projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f0cf935
)
RT#42235: Strict password requirments are not disabled for signup portal [respects...
author
Jonathan Prykop
<jonathan@freeside.biz>
Thu, 28 Apr 2016 22:18:13 +0000
(17:18 -0500)
committer
Jonathan Prykop
<jonathan@freeside.biz>
Thu, 28 Apr 2016 22:18:13 +0000
(17:18 -0500)
FS/FS/ClientAPI/MyAccount.pm
patch
|
blob
|
history
FS/FS/ClientAPI/Signup.pm
patch
|
blob
|
history
FS/FS/Password_Mixin.pm
patch
|
blob
|
history
fs_selfservice/FS-SelfService/cgi/add_password_validation.js
patch
|
blob
|
history
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
patch
|
blob
|
history
diff --git
a/FS/FS/ClientAPI/MyAccount.pm
b/FS/FS/ClientAPI/MyAccount.pm
index
5b2421b
..
9564e9c
100644
(file)
--- a/
FS/FS/ClientAPI/MyAccount.pm
+++ b/
FS/FS/ClientAPI/MyAccount.pm
@@
-3282,6
+3282,13
@@
sub validate_passwd {
# end false laziness
}
# end false laziness
}
+ unless ($svc_acct) {
+ my $conf = new FS::Conf;
+ my $agentnum = $p->{'agentnum'};
+ return { %result, 'password_valid' => 1 }
+ if $conf->config_bool('password-insecure', $p->{'agentnum'});
+ }
+
$svc_acct ||= new FS::svc_acct {};
my $error = $svc_acct->is_password_allowed($p->{'check_password'});
$svc_acct ||= new FS::svc_acct {};
my $error = $svc_acct->is_password_allowed($p->{'check_password'});
diff --git
a/FS/FS/ClientAPI/Signup.pm
b/FS/FS/ClientAPI/Signup.pm
index
a9678b0
..
7c70a67
100644
(file)
--- a/
FS/FS/ClientAPI/Signup.pm
+++ b/
FS/FS/ClientAPI/Signup.pm
@@
-700,6
+700,7
@@
sub new_customer {
};
my $error = $svc->is_password_allowed($packet->{_password});
};
my $error = $svc->is_password_allowed($packet->{_password});
+ $error = '' if $conf->config_bool('password-insecure', $agentnum);
return { error => $error } if $error;
my @acct_snarf;
return { error => $error } if $error;
my @acct_snarf;
diff --git
a/FS/FS/Password_Mixin.pm
b/FS/FS/Password_Mixin.pm
index
fc2e03e
..
b807081
100644
(file)
--- a/
FS/FS/Password_Mixin.pm
+++ b/
FS/FS/Password_Mixin.pm
@@
-54,6
+54,7
@@
sub is_password_allowed {
my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum'));
$cust_main = $cust_pkg->cust_main if $cust_pkg;
}
my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum'));
$cust_main = $cust_pkg->cust_main if $cust_pkg;
}
+ # selfservice signup invokes this without customer, but it checks this conf separately
warn "is_password_allowed: no customer could be identified" if !$cust_main;
return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum);
warn "is_password_allowed: no customer could be identified" if !$cust_main;
return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum);
diff --git
a/fs_selfservice/FS-SelfService/cgi/add_password_validation.js
b/fs_selfservice/FS-SelfService/cgi/add_password_validation.js
index
e2e3227
..
b585cd1
100644
(file)
--- a/
fs_selfservice/FS-SelfService/cgi/add_password_validation.js
+++ b/
fs_selfservice/FS-SelfService/cgi/add_password_validation.js
@@
-4,15
+4,21
@@
function add_password_validation (fieldid,nologin) {
var fieldid = this.id+'_result';
var resultfield = document.getElementById(fieldid);
var svcnum = '';
var fieldid = this.id+'_result';
var resultfield = document.getElementById(fieldid);
var svcnum = '';
+ var agentnum = '';
var svcfield = document.getElementById(this.id+'_svcnum');
if (svcfield) {
svcnum = svcfield.options[svcfield.selectedIndex].value;
var svcfield = document.getElementById(this.id+'_svcnum');
if (svcfield) {
svcnum = svcfield.options[svcfield.selectedIndex].value;
+ } else {
+ var agentfield = document.getElementsByName('agentnum');
+ if (agentfield[0]) {
+ agentnum = agentfield[0].value;
+ }
}
if (this.value) {
resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>';
var action = nologin ? 'validate_password_nologin' : 'validate_password';
send_xmlhttp('selfservice.cgi',
}
if (this.value) {
resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>';
var action = nologin ? 'validate_password_nologin' : 'validate_password';
send_xmlhttp('selfservice.cgi',
- ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value],
+ ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value
,'agentnum',agentnum
],
function (result) {
result = JSON.parse(result);
var resultfield = document.getElementById(result.fieldid);
function (result) {
result = JSON.parse(result);
var resultfield = document.getElementById(result.fieldid);
diff --git
a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index
eac5a98
..
b00ff4d
100755
(executable)
--- a/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/
fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@
-1123,7
+1123,7
@@
sub validate_password_nologin {
$action = 'validate_password'; #use same landing page
validate_passwd(
map { $_ => scalar($cgi->param($_)) }
$action = 'validate_password'; #use same landing page
validate_passwd(
map { $_ => scalar($cgi->param($_)) }
- qw( fieldid check_password )
+ qw( fieldid check_password
agentnum
)
)
}
)
}