[ic] Make MV_PASSWORD secure if set on secure page
Jon Jensen
jon at endpoint.com
Thu Jul 12 20:03:42 UTC 2012
Josh,
Unless I'm missing something, we need some documentation for this. You
seem to be introducing a new UserDB option "secure_cookies" but there's no
instruction on how to use it, or that it even exists.
Additions to the xmldocs repo, the catalog.cfg examples, and explanation
in the commit message would all help.
Thanks,
Jon
On Thu, 12 Jul 2012, Josh Lavin wrote:
> https://github.com/jlavin/interchange/commit/0b840ab8913af5aa57ced27ab963a557ddb2f7d6
>
> --- a/lib/Vend/UserDB.pm
> +++ b/lib/Vend/UserDB.pm
> @@ -1572,7 +1572,7 @@ sub login {
> );
> }
>
> - username_cookies($self->{PASSED_USERNAME} ||
> $self->{USERNAME}, $pw)
> + username_cookies($self->{PASSED_USERNAME} ||
> $self->{USERNAME}, $pw, $self->{OPTIONS}{secure_cookies})
> if $Vend::Cfg->{CookieLogin};
>
> if ($self->{LOCATION}{LAST} ne 'none') {
> @@ -1998,7 +1998,7 @@ sub new_account {
> else {
> $self->set_values() unless
> $self->{OPTIONS}{no_set};
> $self->{USERNAME} = $foreign if $foreign;
> - username_cookies($self->{USERNAME}, $pw)
> + username_cookies($self->{USERNAME}, $pw,
> $self->{OPTIONS}{secure_cookies})
> if $Vend::Cfg->{CookieLogin};
>
> $self->log('new account') if $options{'log'};
> @@ -2026,7 +2026,7 @@ sub new_account {
> }
>
> sub username_cookies {
> - my ($user, $pw) = @_;
> + my ($user, $pw, $secure) = @_;
> return unless
> $CGI::values{mv_cookie_password}
> or
> $CGI::values{mv_cookie_username}
> or
> @@ -2034,13 +2034,14 @@ sub username_cookies {
> Vend::Util::read_cookie('MV_USERNAME');
> $::Instance->{Cookies} = [] unless defined
> $::Instance->{Cookies};
> my $exp = time() + $Vend::Cfg->{SaveExpire};
> + $secure ||= $CGI::secure;
> push @{$::Instance->{Cookies}},
> ['MV_USERNAME', $user, $exp];
> return unless
> $CGI::values{mv_cookie_password}
> or
> Vend::Util::read_cookie('MV_PASSWORD');
> push @{$::Instance->{Cookies}},
> - ['MV_PASSWORD', $pw, $exp];
> + ['MV_PASSWORD', $pw, $exp, undef, undef,
> $secure];
> return;
> }
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
+1 507-399-0057
More information about the interchange-users
mailing list