From 670f76a86aaf642bf1a6b5b37cdc023f8fdfc79c Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Fri, 17 Aug 2012 13:16:45 +0200 Subject: [PATCH] =?utf8?q?Formularfelder=20und=20Session-Keys=20f=C3=BCr?= =?utf8?q?=20Logins=20umbenannt?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Ziel: Ermöglichen, dass Login & Passwort auch wieder per Formularfelder mit jedem Request übertragen werden, aber nicht mehr so offensichtlich im "Formularfeldernamensraum" rumgeistern -- sondern leicht aussortierbar sind. Die Formularfelder, die mit "{AUTH}" starten, werden vom Dispatcher nach erfolgter Loginüberprüfung automatisch entfernt, bevor die Kontrolle an die Controller/Actions übergeben wird (unabhängig vom Routingtyp). Vorher waren Formularfelder sowie die Session-Keys für User-Logins "login" und "password", für Admin-Login "rpw". Jetzt: - Formularfelder: für User-Logins "{AUTH}login" und "{AUTH}password", für Admin-Login "{AUTH}admin_password". - Session-Keys: jeweils ohne "{AUTH}", sprich für User-Logins weiterhin "login" und "password", für Admin-Login neu "admin_password". --- SL/Dispatcher.pm | 2 ++ SL/Dispatcher/AuthHandler/Admin.pm | 4 ++-- bin/mozilla/admin.pl | 8 ++++---- bin/mozilla/login.pl | 8 +++++--- scripts/csv-import-from-shell.sh | 4 ++-- templates/webpages/admin/adminlogin.html | 2 +- templates/webpages/admin/list_users.html | 4 ++-- templates/webpages/login/login_screen.html | 4 ++-- 8 files changed, 20 insertions(+), 16 deletions(-) diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm index 8301e5602..747da0485 100644 --- a/SL/Dispatcher.pm +++ b/SL/Dispatcher.pm @@ -214,6 +214,8 @@ sub handle_request { action => $action, ); + delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } }; + if ($action) { $::instance_conf->init if $auth_level eq 'user'; diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm index 5a92015f5..7b194ff04 100644 --- a/SL/Dispatcher/AuthHandler/Admin.pm +++ b/SL/Dispatcher/AuthHandler/Admin.pm @@ -7,9 +7,9 @@ use parent qw(Rose::Object); sub handle { %::myconfig = (); - return if $::auth->authenticate_root($::auth->get_session_value('rpw')) == $::auth->OK(); + return if $::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK(); - $::auth->delete_session_value('rpw'); + $::auth->delete_session_value('admin_password'); SL::Dispatcher::show_error('login/password_error', 'password', is_admin => 1); } diff --git a/bin/mozilla/admin.pl b/bin/mozilla/admin.pl index 23fe978fe..42971fac5 100755 --- a/bin/mozilla/admin.pl +++ b/bin/mozilla/admin.pl @@ -95,13 +95,13 @@ sub run { $form->{favicon} = "favicon.ico"; if ($form->{action}) { - if ($auth->authenticate_root($form->{rpw}) != $auth->OK()) { + if ($auth->authenticate_root($form->{'{AUTH}admin_password'}) != $auth->OK()) { $form->{error_message} = $locale->text('Incorrect Password!'); - $auth->delete_session_value('rpw'); + $auth->delete_session_value('admin_password'); adminlogin(); } else { if ($auth->session_tables_present()) { - delete $::form->{rpw}; + delete $::form->{'{AUTH}admin_password'}; _apply_dbupgrade_scripts(); } @@ -194,7 +194,7 @@ sub create_auth_tables { my $locale = $main::locale; $main::auth->create_tables(); - $main::auth->set_session_value('rpw', $form->{rpw}); + $main::auth->set_session_value('admin_password', $form->{'{AUTH}admin_password'}); $main::auth->create_or_refresh_session(); my $memberfile = $::lx_office_conf{paths}->{memberfile}; diff --git a/bin/mozilla/login.pl b/bin/mozilla/login.pl index 0bfd39cb3..a3184b59c 100644 --- a/bin/mozilla/login.pl +++ b/bin/mozilla/login.pl @@ -61,15 +61,17 @@ sub run { $action = 'login'; } if ($action) { - %::myconfig = $auth->read_user(login => $form->{login}) if ($form->{login}); + $form->{login} = $form->{'{AUTH}login'} || $form->{login}; + %::myconfig = $auth->read_user(login => $form->{login}) if $form->{login}; + $::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode}; - if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{password})) { + if (SL::Auth::OK != $auth->authenticate($::myconfig{login}, $form->{'{AUTH}password'})) { $form->{error_message} = $::locale->text('Incorrect username or password!'); login_screen(); } else { $auth->create_or_refresh_session(); - delete $form->{password}; + delete $form->{'{AUTH}password'}; $form->{titlebar} .= " - $::myconfig{name} - $::myconfig{dbname}"; call_sub($::locale->findsub($action)); diff --git a/scripts/csv-import-from-shell.sh b/scripts/csv-import-from-shell.sh index c0e88904a..1503daef0 100644 --- a/scripts/csv-import-from-shell.sh +++ b/scripts/csv-import-from-shell.sh @@ -107,8 +107,8 @@ function do_curl { -F 'settings.sellprice_adjustment_type=percent' \ -F 'settings.sellprice_places=2' \ -F 'settings.shoparticle_if_missing=0' \ - -F "login=${login}" \ - -F "password=${password}" \ + -F "{AUTH}login=${login}" \ + -F "{AUTH}password=${password}" \ -F "file=@${file}" \ ${url} } diff --git a/templates/webpages/admin/adminlogin.html b/templates/webpages/admin/adminlogin.html index 22e07fcf9..42583f389 100644 --- a/templates/webpages/admin/adminlogin.html +++ b/templates/webpages/admin/adminlogin.html @@ -19,7 +19,7 @@ - + diff --git a/templates/webpages/admin/list_users.html b/templates/webpages/admin/list_users.html index 17778c28f..95d0f8f9e 100644 --- a/templates/webpages/admin/list_users.html +++ b/templates/webpages/admin/list_users.html @@ -69,12 +69,12 @@
[% 'Password' | $T8 %]
- + - +
[% 'Login Name' | $T8 %]  
[% 'Password' | $T8 %]
diff --git a/templates/webpages/login/login_screen.html b/templates/webpages/login/login_screen.html index e0bdb870b..f34f9010c 100644 --- a/templates/webpages/login/login_screen.html +++ b/templates/webpages/login/login_screen.html @@ -24,11 +24,11 @@ - + - +
[% 'Login Name' | $T8 %]
[% 'Password' | $T8 %]
-- 2.20.1