From: Jonathan Prykop Date: Thu, 28 Apr 2016 22:18:13 +0000 (-0500) Subject: RT#42235: Strict password requirments are not disabled for signup portal [respects... X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=06b3cebdee3d838cf25d51b5bd5668b47fec7a4e RT#42235: Strict password requirments are not disabled for signup portal [respects agent override] --- diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm index 5b2421b75..9564e9c9f 100644 --- a/FS/FS/ClientAPI/MyAccount.pm +++ b/FS/FS/ClientAPI/MyAccount.pm @@ -3282,6 +3282,13 @@ sub validate_passwd { # end false laziness } + unless ($svc_acct) { + my $conf = new FS::Conf; + my $agentnum = $p->{'agentnum'}; + return { %result, 'password_valid' => 1 } + if $conf->config_bool('password-insecure', $p->{'agentnum'}); + } + $svc_acct ||= new FS::svc_acct {}; my $error = $svc_acct->is_password_allowed($p->{'check_password'}); diff --git a/FS/FS/ClientAPI/Signup.pm b/FS/FS/ClientAPI/Signup.pm index a9678b051..7c70a6717 100644 --- a/FS/FS/ClientAPI/Signup.pm +++ b/FS/FS/ClientAPI/Signup.pm @@ -700,6 +700,7 @@ sub new_customer { }; my $error = $svc->is_password_allowed($packet->{_password}); + $error = '' if $conf->config_bool('password-insecure', $agentnum); return { error => $error } if $error; my @acct_snarf; diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm index fc2e03e89..b80708116 100644 --- a/FS/FS/Password_Mixin.pm +++ b/FS/FS/Password_Mixin.pm @@ -54,6 +54,7 @@ sub is_password_allowed { my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum')); $cust_main = $cust_pkg->cust_main if $cust_pkg; } + # selfservice signup invokes this without customer, but it checks this conf separately warn "is_password_allowed: no customer could be identified" if !$cust_main; return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum); diff --git a/fs_selfservice/FS-SelfService/cgi/add_password_validation.js b/fs_selfservice/FS-SelfService/cgi/add_password_validation.js index e2e3227f1..b585cd107 100644 --- a/fs_selfservice/FS-SelfService/cgi/add_password_validation.js +++ b/fs_selfservice/FS-SelfService/cgi/add_password_validation.js @@ -4,15 +4,21 @@ function add_password_validation (fieldid,nologin) { var fieldid = this.id+'_result'; var resultfield = document.getElementById(fieldid); var svcnum = ''; + var agentnum = ''; var svcfield = document.getElementById(this.id+'_svcnum'); if (svcfield) { svcnum = svcfield.options[svcfield.selectedIndex].value; + } else { + var agentfield = document.getElementsByName('agentnum'); + if (agentfield[0]) { + agentnum = agentfield[0].value; + } } if (this.value) { resultfield.innerHTML = 'Validating password...'; var action = nologin ? 'validate_password_nologin' : 'validate_password'; send_xmlhttp('selfservice.cgi', - ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value], + ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value,'agentnum',agentnum], function (result) { result = JSON.parse(result); var resultfield = document.getElementById(result.fieldid); diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi index eac5a9874..b00ff4d1c 100755 --- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi +++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi @@ -1123,7 +1123,7 @@ sub validate_password_nologin { $action = 'validate_password'; #use same landing page validate_passwd( map { $_ => scalar($cgi->param($_)) } - qw( fieldid check_password ) + qw( fieldid check_password agentnum ) ) }