X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth.pm;h=784b185b459d3412f62f65461d26484893eec62c;hb=72b340de2352eec7d3f99a00e2141a2df35f07f3;hp=fca3b8b2cf199164bc601ae8de9a80fc0214b3e6;hpb=dd0ba7b9a6f931ce13ced906d9cc6cb3e7c3ea3a;p=kivitendo-erp.git

diff --git a/SL/Auth.pm b/SL/Auth.pm
index fca3b8b2c..784b185b4 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -12,6 +12,7 @@ use SL::Auth::Constants qw(:all);
 use SL::Auth::DB;
 use SL::Auth::LDAP;
 
+use SL::SessionFile;
 use SL::User;
 use SL::DBConnect;
 use SL::DBUpgrade2;
@@ -46,7 +47,9 @@ sub reset {
 }
 
 sub get_user_dbh {
-  my ($self, $login) = @_;
+  my ($self, $login, %params) = @_;
+  my $may_fail = delete $params{may_fail};
+
   my %user = $self->read_user($login);
   my $dbh  = SL::DBConnect->connect(
     $user{dbconnect},
@@ -56,9 +59,13 @@ sub get_user_dbh {
       pg_enable_utf8 => $::locale->is_utf8,
       AutoCommit     => 0
     }
-  ) or $::form->dberror;
+  );
 
-  if ($user{dboptions}) {
+  if (!$may_fail && !$dbh) {
+    $::form->error($::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr);
+  }
+
+  if ($user{dboptions} && $dbh) {
     $dbh->do($user{dboptions}) or $::form->dberror($user{dboptions});
   }
 
@@ -256,7 +263,7 @@ sub create_database {
   my $encoding   = $Common::charset_to_db_encoding{$charset};
   $encoding    ||= 'UNICODE';
 
-  my $dbh        = SL::DBConnect->connect($dsn, $params{superuser}, $params{superuser_password}, { pg_enable_utf8 => $charset =~ m/^utf-?8$/i });
+  my $dbh        = SL::DBConnect->connect($dsn, $params{superuser}, $params{superuser_password}, { pg_enable_utf8 => scalar($charset =~ m/^utf-?8$/i) });
 
   if (!$dbh) {
     $main::form->error($main::locale->text('The connection to the template database failed:') . "\n" . $DBI::errstr);
@@ -430,29 +437,30 @@ sub get_user_id {
 }
 
 sub delete_user {
-  $main::lxdebug->enter_sub();
+  $::lxdebug->enter_sub;
 
   my $self  = shift;
   my $login = shift;
 
-  my $form  = $main::form;
-
-  my $dbh   = $self->dbconnect();
+  my $u_dbh = $self->get_user_dbh($login, may_fail => 1);
+  my $dbh   = $self->dbconnect;
 
   $dbh->begin_work;
 
   my $query = qq|SELECT id FROM auth."user" WHERE login = ?|;
 
-  my ($id)  = selectrow_query($form, $dbh, $query, $login);
+  my ($id)  = selectrow_query($::form, $dbh, $query, $login);
 
-  $dbh->rollback and return $main::lxdebug->leave_sub() if (!$id);
+  $dbh->rollback and return $::lxdebug->leave_sub if (!$id);
 
-  do_query($form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id);
-  do_query($form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id);
+  do_query($::form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id);
+  do_query($::form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id);
+  do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh;
 
-  $dbh->commit();
+  $dbh->commit;
+  $u_dbh->commit if $u_dbh;
 
-  $main::lxdebug->leave_sub();
+  $::lxdebug->leave_sub;
 }
 
 # --------------------------------------
@@ -548,6 +556,8 @@ sub destroy_session {
 
     $dbh->commit();
 
+    SL::SessionFile->destroy_session($session_id);
+
     $session_id      = undef;
     $self->{SESSION} = { };
   }
@@ -560,26 +570,31 @@ sub expire_sessions {
 
   my $self  = shift;
 
+  $main::lxdebug->leave_sub and return if !$self->session_tables_present;
+
   my $dbh   = $self->dbconnect();
 
-  $dbh->begin_work;
+  my $query = qq|SELECT id
+                 FROM auth.session
+                 WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
 
-  my $query =
-    qq|DELETE FROM auth.session_content
-       WHERE session_id IN
-         (SELECT id
-          FROM auth.session
-          WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
+  my @ids   = selectall_array_query($::form, $dbh, $query);
 
-  do_query($main::form, $dbh, $query);
+  if (@ids) {
+    $dbh->begin_work;
 
-  $query =
-    qq|DELETE FROM auth.session
-       WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
+    SL::SessionFile->destroy_session($_) for @ids;
 
-  do_query($main::form, $dbh, $query);
+    $query = qq|DELETE FROM auth.session_content
+                WHERE session_id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
 
-  $dbh->commit();
+    $query = qq|DELETE FROM auth.session
+                WHERE id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+    do_query($main::form, $dbh, $query, @ids);
+
+    $dbh->commit();
+  }
 
   $main::lxdebug->leave_sub();
 }
@@ -608,7 +623,7 @@ sub save_session {
 
   my $dbh          = $provided_dbh || $self->dbconnect(1);
 
-   $::lxdebug->leave_sub && return unless $dbh;
+  $::lxdebug->leave_sub && return unless $dbh && $session_id;
 
   $dbh->begin_work unless $provided_dbh;
 
@@ -694,7 +709,6 @@ sub create_unique_sesion_value {
   $self->{unique_counter}++;
 
   $value  = { expiration => $params{expiration} ? ($now[0] + $params{expiration}) * 1000000 + $now[1] : undef,
-              no_auto    => !$params{auto_restore},
               data       => $value,
             };
 
@@ -773,6 +787,14 @@ sub session_tables_present {
   $main::lxdebug->enter_sub();
 
   my $self = shift;
+
+  # Only re-check for the presence of auth tables if either the check
+  # hasn't been done before of if they weren't present.
+  if ($self->{session_tables_present}) {
+    $main::lxdebug->leave_sub();
+    return $self->{session_tables_present};
+  }
+
   my $dbh  = $self->dbconnect(1);
 
   if (!$dbh) {
@@ -788,9 +810,11 @@ sub session_tables_present {
 
   my ($count) = selectrow_query($main::form, $dbh, $query);
 
+  $self->{session_tables_present} = 2 == $count;
+
   $main::lxdebug->leave_sub();
 
-  return 2 == $count;
+  return $self->{session_tables_present};
 }
 
 # --------------------------------------
@@ -1086,25 +1110,20 @@ sub check_right {
 }
 
 sub assert {
-  $main::lxdebug->enter_sub(2);
-
-  my $self       = shift;
-  my $right      = shift;
-  my $dont_abort = shift;
+  $::lxdebug->enter_sub(2);
+  my ($self, $right, $dont_abort) = @_;
 
-  my $form       = $main::form;
-
-  if ($self->check_right($form->{login}, $right)) {
-    $main::lxdebug->leave_sub(2);
+  if ($self->check_right($::myconfig{login}, $right)) {
+    $::lxdebug->leave_sub(2);
     return 1;
   }
 
   if (!$dont_abort) {
-    delete $form->{title};
-    $form->show_generic_error($main::locale->text("You do not have the permissions to access this function."));
+    delete $::form->{title};
+    $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
   }
 
-  $main::lxdebug->leave_sub(2);
+  $::lxdebug->leave_sub(2);
 
   return 0;
 }
@@ -1116,7 +1135,7 @@ sub load_rights_for_user {
   my $dbh   = $self->dbconnect;
   my ($query, $sth, $row, $rights);
 
-  $rights = { map { $rights->{$_} = 0 } all_rights() };
+  $rights = { map { $_ => 0 } all_rights() };
 
   $query =
     qq|SELECT gr."right", gr.granted
@@ -1176,11 +1195,6 @@ If C<$params{expiration}> is set then it is interpreted as a number of
 seconds after which the value is removed from the session. It will
 never expire if that parameter is falsish.
 
-If C<$params{auto_restore}> is trueish then the value will be copied
-into C<$::form> upon the next request automatically. It defaults to
-C<false> and has therefore different behaviour than
-L</set_session_value>.
-
 Returns the key created in the session.
 
 =item C<expire_session_keys>