use strict;
+use constant SESSION_KEY_ROOT_AUTH => 'session_auth_status_root';
+use constant SESSION_KEY_USER_AUTH => 'session_auth_status_user';
+
sub new {
$main::lxdebug->enter_sub();
my ($self, $password) = @_;
- $password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password);
+ my $session_root_auth = $self->get_session_value(SESSION_KEY_ROOT_AUTH);
+ if (defined $session_root_auth && $session_root_auth == OK) {
+ $::lxdebug->leave_sub;
+ return OK;
+ }
+
+ if (!defined $password) {
+ $::lxdebug->leave_sub;
+ return ERR_PASSWORD;
+ }
+
+ $password = SL::Auth::Password->hash(login => 'root', password => $password);
my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}->());
- $main::lxdebug->leave_sub();
+ my $result = $password eq $admin_password ? OK : ERR_PASSWORD;
+ $self->set_session_value(SESSION_KEY_ROOT_AUTH ,=> $result);
+
+ sleep 5 if $result != OK;
- return OK if $password eq $admin_password;
- sleep 5;
- return ERR_PASSWORD;
+ $::lxdebug->leave_sub;
+ return $result;
}
sub authenticate {
my ($self, $login, $password) = @_;
- $main::lxdebug->leave_sub();
-
- my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
- return OK if $result eq OK;
- sleep 5;
- return $result;
-}
-
-sub store_credentials_in_session {
- my ($self, %params) = @_;
+ my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH);
+ if (defined $session_auth && $session_auth == OK) {
+ $::lxdebug->leave_sub;
+ return OK;
+ }
- if (!$self->{authenticator}->requires_cleartext_password) {
- $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login},
- password => $params{password},
- look_up_algorithm => 1,
- auth => $self);
+ if (!defined $password) {
+ $::lxdebug->leave_sub;
+ return ERR_PASSWORD;
}
- $self->set_session_value(login => $params{login}, password => $params{password});
-}
+ my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
+ $self->set_session_value(SESSION_KEY_USER_AUTH ,=> $result, login => $login);
-sub store_root_credentials_in_session {
- my ($self, $rpw) = @_;
+ sleep 5 if $result != OK;
- $self->set_session_value(rpw => SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw));
+ $::lxdebug->leave_sub;
+ return $result;
}
sub get_stored_password {
my $result = $self->{authenticator}->change_password($login, $new_password);
- $self->store_credentials_in_session(login => $login,
- password => $new_password,
- look_up_algorithm => 1,
- auth => $self);
-
$main::lxdebug->leave_sub();
return $result;
# passwords. Hash it for easier comparison.
$stored_password = SL::Auth::Password->hash(password => $stored_password) unless $stored_password;
($algorithm, $stored_password) = SL::Auth::Password->parse($stored_password);
- ($algorithm2, $password) = SL::Auth::Password->parse(SL::Auth::Password->hash_if_unhashed(password => $password, algorithm => $algorithm, login => $login));
+ ($algorithm2, $password) = SL::Auth::Password->parse(SL::Auth::Password->hash(password => $password, algorithm => $algorithm, login => $login));
$main::lxdebug->leave_sub();
} else {
show_error('login/password_error', 'session') if SL::Auth::SESSION_EXPIRED == $session_result;
- %::myconfig = $::auth->read_user(login => $::form->{login});
+
+ my $login = $::auth->get_session_value('login');
+ show_error('login/password_error', 'password') if not defined $login;
+
+ %::myconfig = $::auth->read_user(login => $login);
show_error('login/password_error', 'password') unless $::myconfig{login};
$::locale = Locale->new($::myconfig{countrycode});
- show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($::form->{login}, $::form->{password});
+ show_error('login/password_error', 'password') if SL::Auth::OK != $::auth->authenticate($login, undef);
- $::auth->store_credentials_in_session(login => $::form->{login}, password => $::form->{password});
$::auth->create_or_refresh_session;
$::auth->delete_session_value('FLASH');
delete $::form->{password};