2 use CGI::Fast qw/:cgi/;
3 use Digest::SHA qw/hmac_sha256/;
4 use MIME::Base64 qw/encode_base64url/;
10 open HMAC_KEY, "$ENV{BLERG_HOME}/etc/hmac_key"
11 or die "Could not open $ENV{BLERG_HOME}/etc/hmac_key";
12 read(HMAC_KEY, $hmac_key, 256);
16 print header(-type => 'text/html',
17 -status => '404 Not Found');
20 <h1>404 Not Found</h1>
25 print header(-type => 'text/html',
26 -status => '403 Forbidden');
29 <h1>403 Forbidden</h1>
34 sub generate_reset_url {
35 my ($username, $validity) = @_;
38 my $expiry = time + $validity;
39 my $counter = Blerg::Database::auth_get_counter($username)
41 my $data = "$username:$expiry:$counter";
44 my $hmac = encode_base64url(hmac_sha256($data, $hmac_key));
46 return Blerg::Database::BASEURL . "#/recovery/$data:$hmac";
49 sub validate_reset_data {
53 if ($data =~ /^(.*):([^:]+)$/) {
60 my $computed_hmac = encode_base64url(hmac_sha256($payload, $hmac_key));
61 if ($hmac ne $computed_hmac) {
65 my ($username, $expiry, $counter) = split(':', $payload);
67 || $counter != Blerg::Database::auth_get_counter($username)) {
75 while (my $q = new CGI::Fast) {
76 my (undef, $cmd, $args) = split '/', $ENV{PATH_INFO}, 3;
80 # determine that authentication is valid.
81 my $auth = $q->cookie('auth');
86 my ($username, $token) = split('/', $auth);
87 if (!Blerg::Database::auth_check_token($username, $token)) {
92 my $validity = 365 * 86400; # One year
93 print header(-type => 'text/plain');
94 print generate_reset_url($username, $validity);
97 # check that the user has a validated mail address
98 # generate reset message
102 print header(-type => 'application/json');
104 my $username = validate_reset_data($q->param('data'));
106 if (!defined $username) {
107 say '{"status": "failure"}';
111 my $password = $q->param('password');
112 if (Blerg::Database::auth_set_password($username, $password)) {
113 say '{"status": "success"}';
115 say '{"status": "failure"}';