1 package FS::AuthCookieHandler;
2 use base qw( Apache2::AuthCookie );
5 use Digest::SHA qw( sha1_hex );
6 use FS::UID qw( adminsuidsetup );
8 my $secret = "XXX temporary"; #XXX move to a DB session with random number as key
10 my $module = 'legacy'; #XXX i am set in a conf somehow? or a config file
13 my( $self, $r, $username, $password ) = @_;
15 if ( _is_valid_user($username, $password) ) {
16 warn "authenticated $username from ". $r->connection->remote_ip. "\n";
17 adminsuidsetup($username);
19 $username . '::' . sha1_hex( $username, $secret );
22 warn "failed authentication $username from ". $r->connection->remote_ip. "\n";
29 my( $username, $password ) = @_;
30 my $class = 'FS::Auth::'.$module;
36 $class->authenticate($username, $password);
41 my( $self, $r, $session_key ) = @_;
43 my ($username, $mac) = split /::/, $session_key;
45 if ( sha1_hex( $username, $secret ) eq $mac ) {
46 adminsuidsetup($username);
49 warn "bad session $session_key from ". $r->connection->remote_ip. "\n";