LoginScreen: im Check auf "schon angemeldet?" Client setzen

[kivitendo-erp.git] / SL / Controller / LoginScreen.pm

package SL::Controller::LoginScreen;

use strict;

use parent qw(SL::Controller::Base);

use List::Util qw(first);

use SL::Dispatcher::AuthHandler::User;
use SL::DB::AuthClient;
use SL::DB::AuthGroup;
use SL::DB::AuthUser;
use SL::DB::Employee;
use SL::Locale::String qw(t8);
use SL::User;

use Rose::Object::MakeMethods::Generic (
  'scalar --get_set_init' => [ qw(clients default_client_id) ],
);

__PACKAGE__->run_before('set_layout');

#
# actions
#

sub action_user_login {
  my ($self) = @_;

  # If the user is already logged in then redirect to the proper menu
  # script.
  return if $self->_redirect_to_main_script_if_already_logged_in;

  # Otherwise show the login form.
  $self->show_login_form(error_state($::form->{error}));
}

sub action_logout {
  my ($self) = @_;

  $::auth->destroy_session;
  $::auth->create_or_refresh_session;
  $self->show_login_form(info => $::locale->text('You are logged out!'));
}

sub action_login {
  my ($self) = @_;

  my $login     = $::form->{'{AUTH}login'}     || $::auth->get_session_value('login');
  my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id');
  my $error     = t8('Incorrect username or password or no access to selected client!');

  if (!$::auth->set_client($client_id)) {
    $::auth->punish_wrong_login;
    return $self->show_login_form(error => $error);
  }

  %::myconfig      = $login ? $::auth->read_user(login => $login) : ();
  $::form->{login} = $login;
  $::locale        = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
  SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode});

  $::request->layout(SL::Layout::Dispatcher->new(style => $::myconfig{menustyle}));

  # if we get an error back, bale out
  my $result = User->new(login => $::myconfig{login})->login($::form);

  # Auth DB needs update? If so log the user out forcefully.
  if (User::LOGIN_AUTH_DBUPDATE_AVAILABLE() == $result) {
    $::auth->destroy_session;
    return $self->render('login_screen/auth_db_needs_update');
  }

  # Basic client tables available? If not tell the user to create them
  # and log the user out forcefully.
  if (User::LOGIN_BASIC_TABLES_MISSING() == $result) {
    $::auth->destroy_session;
    return $self->render('login_screen/basic_tables_missing');
  }

  # Database update available?
  ::end_of_request() if User::LOGIN_DBUPDATE_AVAILABLE() == $result;

  # Other login errors.
  if (User::LOGIN_OK() != $result) {
    $::auth->punish_wrong_login;
    return $self->show_login_form(error => $error);
  }

  # Everything is fine.
  $::auth->set_cookie_environment_variable();

  $self->_redirect_to_main_script;
}

#
# settings
#
sub get_auth_level {
  return 'none';
}

sub keep_auth_vars_in_form {
  return 1;
}

#
# private methods
#

sub _redirect_to_main_script {
  my ($self) = @_;

  $self->_ensure_employees_for_authorized_users_exist;

  return $self->redirect_to($::form->{callback}) if $::form->{callback};

  $self->redirect_to(controller => "login.pl", action => 'company_logo');
}

sub _redirect_to_main_script_if_already_logged_in {
  my ($self) = @_;

  # Get 'login' from valid session.
  my $login = $::auth->get_session_value('login');
  return unless $login;

  # See whether or not the user exists in the database.
  my %user = $::auth->read_user(login => $login);
  return if ($user{login} || '') ne $login;

  # Check if there's a client set in the session -- and whether or not
  # the user still has access to the client.
  my $client_id = $::auth->get_session_value('client_id');
  return if !$client_id;

  if (!$::auth->set_client($client_id)) {
    $::auth->punish_wrong_login;
    $::auth->destroy_session;
    $::auth->create_or_refresh_session;
    $self->show_login_form(error => t8('Incorrect username or password or no access to selected client!'));
    return 1;
  }

  # Check if the session is logged in correctly.
  return if SL::Auth::OK() != $::auth->authenticate($login, undef);

  $::auth->create_or_refresh_session;
  $::auth->delete_session_value('FLASH');

  $self->_redirect_to_main_script(\%user);

  return 1;
}

sub _ensure_employees_for_authorized_users_exist {
  my ($self) = @_;

  my %employees_by_login = map { ($_->login => $_) } @{ SL::DB::Manager::Employee->get_all };

  foreach my $user (@{ SL::DB::AuthClient->new(id => $::auth->client->{id})->load->users || [] }) {
    my $user_config = $user->config_values;
    my $employee    = $employees_by_login{$user->login} || SL::DB::Employee->new(login => $user->login);

    $employee->update_attributes(
      name      => $user_config->{name},
      workphone => $user_config->{tel},
      deleted   => 0,
    );
  }
}

sub error_state {
  my %states = (
    session  => { warning => t8('The session has expired. Please log in again.')                   },
    password => { error   => t8('Incorrect username or password or no access to selected client!') },
  );

  return %{ $states{$_[0]} || {} };
}

sub set_layout {
  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'login');
}

sub init_clients {
  return SL::DB::Manager::AuthClient->get_all_sorted;
}

sub init_default_client_id {
  my ($self)         = @_;
  my $default_client = first { $_->is_default } @{ $self->clients };
  return $default_client ? $default_client->id : undef;
}

sub show_login_form {
  my ($self, %params) = @_;

  $self->render('login_screen/user_login', %params, version => $::form->read_version);
}

1;