NG auth: pw changes, RT#21563

author: Ivan Kohler <ivan@freeside.biz> 2013-05-09 01:42:39 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2013-05-09 01:42:39 -0700
commit: 120718856665ca90ad852535d1155f8ea8ecb6b6 (patch)
tree: 2ac0472c1fd67ecc843619597f1cca7d8f774204 /httemplate
parent: d8843f184a7f6ee87eec99724f2d6430c1df34ea (diff)
5 files changed, 72 insertions, 43 deletions
diff --git a/httemplate/edit/access_user.html b/httemplate/edit/access_user.html
index 86ce25374..b087943c2 100644
--- a/httemplate/edit/access_user.html
+++ b/httemplate/edit/access_user.html
@@ -3,8 +3,7 @@
                  'table'  => 'access_user',
                  'fields' => [
                                'username',
-                               { field=>'_password', type=>'password' },
-                               { field=>'_password2', type=>'password' },
+                               @pw_fields,
                                'last',
                                'first',
                                { field=>'user_custnum', type=>'search-cust_main', },
@@ -50,6 +49,13 @@
 die "access denied"
   unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
 
+my @pw_fields =
+  FS::Auth->auth_class->can('change_password')
+    ? ( { field=>'_password',  type=>'password' },
+        { field=>'_password2', type=>'password' },
+      )
+    : ();
+
 my $check_user_custnum_search = <<END;
   <SCRIPT TYPE="text/javascript">
     function check_user_custnum_search(what) {
diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html
index 8e7e70a06..7fc7c25e1 100644
--- a/httemplate/edit/process/access_user.html
+++ b/httemplate/edit/process/access_user.html
@@ -3,14 +3,15 @@
 %    print $cgi->redirect(popurl(2) . "access_user.html?" . $cgi->query_string);
 %  } else {
 <%   include( 'elements/process.html',
-                 'table'       => 'access_user',
-                 'viewall_dir' => 'browse',
-                 'copy_on_empty' => [ '_password' ],
+                 'table'          => 'access_user',
+                 'viewall_dir'    => 'browse',
+                 'copy_on_empty'  => [ '_password', '_password_encoding' ],
                  'clear_on_error' => [ '_password', '_password2' ],
-                 'process_m2m' => { 'link_table'   => 'access_usergroup',
-                                    'target_table' => 'access_group',
-                                  },
-                 'precheck_callback'=> \&precheck_callback,
+                 'process_m2m'    => { 'link_table'   => 'access_usergroup',
+                                       'target_table' => 'access_group',
+                                     },
+                 'precheck_callback'        => \&precheck_callback,
+                 'post_new_object_callback' => \&post_new_object_callback,
              )
 %>
 %   }
@@ -26,11 +27,24 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) {
 
 sub precheck_callback {
   my $cgi = shift;
+
   my $o = FS::access_user->new({username => $cgi->param('username')});
   if( $o->is_system_user and !$cgi->param('usernum') ) {
     $cgi->param('username','');
     return "username '".$o->username."' reserved for system account."
   }
+
   return '';
 }
+
+sub post_new_object_callback {
+  my( $cgi, $access_user ) = @_;
+
+  if ( length($cgi->param('_password')) ) {
+    my $password = scalar($cgi->param('_password'));
+    $access_user->change_password_fields($password);
+  }
+
+}
+
 </%init>
diff --git a/httemplate/edit/process/elements/process.html b/httemplate/edit/process/elements/process.html
index fb1ee7a27..2afbdd082 100644
--- a/httemplate/edit/process/elements/process.html
+++ b/httemplate/edit/process/elements/process.html
@@ -70,6 +70,9 @@ Example:
    #return an error string or empty for no error
    'precheck_callback' => sub { my( $cgi ) = @_; },
 
+   #after the new object is created
+   'post_new_object_callback' => sub { my( $cgi, $object ) = @_; },
+
    #after everything's inserted
    'noerror_callback' => sub { my( $cgi, $object ) = @_; },
 
@@ -226,6 +229,10 @@ foreach my $value ( @values ) {
       }
     }
 
+    if ( $opt{'post_new_object_callback'} ) {
+      &{ $opt{'post_new_object_callback'} }( $cgi, $new );
+    }
+
     if ( $opt{'agent_virt'} ) {
 
       if ( ! $new->agentnum
diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html
index 242e12294..962ee51b6 100644
--- a/httemplate/pref/pref-process.html
+++ b/httemplate/pref/pref-process.html
@@ -13,35 +13,35 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) {
 }
 
 my $error = '';
-my $access_user = '';
 
-if ( grep { $cgi->param($_) !~ /^\s*$/ }
-          qw(_password new_password new_password2)
+if ( FS::Auth->auth_class->can('change_password')
+       && grep { $cgi->param($_) !~ /^\s*$/ }
+            qw(_password new_password new_password2)
    ) {
 
-  $access_user = qsearchs( 'access_user', {
-    'usernum'   => $FS::CurrentUser::CurrentUser->usernum,
-    'username'  => $FS::CurrentUser::CurrentUser->username,
-    '_password' => scalar($cgi->param('_password')),
-  } );
+  if ( $cgi->param('new_password') ne $cgi->param('new_password2') ) {
+    $error = "New passwords don't match";
 
-  $error = 'Current password incorrect; password not changed'
-    unless $access_user;
+  } elsif ( ! length($cgi->param('new_password')) ) {
+    $error = 'No new password entered';
 
-  $error ||= "New passwords don't match"
-    unless $cgi->param('new_password') eq $cgi->param('new_password2');
+  } elsif ( ! FS::Auth->authenticate( $FS::CurrentUser::CurrentUser,
+                                      scalar($cgi->param('_password')) )
+          ) {
+    $error = 'Current password incorrect; password not changed';
 
-  $error ||= "No new password entered"
-   unless length($cgi->param('new_password'));
+  } else {
 
-  $access_user->_password($cgi->param('new_password')) unless $error;
+    $error = $FS::CurrentUser::CurrentUser->change_password(
+      scalar($cgi->param('new_password'))
+    );
 
-} else {
-
-  $access_user = $FS::CurrentUser::CurrentUser;
+  }
 
 }
 
+my $access_user = $FS::CurrentUser::CurrentUser;
+
 #well, if you got your password change wrong, you don't get anything else
 #changed right now.  but it should be sticky on the form
 unless ( $error ) { # if ($access_user) {
diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html
index 9861c3f85..dc44db0b0 100644
--- a/httemplate/pref/pref.html
+++ b/httemplate/pref/pref.html
@@ -4,28 +4,30 @@
 
 <% include('/elements/error.html') %>
 
+% if ( FS::Auth->auth_class->can('change_password') ) {
 
-<% mt('Change password (leave blank for no change)') |h %>
-<% ntable("#cccccc",2) %>
+    <% mt('Change password (leave blank for no change)') |h %>
+    <% ntable("#cccccc",2) %>
 
-  <TR>
-    <TH ALIGN="right">Current password: </TH>
-    <TD><INPUT TYPE="password" NAME="_password"></TD>
-  </TR>
+      <TR>
+        <TH ALIGN="right">Current password: </TH>
+        <TD><INPUT TYPE="password" NAME="_password"></TD>
+      </TR>
 
-  <TR>
-    <TH ALIGN="right">New password: </TH>
-    <TD><INPUT TYPE="password" NAME="new_password"></TD>
-  </TR>
+      <TR>
+        <TH ALIGN="right">New password: </TH>
+        <TD><INPUT TYPE="password" NAME="new_password"></TD>
+      </TR>
 
-  <TR>
-   <TH ALIGN="right">Re-enter new password: </TH>
-   <TD><INPUT TYPE="password" NAME="new_password2"></TD>
-  </TR>
+      <TR>
+       <TH ALIGN="right">Re-enter new password: </TH>
+       <TD><INPUT TYPE="password" NAME="new_password2"></TD>
+      </TR>
 
-</TABLE>
-<BR>
+    </TABLE>
+    <BR>
 
+% }
 
 Interface
 <% ntable("#cccccc",2) %>
author	Ivan Kohler <ivan@freeside.biz>	2013-05-09 01:42:39 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2013-05-09 01:42:39 -0700
commit	120718856665ca90ad852535d1155f8ea8ecb6b6 (patch)
tree	2ac0472c1fd67ecc843619597f1cca7d8f774204 /httemplate
parent	d8843f184a7f6ee87eec99724f2d6430c1df34ea (diff)