package SL::Dispatcher::AuthHandler::Admin;
use strict;
-
use parent qw(Rose::Object);
+use SL::Layout::Dispatcher;
+
sub handle {
- %::myconfig = ();
+ my ($self, %params) = @_;
+
+ %::myconfig = User->get_default_myconfig;
+
+ my $ok = $::auth->is_api_token_cookie_valid;
+ $ok ||= $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK());
+ $ok ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+ $ok ||= $params{action} eq 'login';
+
+ $::auth->create_or_refresh_session;
+
+ if ($ok) {
+ $::auth->delete_session_value('FLASH');
+ return 1;
+ }
- return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
+ $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+ $::auth->delete_session_value('admin_password');
+ $::auth->punish_wrong_login;
+ SL::Dispatcher::show_error('admin/adminlogin', 'password');
- $::auth->delete_session_value('rpw');
- SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
+ return 0;
}
1;