X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/72b340de2352eec7d3f99a00e2141a2df35f07f3..c781544686f9faf39259f1076297b0ec69aff6fc:/SL/Auth.pm diff --git a/SL/Auth.pm b/SL/Auth.pm index 784b185b4..365ee2323 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -11,6 +11,7 @@ use YAML; use SL::Auth::Constants qw(:all); use SL::Auth::DB; use SL::Auth::LDAP; +use SL::Auth::Password; use SL::SessionFile; use SL::User; @@ -136,12 +137,10 @@ sub _read_auth_config { sub authenticate_root { $main::lxdebug->enter_sub(); - my $self = shift; - my $password = shift; - my $is_crypted = shift; + my ($self, $password) = @_; - $password = crypt $password, 'ro' if (!$password || !$is_crypted); - my $admin_password = crypt "$self->{admin_password}", 'ro'; + $password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $password); + my $admin_password = SL::Auth::Password->hash_if_unhashed(login => 'root', password => $self->{admin_password}); $main::lxdebug->leave_sub(); @@ -163,6 +162,38 @@ sub authenticate { return $result; } +sub store_credentials_in_session { + my ($self, %params) = @_; + + if (!$self->{authenticator}->requires_cleartext_password) { + $params{password} = SL::Auth::Password->hash_if_unhashed(login => $params{login}, + password => $params{password}, + look_up_algorithm => 1, + auth => $self); + } + + $self->set_session_value(login => $params{login}, password => $params{password}); +} + +sub store_root_credentials_in_session { + my ($self, $rpw) = @_; + + $self->set_session_value(rpw => SL::Auth::Password->hash_if_unhashed(login => 'root', password => $rpw)); +} + +sub get_stored_password { + my ($self, $login) = @_; + + my $dbh = $self->dbconnect; + + return undef unless $dbh; + + my $query = qq|SELECT password FROM auth."user" WHERE login = ?|; + my ($stored_password) = $dbh->selectrow_array($query, undef, $login); + + return $stored_password; +} + sub dbconnect { $main::lxdebug->enter_sub(2); @@ -362,8 +393,14 @@ sub can_change_password { sub change_password { $main::lxdebug->enter_sub(); - my $self = shift; - my $result = $self->{authenticator}->change_password(@_); + my ($self, $login, $new_password) = @_; + + my $result = $self->{authenticator}->change_password($login, $new_password); + + $self->store_credentials_in_session(login => $login, + password => $new_password, + look_up_algorithm => 1, + auth => $self); $main::lxdebug->leave_sub(); @@ -659,12 +696,23 @@ sub set_session_value { $main::lxdebug->enter_sub(); my $self = shift; - my %params = @_; + my @params = @_; $self->{SESSION} ||= { }; - while (my ($key, $value) = each %params) { - $self->{SESSION}->{ $key } = YAML::Dump(ref($value) eq 'HASH' ? { data => $value } : $value); + while (@params) { + my $key = shift @params; + + if (ref $key eq 'HASH') { + my $value = { data => $key->{value}, + auto_restore => $key->{auto_restore}, + }; + $self->{SESSION}->{ $key->{key} } = YAML::Dump($value); + + } else { + my $value = shift @params; + $self->{SESSION}->{ $key } = YAML::Dump(ref($value) eq 'HASH' ? { data => $value } : $value); + } } $main::lxdebug->leave_sub(); @@ -705,7 +753,7 @@ sub create_unique_sesion_value { my $key = "$$-" . ($now[0] * 1000000 + $now[1]) . "-"; $self->{unique_counter} ||= 0; - $self->{unique_counter}++ while exists $self->{SESSION}->{$key . $self->{unique_counter}}; + $self->{unique_counter}++ while exists $self->{SESSION}->{$key . ($self->{unique_counter} + 1)}; $self->{unique_counter}++; $value = { expiration => $params{expiration} ? ($now[0] + $params{expiration}) * 1000000 + $now[1] : undef, @@ -841,7 +889,6 @@ sub all_rights_full { ["customer_vendor_edit", $locale->text("Create and edit customers and vendors")], ["part_service_assembly_edit", $locale->text("Create and edit parts, services, assemblies")], ["project_edit", $locale->text("Create and edit projects")], - ["license_edit", $locale->text("Manage license keys")], ["--ar", $locale->text("AR")], ["sales_quotation_edit", $locale->text("Create and edit sales quotations")], ["sales_order_edit", $locale->text("Create and edit sales orders")], @@ -1173,11 +1220,30 @@ SL::Auth - Authentication and session handling =over 4 +=item C =item C -Store all key/value pairs in C<%values> in the session. All of these -values are copied back into C<$::form> in the next request -automatically. +Store all values of C<@values> or C<%values> in the session. Each +member of C<@values> is tested if it is a hash reference. If it is +then it must contain the keys C and C and can optionally +contain the key C. In this case C is associated +with C and restored to C<$::form> upon the next request +automatically if C is trueish or if C is a scalar +value. + +If the current member of C<@values> is not a hash reference then it +will be used as the C and the next entry of C<@values> is used as +the C to store. In this case setting C is not +possible. + +Therefore the following two invocations are identical: + + $::auth-Eset_session_value(name =E "Charlie"); + $::auth-Eset_session_value({ key =E "name", value =E "Charlie" }); + +All of these values are copied back into C<$::form> for the next +request automatically if they're scalar values or if they have +C set to trueish. The values can be any Perl structure. They are stored as YAML dumps.