diff options
| -rw-r--r-- | src/site.clj | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/src/site.clj b/src/site.clj index c06b194..2915d43 100644 --- a/src/site.clj +++ b/src/site.clj @@ -280,15 +280,31 @@ [request] (contains? (request :session) :nick)) +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Login-token version history +; +; v0: Format: nick%expiry%token-hash +; Date: Mists of dump antiquity +; +; v1: Format: v1%nick%expiry%token-hash +; Date: 2010/04/24 +; Note: Contains same information as v0, but created under the +; wildcard domain (i.e. ".dump.fm") so that logins work +; across all subdomains. + (defn encode-login-token [nick hash expiry] (let [token-hash (sha1-hash hash expiry)] - (str nick "%" expiry "%" token-hash))) + (str "v1%" nick "%" expiry "%" token-hash))) (defn parse-login-token [token] - (let [x (.split token "\\%")] - (if (= (alength x) 3) - (try [(aget x 0) (Long/parseLong (aget x 1)) (aget x 2)] - (catch NumberFormatException _ nil))))) + ; Users can have multiple login-cookies across different domains + ; (i.e. "dump.fm" and ".dump.fm") + (if (not (string? token)) + (some identity (map parse-login-token token)) + (let [x (.split token "\\%")] + (if (and (= (alength x) 4) (= (aget x 0) "v1")) + (try [(aget x 1) (Long/parseLong (aget x 2)) (aget x 3)] + (catch NumberFormatException _ nil)))))) (defn read-login-token [token] (if-let [[nick expiry token-hash] (parse-login-token token)] @@ -328,8 +344,14 @@ (resp-error "BAD_LOGIN")))) (defn logout [session] + (println (clear-login-token *login-token-key*)) [(session-dissoc :nick :user_id :is_admin :avatar) - (clear-login-token *login-token-key*) + (set-cookie :login-token "dummy" + :expires "Thu, 01-Jan-1970 00:00:01 GMT" + :domain ".dump.fm") + (set-cookie :login-token "dummy" + :expires "Thu, 01-Jan-1970 00:00:01 GMT" + :domain "dump.fm") (redirect-to "/")]) ;; Registration |