Author: Jason A. Donenfeld <Jason@zx2c4.com>
simple-authentication.lua: tie secure cookies to field names
filters/simple-authentication.lua | 34 ++++++++++++++++++++------------
diff --git a/filters/simple-authentication.lua b/filters/simple-authentication.lua index cc86b7e3d76f491e8ea40ac30320c3dc3eca4876..de34d092135d0db24b6a7057c00e3293e9fffe2c 100644 --- a/filters/simple-authentication.lua +++ b/filters/simple-authentication.lua @@ -46,7 +46,7 @@ -- Sets HTTP cookie headers based on post and sets up redirection. function authenticate_post() local password = users[post["username"]] - local redirect = validate_value(post["redirect"]) + local redirect = validate_value("redirect", post["redirect"]) if redirect == nil then not_found() @@ -60,7 +60,7 @@ if password == nil or password ~= post["password"] then set_cookie("cgitauth", "") else -- One week expiration time - local username = secure_value(post["username"], os.time() + 604800) + local username = secure_value("username", post["username"], os.time() + 604800) set_cookie("cgitauth", username) end @@ -77,7 +77,7 @@ -- We return as valid if the repo is not protected. return 1 end - local username = validate_value(get_cookie(http["cookie"], "cgitauth")) + local username = validate_value("username", get_cookie(http["cookie"], "cgitauth")) if username == nil or not accepted_users[username:lower()] then return 0 else @@ -92,7 +92,7 @@ html("