Merge branch 'no-cleartext-passwords-in-db'

[kivitendo-erp.git] / SL / Dispatcher.pm

diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm
index 47c2e2a..239cdcb 100644 (file)
--- a/SL/Dispatcher.pm
+++ b/SL/Dispatcher.pm
@@ -180,9 +180,9 @@ sub handle_request {
     $::form->{script} = "controller.pl";
   }
 
-  pre_request_checks();
-
   eval {
+    pre_request_checks();
+
     my $session_result = $::auth->restore_session;
     $::auth->create_or_refresh_session;
 
@@ -202,7 +202,7 @@ sub handle_request {
 
       show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password});
 
-      $::auth->set_session_value('login', $::form->{login}, 'password', $::form->{password});
+      $::auth->store_credentials_in_session(login => $::form->{login}, password => $::form->{password});
       $::auth->create_or_refresh_session;
       $::auth->delete_session_value('FLASH');
       delete $::form->{password};
@@ -231,13 +231,14 @@ sub handle_request {
   };
 
   # cleanup
+  $::auth->expire_session_keys->save_session;
+  $::auth->expire_sessions;
+  $::auth->reset;
+
   $::locale   = undef;
   $::form     = undef;
   $::myconfig = ();
   Form::disconnect_standard_dbh;
-  $::auth->expire_session_keys->save_session;
-  $::auth->expire_sessions;
-  $::auth->reset;
 
   $::lxdebug->end_request;
   $::lxdebug->leave_sub;