Revision 722fee3c
Von Moritz Bunkus vor mehr als 11 Jahren hinzugefügt
SL/Auth.pm | ||
---|---|---|
65 | 65 |
|
66 | 66 |
$self->client(undef); |
67 | 67 |
|
68 |
return undef unless $id_or_name; |
|
69 |
|
|
68 | 70 |
my $column = $id_or_name =~ m/^\d+$/ ? 'id' : 'name'; |
69 | 71 |
my $dbh = $self->dbconnect; |
70 | 72 |
|
... | ... | |
75 | 77 |
return $self->client; |
76 | 78 |
} |
77 | 79 |
|
78 |
sub get_user_dbh { |
|
79 |
my ($self, $login, %params) = @_; |
|
80 |
my $may_fail = delete $params{may_fail}; |
|
81 |
|
|
82 |
my %user = $self->read_user(login => $login); |
|
83 |
my $dbh = SL::DBConnect->connect( |
|
84 |
$user{dbconnect}, |
|
85 |
$user{dbuser}, |
|
86 |
$user{dbpasswd}, |
|
87 |
{ |
|
88 |
pg_enable_utf8 => $::locale->is_utf8, |
|
89 |
AutoCommit => 0 |
|
90 |
} |
|
91 |
); |
|
92 |
|
|
93 |
if (!$may_fail && !$dbh) { |
|
94 |
$::form->error($::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr); |
|
95 |
} |
|
96 |
|
|
97 |
if ($user{dboptions} && $dbh) { |
|
98 |
$dbh->do($user{dboptions}) or $::form->dberror($user{dboptions}); |
|
99 |
} |
|
100 |
|
|
101 |
return $dbh; |
|
102 |
} |
|
103 |
|
|
104 | 80 |
sub DESTROY { |
105 | 81 |
my $self = shift; |
106 | 82 |
|
... | ... | |
166 | 142 |
$main::lxdebug->leave_sub(); |
167 | 143 |
} |
168 | 144 |
|
145 |
sub has_access_to_client { |
|
146 |
my ($self, $login) = @_; |
|
147 |
|
|
148 |
return 0 if !$self->client || !$self->client->{id}; |
|
149 |
|
|
150 |
my $sql = <<SQL; |
|
151 |
SELECT cu.client_id |
|
152 |
FROM auth.clients_users cu |
|
153 |
LEFT JOIN auth."user" u ON (cu.user_id = u.id) |
|
154 |
WHERE (u.login = ?) |
|
155 |
AND (cu.client_id = ?) |
|
156 |
SQL |
|
157 |
|
|
158 |
my ($has_access) = $self->dbconnect->selectrow_array($sql, undef, $login, $self->client->{id}); |
|
159 |
return $has_access; |
|
160 |
} |
|
161 |
|
|
169 | 162 |
sub authenticate_root { |
170 | 163 |
$main::lxdebug->enter_sub(); |
171 | 164 |
|
... | ... | |
197 | 190 |
|
198 | 191 |
my ($self, $login, $password) = @_; |
199 | 192 |
|
193 |
if (!$self->client || !$self->has_access_to_client($login)) { |
|
194 |
$::lxdebug->leave_sub; |
|
195 |
return ERR_PASSWORD; |
|
196 |
} |
|
197 |
|
|
200 | 198 |
my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH()); |
201 | 199 |
if (defined $session_auth && $session_auth == OK) { |
202 | 200 |
$::lxdebug->leave_sub; |
... | ... | |
209 | 207 |
} |
210 | 208 |
|
211 | 209 |
my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER; |
212 |
$self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login); |
|
210 |
$self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login, client_id => $self->client->{id});
|
|
213 | 211 |
|
214 | 212 |
$::lxdebug->leave_sub; |
215 | 213 |
return $result; |
... | ... | |
550 | 548 |
|
551 | 549 |
my $dbh = $self->dbconnect; |
552 | 550 |
my $id = $self->get_user_id($login); |
553 |
my $user_db_exists; |
|
554 | 551 |
|
555 | 552 |
$dbh->rollback and return $::lxdebug->leave_sub if (!$id); |
556 | 553 |
|
557 |
my $u_dbh = $self->get_user_dbh($login, may_fail => 1); |
|
558 |
$user_db_exists = $self->check_tables($u_dbh) if $u_dbh; |
|
559 |
|
|
560 |
$u_dbh->begin_work if $u_dbh && $user_db_exists; |
|
561 |
|
|
562 | 554 |
$dbh->begin_work; |
563 | 555 |
|
564 | 556 |
do_query($::form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id); |
565 | 557 |
do_query($::form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id); |
566 | 558 |
do_query($::form, $dbh, qq|DELETE FROM auth.user WHERE id = ?|, $id); |
567 |
do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists; |
|
559 |
|
|
560 |
# TODO: SL::Auth::delete_user |
|
561 |
# do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists; |
|
568 | 562 |
|
569 | 563 |
$dbh->commit; |
570 |
$u_dbh->commit if $u_dbh && $user_db_exists; |
|
571 | 564 |
|
572 | 565 |
$::lxdebug->leave_sub; |
573 | 566 |
} |
SL/Controller/LoginScreen.pm | ||
---|---|---|
10 | 10 |
use SL::DB::AuthClient; |
11 | 11 |
use SL::DB::AuthGroup; |
12 | 12 |
use SL::DB::AuthUser; |
13 |
use SL::Locale::String qw(t8); |
|
13 | 14 |
use SL::User; |
14 | 15 |
|
15 | 16 |
use Rose::Object::MakeMethods::Generic ( |
... | ... | |
54 | 55 |
} |
55 | 56 |
|
56 | 57 |
%::myconfig = $login ? $::auth->read_user(login => $login) : (); |
57 |
SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode}); |
|
58 |
$::form->{login} = $::myconfig{login}; |
|
58 |
$::form->{login} = $login; |
|
59 | 59 |
$::locale = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode}; |
60 |
my $user = User->new(login => $::myconfig{login}); |
|
61 |
$::request->{layout} = SL::Layout::Dispatcher->new(style => $user->{menustyle}); |
|
60 |
SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode}); |
|
61 |
|
|
62 |
$::request->layout(SL::Layout::Dispatcher->new(style => $::myconfig{menustyle})); |
|
62 | 63 |
|
63 | 64 |
# if we get an error back, bale out |
64 |
my $result = $user->login($::form);
|
|
65 |
my $result = User->new(login => $::myconfig{login})->login($::form);
|
|
65 | 66 |
|
66 | 67 |
# Database update available? |
67 | 68 |
::end_of_request() if -2 == $result; |
... | ... | |
84 | 85 |
# TODO: Employees anlegen/checken |
85 | 86 |
# $self->_ensure_employees_for_authorized_users_exist; |
86 | 87 |
|
87 |
$self->_redirect_to_main_script($user);
|
|
88 |
$self->_redirect_to_main_script; |
|
88 | 89 |
} |
89 | 90 |
|
90 | 91 |
# |
... | ... | |
103 | 104 |
# |
104 | 105 |
|
105 | 106 |
sub _redirect_to_main_script { |
106 |
my ($self, $user) = @_;
|
|
107 |
my ($self) = @_; |
|
107 | 108 |
|
108 | 109 |
return $self->redirect_to($::form->{callback}) if $::form->{callback}; |
109 | 110 |
|
... | ... | |
135 | 136 |
sub error_state { |
136 | 137 |
return { |
137 | 138 |
session => $::locale->text('The session is invalid or has expired.'), |
138 |
password => $::locale->text('Incorrect password!'),
|
|
139 |
password => $::locale->text('Incorrect username or password or no access to selected client!'),
|
|
139 | 140 |
}->{$_[0]}; |
140 | 141 |
} |
141 | 142 |
|
SL/Dispatcher/AuthHandler/User.pm | ||
---|---|---|
11 | 11 |
my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login'); |
12 | 12 |
return $self->_error(%param) if !defined $login; |
13 | 13 |
|
14 |
my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id'); |
|
15 |
return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id); |
|
16 |
|
|
14 | 17 |
%::myconfig = $::auth->read_user(login => $login); |
15 | 18 |
|
16 | 19 |
return $self->_error(%param) unless $::myconfig{login}; |
SL/User.pm | ||
---|---|---|
92 | 92 |
} |
93 | 93 |
|
94 | 94 |
sub login { |
95 |
$main::lxdebug->enter_sub(); |
|
96 |
|
|
97 | 95 |
my ($self, $form) = @_; |
98 | 96 |
our $sid; |
99 | 97 |
|
100 |
local *FH; |
|
101 |
|
|
102 |
my $rc = -3; |
|
98 |
return -3 if !$self->{login} || !$::auth->client; |
|
103 | 99 |
|
104 |
if ($self->{login}) { |
|
105 |
my %myconfig = $main::auth->read_user(login => $self->{login}); |
|
100 |
my %myconfig = $main::auth->read_user(login => $self->{login}); |
|
106 | 101 |
|
107 |
# check if database is down |
|
108 |
my $dbh = SL::DBConnect->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd}, SL::DBConnect->get_options) |
|
109 |
or $self->error($DBI::errstr); |
|
110 |
|
|
111 |
# we got a connection, check the version |
|
112 |
my $query = qq|SELECT version FROM defaults|; |
|
113 |
my $sth = $dbh->prepare($query); |
|
114 |
$sth->execute || $form->dberror($query); |
|
102 |
# check if database is down |
|
103 |
my $dbh = $form->dbconnect_noauto; |
|
115 | 104 |
|
116 |
my ($dbversion) = $sth->fetchrow_array; |
|
117 |
$sth->finish; |
|
105 |
# we got a connection, check the version |
|
106 |
my $query = qq|SELECT version FROM defaults|; |
|
107 |
my $sth = $dbh->prepare($query); |
|
108 |
$sth->execute || $form->dberror($query); |
|
118 | 109 |
|
119 |
$self->create_employee_entry($form, $dbh, \%myconfig); |
|
110 |
my ($dbversion) = $sth->fetchrow_array; |
|
111 |
$sth->finish; |
|
120 | 112 |
|
121 |
$self->create_schema_info_table($form, $dbh);
|
|
113 |
$self->create_employee_entry($form, $dbh, \%myconfig);
|
|
122 | 114 |
|
123 |
my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls; |
|
124 |
if ($dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect)) { |
|
125 |
$::lxdebug->leave_sub; |
|
126 |
return -3; |
|
127 |
} |
|
115 |
$self->create_schema_info_table($form, $dbh); |
|
128 | 116 |
|
129 |
$rc = 0; |
|
117 |
# Auth DB upgrades available? |
|
118 |
my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls; |
|
119 |
return -3 if $dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect); |
|
130 | 120 |
|
131 |
my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls;
|
|
121 |
my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls; |
|
132 | 122 |
|
133 |
map({ $form->{$_} = $myconfig{$_} } qw(dbname dbhost dbport dbdriver dbuser dbpasswd dbconnect dateformat)); |
|
134 |
dbconnect_vars($form, $form->{dbname}); |
|
135 |
my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh); |
|
136 |
$dbh->disconnect; |
|
123 |
$form->{$_} = $::auth->client->{$_} for qw(dbname dbhost dbport dbuser dbpasswd); |
|
124 |
$form->{$_} = $myconfig{$_} for qw(dateformat); |
|
137 | 125 |
|
138 |
if ($update_available) { |
|
139 |
$form->{"title"} = $main::locale->text("Dataset upgrade"); |
|
140 |
$form->header(no_layout => $form->{no_layout}); |
|
141 |
print $form->parse_html_template("dbupgrade/header"); |
|
126 |
dbconnect_vars($form, $form->{dbname}); |
|
142 | 127 |
|
143 |
$form->{dbupdate} = "db$myconfig{dbname}";
|
|
144 |
$form->{ $form->{dbupdate} } = 1;
|
|
128 |
my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh);
|
|
129 |
$dbh->disconnect;
|
|
145 | 130 |
|
146 |
if ($form->{"show_dbupdate_warning"}) {
|
|
147 |
print $form->parse_html_template("dbupgrade/warning");
|
|
148 |
::end_of_request();
|
|
149 |
}
|
|
131 |
return 0 if !$update_available;
|
|
132 |
$form->{"title"} = $main::locale->text("Dataset upgrade");
|
|
133 |
$form->header(no_layout => $form->{no_layout});
|
|
134 |
print $form->parse_html_template("dbupgrade/header");
|
|
150 | 135 |
|
151 |
# update the tables |
|
152 |
if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open(FH, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) { |
|
153 |
$form->show_generic_error($main::locale->text('A temporary file could not be created. ' . |
|
154 |
'Please verify that the directory "#1" is writeable by the webserver.', |
|
155 |
$::lx_office_conf{paths}->{userspath}), |
|
156 |
'back_button' => 1); |
|
157 |
} |
|
136 |
$form->{dbupdate} = "db" . $form->{dbname}; |
|
158 | 137 |
|
159 |
# required for Oracle |
|
160 |
$form->{dbdefault} = $sid; |
|
138 |
if ($form->{"show_dbupdate_warning"}) { |
|
139 |
print $form->parse_html_template("dbupgrade/warning"); |
|
140 |
::end_of_request(); |
|
141 |
} |
|
161 | 142 |
|
162 |
# ignore HUP, QUIT in case the webserver times out |
|
163 |
$SIG{HUP} = 'IGNORE'; |
|
164 |
$SIG{QUIT} = 'IGNORE'; |
|
143 |
# update the tables |
|
144 |
my $fh; |
|
145 |
if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open($fh, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) { |
|
146 |
$form->show_generic_error($main::locale->text('A temporary file could not be created. ' . |
|
147 |
'Please verify that the directory "#1" is writeable by the webserver.', |
|
148 |
$::lx_office_conf{paths}->{userspath}), |
|
149 |
'back_button' => 1); |
|
150 |
} |
|
165 | 151 |
|
166 |
$self->dbupdate($form);
|
|
167 |
$self->dbupdate2($form, $dbupdater);
|
|
168 |
SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0);
|
|
152 |
# ignore HUP, QUIT in case the webserver times out
|
|
153 |
$SIG{HUP} = 'IGNORE';
|
|
154 |
$SIG{QUIT} = 'IGNORE';
|
|
169 | 155 |
|
170 |
close(FH); |
|
156 |
$self->dbupdate($form); |
|
157 |
$self->dbupdate2($form, $dbupdater); |
|
158 |
SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0); |
|
171 | 159 |
|
172 |
# remove lock file |
|
173 |
unlink($::lx_office_conf{paths}->{userspath} . "/nologin"); |
|
160 |
close($fh); |
|
174 | 161 |
|
175 |
print $form->parse_html_template("dbupgrade/footer"); |
|
162 |
# remove lock file |
|
163 |
unlink($::lx_office_conf{paths}->{userspath} . "/nologin"); |
|
176 | 164 |
|
177 |
$rc = -2; |
|
178 |
} |
|
179 |
} |
|
165 |
print $form->parse_html_template("dbupgrade/footer"); |
|
180 | 166 |
|
181 |
$main::lxdebug->leave_sub(); |
|
182 |
|
|
183 |
return $rc; |
|
167 |
return -2; |
|
184 | 168 |
} |
185 | 169 |
|
186 | 170 |
sub dbconnect_vars { |
... | ... | |
749 | 733 |
return @conf; |
750 | 734 |
} |
751 | 735 |
|
752 |
sub error { |
|
753 |
$main::lxdebug->enter_sub(); |
|
754 |
|
|
755 |
my ($self, $msg) = @_; |
|
756 |
|
|
757 |
$main::lxdebug->show_backtrace(); |
|
758 |
|
|
759 |
if ($ENV{HTTP_USER_AGENT}) { |
|
760 |
print qq|Content-Type: text/html |
|
761 |
|
|
762 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> |
|
763 |
|
|
764 |
<body bgcolor=ffffff> |
|
765 |
|
|
766 |
<h2><font color=red>Error!</font></h2> |
|
767 |
<p><b>$msg</b>|; |
|
768 |
|
|
769 |
} |
|
770 |
|
|
771 |
die "Error: $msg\n"; |
|
772 |
|
|
773 |
$main::lxdebug->leave_sub(); |
|
774 |
} |
|
775 |
|
|
776 | 736 |
sub data { |
777 | 737 |
+{ %{ $_[0] } } |
778 | 738 |
} |
locale/de/all | ||
---|---|---|
1079 | 1079 |
'Inconsistency in database' => 'Unstimmigkeiten in der Datenbank', |
1080 | 1080 |
'Incorrect Password!' => 'Ungültiges Passwort!', |
1081 | 1081 |
'Incorrect password!' => 'Ungültiges Passwort!', |
1082 |
'Incorrect username or password!' => 'Ungültiger Benutzername oder falsches Passwort!',
|
|
1082 |
'Incorrect username or password or no access to selected client!' => 'Ungültiger Benutzername oder Passwort oder kein Zugriff auf den ausgewählten Mandanten!',
|
|
1083 | 1083 |
'Increase' => 'Erhöhen', |
1084 | 1084 |
'Individual Items' => 'Einzelteile', |
1085 | 1085 |
'Information' => 'Information', |
Auch abrufbar als: Unified diff
Userlogin mit Mandanten gefixt (erster Schritt)