diff options
author | Mark Wells <mark@freeside.biz> | 2016-02-08 16:09:28 -0800 |
---|---|---|
committer | Mark Wells <mark@freeside.biz> | 2016-02-08 16:11:02 -0800 |
commit | a19a04f0b684c64039c03216d398af534c858bf9 (patch) | |
tree | 2ede1cb36cfb029d888616a37ac8af6f8028a762 | |
parent | 169c72822ed292c03b61e536f1028830fdea9dbc (diff) |
make password-insecure option work when adding a new svc_acct, #40236
-rw-r--r-- | FS/FS/Password_Mixin.pm | 10 | ||||
-rwxr-xr-x | httemplate/edit/svc_acct.cgi | 7 | ||||
-rw-r--r-- | httemplate/elements/validate_password.html | 10 | ||||
-rw-r--r-- | httemplate/misc/xmlhttp-validate_password.html | 25 |
4 files changed, 36 insertions, 16 deletions
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm index 3fb787c..47290b5 100644 --- a/FS/FS/Password_Mixin.pm +++ b/FS/FS/Password_Mixin.pm @@ -43,6 +43,16 @@ sub is_password_allowed { my $self = shift; my $password = shift; + my $cust_main = $self->cust_main; + + # workaround for non-inserted services + if ( !$cust_main and $self->get('pkgnum') ) { + my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum')); + $cust_main = $cust_pkg->cust_main if $cust_pkg; + } + warn "is_password_allowed: no customer could be identified" if !$cust_main; + return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum); + # basic checks using Data::Password; # options for Data::Password $DICTIONARY = 4; # minimum length of disallowed words diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index ca26c6c..33231ad 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -52,9 +52,10 @@ <INPUT TYPE="text" ID="clear_password" NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>> <& /elements/random_pass.html, 'clear_password' &><BR> <DIV ID="clear_password_result" STYLE="font-size: smaller"></DIV> - <& '/elements/validate_password.html', - 'fieldid' => 'clear_password', - 'svcnum' => $svcnum + <& /elements/validate_password.html, + 'fieldid' => 'clear_password', + 'svcnum' => $svcnum , + 'pkgnum' => $pkgnum, &> </TD> </TR> diff --git a/httemplate/elements/validate_password.html b/httemplate/elements/validate_password.html index a488c4f..f067ad8 100644 --- a/httemplate/elements/validate_password.html +++ b/httemplate/elements/validate_password.html @@ -5,8 +5,9 @@ To validate passwords via javascript/xmlhttp: <INPUT ID="password_field" TYPE="text"> <DIV ID="password_field_result"> <& '/elements/validate_password.html', - fieldid => 'password_field', - svcnum => $svcnum + fieldid => 'password_field', + svcnum => $svcnum, + pkgnum => $pkgnum, # used if the service doesn't exist yet &> The ID of the input field can be anything; the ID of the DIV in which to display results @@ -27,7 +28,10 @@ function add_password_validation (fieldid) { var resultfield = document.getElementById(fieldid); if (this.value) { resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>'; - validate_password('fieldid',fieldid,'svcnum','<% $opt{'svcnum'} %>','password',this.value, + validate_password('fieldid',fieldid, + 'svcnum',<% $opt{'svcnum'} |js_string %>, + 'pkgnum',<% $opt{'pkgnum'} |js_string %>, + 'password',this.value, function (result) { result = JSON.parse(result); var resultfield = document.getElementById(result.fieldid); diff --git a/httemplate/misc/xmlhttp-validate_password.html b/httemplate/misc/xmlhttp-validate_password.html index 28dbf64..1efb4aa 100644 --- a/httemplate/misc/xmlhttp-validate_password.html +++ b/httemplate/misc/xmlhttp-validate_password.html @@ -1,13 +1,14 @@ <%doc> -Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is only -acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise create an -empty dummy svc_acct) and 'fieldid' (for html post-processing, passed along in -results for convenience.) - -Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is valid), -'error' (error text if password is invalid) or 'syserror' (error text if password -could not be validated.) Only one of these keys will be set. Will also set -'fieldid' if it was passed. +Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is +only acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise +create an empty dummy svc_acct), 'pkgnum' (for when the svc_acct isn't yet +inserted), and 'fieldid' (for html post-processing, passed along in results +for convenience.) + +Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is +valid), 'error' (error text if password is invalid) or 'syserror' (error text +if password could not be validated.) Only one of these keys will be set. +Will also set 'fieldid' if it was passed. </%doc> <% encode_json($result) %> @@ -32,9 +33,13 @@ my $validate_password = sub { $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/; return \%result if $result{'syserror'}; + my $pkgnum = $arg{'pkgnum'}; + $result{'syserror'} = 'Invalid pkgnum' unless $pkgnum =~ /^\d*$/; + return \%result if $result{'syserror'}; + my $svc_acct = $svcnum ? qsearchs('svc_acct',{'svcnum' => $svcnum}) - : (new FS::svc_acct {}); + : FS::svc_acct->new({ 'pkgnum' => $pkgnum }); $result{'syserror'} = 'Could not find service' unless $svc_acct; return \%result if $result{'syserror'}; |