenter_session($cmntr); 69 unless ($session) { 70 $app->error($app->errstr() || $app->translate("Couldn't save the session")); 71 return 0; 99 72 } 100 73 if ($q->param('sig') && !$cmntr) { … … 112 85 # the DSA sig parameter is composed of the two pieces of the 113 86 # real DSA sig, packed in Base64, separated by a colon. 114 115 # my ($r, $s) = split /:/, decode_url($sig_str);116 87 my ($r, $s) = split /:/, $sig_str; 117 88 $r =~ s/ /+/g; … … 130 101 require MT::Util; import MT::Util ('dsa_verify'); 131 102 my $msg; 132 if ($app-> {cfg}->TypeKeyVersioneq '1.1') {103 if ($app->config('TypeKeyVersion') eq '1.1') { 133 104 $msg = ($params{email} . "::" . $params{name} . "::" . 134 105 $params{nick} . "::" . $params{ts} . "::" . $params{token}); … … 150 121 if ( ! $dsa_key ) { 151 122 # Load the override key 152 $dsa_key = $app-> {cfg}->get('SignOnPublicKey');123 $dsa_key = $app->config->get('SignOnPublicKey'); 153 124 } 154 125 # Load the DSA key from the RegKeyURL 155 my $key_location = $app-> {cfg}->RegKeyURL;126 my $key_location = $app->config('RegKeyURL'); 156 127 if (!$dsa_key && $key_location) { 157 128 my $ua = $app->new_ua; -
branches/release-38/lib/MT/Comment.pm
r2057 r2365 33 33 }, 34 34 indexes => { 35 ip => 1,36 35 created_on => 1, 37 36 entry_visible => { … … 42 41 parent_id => 1, 43 42 last_moved_on => 1, # used for junk expiration 43 # For comment throttle check 44 blog_ip_date => { 45 columns => [ 'blog_id', 'ip', 'created_on' ], 46 }, 44 47 # For URL lookups to aid spam filtering 45 48 blog_url => {
