Revert "improve csrf backward compatibility"

This commit was added in PMG 5.2 for backwards compatibility and can
now be dropped.

This reverts commit 7aff29f38091462a13431ec80f6cbdd8e93e2c4b.

diff --git a/src/PMG/Ticket.pm b/src/PMG/Ticket.pm
index 294e3d613245ddcd9588ce639659d93271d4c585..344e7849148bb30f3a661859f010cfa723a8b731 100644 (file)
--- a/src/PMG/Ticket.pm
+++ b/src/PMG/Ticket.pm
@@ -132,8 +132,6 @@ PVE::INotify::register_file('auth_pub_key', $authpubkeyfn,
                            $read_rsa_pub_key, undef, undef,
                            noclone => 1);
 
-my $csrf_prevention_secret_legacy;
-
 my $read_csrf_secret = sub {
    my ($filename, $fh) = @_;
 
@@ -141,8 +139,6 @@ my $read_csrf_secret = sub {
 
    my $input = <$fh>;
 
-   $csrf_prevention_secret_legacy = Digest::SHA::sha1_base64($input);
-
    return Digest::SHA::hmac_sha256_base64($input);
 };
 
@@ -155,15 +151,6 @@ sub verify_csrf_prevention_token {
 
     my $secret = PVE::INotify::read_file('csrf_secret');
 
-    # FIXME: remove with PMG 7
-    if ($token =~ m/^([A-Z0-9]{8}):(\S+)$/) {
-        my $sig = $2;
-        if (length($sig) == 27) {
-            # the legacy secret got populated by read_file above
-            $secret = $csrf_prevention_secret_legacy;
-        }
-    }
-
     return PVE::Ticket::verify_csrf_prevention_token(
        $secret, $username, $token, $min_ticket_lifetime,
        $max_ticket_lifetime, $noerr);