projects / kivitendo-erp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Automatische Authentifizierung bestehender Sessions über Session-ID + API-Token
[kivitendo-erp.git] / SL / Dispatcher / AuthHandler / User.pm
1 package SL::Dispatcher::AuthHandler::User;
2
3 use strict;
4 use parent qw(Rose::Object);
5
6 use SL::Layout::Dispatcher;
7
8 sub handle {
9   my ($self, %param) = @_;
10
11   my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
12   return $self->_error(%param) if !defined $login;
13
14   %::myconfig = $::auth->read_user(login => $login);
15
16   return $self->_error(%param) unless $::myconfig{login};
17
18   $::locale = Locale->new($::myconfig{countrycode});
19   $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
20
21   my $ok   =  $::auth->get_api_token_cookie ? 1 : 0;
22   $ok    ||=  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
23   $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
24
25   return $self->_error(%param) if !$ok;
26
27   $::auth->create_or_refresh_session;
28   $::auth->delete_session_value('FLASH');
29
30   return 1;
31 }
32
33 sub _error {
34   my $self = shift;
35
36   $::auth->punish_wrong_login;
37   print $::request->{cgi}->redirect('controller.pl?action=LoginScreen/user_login&error=password');
38   return 0;
39 }
40
41 1;
Unnamed repository; edit this file 'description' to name the repository.