my $contact = FS::contact->by_selfservice_email($svc_acct->email);
if ( $contact && $contact->custnum == $custnum ) {
#svc_acct was successful but this one returns an error? "shouldn't happen"
+ #don't recheck is_password_allowed here; if the svc_acct password was
+ #legal, that's good enough
$error ||= $contact->change_password($p->{'new_password'});
}
if ( $contact ) {
- my $error = $contact->change_password($p->{'new_password'});
+ my $error = $contact->is_password_allowed($p->{'new_password'})
+ || $contact->change_password($p->{'new_password'});
return { %$info, 'error' => $error }; # if $error;
$error = 'Password too long.'
if length($p->{'new_password'}) > ($conf->config('passwordmax') || 8);
+ $error ||= $contact->is_password_allowed($p->{'new_password'});
+
$error ||= $contact->change_password($p->{'new_password'});
return { 'error' => $error };
use Authen::Passphrase::BlowfishCrypt;
# https://rt.cpan.org/Ticket/Display.html?id=72743
-our $DEBUG = 1;
+our $DEBUG = 0;
our $conf;
FS::UID->install_callback( sub {
$conf = FS::Conf->new;
my $password = $self->_password;
my $auth;
- if ( $encoding eq 'bcrypt' or $encoding eq 'crypt' ) {
+ if ( $encoding eq 'bcrypt' ) {
+ # our format, used for contact and access_user passwords
+ my ($cost, $salt, $hash) = split(',', $password);
+ $auth = Authen::Passphrase::BlowfishCrypt->new(
+ cost => $cost,
+ salt_base64 => $salt,
+ hash_base64 => $hash,
+ );
+
+ } elsif ( $encoding eq 'crypt' ) {
# it's smart enough to figure this out
$auth = Authen::Passphrase->from_crypt($password);
$auth = $self->_blowfishcrypt( $auth->passphrase );
}
- } elsif ( $encoding eq 'plain' ) {
+ } else {
+ warn "unrecognized password encoding '$encoding'; treating as plain text"
+ unless $encoding eq 'plain';
$auth = $self->_blowfishcrypt( $password );
package FS::contact;
-use base qw( FS::Record );
+use base qw( FS::Password_Mixin
+ FS::Record );
use strict;
use vars qw( $skip_fuzzyfiles );
my $dbh = dbh;
my $error = $self->SUPER::insert;
+ $error ||= $self->insert_password_history;
+
if ( $error ) {
$dbh->rollback if $oldAutoCommit;
return $error;
my $dbh = dbh;
my $error = $self->SUPER::replace($old);
+ if ( $old->_password ne $self->_password ) {
+ $error ||= $self->insert_password_history;
+ }
if ( $error ) {
$dbh->rollback if $oldAutoCommit;
return $error;
}
+=item change_password NEW_PASSWORD
+
+Changes the contact's selfservice access password to NEW_PASSWORD. This does
+not check password policy rules (see C<is_password_allowed>) and will return
+an error only if editing the record fails for some reason.
+
+If NEW_PASSWORD is the same as the existing password, this does nothing.
+
+=cut
+
sub change_password {
my($self, $new_password) = @_;
+ # do nothing if the password is unchanged
+ return if $self->authenticate_password($new_password);
+
$self->change_password_fields( $new_password );
$self->replace;
package FS::svc_dsl;
+use base qw(FS::Password_Mixin
+ FS::svc_Common);
use strict;
-use vars qw( @ISA $conf $DEBUG $me );
-use FS::Record qw( qsearch qsearchs );
+use vars qw( $conf $DEBUG $me );
+use FS::UID;
+use FS::Record qw( qsearch qsearchs dbh );
use FS::svc_Common;
use FS::dsl_device;
use FS::dsl_note;
use FS::qual;
-@ISA = qw( FS::svc_Common );
$DEBUG = 0;
$me = '[FS::svc_dsl]';
=cut
-# the insert method can be inherited from FS::Record
+sub insert {
+ my $self = shift;
+ my $dbh = dbh;
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+
+ my $error = $self->SUPER::insert(@_);
+ if ( length($self->password) ) {
+ $error ||= $self->insert_password_history;
+ }
+
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return $error;
+ }
+
+ $dbh->commit if $oldAutoCommit;
+ '';
+}
=item delete
=cut
+sub replace {
+ my $new = shift;
+ my $old = shift || $new->replace_old;
+ my $dbh = dbh;
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+
+ my $error = $new->SUPER::replace($old, @_);
+ if ( $old->password ne $new->password ) {
+ $error ||= $new->insert_password_history;
+ }
+
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return $error;
+ }
+
+ $dbh->commit if $oldAutoCommit;
+ '';
+}
+
# the replace method can be inherited from FS::Record
=item check
'';
}
+# password_history compatibility
+
+sub _password {
+ my $self = shift;
+ $self->get('password');
+}
+
+sub _password_encoding { 'plain'; }
+
=back
=head1 SEE ALSO
chown freeside.freeside /var/log/torrus
chown -R freeside.freeside /var/torrus
-mkdir /srv/torrus/; mkdir /srv/torrus/collector_rrd
+
+if [ ! -d /srv/torrus/ ]; then
+mkdir /srv/torrus/;
+fi
+
+if [ ! -d /srv/torrus/collector_rrd ]; then
+mkdir /srv/torrus/collector_rrd;
+fi
+
chown -R freeside:freeside /srv/torrus/collector_rrd /usr/local/etc/torrus/discovery /usr/local/etc/torrus/xmlconfig/
torrus clearcache
<% include( 'elements/svc_Common.html',
'table' => 'svc_dsl',
+ 'precheck_callback' => $precheck_callback,
)
%>
<%init>
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+my $precheck_callback = sub {
+ my $cgi = shift;
+ my $svcnum = $cgi->param('svcnum');
+ my $error = '';
+ if ( $svcnum ) {
+ my $old = FS::svc_dsl->by_key($svcnum);
+ my $newpass = $cgi->param('password');
+ if ( $old and $newpass ne $old->password ) {
+ $error ||= $old->is_password_allowed($newpass);
+ }
+ }
+ $error;
+};
+
</%init>