From: Mark Wells Date: Fri, 20 Nov 2015 22:52:24 +0000 (-0800) Subject: password policy enforcement for svc_dsl, #32456 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=42ebaebeafc054ca0c3a924efd7a53154fdcf35e password policy enforcement for svc_dsl, #32456 --- diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm index 9d5421bfa..393b41629 100644 --- a/FS/FS/Password_Mixin.pm +++ b/FS/FS/Password_Mixin.pm @@ -128,7 +128,9 @@ sub insert_password_history { $auth = $self->_blowfishcrypt( $auth->passphrase ); } - } elsif ( $encoding eq 'plain' ) { + } else { + warn "unrecognized password encoding '$encoding'; treating as plain text" + unless $encoding eq 'plain'; $auth = $self->_blowfishcrypt( $password ); diff --git a/FS/FS/svc_dsl.pm b/FS/FS/svc_dsl.pm index 570476005..dcd6d1dbe 100644 --- a/FS/FS/svc_dsl.pm +++ b/FS/FS/svc_dsl.pm @@ -1,10 +1,11 @@ package FS::svc_dsl; -use base qw(FS::svc_Common); +use base qw(FS::Password_Mixin + FS::svc_Common); use strict; use vars qw( $conf $DEBUG $me ); use FS::UID; -use FS::Record qw( qsearch qsearchs ); +use FS::Record qw( qsearch qsearchs dbh ); use FS::svc_Common; use FS::dsl_note; use FS::qual; @@ -211,7 +212,25 @@ otherwise returns false. =cut -# the insert method can be inherited from FS::Record +sub insert { + my $self = shift; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $self->SUPER::insert(@_); + if ( length($self->password) ) { + $error ||= $self->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} =item delete @@ -228,6 +247,27 @@ returns the error, otherwise returns false. =cut +sub replace { + my $new = shift; + my $old = shift || $new->replace_old; + my $dbh = dbh; + my $oldAutoCommit = $FS::UID::AutoCommit; + local $FS::UID::AutoCommit = 0; + + my $error = $new->SUPER::replace($old, @_); + if ( $old->password ne $new->password ) { + $error ||= $new->insert_password_history; + } + + if ( $error ) { + $dbh->rollback if $oldAutoCommit; + return $error; + } + + $dbh->commit if $oldAutoCommit; + ''; +} + # the replace method can be inherited from FS::Record =item check @@ -317,6 +357,15 @@ sub predelete_hook { ''; } +# password_history compatibility + +sub _password { + my $self = shift; + $self->get('password'); +} + +sub _password_encoding { 'plain'; } + =back =head1 SEE ALSO diff --git a/httemplate/edit/process/svc_dsl.html b/httemplate/edit/process/svc_dsl.html index 627329a00..889366e07 100644 --- a/httemplate/edit/process/svc_dsl.html +++ b/httemplate/edit/process/svc_dsl.html @@ -1,5 +1,6 @@ <% include( 'elements/svc_Common.html', 'table' => 'svc_dsl', + 'precheck_callback' => $precheck_callback, ) %> <%init> @@ -7,4 +8,18 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? +my $precheck_callback = sub { + my $cgi = shift; + my $svcnum = $cgi->param('svcnum'); + my $error = ''; + if ( $svcnum ) { + my $old = FS::svc_dsl->by_key($svcnum); + my $newpass = $cgi->param('password'); + if ( $old and $newpass ne $old->password ) { + $error ||= $old->is_password_allowed($newpass); + } + } + $error; +}; +