Merge branch 'master' of github.com:kivitendo/kivitendo-erp
[kivitendo-erp.git] / SL / Dispatcher / AuthHandler / Admin.pm
index 2e41ee9..06fd3cf 100644 (file)
@@ -6,16 +6,28 @@ use parent qw(Rose::Object);
 use SL::Layout::Dispatcher;
 
 sub handle {
-  %::myconfig = ();
+  my ($self, %params) = @_;
 
-  return if  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
-  return if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  %::myconfig = User->get_default_myconfig;
 
-  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+  my $ok =  $::auth->is_api_token_cookie_valid;
+  $ok  ||=  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
+  $ok  ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  $ok  ||=  $params{action} eq 'login';
 
-  $::auth->punish_wrong_login;
+  $::auth->create_or_refresh_session;
+
+  if ($ok) {
+    $::auth->delete_session_value('FLASH');
+    return 1;
+  }
+
+  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
   $::auth->delete_session_value('admin_password');
+  $::auth->punish_wrong_login;
   SL::Dispatcher::show_error('admin/adminlogin', 'password');
+
+  return 0;
 }
 
 1;