2 use CGI::Fast qw/:cgi/;
3 use Digest::SHA qw/hmac_sha256_base64/;
9 open HMAC_KEY, "$ENV{BLERG_HOME}/etc/hmac_key"
10 or die "Could not open $ENV{BLERG_HOME}/etc/hmac_key";
11 read(HMAC_KEY, $hmac_key, 256);
15 print header(-type => 'text/html',
16 -status => '404 Not Found');
19 <h1>404 Not Found</h1>
24 print header(-type => 'text/html',
25 -status => '403 Forbidden');
28 <h1>403 Forbidden</h1>
33 sub generate_reset_url {
34 my ($username, $validity) = @_;
37 my $expiry = time + $validity;
38 my $counter = Blerg::Database::auth_get_counter($username)
40 my $data = "$username;$expiry;$counter";
43 my $hmac = hmac_sha256_base64($data, $hmac_key);
45 return Blerg::Database::BASEURL . "#/recovery/$data;$hmac";
48 sub validate_reset_data {
52 if ($data =~ /^(.*);([^;]+)$/) {
59 my $computed_hmac = hmac_sha256_base64($payload, $hmac_key);
60 if ($hmac ne $computed_hmac) {
64 my ($username, $expiry, $counter) = split(';', $payload);
66 || $counter != Blerg::Database::auth_get_counter($username)) {
74 while (my $q = new CGI::Fast) {
75 my (undef, $cmd, $args) = split '/', $ENV{PATH_INFO}, 3;
79 # determine that authentication is valid.
80 my $auth = $q->cookie('auth');
85 my ($username, $token) = split('/', $auth);
86 if (!Blerg::Database::auth_check_token($username, $token)) {
91 my $validity = 365 * 86400; # One year
92 print header(-type => 'text/plain');
93 print generate_reset_url($username, $validity);
96 # check that the user has a validated mail address
97 # generate reset message
101 print header(-type => 'application/json');
103 my $username = validate_reset_data($q->param('data'));
105 if (!defined $username) {
106 say '{"status": "failure"}';
110 my $password = $q->param('password');
111 if (Blerg::Database::auth_set_password($username, $password)) {
112 say '{"status": "success"}';
114 say '{"status": "failure"}';