Formularfelder und Session-Keys für Logins umbenannt
authorMoritz Bunkus <m.bunkus@linet-services.de>
Fri, 17 Aug 2012 11:16:45 +0000 (13:16 +0200)
committerMoritz Bunkus <m.bunkus@linet-services.de>
Fri, 17 Aug 2012 11:16:45 +0000 (13:16 +0200)
Ziel: Ermöglichen, dass Login & Passwort auch wieder per
Formularfelder mit jedem Request übertragen werden, aber nicht mehr so
offensichtlich im "Formularfeldernamensraum" rumgeistern -- sondern
leicht aussortierbar sind. Die Formularfelder, die mit "{AUTH}"
starten, werden vom Dispatcher nach erfolgter Loginüberprüfung
automatisch entfernt, bevor die Kontrolle an die Controller/Actions
übergeben wird (unabhängig vom Routingtyp).

Vorher waren Formularfelder sowie die Session-Keys für User-Logins
"login" und "password", für Admin-Login "rpw".

Jetzt:
- Formularfelder: für User-Logins "{AUTH}login" und "{AUTH}password",
  für Admin-Login "{AUTH}admin_password".
- Session-Keys: jeweils ohne "{AUTH}", sprich für User-Logins
  weiterhin "login" und "password", für Admin-Login neu
  "admin_password".

SL/Dispatcher.pm
SL/Dispatcher/AuthHandler/Admin.pm
bin/mozilla/admin.pl
bin/mozilla/login.pl
scripts/csv-import-from-shell.sh
templates/webpages/admin/adminlogin.html
templates/webpages/admin/list_users.html
templates/webpages/login/login_screen.html

index 8301e56..747da04 100644 (file)
@@ -214,6 +214,8 @@ sub handle_request {
         action       => $action,
       );
 
+      delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } };
+
       if ($action) {
         $::instance_conf->init if $auth_level eq 'user';
 
index 5a92015..7b194ff 100644 (file)
@@ -7,9 +7,9 @@ use parent qw(Rose::Object);
 sub handle {
   %::myconfig = ();
 
-  return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK();
+  return if $::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK();
 
-  $::auth->delete_session_value('rpw');
+  $::auth->delete_session_value('admin_password');
   SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1);
 }
 
index 23fe978..42971fa 100755 (executable)
@@ -95,13 +95,13 @@ sub run {
   $form->{favicon}    = "favicon.ico";
 
   if ($form->{action}) {
-    if ($auth->authenticate_root($form->{rpw}) != $auth->OK()) {
+    if ($auth->authenticate_root($form->{'{AUTH}admin_password'}) != $auth->OK()) {
       $form->{error_message} = $locale->text('Incorrect Password!');
-      $auth->delete_session_value('rpw');
+      $auth->delete_session_value('admin_password');
       adminlogin();
     } else {
       if ($auth->session_tables_present()) {
-        delete $::form->{rpw};
+        delete $::form->{'{AUTH}admin_password'};
         _apply_dbupgrade_scripts();
       }
 
@@ -194,7 +194,7 @@ sub create_auth_tables {
   my $locale = $main::locale;
 
   $main::auth->create_tables();
-  $main::auth->set_session_value('rpw', $form->{rpw});
+  $main::auth->set_session_value('admin_password', $form->{'{AUTH}admin_password'});
   $main::auth->create_or_refresh_session();
 
   my $memberfile = $::lx_office_conf{paths}->{memberfile};
index 0bfd39c..a3184b5 100644 (file)
@@ -61,15 +61,17 @@ sub run {
     $action = 'login';
   }
   if ($action) {
-    %::myconfig = $auth->read_user(login => $form->{login}) if ($form->{login});
+    $form->{login} = $form->{'{AUTH}login'} || $form->{login};
+    %::myconfig    = $auth->read_user(login => $form->{login}) if $form->{login};
+
     $::locale   = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
 
-    if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{password})) {
+    if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{'{AUTH}password'})) {
       $form->{error_message} = $::locale->text('Incorrect username or password!');
       login_screen();
     } else {
       $auth->create_or_refresh_session();
-      delete $form->{password};
+      delete $form->{'{AUTH}password'};
 
       $form->{titlebar} .= " - $::myconfig{name} - $::myconfig{dbname}";
       call_sub($::locale->findsub($action));
index c0e8890..1503dae 100644 (file)
@@ -107,8 +107,8 @@ function do_curl {
     -F 'settings.sellprice_adjustment_type=percent' \
     -F 'settings.sellprice_places=2' \
     -F 'settings.shoparticle_if_missing=0' \
-    -F "login=${login}" \
-    -F "password=${password}" \
+    -F "{AUTH}login=${login}" \
+    -F "{AUTH}password=${password}" \
     -F "file=@${file}" \
     ${url}
 }
index 22e07fc..42583f3 100644 (file)
@@ -19,7 +19,7 @@
    <table>
     <tr>
      <th>[% 'Password' | $T8 %]</th>
-     <td><input type="password" name="rpw" id="rpw"></td>
+     <td><input type="password" name="{AUTH}admin_password" id="rpw"></td>
      <td><input type="submit" class="submit" name="action" value="[% 'Login' | $T8 %]"></td>
     </tr>
     <input type="hidden" name="action" value="login">
index 17778c2..95d0f8f 100644 (file)
   <table border="0">
    <tr>
     <th align="right">[% 'Login Name' | $T8 %]</th>
-    <td><input class="login" name="login"></td>
+    <td><input class="login" name="{AUTH}login"></td>
     <td>&nbsp;</td>
    </tr>
    <tr>
     <th align="right">[% 'Password' | $T8 %]</th>
-    <td><input class="login" type="password" name="password"></td>
+    <td><input class="login" type="password" name="{AUTH}password"></td>
     <td><input type="submit" name="action" value="[% 'Login' | $T8 %]"></td>
    </tr>
   </table>
index e0bdb87..f34f901 100644 (file)
           <table>
            <tr>
             <th align="right">[% 'Login Name' | $T8 %]</th>
-            <td><input class="login" name="login" size="30" tabindex="1"></td>
+            <td><input class="login" name="{AUTH}login" size="30" tabindex="1"></td>
            </tr>
            <tr>
             <th align="right">[% 'Password' | $T8 %]</th>
-            <td><input class="login" type="password" name="password" size="30" tabindex="2"></td>
+            <td><input class="login" type="password" name="{AUTH}password" size="30" tabindex="2"></td>
            </tr>
           </table>