Nach fehlgeschlagenem AuthHandler Request nicht fortsetzen

Ansonsten wird zwar der '302'-Redirect ausgegeben, der Controller aber
trotzdem ausgeführt.

diff --git a/SL/Dispatcher.pm b/SL/Dispatcher.pm
index 9adde75bae672e84d0f07845f9b96c0f75d9ac86..d01a0d03baaf241bd5ddb67cf15f370de3e4d5c7 100644 (file)
--- a/SL/Dispatcher.pm
+++ b/SL/Dispatcher.pm
@@ -241,6 +241,8 @@ sub handle_request {
         action       => $action,
       );
 
         action       => $action,
       );
 

+      ::end_of_request() unless $auth_result{auth_ok};
+

       delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } } unless $auth_result{keep_auth_vars};
 
       if ($action) {
       delete @{ $::form }{ grep { m/^\{AUTH\}/ } keys %{ $::form } } unless $auth_result{keep_auth_vars};
 
       if ($action) {

diff --git a/SL/Dispatcher/AuthHandler.pm b/SL/Dispatcher/AuthHandler.pm
index c2444315130886f73773d9b019a328474311b348..4c352bdbb86d832f7b7f7d3e15725777900ceec4 100644 (file)
--- a/SL/Dispatcher/AuthHandler.pm
+++ b/SL/Dispatcher/AuthHandler.pm
@@ -18,11 +18,12 @@ sub handle {
   my $handler_name                     = "SL::Dispatcher::AuthHandler::" . ucfirst($auth_level);
   $self->{handlers}                  ||= {};
   $self->{handlers}->{$handler_name} ||= $handler_name->new;
   my $handler_name                     = "SL::Dispatcher::AuthHandler::" . ucfirst($auth_level);
   $self->{handlers}                  ||= {};
   $self->{handlers}->{$handler_name} ||= $handler_name->new;

-  $self->{handlers}->{$handler_name}->handle;
+  my $ok = $self->{handlers}->{$handler_name}->handle;

 
   return (
     auth_level     => $auth_level,
     keep_auth_vars => $self->get_keep_auth_vars(%param),
 
   return (
     auth_level     => $auth_level,
     keep_auth_vars => $self->get_keep_auth_vars(%param),

+    auth_ok        => $ok,

   );
 }
 
   );
 }
 

diff --git a/SL/Dispatcher/AuthHandler/Admin.pm b/SL/Dispatcher/AuthHandler/Admin.pm
index 2e41ee90e53d3a87b3d9bf7e915549fb1ab9a8c6..cc13b5d0848c0c09b7de920216d35d6cf4276f61 100644 (file)
--- a/SL/Dispatcher/AuthHandler/Admin.pm
+++ b/SL/Dispatcher/AuthHandler/Admin.pm
@@ -8,14 +8,16 @@ use SL::Layout::Dispatcher;
 sub handle {
   %::myconfig = ();
 
 sub handle {
   %::myconfig = ();
 

-  return if  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
-  return if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());
+  return 1 if  $::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::form->{'{AUTH}admin_password'})            == $::auth->OK());
+  return 1 if !$::form->{'{AUTH}admin_password'} && ($::auth->authenticate_root($::auth->get_session_value('admin_password')) == $::auth->OK());

 
   $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
 
   $::auth->punish_wrong_login;
   $::auth->delete_session_value('admin_password');
   SL::Dispatcher::show_error('admin/adminlogin', 'password');
 
   $::request->{layout} = SL::Layout::Dispatcher->new(style => 'admin');
 
   $::auth->punish_wrong_login;
   $::auth->delete_session_value('admin_password');
   SL::Dispatcher::show_error('admin/adminlogin', 'password');

+
+  return 0;

 }
 
 1;
 }
 
 1;

diff --git a/SL/Dispatcher/AuthHandler/None.pm b/SL/Dispatcher/AuthHandler/None.pm
index 0ce88a63d68cd973e82026e8b2eda109874b7026..255740d2d504456087233996c49f348d8beea1aa 100644 (file)
--- a/SL/Dispatcher/AuthHandler/None.pm
+++ b/SL/Dispatcher/AuthHandler/None.pm
@@ -6,6 +6,7 @@ use parent qw(Rose::Object);
 
 sub handle {
   %::myconfig = ();
 
 sub handle {
   %::myconfig = ();

+  return 1;

 }
 
 1;
 }
 
 1;

diff --git a/SL/Dispatcher/AuthHandler/User.pm b/SL/Dispatcher/AuthHandler/User.pm
index 1273d679fa2aee8ebb34e7310715565a2cf45d71..e1c080e1f03abf94a3c1312d0e45161fde2b9b5a 100644 (file)
--- a/SL/Dispatcher/AuthHandler/User.pm
+++ b/SL/Dispatcher/AuthHandler/User.pm
@@ -9,11 +9,11 @@ sub handle {
   my ($self, %param) = @_;
 
   my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
   my ($self, %param) = @_;
 
   my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');

-  $self->_error(%param) if !defined $login;
+  return $self->_error(%param) if !defined $login;

 
   %::myconfig = $::auth->read_user(login => $login);
 
 
   %::myconfig = $::auth->read_user(login => $login);
 

-  $self->_error(%param) unless $::myconfig{login};
+  return $self->_error(%param) unless $::myconfig{login};

 
   $::locale = Locale->new($::myconfig{countrycode});
   $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
 
   $::locale = Locale->new($::myconfig{countrycode});
   $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});


@@ -21,12 +21,12 @@ sub handle {
   my $ok   =  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
   $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
 
   my $ok   =  $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
   $ok    ||= !$::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
 

-  $self->_error(%param) if !$ok;
+  return $self->_error(%param) if !$ok;

 
   $::auth->create_or_refresh_session;
   $::auth->delete_session_value('FLASH');
 
 
   $::auth->create_or_refresh_session;
   $::auth->delete_session_value('FLASH');
 

-  return %::myconfig;
+  return 1;

 }
 
 sub _error {
 }
 
 sub _error {


@@ -34,6 +34,7 @@ sub _error {
 
   $::auth->punish_wrong_login;
   print $::request->{cgi}->redirect('controller.pl?action=LoginScreen/user_login&error=password');
 
   $::auth->punish_wrong_login;
   print $::request->{cgi}->redirect('controller.pl?action=LoginScreen/user_login&error=password');

+  return 0;

 }
 
 1;
 }
 
 1;