diff options
author | Mark Wells <mark@freeside.biz> | 2015-11-20 14:52:24 -0800 |
---|---|---|
committer | Mark Wells <mark@freeside.biz> | 2015-11-20 14:53:24 -0800 |
commit | 803f699c6185f061b741d1c7687a482b9ae57520 (patch) | |
tree | 1eb70677aab77f393115748fd6a2c6a6b79d5e6f | |
parent | 1ed7b05956d7a2914d10728146fefee41362c867 (diff) |
password policy enforcement for svc_dsl, #32456
-rw-r--r-- | FS/FS/Password_Mixin.pm | 4 | ||||
-rw-r--r-- | FS/FS/svc_dsl.pm | 55 | ||||
-rw-r--r-- | httemplate/edit/process/svc_dsl.html | 15 |
3 files changed, 70 insertions, 4 deletions
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm index 9d5421b..393b416 100644 --- a/FS/FS/Password_Mixin.pm +++ b/FS/FS/Password_Mixin.pm @@ -128,7 +128,9 @@ sub insert_password_history { $auth = $self->_blowfishcrypt( $auth->passphrase ); } - } elsif ( $encoding eq 'plain' ) { + } else { + warn "unrecognized password encoding '$encoding'; treating as plain text" + unless $encoding eq 'plain'; $auth = $self->_blowfishcrypt( $password ); diff --git a/FS/FS/svc_dsl.pm b/FS/FS/svc_dsl.pm index 5704760..dcd6d1d 100644 --- a/FS/FS/svc_dsl.pm +++ b/FS/FS/svc_dsl.pm @@ -1,10 +1,11 @@ package FS::svc_dsl; -use base qw(FS::svc_Common); +use base qw(FS::Password_Mixin + FS::svc_Common); use strict; use vars qw( $conf $DEBUG $me ); use FS::UID; -use FS::Record qw( qsearch qsearchs ); +use FS::Record qw( qsearch qsearchs dbh ); use FS::svc_Common; use FS::dsl_note; use FS::qual; @@ -211,7 +212,25 @@ otherwise returns false. =cut -# the insert method can be inherited from FS::Record +sub insert { + my $self = shift; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $self->SUPER::insert(@_); + if ( length($self->password) ) { + $error ||= $self->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} =item delete @@ -228,6 +247,27 @@ returns the error, otherwise returns false. =cut +sub replace { + my $new = shift; + my $old = shift || $new->replace_old; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $new->SUPER::replace($old, @_); + if ( $old->password ne $new->password ) { + $error ||= $new->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} + # the replace method can be inherited from FS::Record =item check @@ -317,6 +357,15 @@ sub predelete_hook { ''; } +# password_history compatibility + +sub _password { + my $self = shift; + $self->get('password'); +} + +sub _password_encoding { 'plain'; } + =back =head1 SEE ALSO diff --git a/httemplate/edit/process/svc_dsl.html b/httemplate/edit/process/svc_dsl.html index 627329a..889366e 100644 --- a/httemplate/edit/process/svc_dsl.html +++ b/httemplate/edit/process/svc_dsl.html @@ -1,5 +1,6 @@ <% include( 'elements/svc_Common.html', 'table' => 'svc_dsl', + 'precheck_callback' => $precheck_callback, ) %> <%init> @@ -7,4 +8,18 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? +my $precheck_callback = sub { + my $cgi = shift; + my $svcnum = $cgi->param('svcnum'); + my $error = ''; + if ( $svcnum ) { + my $old = FS::svc_dsl->by_key($svcnum); + my $newpass = $cgi->param('password'); + if ( $old and $newpass ne $old->password ) { + $error ||= $old->is_password_allowed($newpass); + } + } + $error; +}; + </%init> |