[freeside-commits] branch FREESIDE_3_BRANCH updated. c25351c22e3d5018a3afe1ecc2973d0aee6997a5
Mark Wells
mark at 420.am
Fri Nov 20 15:09:16 PST 2015
The branch, FREESIDE_3_BRANCH has been updated
via c25351c22e3d5018a3afe1ecc2973d0aee6997a5 (commit)
via 25d96215a7bfd0c4af5323ee658eed7675cf2ee0 (commit)
from bd62dd6eefaa5b1812627ee577951336912677c3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c25351c22e3d5018a3afe1ecc2973d0aee6997a5
Author: Mark Wells <mark at freeside.biz>
Date: Fri Nov 20 14:52:24 2015 -0800
password policy enforcement for svc_dsl, #32456
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index 9d5421b..393b416 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -128,7 +128,9 @@ sub insert_password_history {
$auth = $self->_blowfishcrypt( $auth->passphrase );
}
- } elsif ( $encoding eq 'plain' ) {
+ } else {
+ warn "unrecognized password encoding '$encoding'; treating as plain text"
+ unless $encoding eq 'plain';
$auth = $self->_blowfishcrypt( $password );
diff --git a/FS/FS/svc_dsl.pm b/FS/FS/svc_dsl.pm
index 8c47f88..12e6841 100644
--- a/FS/FS/svc_dsl.pm
+++ b/FS/FS/svc_dsl.pm
@@ -1,14 +1,16 @@
package FS::svc_dsl;
+use base qw(FS::Password_Mixin
+ FS::svc_Common);
use strict;
-use vars qw( @ISA $conf $DEBUG $me );
-use FS::Record qw( qsearch qsearchs );
+use vars qw( $conf $DEBUG $me );
+use FS::UID;
+use FS::Record qw( qsearch qsearchs dbh );
use FS::svc_Common;
use FS::dsl_device;
use FS::dsl_note;
use FS::qual;
- at ISA = qw( FS::svc_Common );
$DEBUG = 0;
$me = '[FS::svc_dsl]';
@@ -211,7 +213,25 @@ otherwise returns false.
=cut
-# the insert method can be inherited from FS::Record
+sub insert {
+ my $self = shift;
+ my $dbh = dbh;
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+
+ my $error = $self->SUPER::insert(@_);
+ if ( length($self->password) ) {
+ $error ||= $self->insert_password_history;
+ }
+
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return $error;
+ }
+
+ $dbh->commit if $oldAutoCommit;
+ '';
+}
=item delete
@@ -228,6 +248,27 @@ returns the error, otherwise returns false.
=cut
+sub replace {
+ my $new = shift;
+ my $old = shift || $new->replace_old;
+ my $dbh = dbh;
+ my $oldAutoCommit = $FS::UID::AutoCommit;
+ local $FS::UID::AutoCommit = 0;
+
+ my $error = $new->SUPER::replace($old, @_);
+ if ( $old->password ne $new->password ) {
+ $error ||= $new->insert_password_history;
+ }
+
+ if ( $error ) {
+ $dbh->rollback if $oldAutoCommit;
+ return $error;
+ }
+
+ $dbh->commit if $oldAutoCommit;
+ '';
+}
+
# the replace method can be inherited from FS::Record
=item check
@@ -322,6 +363,15 @@ sub predelete_hook {
'';
}
+# password_history compatibility
+
+sub _password {
+ my $self = shift;
+ $self->get('password');
+}
+
+sub _password_encoding { 'plain'; }
+
=back
=head1 SEE ALSO
diff --git a/httemplate/edit/process/svc_dsl.html b/httemplate/edit/process/svc_dsl.html
index 627329a..889366e 100644
--- a/httemplate/edit/process/svc_dsl.html
+++ b/httemplate/edit/process/svc_dsl.html
@@ -1,5 +1,6 @@
<% include( 'elements/svc_Common.html',
'table' => 'svc_dsl',
+ 'precheck_callback' => $precheck_callback,
)
%>
<%init>
@@ -7,4 +8,18 @@
die "access denied"
unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+my $precheck_callback = sub {
+ my $cgi = shift;
+ my $svcnum = $cgi->param('svcnum');
+ my $error = '';
+ if ( $svcnum ) {
+ my $old = FS::svc_dsl->by_key($svcnum);
+ my $newpass = $cgi->param('password');
+ if ( $old and $newpass ne $old->password ) {
+ $error ||= $old->is_password_allowed($newpass);
+ }
+ }
+ $error;
+};
+
</%init>
commit 25d96215a7bfd0c4af5323ee658eed7675cf2ee0
Author: Mark Wells <mark at freeside.biz>
Date: Thu Nov 19 14:52:42 2015 -0800
password policy enforcement for contacts, #32456
diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 9bbde88..8ab14fc 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -2964,6 +2964,8 @@ sub myaccount_passwd {
my $contact = FS::contact->by_selfservice_email($svc_acct->email);
if ( $contact && $contact->custnum == $custnum ) {
#svc_acct was successful but this one returns an error? "shouldn't happen"
+ #don't recheck is_password_allowed here; if the svc_acct password was
+ #legal, that's good enough
$error ||= $contact->change_password($p->{'new_password'});
}
@@ -3235,7 +3237,8 @@ sub process_reset_passwd {
if ( $contact ) {
- my $error = $contact->change_password($p->{'new_password'});
+ my $error = $contact->is_password_allowed($p->{'new_password'})
+ || $contact->change_password($p->{'new_password'});
return { %$info, 'error' => $error }; # if $error;
diff --git a/FS/FS/ClientAPI/MyAccount/contact.pm b/FS/FS/ClientAPI/MyAccount/contact.pm
index 009658d..d78c234 100644
--- a/FS/FS/ClientAPI/MyAccount/contact.pm
+++ b/FS/FS/ClientAPI/MyAccount/contact.pm
@@ -32,6 +32,8 @@ sub contact_passwd {
$error = 'Password too long.'
if length($p->{'new_password'}) > ($conf->config('passwordmax') || 8);
+ $error ||= $contact->is_password_allowed($p->{'new_password'});
+
$error ||= $contact->change_password($p->{'new_password'});
return { 'error' => $error };
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index c4549c7..9d5421b 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -105,7 +105,16 @@ sub insert_password_history {
my $password = $self->_password;
my $auth;
- if ( $encoding eq 'bcrypt' or $encoding eq 'crypt' ) {
+ if ( $encoding eq 'bcrypt' ) {
+ # our format, used for contact and access_user passwords
+ my ($cost, $salt, $hash) = split(',', $password);
+ $auth = Authen::Passphrase::BlowfishCrypt->new(
+ cost => $cost,
+ salt_base64 => $salt,
+ hash_base64 => $hash,
+ );
+
+ } elsif ( $encoding eq 'crypt' ) {
# it's smart enough to figure this out
$auth = Authen::Passphrase->from_crypt($password);
diff --git a/FS/FS/contact.pm b/FS/FS/contact.pm
index 96632ff..d906dc9 100644
--- a/FS/FS/contact.pm
+++ b/FS/FS/contact.pm
@@ -1,5 +1,6 @@
package FS::contact;
-use base qw( FS::Record );
+use base qw( FS::Password_Mixin
+ FS::Record );
use strict;
use vars qw( $skip_fuzzyfiles );
@@ -129,6 +130,8 @@ sub insert {
my $dbh = dbh;
my $error = $self->SUPER::insert;
+ $error ||= $self->insert_password_history;
+
if ( $error ) {
$dbh->rollback if $oldAutoCommit;
return $error;
@@ -268,6 +271,9 @@ sub replace {
my $dbh = dbh;
my $error = $self->SUPER::replace($old);
+ if ( $old->_password ne $self->_password ) {
+ $error ||= $self->insert_password_history;
+ }
if ( $error ) {
$dbh->rollback if $oldAutoCommit;
return $error;
@@ -607,9 +613,22 @@ sub authenticate_password {
}
+=item change_password NEW_PASSWORD
+
+Changes the contact's selfservice access password to NEW_PASSWORD. This does
+not check password policy rules (see C<is_password_allowed>) and will return
+an error only if editing the record fails for some reason.
+
+If NEW_PASSWORD is the same as the existing password, this does nothing.
+
+=cut
+
sub change_password {
my($self, $new_password) = @_;
+ # do nothing if the password is unchanged
+ return if $self->authenticate_password($new_password);
+
$self->change_password_fields( $new_password );
$self->replace;
-----------------------------------------------------------------------
Summary of changes:
FS/FS/ClientAPI/MyAccount.pm | 5 ++-
FS/FS/ClientAPI/MyAccount/contact.pm | 2 ++
FS/FS/Password_Mixin.pm | 15 +++++++--
FS/FS/contact.pm | 21 +++++++++++-
FS/FS/svc_dsl.pm | 58 +++++++++++++++++++++++++++++++---
httemplate/edit/process/svc_dsl.html | 15 +++++++++
6 files changed, 108 insertions(+), 8 deletions(-)
More information about the freeside-commits
mailing list