use SL::Auth::Constants qw(:all);
use SL::Auth::DB;
use SL::Auth::LDAP;
+use SL::Auth::Password;
+use SL::SessionFile;
use SL::User;
use SL::DBConnect;
use SL::DBUpgrade2;
sub authenticate_root {
$main::lxdebug->enter_sub();
- my $self = shift;
- my $password = shift;
- my $is_crypted = shift;
+ my ($self, $password) = @_;
- $password = crypt $password, 'ro' if (!$password || !$is_crypted);
- my $admin_password = crypt "$self->{admin_password}", 'ro';
+ $password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password);
+ my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password});
$main::lxdebug->leave_sub();
return $result;
}
+sub store_credentials_in_session {
+ my ($self, %params) = @_;
+
+ $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login}, password => $params{password})
+ unless $self->{authenticator}->requires_cleartext_password;
+
+ $self->set_session_value(login => $params{login}, password => $params{password});
+}
+
+sub store_root_credentials_in_session {
+ my ($self, $rpw) = @_;
+
+ $self->set_session_value(rpw => SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw));
+}
+
sub dbconnect {
$main::lxdebug->enter_sub(2);
$dbh->commit();
+ SL::SessionFile->destroy_session($session_id);
+
$session_id = undef;
$self->{SESSION} = { };
}
my $dbh = $self->dbconnect();
- $dbh->begin_work;
+ my $query = qq|SELECT id
+ FROM auth.session
+ WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
- my $query =
- qq|DELETE FROM auth.session_content
- WHERE session_id IN
- (SELECT id
- FROM auth.session
- WHERE (mtime < (now() - '$self->{session_timeout}m'::interval)))|;
+ my @ids = selectall_array_query($::form, $dbh, $query);
- do_query($main::form, $dbh, $query);
+ if (@ids) {
+ $dbh->begin_work;
- $query =
- qq|DELETE FROM auth.session
- WHERE (mtime < (now() - '$self->{session_timeout}m'::interval))|;
+ SL::SessionFile->destroy_session($_) for @ids;
- do_query($main::form, $dbh, $query);
+ $query = qq|DELETE FROM auth.session_content
+ WHERE session_id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+ do_query($main::form, $dbh, $query, @ids);
- $dbh->commit();
+ $query = qq|DELETE FROM auth.session
+ WHERE id IN (| . join(', ', ('?') x scalar(@ids)) . qq|)|;
+ do_query($main::form, $dbh, $query, @ids);
+
+ $dbh->commit();
+ }
$main::lxdebug->leave_sub();
}
["customer_vendor_edit", $locale->text("Create and edit customers and vendors")],
["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")],
["project_edit", $locale->text("Create and edit projects")],
- ["license_edit", $locale->text("Manage license keys")],
["--ar", $locale->text("AR")],
["sales_quotation_edit", $locale->text("Create and edit sales quotations")],
["sales_order_edit", $locale->text("Create and edit sales orders")],
projects / mfinanz.git / blobdiff