[freeside-commits] branch FREESIDE_3_BRANCH updated. 06b3cebdee3d838cf25d51b5bd5668b47fec7a4e

Jonathan Prykop jonathan at 420.am
Thu Apr 28 15:19:40 PDT 2016 

The branch, FREESIDE_3_BRANCH has been updated
       via  06b3cebdee3d838cf25d51b5bd5668b47fec7a4e (commit)
      from  f0cf935a32a2e0186dfff6c30513693965a68cf9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 06b3cebdee3d838cf25d51b5bd5668b47fec7a4e
Author: Jonathan Prykop <jonathan at freeside.biz>
Date:   Thu Apr 28 17:18:13 2016 -0500

    RT#42235: Strict password requirments are not disabled for signup portal [respects agent override]

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 5b2421b..9564e9c 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -3282,6 +3282,13 @@ sub validate_passwd {
     # end false laziness
   }
 
+  unless ($svc_acct) {
+    my $conf = new FS::Conf;
+    my $agentnum = $p->{'agentnum'};
+    return { %result, 'password_valid' => 1 }
+      if $conf->config_bool('password-insecure', $p->{'agentnum'});
+  }
+
   $svc_acct ||= new FS::svc_acct {};
 
   my $error = $svc_acct->is_password_allowed($p->{'check_password'});
diff --git a/FS/FS/ClientAPI/Signup.pm b/FS/FS/ClientAPI/Signup.pm
index a9678b0..7c70a67 100644
--- a/FS/FS/ClientAPI/Signup.pm
+++ b/FS/FS/ClientAPI/Signup.pm
@@ -700,6 +700,7 @@ sub new_customer {
       };
       
       my $error = $svc->is_password_allowed($packet->{_password});
+      $error = '' if $conf->config_bool('password-insecure', $agentnum);
       return { error => $error } if $error;
 
       my @acct_snarf;
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index fc2e03e..b807081 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -54,6 +54,7 @@ sub is_password_allowed {
     my $cust_pkg = FS::cust_pkg->by_key($self->get('pkgnum'));
     $cust_main = $cust_pkg->cust_main if $cust_pkg;
   }
+  # selfservice signup invokes this without customer, but it checks this conf separately
   warn "is_password_allowed: no customer could be identified" if !$cust_main;
   return '' if $cust_main && $conf->config_bool('password-insecure', $cust_main->agentnum);
 
diff --git a/fs_selfservice/FS-SelfService/cgi/add_password_validation.js b/fs_selfservice/FS-SelfService/cgi/add_password_validation.js
index e2e3227..b585cd1 100644
--- a/fs_selfservice/FS-SelfService/cgi/add_password_validation.js
+++ b/fs_selfservice/FS-SelfService/cgi/add_password_validation.js
@@ -4,15 +4,21 @@ function add_password_validation (fieldid,nologin) {
     var fieldid = this.id+'_result';
     var resultfield = document.getElementById(fieldid);
     var svcnum = '';
+    var agentnum = '';
     var svcfield = document.getElementById(this.id+'_svcnum');
     if (svcfield) {
       svcnum = svcfield.options[svcfield.selectedIndex].value;
+    } else {
+      var agentfield = document.getElementsByName('agentnum');
+      if (agentfield[0]) {
+        agentnum = agentfield[0].value;
+      }
     }
     if (this.value) {
       resultfield.innerHTML = '<SPAN STYLE="color: blue;">Validating password...</SPAN>';
       var action = nologin ? 'validate_password_nologin' : 'validate_password';
       send_xmlhttp('selfservice.cgi',
-        ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value],
+        ['action',action,'fieldid',fieldid,'svcnum',svcnum,'check_password',this.value,'agentnum',agentnum],
         function (result) {
           result = JSON.parse(result);
           var resultfield = document.getElementById(result.fieldid);
diff --git a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
index eac5a98..b00ff4d 100755
--- a/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
+++ b/fs_selfservice/FS-SelfService/cgi/selfservice.cgi
@@ -1123,7 +1123,7 @@ sub validate_password_nologin {
   $action = 'validate_password'; #use same landing page
   validate_passwd(
     map { $_ => scalar($cgi->param($_)) }
-      qw( fieldid check_password )
+      qw( fieldid check_password agentnum )
   )
 }
 

-----------------------------------------------------------------------

Summary of changes:
 FS/FS/ClientAPI/MyAccount.pm                                 |    7 +++++++
 FS/FS/ClientAPI/Signup.pm                                    |    1 +
 FS/FS/Password_Mixin.pm                                      |    1 +
 fs_selfservice/FS-SelfService/cgi/add_password_validation.js |    8 +++++++-
 fs_selfservice/FS-SelfService/cgi/selfservice.cgi            |    2 +-
 5 files changed, 17 insertions(+), 2 deletions(-)

More information about the freeside-commits mailing list