<%doc>
############################################################################
###    (C)opyright 2003 - 2008 RIPE NCC
###    This file is part of DNSMon
###
###    DNSMon is free software: you can redistribute it and/or modify
###    it under the terms of the GNU General Public License as published by
###    the Free Software Foundation, either version 3 of the License, or
###    (at your option) any later version.
###
###    DNSMon is distributed in the hope that it will be useful,
###    but WITHOUT ANY WARRANTY; without even the implied warranty of
###    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
###    GNU General Public License for more details.
###
###    You should have received a copy of the GNU General Public License
###    along with DNSMon.  If not, see <http://www.gnu.org/licenses/>.
############################################################################
</%doc>
<%init>
# authenticate user, set cookie, bail out

</%init>

<%method login>
	<%args>
	$user
	$password
	$forward_success
	$forward_fail
	</%args>
	<%perl>
	use RIPE::Security;
	use RIPE::Security::CallbackHandler::Passive;
	use RIPE::KEY::Ticket;
	use Apache2::Cookie;
	use URI;

	my $callback = new RIPE::Security::CallbackHandler::Passive(".$user",$password);
	my $subject = new RIPE::Security::Subject;
	my $ctx = new RIPE::Security::LoginContext("dnsmon", $subject, $callback);
	my $uri = new URI($forward_fail);

	# Try to login.
	if(eval{$ctx->login()}) {
		my $principal = $subject->getPrincipals();

		# Just pick the first one
		if(defined($principal) && defined($principal->[0])) {
			my $ticket = new RIPE::KEY::Ticket( subject => $subject, subject_name => $principal->[0]->getName());
			if ($ticket) {
				my $cookie = new Apache2::Cookie($r, -name => RIPE::KEY::CookieName(), RIPE::KEY::CookieParams(),  -value => $ticket->id);
				$ticket->store;
				$cookie->bake($r);
				$uri = new URI($forward_success);
				$uri->host(URI->new($CONFIG{customer_site_url})->host) if exists($CONFIG{customer_site_url});
			}
			$m->comp( '/lib/redirect', host => $uri->host, path => $uri->path, query => {split /[;&=]/, $uri->query});
		}
	} else {
		$m->comp( '/lib/redirect', host => $uri->host, path => $uri->path, query => {split /[;&=]/, $uri->query });
	}
	</%perl>
</%method>
<%method logout>
	<%args>
	$forward_success
	$forward_fail
	</%args>
	<%perl>
	use RIPE::KEY::Ticket;
	use Apache2::Cookie;
	use URI;
	my $uri = new URI($forward_fail);
	if ($TICKET) {
		my $cookie = new Apache2::Cookie($r, -name => RIPE::KEY::CookieName(), RIPE::KEY::CookieParams(),  -expires => "now", -value => $TICKET->id);

		# Remove ticket from database
		if ($TICKET->remove) {
			undef $TICKET;
			$cookie->bake($r);

			# and delete cookie
			$uri = new URI($forward_success);
			$uri->host(URI->new($CONFIG{public_site_url})->host) if exists($CONFIG{public_site_url});
		}
	}
	$m->comp( '/lib/redirect', host => $uri->host, path => $uri->path);
	</%perl>
</%method>

<%method change_password>
	<%args>
	$user		=> undef
	$old_password
	$new1_password
	$new2_password
	$forward_success
	$forward_fail
	</%args>
	<%perl>
	use HTML::Mason::Exceptions;
	use RIPE::Security;
	use RIPE::Security::CallbackHandler::Passive;
	use RIPE::KEY::Ticket;
	use Apache2::Cookie;
	use URI;
	use Log::Log4perl qw(get_logger);
	use Data::Dumper;

	($user) = $TICKET->logname() =~ /^\.(.*)$/;

	my $callback = new RIPE::Security::CallbackHandler::Passive(".$user",$old_password, $new1_password, $new2_password);
	my $subject = new RIPE::Security::Subject;
	my $ctx = new RIPE::Security::LoginContext("dnsmon", $subject, $callback);
	my $uri = new URI($forward_fail);
	my $message = "Password succesfuly changed";

	# Try to login.
	if(eval{$ctx->change_password()}) {
		get_logger()->info("password changed for $user");
		$uri = new URI($forward_success);
	} elsif (isa_mason_exception($@)) {
		$message=$@->as_brief;
		get_logger()->warn("password changed for $user failed: $message");
	}
	$m->comp( '/lib/redirect', host => $uri->host, path => $uri->path, query => { message => $message });
	</%perl>
</%method>
