- Logout page -

From 3ff1fb4e10fdaef86527c10bd416e988d2a62a49 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Fri, 5 Apr 2013 01:03:44 -0700 Subject: login/login pages and cookie/session-based auth --- httemplate/autohandler | 2 +- httemplate/elements/header.html | 33 ++++++++------------ httemplate/elements/logout.html | 44 -------------------------- httemplate/loginout/login.html | 68 +++++++++++++++++++++++++++++++++++++++++ httemplate/loginout/logout.html | 28 ++++++----------- 5 files changed, 92 insertions(+), 83 deletions(-) delete mode 100644 httemplate/elements/logout.html create mode 100644 httemplate/loginout/login.html (limited to 'httemplate') diff --git a/httemplate/autohandler b/httemplate/autohandler index c326e3e18..b5b1071c1 100644 --- a/httemplate/autohandler +++ b/httemplate/autohandler @@ -46,5 +46,5 @@ if ( UNIVERSAL::can(dbh, 'sprintProfile') ) { <%cleanup> - dbh->commit(); + dbh->commit() if dbh; diff --git a/httemplate/elements/header.html b/httemplate/elements/header.html index c6ad3c387..4f5015e7a 100644 --- a/httemplate/elements/header.html +++ b/httemplate/elements/header.html @@ -2,18 +2,18 @@ Example: - include( '/elements/header.html', - { - 'title' => 'Title', - 'menubar' => \@menubar, - 'etc' => '', #included in tag, for things like onLoad= - 'head' => '', #included before closing tag - 'nobr' => 0, #1 for no

after the title - } - ); - - #old-style - include( '/elements/header.html', 'Title', $menubar, $etc, $head); + <& /elements/header.html', + { + 'title' => 'Title', + 'menubar' => \@menubar, + 'etc' => '', #included in tag, for things like onLoad= + 'head' => '', #included before closing tag + 'nobr' => 0, #1 for no

after the title + } + &> + + %#old-style + <& /elements/header.html, 'Title', $menubar, $etc, $head &> @@ -41,13 +41,6 @@ Example: <% include('init_overlib.html') |n %> <% include('rs_init_object.html') |n %> - <% include('logout.html') |n %> -% my $timeout = $conf->config('logout-timeout'); -% if ( $timeout && $timeout =~ /^\s*\d+\s*$/ ) { - -% } <% $head |n %> @@ -59,7 +52,7 @@ Example: <% $company_name || 'ExampleCo' %> - Logged in as <% getotaker %> logout
Preferences + Logged in as <% getotaker %> logout
Preferences % if ( $conf->config("ticket_system") % && FS::TicketSystem->access_right(\%session, 'ModifySelf') ) { | Ticketing preferences diff --git a/httemplate/elements/logout.html b/httemplate/elements/logout.html deleted file mode 100644 index 313dbfaf1..000000000 --- a/httemplate/elements/logout.html +++ /dev/null @@ -1,44 +0,0 @@ -<%doc> - -Example: - - include( '/elements/logout.html'); - This is the logout link. - - - diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html new file mode 100644 index 000000000..e5b45893b --- /dev/null +++ b/httemplate/loginout/login.html @@ -0,0 +1,68 @@ +<& /elements/header-minimal.html, 'Login' &> + + + + +
+ Login +

+ +% if ( $error ) { + <% $error |h %> +

+% } + +%# + + + + +<%init> + +my %error = ( + 'no_cookie' => '', #First login, don't display an error + 'bad_cookie' => 'Bad Cookie', #timed out? server reboot? + 'bad_credentials' => 'Incorrect username / password', + 'logout' => 'You have been logged out.', +); + +my $url_string = CGI->new->url; + +my $error = $cgi->param('logout') || $r->prev->subprocess_env("AuthCookieReason"); +$error = exists($error{$error}) ? $error{$error} : $error; + +#fake a freeside path for /login so we get our .css. shrug +$url_string =~ s/login$/freeside\/login/ unless $url_string =~ /freeside\//; + +#even though this is kludgy and false laziness w/CGI.pm + $url_string =~ s{ / index\.html /? $ } + {/}x; + $url_string =~ + s{ + /(login|loginout) + ([\w\-\.\/]*) + $ + } + {}ix; + + $url_string .= '/' unless $url_string =~ /\/$/; + + diff --git a/httemplate/loginout/logout.html b/httemplate/loginout/logout.html index d8e1c634a..33b87feb0 100644 --- a/httemplate/loginout/logout.html +++ b/httemplate/loginout/logout.html @@ -1,18 +1,10 @@ - - - - - Logout page - - - -

- - You have logged out. - -

- - You can log in again. - - - +<% $cgi->redirect($fsurl.'?logout=logout') %> +<%init> + +my $auth_type = $r->auth_type; + +# Delete the cookie, etc. +$auth_type->logout($r); +#XXX etc: should delete the server-side session + + -- cgit v1.2.1 From e62544064299324ab04abae64cc33afef12a24aa Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Mon, 6 May 2013 21:31:04 -0700 Subject: NG auth: use database session keys, RT#21563 --- httemplate/loginout/login.html | 34 +++++++++++++++++++--------------- httemplate/loginout/logout.html | 11 +++++++---- 2 files changed, 26 insertions(+), 19 deletions(-) (limited to 'httemplate') diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html index e5b45893b..a67ea4b58 100644 --- a/httemplate/loginout/login.html +++ b/httemplate/loginout/login.html @@ -39,30 +39,34 @@ my %error = ( 'no_cookie' => '', #First login, don't display an error - 'bad_cookie' => 'Bad Cookie', #timed out? server reboot? + 'bad_cookie' => 'Bad Cookie', #timed out? 'bad_credentials' => 'Incorrect username / password', - 'logout' => 'You have been logged out.', + #'logout' => 'You have been logged out.', ); -my $url_string = CGI->new->url; +my $error = # $cgi->param('logout') || + $r->prev->subprocess_env("AuthCookieReason"); -my $error = $cgi->param('logout') || $r->prev->subprocess_env("AuthCookieReason"); $error = exists($error{$error}) ? $error{$error} : $error; + +#my $url_string = CGI->new->url; +my $url_string = $cgi->url; + #fake a freeside path for /login so we get our .css. shrug $url_string =~ s/login$/freeside\/login/ unless $url_string =~ /freeside\//; #even though this is kludgy and false laziness w/CGI.pm - $url_string =~ s{ / index\.html /? $ } - {/}x; - $url_string =~ - s{ - /(login|loginout) - ([\w\-\.\/]*) - $ - } - {}ix; - - $url_string .= '/' unless $url_string =~ /\/$/; +$url_string =~ s{ / index\.html /? $ } + {/}x; +$url_string =~ + s{ + /(login|loginout) + ([\w\-\.\/]*) + $ + } + {}ix; + +$url_string .= '/' unless $url_string =~ /\/$/; diff --git a/httemplate/loginout/logout.html b/httemplate/loginout/logout.html index 33b87feb0..5626aa4a1 100644 --- a/httemplate/loginout/logout.html +++ b/httemplate/loginout/logout.html @@ -1,10 +1,13 @@ -<% $cgi->redirect($fsurl.'?logout=logout') %> +<% $cgi->redirect($redirect) %> <%init> -my $auth_type = $r->auth_type; +# Delete the server-side session +$FS::CurrentUser::CurrentSession->logout; -# Delete the cookie, etc. +# Delete the browser cookie, etc. +my $auth_type = $r->auth_type; $auth_type->logout($r); -#XXX etc: should delete the server-side session + +my $redirect = $fsurl; #.'?logout=logout'; -- cgit v1.2.1 From 5c898c621e1343f8c116a75ca3131eb78229e09b Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Mon, 6 May 2013 22:20:40 -0700 Subject: fix login css for all paths, RT#21563 --- httemplate/loginout/login.html | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'httemplate') diff --git a/httemplate/loginout/login.html b/httemplate/loginout/login.html index a67ea4b58..d06d0a8fc 100644 --- a/httemplate/loginout/login.html +++ b/httemplate/loginout/login.html @@ -50,8 +50,7 @@ my $error = # $cgi->param('logout') || $error = exists($error{$error}) ? $error{$error} : $error; -#my $url_string = CGI->new->url; -my $url_string = $cgi->url; +my $url_string = $r->uri; #fake a freeside path for /login so we get our .css. shrug $url_string =~ s/login$/freeside\/login/ unless $url_string =~ /freeside\//; -- cgit v1.2.1 From 9d35792778885932c09102bd011b518eb47c5131 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Mon, 6 May 2013 23:13:11 -0700 Subject: NG auth: fix new customer, remove mapsecrets support, RT#21563 --- httemplate/edit/cust_credit.cgi | 2 -- httemplate/edit/cust_main.cgi | 1 - httemplate/edit/elements/ApplicationCommon.html | 2 -- httemplate/edit/svc_acct.cgi | 2 -- httemplate/edit/svc_cert.cgi | 2 -- httemplate/edit/svc_domain.cgi | 2 -- httemplate/elements/header.html | 2 +- httemplate/index.html | 2 +- httemplate/pref/pref-process.html | 3 ++- httemplate/pref/pref.html | 2 +- 10 files changed, 5 insertions(+), 15 deletions(-) (limited to 'httemplate') diff --git a/httemplate/edit/cust_credit.cgi b/httemplate/edit/cust_credit.cgi index 4dba1e769..09300c629 100755 --- a/httemplate/edit/cust_credit.cgi +++ b/httemplate/edit/cust_credit.cgi @@ -8,7 +8,6 @@ - <% ntable("#cccccc", 2) %> @@ -74,7 +73,6 @@ die "access denied" my $custnum = $cgi->param('custnum'); my $amount = $cgi->param('amount'); my $_date = time; -my $otaker = getotaker; my $p1 = popurl(1); diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi index 2908848c6..d597d0bc2 100755 --- a/httemplate/edit/cust_main.cgi +++ b/httemplate/edit/cust_main.cgi @@ -299,7 +299,6 @@ if ( $cgi->param('error') ) { $cust_main = new FS::cust_main ( {} ); $cust_main->agentnum( $conf->config('default_agentnum') ) if $conf->exists('default_agentnum'); - $cust_main->otaker( &getotaker ); $cust_main->referral_custnum( $cgi->param('referral_custnum') ); @invoicing_list = (); push @invoicing_list, 'POST' diff --git a/httemplate/edit/elements/ApplicationCommon.html b/httemplate/edit/elements/ApplicationCommon.html index 7b1050ade..acc3368b8 100644 --- a/httemplate/edit/elements/ApplicationCommon.html +++ b/httemplate/edit/elements/ApplicationCommon.html @@ -441,8 +441,6 @@ if ( $cgi->param('error') ) { $dst_pkeyvalue = ''; } -my $otaker = getotaker; - my $p1 = popurl(1); my $src = qsearchs($src_table, { $src_pkey => $src_pkeyvalue } ); diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index 627791ba7..574fb51eb 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -482,8 +482,6 @@ my $action = $svcnum ? 'Edit' : 'Add'; my $svc = $part_svc->getfield('svc'); -my $otaker = getotaker; - my $username = $svc_acct->username; my $password = ''; diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi index 93194228e..dc2cc3200 100644 --- a/httemplate/edit/svc_cert.cgi +++ b/httemplate/edit/svc_cert.cgi @@ -185,8 +185,6 @@ my $action = $svcnum ? 'Edit' : 'Add'; my $svc = $part_svc->getfield('svc'); -#my $otaker = getotaker; - my $p1 = popurl(1); my $link_query = "?svcnum=$svcnum;pkgnum=$pkgnum;svcpart=$svcpart"; diff --git a/httemplate/edit/svc_domain.cgi b/httemplate/edit/svc_domain.cgi index c3307fa8c..417b1b4c5 100755 --- a/httemplate/edit/svc_domain.cgi +++ b/httemplate/edit/svc_domain.cgi @@ -148,8 +148,6 @@ my $export = $exports[0]; # If we have a domain registration export, get the registrar object my $registrar = $export ? $export->registrar : ''; -my $otaker = getotaker; - my $domain = $svc_domain->domain; my $p1 = popurl(1); diff --git a/httemplate/elements/header.html b/httemplate/elements/header.html index 4f5015e7a..7a7dc088d 100644 --- a/httemplate/elements/header.html +++ b/httemplate/elements/header.html @@ -52,7 +52,7 @@ Example: <% $company_name || 'ExampleCo' %> - Logged in as <% getotaker %> logout
Preferences + Logged in as <% $FS::CurrentUser::CurrentUser->username |h %> logout
Preferences % if ( $conf->config("ticket_system") % && FS::TicketSystem->access_right(\%session, 'ModifySelf') ) { | Ticketing preferences diff --git a/httemplate/index.html b/httemplate/index.html index bc51e6a52..d563fa0b2 100644 --- a/httemplate/index.html +++ b/httemplate/index.html @@ -21,7 +21,7 @@ % ORDER BY history_date desc" # LIMIT 10 % ) or die dbh->errstr; % -% $sth->execute( getotaker() ) or die $sth->errstr; +% $sth->execute( $FS::CurrentUser::CurrentUser->username ) or die $sth->errstr; % % my %saw = (); % my @custnums = grep { !$saw{$_}++ } map $_->[0], @{ $sth->fetchall_arrayref }; diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 6b94f7175..242e12294 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -20,7 +20,8 @@ if ( grep { $cgi->param($_) !~ /^\s*$/ } ) { $access_user = qsearchs( 'access_user', { - 'username' => getotaker, + 'usernum' => $FS::CurrentUser::CurrentUser->usernum, + 'username' => $FS::CurrentUser::CurrentUser->username, '_password' => scalar($cgi->param('_password')), } ); diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 5babb0181..9861c3f85 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -1,4 +1,4 @@ -<% include('/elements/header.html', 'Preferences for '. getotaker ) %> +<% include('/elements/header.html', 'Preferences for '. $FS::CurrentUser::CurrentUser->username ) %>

-- cgit v1.2.1 From 120718856665ca90ad852535d1155f8ea8ecb6b6 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Thu, 9 May 2013 01:42:39 -0700 Subject: NG auth: pw changes, RT#21563 --- httemplate/edit/access_user.html | 10 ++++++-- httemplate/edit/process/access_user.html | 28 +++++++++++++++------ httemplate/edit/process/elements/process.html | 7 ++++++ httemplate/pref/pref-process.html | 36 +++++++++++++-------------- httemplate/pref/pref.html | 34 +++++++++++++------------ 5 files changed, 72 insertions(+), 43 deletions(-) (limited to 'httemplate') diff --git a/httemplate/edit/access_user.html b/httemplate/edit/access_user.html index 86ce25374..b087943c2 100644 --- a/httemplate/edit/access_user.html +++ b/httemplate/edit/access_user.html @@ -3,8 +3,7 @@ 'table' => 'access_user', 'fields' => [ 'username', - { field=>'_password', type=>'password' }, - { field=>'_password2', type=>'password' }, + @pw_fields, 'last', 'first', { field=>'user_custnum', type=>'search-cust_main', }, @@ -50,6 +49,13 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +my @pw_fields = + FS::Auth->auth_class->can('change_password') + ? ( { field=>'_password', type=>'password' }, + { field=>'_password2', type=>'password' }, + ) + : (); + my $check_user_custnum_search = < function check_user_custnum_search(what) { diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html index 8e7e70a06..7fc7c25e1 100644 --- a/httemplate/edit/process/access_user.html +++ b/httemplate/edit/process/access_user.html @@ -3,14 +3,15 @@ % print $cgi->redirect(popurl(2) . "access_user.html?" . $cgi->query_string); % } else { <% include( 'elements/process.html', - 'table' => 'access_user', - 'viewall_dir' => 'browse', - 'copy_on_empty' => [ '_password' ], + 'table' => 'access_user', + 'viewall_dir' => 'browse', + 'copy_on_empty' => [ '_password', '_password_encoding' ], 'clear_on_error' => [ '_password', '_password2' ], - 'process_m2m' => { 'link_table' => 'access_usergroup', - 'target_table' => 'access_group', - }, - 'precheck_callback'=> \&precheck_callback, + 'process_m2m' => { 'link_table' => 'access_usergroup', + 'target_table' => 'access_group', + }, + 'precheck_callback' => \&precheck_callback, + 'post_new_object_callback' => \&post_new_object_callback, ) %> % } @@ -26,11 +27,24 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) { sub precheck_callback { my $cgi = shift; + my $o = FS::access_user->new({username => $cgi->param('username')}); if( $o->is_system_user and !$cgi->param('usernum') ) { $cgi->param('username',''); return "username '".$o->username."' reserved for system account." } + return ''; } + +sub post_new_object_callback { + my( $cgi, $access_user ) = @_; + + if ( length($cgi->param('_password')) ) { + my $password = scalar($cgi->param('_password')); + $access_user->change_password_fields($password); + } + +} + diff --git a/httemplate/edit/process/elements/process.html b/httemplate/edit/process/elements/process.html index fb1ee7a27..2afbdd082 100644 --- a/httemplate/edit/process/elements/process.html +++ b/httemplate/edit/process/elements/process.html @@ -70,6 +70,9 @@ Example: #return an error string or empty for no error 'precheck_callback' => sub { my( $cgi ) = @_; }, + #after the new object is created + 'post_new_object_callback' => sub { my( $cgi, $object ) = @_; }, + #after everything's inserted 'noerror_callback' => sub { my( $cgi, $object ) = @_; }, @@ -226,6 +229,10 @@ foreach my $value ( @values ) { } } + if ( $opt{'post_new_object_callback'} ) { + &{ $opt{'post_new_object_callback'} }( $cgi, $new ); + } + if ( $opt{'agent_virt'} ) { if ( ! $new->agentnum diff --git a/httemplate/pref/pref-process.html b/httemplate/pref/pref-process.html index 242e12294..962ee51b6 100644 --- a/httemplate/pref/pref-process.html +++ b/httemplate/pref/pref-process.html @@ -13,35 +13,35 @@ if ( FS::Conf->new->exists('disable_acl_changes') ) { } my $error = ''; -my $access_user = ''; -if ( grep { $cgi->param($_) !~ /^\s*$/ } - qw(_password new_password new_password2) +if ( FS::Auth->auth_class->can('change_password') + && grep { $cgi->param($_) !~ /^\s*$/ } + qw(_password new_password new_password2) ) { - $access_user = qsearchs( 'access_user', { - 'usernum' => $FS::CurrentUser::CurrentUser->usernum, - 'username' => $FS::CurrentUser::CurrentUser->username, - '_password' => scalar($cgi->param('_password')), - } ); + if ( $cgi->param('new_password') ne $cgi->param('new_password2') ) { + $error = "New passwords don't match"; - $error = 'Current password incorrect; password not changed' - unless $access_user; + } elsif ( ! length($cgi->param('new_password')) ) { + $error = 'No new password entered'; - $error ||= "New passwords don't match" - unless $cgi->param('new_password') eq $cgi->param('new_password2'); + } elsif ( ! FS::Auth->authenticate( $FS::CurrentUser::CurrentUser, + scalar($cgi->param('_password')) ) + ) { + $error = 'Current password incorrect; password not changed'; - $error ||= "No new password entered" - unless length($cgi->param('new_password')); + } else { - $access_user->_password($cgi->param('new_password')) unless $error; + $error = $FS::CurrentUser::CurrentUser->change_password( + scalar($cgi->param('new_password')) + ); -} else { - - $access_user = $FS::CurrentUser::CurrentUser; + } } +my $access_user = $FS::CurrentUser::CurrentUser; + #well, if you got your password change wrong, you don't get anything else #changed right now. but it should be sticky on the form unless ( $error ) { # if ($access_user) { diff --git a/httemplate/pref/pref.html b/httemplate/pref/pref.html index 9861c3f85..dc44db0b0 100644 --- a/httemplate/pref/pref.html +++ b/httemplate/pref/pref.html @@ -4,28 +4,30 @@ <% include('/elements/error.html') %> +% if ( FS::Auth->auth_class->can('change_password') ) { -<% mt('Change password (leave blank for no change)') |h %> -<% ntable("#cccccc",2) %> + <% mt('Change password (leave blank for no change)') |h %> + <% ntable("#cccccc",2) %> - - Current password: - - + + Current password: + + - - New password: - - + + New password: + + - - Re-enter new password: - - + + Re-enter new password: + + - -
+ +
+% } Interface <% ntable("#cccccc",2) %> -- cgit v1.2.1 From 076ddfe0b0e764636e8389edebaedddef0fbf003 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Thu, 9 May 2013 01:44:00 -0700 Subject: NG auth: pw changes, RT#21563 --- httemplate/edit/process/elements/process.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'httemplate') diff --git a/httemplate/edit/process/elements/process.html b/httemplate/edit/process/elements/process.html index 2afbdd082..0439d4e9c 100644 --- a/httemplate/edit/process/elements/process.html +++ b/httemplate/edit/process/elements/process.html @@ -204,7 +204,7 @@ my %hash = my @values = ( 1 ); if ( $bfield ) { @values = $cgi->param($bfield); - warn join(',', @values); + #warn join(',', @values); } my $new; -- cgit v1.2.1

Username:
Password: