RT#29354: Password Security in Email [xmlhttp validation for selfservice]

author: Jonathan Prykop <jonathan@freeside.biz> 2015-12-02 05:02:17 -0600
committer: Jonathan Prykop <jonathan@freeside.biz> 2015-12-14 20:22:09 -0600
commit: 8cd6e05d5d906da6b001b36bab5aa87ecdfca944 (patch)
tree: 4ad1a33fa011bc8a5b84bea69b9afebb6bd5d110 /fs_selfservice/FS-SelfService/cgi/selfservice.cgi
parent: 4ff9a50fe7f35179314967d71ae66b696ab006c5 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index b2ebaef69..5845122ef 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -23,6 +23,7 @@ use FS::SelfService qw(
   mason_comp port_graph
   start_thirdparty finish_thirdparty
   reset_passwd check_reset_passwd process_reset_passwd
+  validate_passwd
   billing_history
 );
 
@@ -85,6 +86,7 @@ my @actions = ( qw(
   process_suspend_pkg
   switch_cust
   history
+  validate_password
 ));
 
 my @nologin_actions = (qw(
@@ -109,7 +111,6 @@ if ( $cgi->param('action') =~ /^process_forgot_password_session_(\w+)$/ ) {
     warn "WARNING: unrecognized action '$1'\n";
   }
 }
-
 unless ( $nologin_actions{$action} ) {
 
   my %cookies = CGI::Cookie->fetch;
@@ -1123,6 +1124,14 @@ sub do_process_forgot_password {
   );
 }
 
+sub validate_password {
+  validate_passwd(
+    'session_id' => $session_id,
+    map { $_ => scalar($cgi->param($_)) }
+      qw( fieldid svcnum check_password )
+  )
+}
+
 #--
 
 sub do_template {
author	Jonathan Prykop <jonathan@freeside.biz>	2015-12-02 05:02:17 -0600
committer	Jonathan Prykop <jonathan@freeside.biz>	2015-12-14 20:22:09 -0600
commit	8cd6e05d5d906da6b001b36bab5aa87ecdfca944 (patch)
tree	4ad1a33fa011bc8a5b84bea69b9afebb6bd5d110 /fs_selfservice/FS-SelfService/cgi/selfservice.cgi
parent	4ff9a50fe7f35179314967d71ae66b696ab006c5 (diff)