X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FDispatcher%2FAuthHandler%2FAdmin.pm;h=ad7c1f413511eead7ac8366b4652941ce6449b20;hb=a4c3e9de7b3169ac6a0ad270022da9aeed91f9ff;hp=cc13b5d0848c0c09b7de920216d35d6cf4276f61;hpb=0e451e1bd489910141207434861a848ddf4da2ce;p=kivitendo-erp.git

diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm
index cc13b5d08..ad7c1f413 100644
--- a/SL/Dispatcher/AuthHandler/Admin.pm
+++ b/SL/Dispatcher/AuthHandler/Admin.pm
@@ -6,15 +6,26 @@ use parent qw(Rose::Object);
 use SL::Layout::Dispatcher;
 
 sub handle {
+  my ($self, %params) = @_;
+
   %::myconfig = ();
 
-  return 1 if  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
-  return 1 if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  my $ok =  $::auth->get_api_token_cookie ? 1 : 0;
+  $ok  ||=  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
+  $ok  ||= !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  $ok  ||=  $params{action} eq 'login';
 
-  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+  $::auth->create_or_refresh_session;
 
-  $::auth->punish_wrong_login;
+  if ($ok) {
+    $::auth->delete_session_value('FLASH');
+    return 1;
+  }
+
+  $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
+  $::request->layout->no_menu(1);
   $::auth->delete_session_value('admin_password');
+  $::auth->punish_wrong_login;
   SL::Dispatcher::show_error('admin/adminlogin', 'password');
 
   return 0;