From 2d2af4466b914d9e2b7ddf3cd2b50d02504fdc23 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@helsinki.at>
Date: Tue, 28 Jul 2015 14:52:04 +0200
Subject: moved authtoken.json to rh-bin/ and change it to use Json Library for
 correct escaping


diff --git a/README b/README
index 0ec53aa..30c0845 100644
--- a/README
+++ b/README
@@ -30,7 +30,7 @@ LICENSE
 Installation
 ============
 
-# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl librhrd-perl libjs-jquery rivendell-server
+# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl libjson-pp-perl librhrd-perl libjs-jquery rivendell-server
 # sudo a2enmod ssl authnz_ldap perl proxy_wstunnel
 # sudo /etc/init.d/apache2 restart
 
@@ -69,8 +69,7 @@ add the following to the virtualhost config:
 		Require all granted
 	</Location>
 
-	Alias /authtoken.json /var/www/rhwebimport/authtoken.json
-	<Location /authtoken.json>
+	<Location /rh-bin/authtoken.json>
 		SetHandler perl-script
 		PerlResponseHandler ModPerl::Registry
 		PerlOptions +ParseHeaders
diff --git a/authtoken.json b/authtoken.json
deleted file mode 100755
index 12e390f..0000000
--- a/authtoken.json
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/perl
-#
-#  rhwebimport
-#
-#  Copyright (C) 2014-2015 Christian Pointner <equinox@helsinki.at>
-#
-#  This file is part of rhwebimport.
-#
-#  rhwebimport is free software: you can redistribute it and/or modify
-#  it under the terms of the GNU Affero General Public License as published by
-#  the Free Software Foundation, either version 3 of the License, or
-#  any later version.
-#
-#  rhwebimport is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU Affero General Public License for more details.
-#
-#  You should have received a copy of the GNU Affero General Public License
-#  along with rhwebimport. If not, see <http://www.gnu.org/licenses/>.
-#
-
-use strict;
-use RHRD::rddb;
-
-my $status = 'ERROR';
-my $errorstring = 'unknown';
-my $username = '';
-my $token = '';
-if(defined $ENV{REMOTE_USER}) {
-  my $dbh;
-  ($dbh, $status, $errorstring) = RHRD::rddb::opendb();
-  if(defined $dbh) {
-    ($token, $status, $errorstring) = RHRD::rddb::get_token($dbh, $ENV{REMOTE_USER});
-    $token = '' unless($token);
-    $username = $ENV{REMOTE_USER};
-    RHRD::rddb::closedb($dbh);
-  }
-} else {
-  $errorstring = 'no username defined - are you logged in?';
-}
-
-print "Content-type: application/json; charset=UTF-8\n\n";
-
-print "{\n";
-print ' "status": "' . $status . '"'. ",\n";
-print ' "errorstring": "' . $errorstring . '"'. ",\n";
-print ' "username": "' . $username . '"' . ",\n";
-print ' "token": "' . $token . '"' . "\n";
-print "}\n";
diff --git a/rh-bin/authtoken.json b/rh-bin/authtoken.json
new file mode 100755
index 0000000..f746518
--- /dev/null
+++ b/rh-bin/authtoken.json
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+#
+#  rhwebimport
+#
+#  Copyright (C) 2014-2015 Christian Pointner <equinox@helsinki.at>
+#
+#  This file is part of rhwebimport.
+#
+#  rhwebimport is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU Affero General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  any later version.
+#
+#  rhwebimport is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Affero General Public License for more details.
+#
+#  You should have received a copy of the GNU Affero General Public License
+#  along with rhwebimport. If not, see <http://www.gnu.org/licenses/>.
+#
+
+use strict;
+use RHRD::rddb;
+use JSON;
+
+my $status = 'ERROR';
+my $errorstring = 'unknown';
+my $username = '';
+my $token = '';
+if(defined $ENV{REMOTE_USER}) {
+  my $dbh;
+  ($dbh, $status, $errorstring) = RHRD::rddb::opendb();
+  if(defined $dbh) {
+    ($token, $status, $errorstring) = RHRD::rddb::get_token($dbh, $ENV{REMOTE_USER});
+    $token = '' unless($token);
+    $username = $ENV{REMOTE_USER};
+    RHRD::rddb::closedb($dbh);
+  }
+} else {
+  $errorstring = 'no username defined - are you logged in?';
+}
+
+my %answer;
+$answer{'status'} = $status;
+$answer{'errorstring'} = $errorstring;
+$answer{'username'} = $username;
+$answer{'token'} = $token;
+
+print "Content-type: application/json; charset=UTF-8\n\n";
+print encode_json \%answer;
diff --git a/www/js/auth.js b/www/js/auth.js
index 44adc6f..8da85c8 100644
--- a/www/js/auth.js
+++ b/www/js/auth.js
@@ -51,7 +51,7 @@ function auth_loginError(req, status, error) {
 }
 
 function auth_login() {
-  $.ajax("/authtoken.json",
+  $.ajax("/rh-bin/authtoken.json",
           { cache: false,
             username: $("#username").val(),
             password: $("#password").val(),
-- 
cgit v0.10.2