From c25351c22e3d5018a3afe1ecc2973d0aee6997a5 Mon Sep 17 00:00:00 2001 From: Mark Wells Date: Fri, 20 Nov 2015 14:52:24 -0800 Subject: [PATCH] password policy enforcement for svc_dsl, #32456 --- FS/FS/Password_Mixin.pm | 4 ++- FS/FS/svc_dsl.pm | 58 +++++++++++++++++++++++++++++++++--- httemplate/edit/process/svc_dsl.html | 15 ++++++++++ 3 files changed, 72 insertions(+), 5 deletions(-) diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm index 9d5421bfa..393b41629 100644 --- a/FS/FS/Password_Mixin.pm +++ b/FS/FS/Password_Mixin.pm @@ -128,7 +128,9 @@ sub insert_password_history { $auth = $self->_blowfishcrypt( $auth->passphrase ); } - } elsif ( $encoding eq 'plain' ) { + } else { + warn "unrecognized password encoding '$encoding'; treating as plain text" + unless $encoding eq 'plain'; $auth = $self->_blowfishcrypt( $password ); diff --git a/FS/FS/svc_dsl.pm b/FS/FS/svc_dsl.pm index 8c47f8887..12e68411b 100644 --- a/FS/FS/svc_dsl.pm +++ b/FS/FS/svc_dsl.pm @@ -1,14 +1,16 @@ package FS::svc_dsl; +use base qw(FS::Password_Mixin + FS::svc_Common); use strict; -use vars qw( @ISA $conf $DEBUG $me ); -use FS::Record qw( qsearch qsearchs ); +use vars qw( $conf $DEBUG $me ); +use FS::UID; +use FS::Record qw( qsearch qsearchs dbh ); use FS::svc_Common; use FS::dsl_device; use FS::dsl_note; use FS::qual; -@ISA = qw( FS::svc_Common ); $DEBUG = 0; $me = '[FS::svc_dsl]'; @@ -211,7 +213,25 @@ otherwise returns false. =cut -# the insert method can be inherited from FS::Record +sub insert { + my $self = shift; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $self->SUPER::insert(@_); + if ( length($self->password) ) { + $error ||= $self->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} =item delete @@ -228,6 +248,27 @@ returns the error, otherwise returns false. =cut +sub replace { + my $new = shift; + my $old = shift || $new->replace_old; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $new->SUPER::replace($old, @_); + if ( $old->password ne $new->password ) { + $error ||= $new->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} + # the replace method can be inherited from FS::Record =item check @@ -322,6 +363,15 @@ sub predelete_hook { ''; } +# password_history compatibility + +sub _password { + my $self = shift; + $self->get('password'); +} + +sub _password_encoding { 'plain'; } + =back =head1 SEE ALSO diff --git a/httemplate/edit/process/svc_dsl.html b/httemplate/edit/process/svc_dsl.html index 627329a00..889366e07 100644 --- a/httemplate/edit/process/svc_dsl.html +++ b/httemplate/edit/process/svc_dsl.html @@ -1,5 +1,6 @@ <% include( 'elements/svc_Common.html', 'table' => 'svc_dsl', + 'precheck_callback' => $precheck_callback, ) %> <%init> @@ -7,4 +8,18 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? +my $precheck_callback = sub { + my $cgi = shift; + my $svcnum = $cgi->param('svcnum'); + my $error = ''; + if ( $svcnum ) { + my $old = FS::svc_dsl->by_key($svcnum); + my $newpass = $cgi->param('password'); + if ( $old and $newpass ne $old->password ) { + $error ||= $old->is_password_allowed($newpass); + } + } + $error; +}; + -- 2.11.0