From: Moritz Bunkus Date: Mon, 26 Nov 2012 15:57:54 +0000 (+0100) Subject: Nach fehlgeschlagenem AuthHandler Request nicht fortsetzen X-Git-Tag: release-3.0.0beta3~10 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=0e451e1bd489910141207434861a848ddf4da2ce;p=kivitendo-erp.git Nach fehlgeschlagenem AuthHandler Request nicht fortsetzen Ansonsten wird zwar der '302'-Redirect ausgegeben, der Controller aber trotzdem ausgeführt. --- diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm index 9adde75ba..d01a0d03b 100644 --- a/SL/Dispatcher.pm +++ b/SL/Dispatcher.pm @@ -241,6 +241,8 @@ sub handle_request { action => $action, ); + ::end_of_request() unless $auth_result{auth_ok}; + delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } } unless $auth_result{keep_auth_vars}; if ($action) { diff --git a/SL/Dispatcher/AuthHandler.pm b/SL/Dispatcher/AuthHandler.pm index c24443151..4c352bdbb 100644 --- a/SL/Dispatcher/AuthHandler.pm +++ b/SL/Dispatcher/AuthHandler.pm @@ -18,11 +18,12 @@ sub handle { my $handler_name = "SL::Dispatcher::AuthHandler::" . ucfirst($auth_level); $self->{handlers} ||= {}; $self->{handlers}->{$handler_name} ||= $handler_name->new; - $self->{handlers}->{$handler_name}->handle; + my $ok = $self->{handlers}->{$handler_name}->handle; return ( auth_level => $auth_level, keep_auth_vars => $self->get_keep_auth_vars(%param), + auth_ok => $ok, ); } diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm index 2e41ee90e..cc13b5d08 100644 --- a/SL/Dispatcher/AuthHandler/Admin.pm +++ b/SL/Dispatcher/AuthHandler/Admin.pm @@ -8,14 +8,16 @@ use SL::Layout::Dispatcher; sub handle { %::myconfig = (); - return if $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK()); - return if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK()); + return 1 if $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'}) == $::auth->OK()); + return 1 if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK()); $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin'); $::auth->punish_wrong_login; $::auth->delete_session_value('admin_password'); SL::Dispatcher::show_error('admin/adminlogin', 'password'); + + return 0; } 1; diff --git a/SL/Dispatcher/AuthHandler/None.pm b/SL/Dispatcher/AuthHandler/None.pm index 0ce88a63d..255740d2d 100644 --- a/SL/Dispatcher/AuthHandler/None.pm +++ b/SL/Dispatcher/AuthHandler/None.pm @@ -6,6 +6,7 @@ use parent qw(Rose::Object); sub handle { %::myconfig = (); + return 1; } 1; diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm index 1273d679f..e1c080e1f 100644 --- a/SL/Dispatcher/AuthHandler/User.pm +++ b/SL/Dispatcher/AuthHandler/User.pm @@ -9,11 +9,11 @@ sub handle { my ($self, %param) = @_; my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login'); - $self->_error(%param) if !defined $login; + return $self->_error(%param) if !defined $login; %::myconfig = $::auth->read_user(login => $login); - $self->_error(%param) unless $::myconfig{login}; + return $self->_error(%param) unless $::myconfig{login}; $::locale = Locale->new($::myconfig{countrycode}); $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle}); @@ -21,12 +21,12 @@ sub handle { my $ok = $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'})); $ok ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef)); - $self->_error(%param) if !$ok; + return $self->_error(%param) if !$ok; $::auth->create_or_refresh_session; $::auth->delete_session_value('FLASH'); - return %::myconfig; + return 1; } sub _error { @@ -34,6 +34,7 @@ sub _error { $::auth->punish_wrong_login; print $::request->{cgi}->redirect('controller.pl?action=LoginScreen/user_login&error=password'); + return 0; } 1;