From 722fee3c7224fa0b1222b9f5134e2c19dc021c64 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Wed, 12 Jun 2013 15:18:41 +0200 Subject: [PATCH] Userlogin mit Mandanten gefixt (erster Schritt) --- SL/Auth.pm | 63 ++++++-------- SL/Controller/LoginScreen.pm | 17 ++-- SL/Dispatcher/AuthHandler/User.pm | 3 + SL/User.pm | 138 +++++++++++------------------- locale/de/all | 2 +- 5 files changed, 90 insertions(+), 133 deletions(-) diff --git a/SL/Auth.pm b/SL/Auth.pm index 453354d4d..6a69604b6 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -65,6 +65,8 @@ sub set_client { $self->client(undef); + return undef unless $id_or_name; + my $column = $id_or_name =~ m/^\d+$/ ? 'id' : 'name'; my $dbh = $self->dbconnect; @@ -75,32 +77,6 @@ sub set_client { return $self->client; } -sub get_user_dbh { - my ($self, $login, %params) = @_; - my $may_fail = delete $params{may_fail}; - - my %user = $self->read_user(login => $login); - my $dbh = SL::DBConnect->connect( - $user{dbconnect}, - $user{dbuser}, - $user{dbpasswd}, - { - pg_enable_utf8 => $::locale->is_utf8, - AutoCommit => 0 - } - ); - - if (!$may_fail && !$dbh) { - $::form->error($::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr); - } - - if ($user{dboptions} && $dbh) { - $dbh->do($user{dboptions}) or $::form->dberror($user{dboptions}); - } - - return $dbh; -} - sub DESTROY { my $self = shift; @@ -166,6 +142,23 @@ sub _read_auth_config { $main::lxdebug->leave_sub(); } +sub has_access_to_client { + my ($self, $login) = @_; + + return 0 if !$self->client || !$self->client->{id}; + + my $sql = <dbconnect->selectrow_array($sql, undef, $login, $self->client->{id}); + return $has_access; +} + sub authenticate_root { $main::lxdebug->enter_sub(); @@ -197,6 +190,11 @@ sub authenticate { my ($self, $login, $password) = @_; + if (!$self->client || !$self->has_access_to_client($login)) { + $::lxdebug->leave_sub; + return ERR_PASSWORD; + } + my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH()); if (defined $session_auth && $session_auth == OK) { $::lxdebug->leave_sub; @@ -209,7 +207,7 @@ sub authenticate { } my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER; - $self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login); + $self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login, client_id => $self->client->{id}); $::lxdebug->leave_sub; return $result; @@ -550,24 +548,19 @@ sub delete_user { my $dbh = $self->dbconnect; my $id = $self->get_user_id($login); - my $user_db_exists; $dbh->rollback and return $::lxdebug->leave_sub if (!$id); - my $u_dbh = $self->get_user_dbh($login, may_fail => 1); - $user_db_exists = $self->check_tables($u_dbh) if $u_dbh; - - $u_dbh->begin_work if $u_dbh && $user_db_exists; - $dbh->begin_work; do_query($::form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id); do_query($::form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id); do_query($::form, $dbh, qq|DELETE FROM auth.user WHERE id = ?|, $id); - do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists; + + # TODO: SL::Auth::delete_user + # do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists; $dbh->commit; - $u_dbh->commit if $u_dbh && $user_db_exists; $::lxdebug->leave_sub; } diff --git a/SL/Controller/LoginScreen.pm b/SL/Controller/LoginScreen.pm index c32d0a3b6..a7cc905c1 100644 --- a/SL/Controller/LoginScreen.pm +++ b/SL/Controller/LoginScreen.pm @@ -10,6 +10,7 @@ use SL::Dispatcher::AuthHandler::User; use SL::DB::AuthClient; use SL::DB::AuthGroup; use SL::DB::AuthUser; +use SL::Locale::String qw(t8); use SL::User; use Rose::Object::MakeMethods::Generic ( @@ -54,14 +55,14 @@ sub action_login { } %::myconfig = $login ? $::auth->read_user(login => $login) : (); - SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode}); - $::form->{login} = $::myconfig{login}; + $::form->{login} = $login; $::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode}; - my $user = User->new(login => $::myconfig{login}); - $::request->{layout} = SL::Layout::Dispatcher->new(style => $user->{menustyle}); + SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode}); + + $::request->layout(SL::Layout::Dispatcher->new(style => $::myconfig{menustyle})); # if we get an error back, bale out - my $result = $user->login($::form); + my $result = User->new(login => $::myconfig{login})->login($::form); # Database update available? ::end_of_request() if -2 == $result; @@ -84,7 +85,7 @@ sub action_login { # TODO: Employees anlegen/checken # $self->_ensure_employees_for_authorized_users_exist; - $self->_redirect_to_main_script($user); + $self->_redirect_to_main_script; } # @@ -103,7 +104,7 @@ sub keep_auth_vars_in_form { # sub _redirect_to_main_script { - my ($self, $user) = @_; + my ($self) = @_; return $self->redirect_to($::form->{callback}) if $::form->{callback}; @@ -135,7 +136,7 @@ sub _redirect_to_main_script_if_already_logged_in { sub error_state { return { session => $::locale->text('The session is invalid or has expired.'), - password => $::locale->text('Incorrect password!'), + password => $::locale->text('Incorrect username or password or no access to selected client!'), }->{$_[0]}; } diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm index e126d872f..5ee543beb 100644 --- a/SL/Dispatcher/AuthHandler/User.pm +++ b/SL/Dispatcher/AuthHandler/User.pm @@ -11,6 +11,9 @@ sub handle { my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login'); return $self->_error(%param) if !defined $login; + my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id'); + return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id); + %::myconfig = $::auth->read_user(login => $login); return $self->_error(%param) unless $::myconfig{login}; diff --git a/SL/User.pm b/SL/User.pm index f5afb553f..d51b1edd1 100644 --- a/SL/User.pm +++ b/SL/User.pm @@ -92,95 +92,79 @@ sub country_codes { } sub login { - $main::lxdebug->enter_sub(); - my ($self, $form) = @_; our $sid; - local *FH; - - my $rc = -3; + return -3 if !$self->{login} || !$::auth->client; - if ($self->{login}) { - my %myconfig = $main::auth->read_user(login => $self->{login}); + my %myconfig = $main::auth->read_user(login => $self->{login}); - # check if database is down - my $dbh = SL::DBConnect->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd}, SL::DBConnect->get_options) - or $self->error($DBI::errstr); - - # we got a connection, check the version - my $query = qq|SELECT version FROM defaults|; - my $sth = $dbh->prepare($query); - $sth->execute || $form->dberror($query); + # check if database is down + my $dbh = $form->dbconnect_noauto; - my ($dbversion) = $sth->fetchrow_array; - $sth->finish; + # we got a connection, check the version + my $query = qq|SELECT version FROM defaults|; + my $sth = $dbh->prepare($query); + $sth->execute || $form->dberror($query); - $self->create_employee_entry($form, $dbh, \%myconfig); + my ($dbversion) = $sth->fetchrow_array; + $sth->finish; - $self->create_schema_info_table($form, $dbh); + $self->create_employee_entry($form, $dbh, \%myconfig); - my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls; - if ($dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect)) { - $::lxdebug->leave_sub; - return -3; - } + $self->create_schema_info_table($form, $dbh); - $rc = 0; + # Auth DB upgrades available? + my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls; + return -3 if $dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect); - my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls; + my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls; - map({ $form->{$_} = $myconfig{$_} } qw(dbname dbhost dbport dbdriver dbuser dbpasswd dbconnect dateformat)); - dbconnect_vars($form, $form->{dbname}); - my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh); - $dbh->disconnect; + $form->{$_} = $::auth->client->{$_} for qw(dbname dbhost dbport dbuser dbpasswd); + $form->{$_} = $myconfig{$_} for qw(dateformat); - if ($update_available) { - $form->{"title"} = $main::locale->text("Dataset upgrade"); - $form->header(no_layout => $form->{no_layout}); - print $form->parse_html_template("dbupgrade/header"); + dbconnect_vars($form, $form->{dbname}); - $form->{dbupdate} = "db$myconfig{dbname}"; - $form->{ $form->{dbupdate} } = 1; + my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh); + $dbh->disconnect; - if ($form->{"show_dbupdate_warning"}) { - print $form->parse_html_template("dbupgrade/warning"); - ::end_of_request(); - } + return 0 if !$update_available; + $form->{"title"} = $main::locale->text("Dataset upgrade"); + $form->header(no_layout => $form->{no_layout}); + print $form->parse_html_template("dbupgrade/header"); - # update the tables - if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open(FH, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) { - $form->show_generic_error($main::locale->text('A temporary file could not be created. ' . - 'Please verify that the directory "#1" is writeable by the webserver.', - $::lx_office_conf{paths}->{userspath}), - 'back_button' => 1); - } + $form->{dbupdate} = "db" . $form->{dbname}; - # required for Oracle - $form->{dbdefault} = $sid; + if ($form->{"show_dbupdate_warning"}) { + print $form->parse_html_template("dbupgrade/warning"); + ::end_of_request(); + } - # ignore HUP, QUIT in case the webserver times out - $SIG{HUP} = 'IGNORE'; - $SIG{QUIT} = 'IGNORE'; + # update the tables + my $fh; + if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open($fh, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) { + $form->show_generic_error($main::locale->text('A temporary file could not be created. ' . + 'Please verify that the directory "#1" is writeable by the webserver.', + $::lx_office_conf{paths}->{userspath}), + 'back_button' => 1); + } - $self->dbupdate($form); - $self->dbupdate2($form, $dbupdater); - SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0); + # ignore HUP, QUIT in case the webserver times out + $SIG{HUP} = 'IGNORE'; + $SIG{QUIT} = 'IGNORE'; - close(FH); + $self->dbupdate($form); + $self->dbupdate2($form, $dbupdater); + SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0); - # remove lock file - unlink($::lx_office_conf{paths}->{userspath} . "/nologin"); + close($fh); - print $form->parse_html_template("dbupgrade/footer"); + # remove lock file + unlink($::lx_office_conf{paths}->{userspath} . "/nologin"); - $rc = -2; - } - } + print $form->parse_html_template("dbupgrade/footer"); - $main::lxdebug->leave_sub(); - - return $rc; + return -2; } sub dbconnect_vars { @@ -749,30 +733,6 @@ sub config_vars { return @conf; } -sub error { - $main::lxdebug->enter_sub(); - - my ($self, $msg) = @_; - - $main::lxdebug->show_backtrace(); - - if ($ENV{HTTP_USER_AGENT}) { - print qq|Content-Type: text/html - - - - - -

Error!

-

$msg|; - - } - - die "Error: $msg\n"; - - $main::lxdebug->leave_sub(); -} - sub data { +{ %{ $_[0] } } } diff --git a/locale/de/all b/locale/de/all index 67a46c6fc..914880364 100755 --- a/locale/de/all +++ b/locale/de/all @@ -1079,7 +1079,7 @@ $self->{texts} = { 'Inconsistency in database' => 'Unstimmigkeiten in der Datenbank', 'Incorrect Password!' => 'Ungültiges Passwort!', 'Incorrect password!' => 'Ungültiges Passwort!', - 'Incorrect username or password!' => 'Ungültiger Benutzername oder falsches Passwort!', + 'Incorrect username or password or no access to selected client!' => 'Ungültiger Benutzername oder Passwort oder kein Zugriff auf den ausgewählten Mandanten!', 'Increase' => 'Erhöhen', 'Individual Items' => 'Einzelteile', 'Information' => 'Information', -- 2.20.1