X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FDispatcher%2FAuthHandler%2FUser.pm;h=acdf29c5ca427c44bb89b2943f339e6a0d7181d3;hb=1b032ef45d886922f1fe347ec234c9b0c8c50efd;hp=6dc200bae30f3e2e123d08abaf7b7380fe7f75db;hpb=4a12c839937370488b8b8a40bef376e7cb0a2ce6;p=kivitendo-erp.git

diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm
index 6dc200bae..acdf29c5c 100644
--- a/SL/Dispatcher/AuthHandler/User.pm
+++ b/SL/Dispatcher/AuthHandler/User.pm
@@ -3,37 +3,76 @@ package SL::Dispatcher::AuthHandler::User;
 use strict;
 use parent qw(Rose::Object);
 
-use SL::Controller::Layout;
+use Encode ();
+use MIME::Base64 ();
+
+use SL::Layout::Dispatcher;
 
 sub handle {
   my ($self, %param) = @_;
 
-  my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
-  $self->_error(%param) if !defined $login;
+  my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
+
+  my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');
+
+  return $self->_error(%param) if !defined $login;
+
+  my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
+
+  return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
 
-  %::myconfig = $::auth->read_user(login => $login);
+  %::myconfig = User->get_default_myconfig($::auth->read_user(login => $login));
 
-  $self->_error(%param) unless $::myconfig{login};
+  return $self->_error(%param) unless $::myconfig{login};
 
   $::locale = Locale->new($::myconfig{countrycode});
-  $::request->{layout} = SL::Controller::Layout->new(style => $::myconfig{menustyle});
+  $::request->{layout} = $::request->is_mobile
+    ? SL::Layout::Dispatcher->new(style => 'mobile')
+    : SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
 
-  my $ok   =  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
-  $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
+  my $ok   =  $::auth->is_api_token_cookie_valid;
+  $ok    ||=  $::form->{'{AUTH}login'}                      && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
+  $ok    ||= !$::form->{'{AUTH}login'} &&  $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));
+  $ok    ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
 
-  $self->_error(%param) if !$ok;
+  return $self->_error(%param) if !$ok;
 
   $::auth->create_or_refresh_session;
   $::auth->delete_session_value('FLASH');
+  $::instance_conf->reload->data;
 
-  return %::myconfig;
+  return 1;
 }
 
 sub _error {
-  my $self = shift;
+  my ($self, %param) = @_;
 
   $::auth->punish_wrong_login;
-  print $::request->{cgi}->redirect('controller.pl?action=LoginScreen/user_login&error=password');
+  $::dispatcher->handle_login_error(%param, error => 'password');
+
+  return 0;
+}
+
+sub _parse_http_basic_auth {
+  my ($self) = @_;
+
+  # See RFC 7617.
+
+  # Requires that the server passes the 'Authorization' header as the
+  # environment variable 'HTTP_AUTHORIZATION'. Example code for
+  # Apache:
+
+  # SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+
+  my $data = $ENV{HTTP_AUTHORIZATION};
+
+  return unless ($data // '') =~ m{^basic +(.+)}i;
+
+  $data = Encode::decode('utf-8', MIME::Base64::decode($1));
+
+  return unless $data =~ m{(.+?):(.+)};
+
+  return ($1, $2);
 }
 
 1;