default to a session cookie instead of setting an explicit timeout, weird timezone...

[freeside.git] / FS / FS / AuthCookieHandler.pm

diff --git a/FS/FS/AuthCookieHandler.pm b/FS/FS/AuthCookieHandler.pm
index cd89f55..b7d0dbf 100644 (file)
--- a/FS/FS/AuthCookieHandler.pm
+++ b/FS/FS/AuthCookieHandler.pm
@@ -6,29 +6,34 @@ use FS::UID qw( adminsuidsetup preuser_setup );
 use FS::CurrentUser;
 use FS::Auth;
 
+#Apache 2.2 and below
+sub useragent_ip {
+  my( $self, $r ) = @_;
+  $r->connection->remote_ip;
+}
+
 sub authen_cred {
-  my( $self, $r, $username, $password ) = @_;
+  my( $self, $r, $username, $password, $totp_code ) = @_;
 
   preuser_setup();
 
-  unless ( _is_valid_user($username, $password) ) {
-    warn "failed auth $username from ". $r->connection->remote_ip. "\n";
+  my $info = {};
+
+  unless ( FS::Auth->authenticate($username, $password, $totp_code, $info) ) {
+    warn "failed auth $username from ". $self->useragent_ip($r). "\n";
     return undef;
   }
 
-  warn "authenticated $username from ". $r->connection->remote_ip. "\n";
+  warn "authenticated $username from ". $self->useragent_ip($r). "\n";
 
-  FS::CurrentUser->load_user($username);
+  FS::CurrentUser->load_user( $username,
+                              'autocreate' => FS::Auth->auth_class->autocreate,
+                              %$info,
+                            );
 
   FS::CurrentUser->new_session;
 }
 
-sub _is_valid_user {
-  my( $username, $password ) = @_;
-
-  FS::Auth->authenticate($username, $password);
-}
-
 sub authen_ses_key {
   my( $self, $r, $sessionkey ) = @_;
 
@@ -37,7 +42,7 @@ sub authen_ses_key {
   my $curuser = FS::CurrentUser->load_user_session( $sessionkey );
 
   unless ( $curuser ) {
-    warn "bad session $sessionkey from ". $r->connection->remote_ip. "\n";
+    warn "bad session $sessionkey from ". $self->useragent_ip($r). "\n";
     return undef;
   }