projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
default to a session cookie instead of setting an explicit timeout, weird timezone...
[freeside.git]
/
FS
/
FS
/
Auth
/
internal.pm
diff --git
a/FS/FS/Auth/internal.pm
b/FS/FS/Auth/internal.pm
index
f6d1a00
..
92dff03
100644
(file)
--- a/
FS/FS/Auth/internal.pm
+++ b/
FS/FS/Auth/internal.pm
@@
-7,7
+7,7
@@
use FS::Record qw( qsearchs );
use FS::access_user;
sub authenticate {
use FS::access_user;
sub authenticate {
- my($self, $username, $check_password ) = @_;
+ my($self, $username, $check_password
, $totp_code
) = @_;
my $access_user =
ref($username) ? $username
my $access_user =
ref($username) ? $username
@@
-17,6
+17,7
@@
sub authenticate {
)
or return 0;
)
or return 0;
+ my $pw_check;
if ( $access_user->_password_encoding eq 'bcrypt' ) {
my( $cost, $salt, $hash ) = split(',', $access_user->_password);
if ( $access_user->_password_encoding eq 'bcrypt' ) {
my( $cost, $salt, $hash ) = split(',', $access_user->_password);
@@
-29,17
+30,21
@@
sub authenticate {
)
);
)
);
- $hash eq $check_hash;
+ $
pw_check = $
hash eq $check_hash;
- } else {
+ } else {
return 0 if $access_user->_password eq 'notyet'
|| $access_user->_password eq '';
return 0 if $access_user->_password eq 'notyet'
|| $access_user->_password eq '';
- $access_user->_password eq $check_password;
+ $
pw_check = $
access_user->_password eq $check_password;
}
}
+ return $pw_check if ! $pw_check || ! length($access_user->totp_secret32);
+
+ #2fa
+ $access_user->google_auth->verify( $totp_code, 1 );
}
sub autocreate { 0; }
}
sub autocreate { 0; }
@@
-47,6
+52,11
@@
sub autocreate { 0; }
sub change_password {
my($self, $access_user, $new_password) = @_;
sub change_password {
my($self, $access_user, $new_password) = @_;
+ # do nothing if the password is unchanged
+ #XXX breaks password changes in employee edit ($access_user object already
+ # has new [plaintext] password)
+ #return if $self->authenticate( $access_user, $new_password );
+
$self->change_password_fields( $access_user, $new_password );
$access_user->replace;
$self->change_password_fields( $access_user, $new_password );
$access_user->replace;