diff options
| author | Mark Wells <mark@freeside.biz> | 2016-02-08 16:09:28 -0800 |
|---|---|---|
| committer | Mark Wells <mark@freeside.biz> | 2016-02-08 16:12:28 -0800 |
| commit | 9d0796956b83a47a3258e1d388289f6b59f7444d (patch) | |
| tree | cef512da8a675a2c80995890c2685922ddcdbec7 /httemplate | |
| parent | 4d7a5f06cbab1f4f9614d9915641557f4edad1cf (diff) | |
make password-insecure option work when adding a new svc_acct, #40236
Diffstat (limited to 'httemplate')
| -rwxr-xr-x | httemplate/edit/svc_acct.cgi | 7 | ||||
| -rw-r--r-- | httemplate/elements/validate_password.html | 10 | ||||
| -rw-r--r-- | httemplate/misc/xmlhttp-validate_password.html | 25 |
3 files changed, 26 insertions, 16 deletions
diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index ca26c6cf0..33231adeb 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -52,9 +52,10 @@ <INPUT TYPE="text" ID="clear_password" NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>> <& /elements/random_pass.html, 'clear_password' &><BR> <DIV ID="clear_password_result" STYLE="font-size: smaller"></DIV> - <& '/elements/validate_password.html', - 'fieldid' => 'clear_password', - 'svcnum' => $svcnum + <& /elements/validate_password.html, + 'fieldid' => 'clear_password', + 'svcnum' => $svcnum , + 'pkgnum' => $pkgnum, &> </TD> </TR> diff --git a/httemplate/elements/validate_password.html b/httemplate/elements/validate_password.html index a488c4f16..f067ad8fc 100644 --- a/httemplate/elements/validate_password.html +++ b/httemplate/elements/validate_password.html @@ -5,8 +5,9 @@ To validate passwords via javascript/xmlhttp: <INPUT ID="password_field" TYPE="text"> <DIV ID="password_field_result"> <& '/elements/validate_password.html', - fieldid => 'password_field', - svcnum => $svcnum + fieldid => 'password_field', + svcnum => $svcnum, + pkgnum => $pkgnum, # used if the service doesn't exist yet &> The ID of the input field can be anything; the ID of the DIV in which to display results @@ -27,7 +28,10 @@ function add_password_validation (fieldid) { var resultfield = document.getElementById(fieldid); if (this.value) { resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>'; - validate_password('fieldid',fieldid,'svcnum','<% $opt{'svcnum'} %>','password',this.value, + validate_password('fieldid',fieldid, + 'svcnum',<% $opt{'svcnum'} |js_string %>, + 'pkgnum',<% $opt{'pkgnum'} |js_string %>, + 'password',this.value, function (result) { result = JSON.parse(result); var resultfield = document.getElementById(result.fieldid); diff --git a/httemplate/misc/xmlhttp-validate_password.html b/httemplate/misc/xmlhttp-validate_password.html index 28dbf6460..1efb4aaa3 100644 --- a/httemplate/misc/xmlhttp-validate_password.html +++ b/httemplate/misc/xmlhttp-validate_password.html @@ -1,13 +1,14 @@ <%doc> -Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is only -acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise create an -empty dummy svc_acct) and 'fieldid' (for html post-processing, passed along in -results for convenience.) - -Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is valid), -'error' (error text if password is invalid) or 'syserror' (error text if password -could not be validated.) Only one of these keys will be set. Will also set -'fieldid' if it was passed. +Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is +only acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise +create an empty dummy svc_acct), 'pkgnum' (for when the svc_acct isn't yet +inserted), and 'fieldid' (for html post-processing, passed along in results +for convenience.) + +Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is +valid), 'error' (error text if password is invalid) or 'syserror' (error text +if password could not be validated.) Only one of these keys will be set. +Will also set 'fieldid' if it was passed. </%doc> <% encode_json($result) %> @@ -32,9 +33,13 @@ my $validate_password = sub { $result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/; return \%result if $result{'syserror'}; + my $pkgnum = $arg{'pkgnum'}; + $result{'syserror'} = 'Invalid pkgnum' unless $pkgnum =~ /^\d*$/; + return \%result if $result{'syserror'}; + my $svc_acct = $svcnum ? qsearchs('svc_acct',{'svcnum' => $svcnum}) - : (new FS::svc_acct {}); + : FS::svc_acct->new({ 'pkgnum' => $pkgnum }); $result{'syserror'} = 'Could not find service' unless $svc_acct; return \%result if $result{'syserror'}; |