1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
package FS::password_history;
use base qw( FS::Record );
use strict;
use FS::Record qw( qsearch qsearchs );
use Authen::Passphrase;
# the only bit of autogenerated magic in here
our @foreign_keys;
FS::UID->install_callback(sub {
@foreign_keys = grep /__/, __PACKAGE__->dbdef_table->columns;
});
=head1 NAME
FS::password_history - Object methods for password_history records
=head1 SYNOPSIS
use FS::password_history;
$record = new FS::password_history \%hash;
$record = new FS::password_history { 'column' => 'value' };
$error = $record->insert;
$error = $new_record->replace($old_record);
$error = $record->delete;
$error = $record->check;
=head1 DESCRIPTION
An FS::password_history object represents a current or past password used
by a login account, employee, or other account managed within Freeside.
FS::password_history inherits from FS::Record. The following fields are
currently supported:
=over 4
=item passwordnum - primary key
=item _password - the encrypted password, as an RFC2307-style string
("{CRYPT}$2a$08$..." or "{MD5}1ab201f..." or similar). This is a serialized
L<Authen::Passphrase> object.
=item created - the date the password was set to this value. The record with
the most recent created time is the current password.
=back
Plus one of the following foreign keys:
=over 4
=item svc_acct__svcnum
=item svc_dsl__svcnum
=item svc_alarm__svcnum
=item agent__agentnum
=item contact__contactnum
=item access_user__usernum
=back
=head1 METHODS
=over 4
=item new HASHREF
Creates a new password history record. To add the record to the database,
see L<"insert">.
=cut
sub table { 'password_history'; }
=item insert
=item delete
=item replace OLD_RECORD
=item check
Checks all fields to make sure this is a valid password history record. If
there is an error, returns the error, otherwise returns false. Called by the
insert and replace methods.
=cut
sub check {
my $self = shift;
my $error =
$self->ut_numbern('passwordnum')
|| $self->ut_anything('_password')
|| $self->ut_numbern('create')
|| $self->ut_numbern('create')
;
return $error if $error;
# FKs are mutually exclusive
my $fk_in_use;
foreach my $fk ( @foreign_keys ) {
if ( $self->get($fk) ) {
$self->ut_numbern($fk);
return "multiple records linked to this password_history" if $fk_in_use;
$fk_in_use = $fk;
}
}
$self->SUPER::check;
}
=item linked_acct
Returns the object that's using this password.
=cut
sub linked_acct {
my $self = shift;
foreach my $fk ( @foreign_keys ) {
if ( my $val = $self->get($fk) ) {
my ($table, $key) = split(/__/, $fk);
return qsearchs($table, { $key => $val });
}
}
}
=item password_equals PASSWORD
Returns true if PASSWORD (plaintext) is the same as the one stored in the
history record, false if not.
=cut
sub password_equals {
my ($self, $check_password) = @_;
# _password here is always LDAP-style.
try {
my $auth = Authen::Passphrase->from_rfc2307($self->_password);
return $auth->match($check_password);
} catch {
# if there's somehow bad data in the _password field, then it doesn't
# match anything. much better than having it match _everything_.
warn "password_history #" . $self->passwordnum . ": $_";
return '';
}
}
sub _upgrade_schema {
my $class = shift;
# if the table doesn't exist yet then nothing needs to happen here
my $dbdef_table = $class->dbdef_table
or return;
# clean up history records where linked_acct has gone away
my @where;
for my $fk ( grep /__/, $dbdef_table->columns ) {
my ($table, $key) = split(/__/, $fk);
push @where, "
( $fk IS NOT NULL AND NOT EXISTS(SELECT 1 FROM $table WHERE $table.$key = $fk) )";
}
return '' unless @where;
my @recs = qsearch({
'table' => 'password_history',
'extra_sql' => ' WHERE ' . join(' AND ', @where),
});
my $error;
if (@recs) {
warn "Removing unattached password_history records (".scalar(@recs).").\n";
foreach my $password_history (@recs) {
$error = $password_history->delete;
die $error if $error;
}
}
'';
}
=back
=head1 BUGS
=head1 SEE ALSO
L<FS::Record>
=cut
1;
|
