Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 722fee3c

Von Moritz Bunkus vor mehr als 11 Jahren hinzugefügt

  • ID 722fee3c7224fa0b1222b9f5134e2c19dc021c64
  • Vorgänger 1c7afd9e
  • Nachfolger 0afeb736

Userlogin mit Mandanten gefixt (erster Schritt)

Unterschiede anzeigen:

SL/Auth.pm
65 65

  
66 66
  $self->client(undef);
67 67

  
68
  return undef unless $id_or_name;
69

  
68 70
  my $column = $id_or_name =~ m/^\d+$/ ? 'id' : 'name';
69 71
  my $dbh    = $self->dbconnect;
70 72

  
......
75 77
  return $self->client;
76 78
}
77 79

  
78
sub get_user_dbh {
79
  my ($self, $login, %params) = @_;
80
  my $may_fail = delete $params{may_fail};
81

  
82
  my %user = $self->read_user(login => $login);
83
  my $dbh  = SL::DBConnect->connect(
84
    $user{dbconnect},
85
    $user{dbuser},
86
    $user{dbpasswd},
87
    {
88
      pg_enable_utf8 => $::locale->is_utf8,
89
      AutoCommit     => 0
90
    }
91
  );
92

  
93
  if (!$may_fail && !$dbh) {
94
    $::form->error($::locale->text('The connection to the authentication database failed:') . "\n" . $DBI::errstr);
95
  }
96

  
97
  if ($user{dboptions} && $dbh) {
98
    $dbh->do($user{dboptions}) or $::form->dberror($user{dboptions});
99
  }
100

  
101
  return $dbh;
102
}
103

  
104 80
sub DESTROY {
105 81
  my $self = shift;
106 82

  
......
166 142
  $main::lxdebug->leave_sub();
167 143
}
168 144

  
145
sub has_access_to_client {
146
  my ($self, $login) = @_;
147

  
148
  return 0 if !$self->client || !$self->client->{id};
149

  
150
  my $sql = <<SQL;
151
    SELECT cu.client_id
152
    FROM auth.clients_users cu
153
    LEFT JOIN auth."user" u ON (cu.user_id = u.id)
154
    WHERE (u.login      = ?)
155
      AND (cu.client_id = ?)
156
SQL
157

  
158
  my ($has_access) = $self->dbconnect->selectrow_array($sql, undef, $login, $self->client->{id});
159
  return $has_access;
160
}
161

  
169 162
sub authenticate_root {
170 163
  $main::lxdebug->enter_sub();
171 164

  
......
197 190

  
198 191
  my ($self, $login, $password) = @_;
199 192

  
193
  if (!$self->client || !$self->has_access_to_client($login)) {
194
    $::lxdebug->leave_sub;
195
    return ERR_PASSWORD;
196
  }
197

  
200 198
  my $session_auth = $self->get_session_value(SESSION_KEY_USER_AUTH());
201 199
  if (defined $session_auth && $session_auth == OK) {
202 200
    $::lxdebug->leave_sub;
......
209 207
  }
210 208

  
211 209
  my $result = $login ? $self->{authenticator}->authenticate($login, $password) : ERR_USER;
212
  $self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login);
210
  $self->set_session_value(SESSION_KEY_USER_AUTH() => $result, login => $login, client_id => $self->client->{id});
213 211

  
214 212
  $::lxdebug->leave_sub;
215 213
  return $result;
......
550 548

  
551 549
  my $dbh   = $self->dbconnect;
552 550
  my $id    = $self->get_user_id($login);
553
  my $user_db_exists;
554 551

  
555 552
  $dbh->rollback and return $::lxdebug->leave_sub if (!$id);
556 553

  
557
  my $u_dbh = $self->get_user_dbh($login, may_fail => 1);
558
  $user_db_exists = $self->check_tables($u_dbh) if $u_dbh;
559

  
560
  $u_dbh->begin_work if $u_dbh && $user_db_exists;
561

  
562 554
  $dbh->begin_work;
563 555

  
564 556
  do_query($::form, $dbh, qq|DELETE FROM auth.user_group WHERE user_id = ?|, $id);
565 557
  do_query($::form, $dbh, qq|DELETE FROM auth.user_config WHERE user_id = ?|, $id);
566 558
  do_query($::form, $dbh, qq|DELETE FROM auth.user WHERE id = ?|, $id);
567
  do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists;
559

  
560
  # TODO: SL::Auth::delete_user
561
  # do_query($::form, $u_dbh, qq|UPDATE employee SET deleted = 't' WHERE login = ?|, $login) if $u_dbh && $user_db_exists;
568 562

  
569 563
  $dbh->commit;
570
  $u_dbh->commit if $u_dbh && $user_db_exists;
571 564

  
572 565
  $::lxdebug->leave_sub;
573 566
}
SL/Controller/LoginScreen.pm
10 10
use SL::DB::AuthClient;
11 11
use SL::DB::AuthGroup;
12 12
use SL::DB::AuthUser;
13
use SL::Locale::String qw(t8);
13 14
use SL::User;
14 15

  
15 16
use Rose::Object::MakeMethods::Generic (
......
54 55
  }
55 56

  
56 57
  %::myconfig      = $login ? $::auth->read_user(login => $login) : ();
57
  SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode});
58
  $::form->{login} = $::myconfig{login};
58
  $::form->{login} = $login;
59 59
  $::locale        = Locale->new($::myconfig{countrycode}) if $::myconfig{countrycode};
60
  my $user         = User->new(login => $::myconfig{login});
61
  $::request->{layout} = SL::Layout::Dispatcher->new(style => $user->{menustyle});
60
  SL::Dispatcher::AuthHandler::User->new->handle(countrycode => $::myconfig{countrycode});
61

  
62
  $::request->layout(SL::Layout::Dispatcher->new(style => $::myconfig{menustyle}));
62 63

  
63 64
  # if we get an error back, bale out
64
  my $result = $user->login($::form);
65
  my $result = User->new(login => $::myconfig{login})->login($::form);
65 66

  
66 67
  # Database update available?
67 68
  ::end_of_request() if -2 == $result;
......
84 85
  # TODO: Employees anlegen/checken
85 86
  # $self->_ensure_employees_for_authorized_users_exist;
86 87

  
87
  $self->_redirect_to_main_script($user);
88
  $self->_redirect_to_main_script;
88 89
}
89 90

  
90 91
#
......
103 104
#
104 105

  
105 106
sub _redirect_to_main_script {
106
  my ($self, $user) = @_;
107
  my ($self) = @_;
107 108

  
108 109
  return $self->redirect_to($::form->{callback}) if $::form->{callback};
109 110

  
......
135 136
sub error_state {
136 137
  return {
137 138
    session  => $::locale->text('The session is invalid or has expired.'),
138
    password => $::locale->text('Incorrect password!'),
139
    password => $::locale->text('Incorrect username or password or no access to selected client!'),
139 140
  }->{$_[0]};
140 141
}
141 142

  
SL/Dispatcher/AuthHandler/User.pm
11 11
  my $login = $::form->{'{AUTH}login'} || $::auth->get_session_value('login');
12 12
  return $self->_error(%param) if !defined $login;
13 13

  
14
  my $client_id = $::form->{'{AUTH}client_id'} || $::auth->get_session_value('client_id');
15
  return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
16

  
14 17
  %::myconfig = $::auth->read_user(login => $login);
15 18

  
16 19
  return $self->_error(%param) unless $::myconfig{login};
SL/User.pm
92 92
}
93 93

  
94 94
sub login {
95
  $main::lxdebug->enter_sub();
96

  
97 95
  my ($self, $form) = @_;
98 96
  our $sid;
99 97

  
100
  local *FH;
101

  
102
  my $rc = -3;
98
  return -3 if !$self->{login} || !$::auth->client;
103 99

  
104
  if ($self->{login}) {
105
    my %myconfig = $main::auth->read_user(login => $self->{login});
100
  my %myconfig = $main::auth->read_user(login => $self->{login});
106 101

  
107
    # check if database is down
108
    my $dbh = SL::DBConnect->connect($myconfig{dbconnect}, $myconfig{dbuser}, $myconfig{dbpasswd}, SL::DBConnect->get_options)
109
      or $self->error($DBI::errstr);
110

  
111
    # we got a connection, check the version
112
    my $query = qq|SELECT version FROM defaults|;
113
    my $sth   = $dbh->prepare($query);
114
    $sth->execute || $form->dberror($query);
102
  # check if database is down
103
  my $dbh = $form->dbconnect_noauto;
115 104

  
116
    my ($dbversion) = $sth->fetchrow_array;
117
    $sth->finish;
105
  # we got a connection, check the version
106
  my $query = qq|SELECT version FROM defaults|;
107
  my $sth   = $dbh->prepare($query);
108
  $sth->execute || $form->dberror($query);
118 109

  
119
    $self->create_employee_entry($form, $dbh, \%myconfig);
110
  my ($dbversion) = $sth->fetchrow_array;
111
  $sth->finish;
120 112

  
121
    $self->create_schema_info_table($form, $dbh);
113
  $self->create_employee_entry($form, $dbh, \%myconfig);
122 114

  
123
    my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls;
124
    if ($dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect)) {
125
      $::lxdebug->leave_sub;
126
      return -3;
127
    }
115
  $self->create_schema_info_table($form, $dbh);
128 116

  
129
    $rc = 0;
117
  # Auth DB upgrades available?
118
  my $dbupdater_auth = SL::DBUpgrade2->new(form => $form, dbdriver => 'Pg', auth => 1)->parse_dbupdate_controls;
119
  return -3 if $dbupdater_auth->unapplied_upgrade_scripts($::auth->dbconnect);
130 120

  
131
    my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls;
121
  my $dbupdater = SL::DBUpgrade2->new(form => $form, dbdriver => $myconfig{dbdriver})->parse_dbupdate_controls;
132 122

  
133
    map({ $form->{$_} = $myconfig{$_} } qw(dbname dbhost dbport dbdriver dbuser dbpasswd dbconnect dateformat));
134
    dbconnect_vars($form, $form->{dbname});
135
    my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh);
136
    $dbh->disconnect;
123
  $form->{$_} = $::auth->client->{$_} for qw(dbname dbhost dbport dbuser dbpasswd);
124
  $form->{$_} = $myconfig{$_}         for qw(dateformat);
137 125

  
138
    if ($update_available) {
139
      $form->{"title"} = $main::locale->text("Dataset upgrade");
140
      $form->header(no_layout => $form->{no_layout});
141
      print $form->parse_html_template("dbupgrade/header");
126
  dbconnect_vars($form, $form->{dbname});
142 127

  
143
      $form->{dbupdate} = "db$myconfig{dbname}";
144
      $form->{ $form->{dbupdate} } = 1;
128
  my $update_available = $dbupdater->update_available($dbversion) || $dbupdater->update2_available($dbh);
129
  $dbh->disconnect;
145 130

  
146
      if ($form->{"show_dbupdate_warning"}) {
147
        print $form->parse_html_template("dbupgrade/warning");
148
        ::end_of_request();
149
      }
131
  return 0 if !$update_available;
132
  $form->{"title"} = $main::locale->text("Dataset upgrade");
133
  $form->header(no_layout => $form->{no_layout});
134
  print $form->parse_html_template("dbupgrade/header");
150 135

  
151
      # update the tables
152
      if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open(FH, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) {
153
        $form->show_generic_error($main::locale->text('A temporary file could not be created. ' .
154
                                                      'Please verify that the directory "#1" is writeable by the webserver.',
155
                                                      $::lx_office_conf{paths}->{userspath}),
156
                                  'back_button' => 1);
157
      }
136
  $form->{dbupdate} = "db" . $form->{dbname};
158 137

  
159
      # required for Oracle
160
      $form->{dbdefault} = $sid;
138
  if ($form->{"show_dbupdate_warning"}) {
139
    print $form->parse_html_template("dbupgrade/warning");
140
    ::end_of_request();
141
  }
161 142

  
162
      # ignore HUP, QUIT in case the webserver times out
163
      $SIG{HUP}  = 'IGNORE';
164
      $SIG{QUIT} = 'IGNORE';
143
  # update the tables
144
  my $fh;
145
  if (!$::lx_office_conf{debug}->{keep_installation_unlocked} && !open($fh, ">", $::lx_office_conf{paths}->{userspath} . "/nologin")) {
146
    $form->show_generic_error($main::locale->text('A temporary file could not be created. ' .
147
                                                  'Please verify that the directory "#1" is writeable by the webserver.',
148
                                                  $::lx_office_conf{paths}->{userspath}),
149
                              'back_button' => 1);
150
  }
165 151

  
166
      $self->dbupdate($form);
167
      $self->dbupdate2($form, $dbupdater);
168
      SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0);
152
  # ignore HUP, QUIT in case the webserver times out
153
  $SIG{HUP}  = 'IGNORE';
154
  $SIG{QUIT} = 'IGNORE';
169 155

  
170
      close(FH);
156
  $self->dbupdate($form);
157
  $self->dbupdate2($form, $dbupdater);
158
  SL::DBUpgrade2->new(form => $::form, dbdriver => 'Pg', auth => 1)->apply_admin_dbupgrade_scripts(0);
171 159

  
172
      # remove lock file
173
      unlink($::lx_office_conf{paths}->{userspath} . "/nologin");
160
  close($fh);
174 161

  
175
      print $form->parse_html_template("dbupgrade/footer");
162
  # remove lock file
163
  unlink($::lx_office_conf{paths}->{userspath} . "/nologin");
176 164

  
177
      $rc = -2;
178
    }
179
  }
165
  print $form->parse_html_template("dbupgrade/footer");
180 166

  
181
  $main::lxdebug->leave_sub();
182

  
183
  return $rc;
167
  return -2;
184 168
}
185 169

  
186 170
sub dbconnect_vars {
......
749 733
  return @conf;
750 734
}
751 735

  
752
sub error {
753
  $main::lxdebug->enter_sub();
754

  
755
  my ($self, $msg) = @_;
756

  
757
  $main::lxdebug->show_backtrace();
758

  
759
  if ($ENV{HTTP_USER_AGENT}) {
760
    print qq|Content-Type: text/html
761

  
762
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
763

  
764
<body bgcolor=ffffff>
765

  
766
<h2><font color=red>Error!</font></h2>
767
<p><b>$msg</b>|;
768

  
769
  }
770

  
771
  die "Error: $msg\n";
772

  
773
  $main::lxdebug->leave_sub();
774
}
775

  
776 736
sub data {
777 737
  +{ %{ $_[0] } }
778 738
}
locale/de/all
1079 1079
  'Inconsistency in database'   => 'Unstimmigkeiten in der Datenbank',
1080 1080
  'Incorrect Password!'         => 'Ungültiges Passwort!',
1081 1081
  'Incorrect password!'         => 'Ungültiges Passwort!',
1082
  'Incorrect username or password!' => 'Ungültiger Benutzername oder falsches Passwort!',
1082
  'Incorrect username or password or no access to selected client!' => 'Ungültiger Benutzername oder Passwort oder kein Zugriff auf den ausgewählten Mandanten!',
1083 1083
  'Increase'                    => 'Erhöhen',
1084 1084
  'Individual Items'            => 'Einzelteile',
1085 1085
  'Information'                 => 'Information',

Auch abrufbar als: Unified diff