blob: 1efb4aaa3a0c276f9dbe94f1fdbcf467e16dc424 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
<%doc>
Requires cgi params 'password' (plaintext) and 'sub' ('validate_password' is
only acceptable value.) Also accepts 'svcnum' (for svc_acct, will otherwise
create an empty dummy svc_acct), 'pkgnum' (for when the svc_acct isn't yet
inserted), and 'fieldid' (for html post-processing, passed along in results
for convenience.)
Returns a json-encoded hashref with keys of 'valid' (set to 1 if object is
valid), 'error' (error text if password is invalid) or 'syserror' (error text
if password could not be validated.) Only one of these keys will be set.
Will also set 'fieldid' if it was passed.
</%doc>
<% encode_json($result) %>
<%init>
my $validate_password = sub {
my %arg = $cgi->param('arg');
my %result;
$result{'fieldid'} = $arg{'fieldid'}
if $arg{'fieldid'} =~ /^\w+$/;
$result{'syserror'} = 'Request is not POST' unless $cgi->request_method eq 'POST';
return \%result if $result{'syserror'};
my $password = $arg{'password'};
$result{'syserror'} = 'Invoked without password' unless $password;
return \%result if $result{'syserror'};
my $svcnum = $arg{'svcnum'};
$result{'syserror'} = 'Invalid svcnum' unless $svcnum =~ /^\d*$/;
return \%result if $result{'syserror'};
my $pkgnum = $arg{'pkgnum'};
$result{'syserror'} = 'Invalid pkgnum' unless $pkgnum =~ /^\d*$/;
return \%result if $result{'syserror'};
my $svc_acct = $svcnum
? qsearchs('svc_acct',{'svcnum' => $svcnum})
: FS::svc_acct->new({ 'pkgnum' => $pkgnum });
$result{'syserror'} = 'Could not find service' unless $svc_acct;
return \%result if $result{'syserror'};
$result{'error'} = $svc_acct->is_password_allowed($password);
$result{'valid'} = 1 unless $result{'error'};
return \%result;
};
my $result = ($cgi->param('sub') eq 'validate_password')
? &$validate_password()
: { 'syserror' => 'Invalid sub' };
</%init>
|
