projects
/
blerg.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use more appropriate URL base64 encoding and colon separators
[blerg.git]
/
aux
/
cgi
/
recovery.cgi
diff --git
a/aux/cgi/recovery.cgi
b/aux/cgi/recovery.cgi
index
6d6f3a1
..
186bf2f
100755
(executable)
--- a/
aux/cgi/recovery.cgi
+++ b/
aux/cgi/recovery.cgi
@@
-1,6
+1,7
@@
#!/usr/bin/perl
use CGI::Fast qw/:cgi/;
#!/usr/bin/perl
use CGI::Fast qw/:cgi/;
-use Digest::SHA qw/hmac_sha256_base64/;
+use Digest::SHA qw/hmac_sha256/;
+use MIME::Base64 qw/encode_base64url/;
use Blerg::Database;
use strict;
use v5.10;
use Blerg::Database;
use strict;
use v5.10;
@@
-37,31
+38,31
@@
sub generate_reset_url {
my $expiry = time + $validity;
my $counter = Blerg::Database::auth_get_counter($username)
or return undef;
my $expiry = time + $validity;
my $counter = Blerg::Database::auth_get_counter($username)
or return undef;
- my $data = "$username
;$expiry;
$counter";
+ my $data = "$username
:$expiry:
$counter";
# HMAC-SHA256 it
# HMAC-SHA256 it
- my $hmac =
hmac_sha256_base64($data, $hmac_key
);
+ my $hmac =
encode_base64url(hmac_sha256($data, $hmac_key)
);
- return Blerg::Database::BASEURL . "#/recovery/$data
;
$hmac";
+ return Blerg::Database::BASEURL . "#/recovery/$data
:
$hmac";
}
sub validate_reset_data {
my ($data) = @_;
my ($payload, $hmac);
}
sub validate_reset_data {
my ($data) = @_;
my ($payload, $hmac);
- if ($data =~ /^(.*)
;([^;
]+)$/) {
+ if ($data =~ /^(.*)
:([^:
]+)$/) {
$payload = $1;
$hmac = $2;
} else {
return undef;
}
$payload = $1;
$hmac = $2;
} else {
return undef;
}
- my $computed_hmac =
hmac_sha256_base64($payload, $hmac_key
);
+ my $computed_hmac =
encode_base64url(hmac_sha256($payload, $hmac_key)
);
if ($hmac ne $computed_hmac) {
return undef;
}
if ($hmac ne $computed_hmac) {
return undef;
}
- my ($username, $expiry, $counter) = split('
;
', $payload);
+ my ($username, $expiry, $counter) = split('
:
', $payload);
if (time > $expiry
|| $counter != Blerg::Database::auth_get_counter($username)) {
return undef;
if (time > $expiry
|| $counter != Blerg::Database::auth_get_counter($username)) {
return undef;