kivitendo/SL/Dispatcher/AuthHandler/User.pm @ a4e85aed
| 6afd06ad | Moritz Bunkus | package SL::Dispatcher::AuthHandler::User;
|
||
use strict;
|
||||
use parent qw(Rose::Object);
|
||||
| 4543999a | Moritz Bunkus | use Encode ();
|
||
use MIME::Base64 ();
|
||||
| b6fd15a8 | Sven Schöling | use SL::Layout::Dispatcher;
|
||
| 4a12c839 | Sven Schöling | |||
| 6afd06ad | Moritz Bunkus | sub handle {
|
||
| 540c0b5e | Moritz Bunkus | my ($self, %param) = @_;
|
||
| 4543999a | Moritz Bunkus | my ($http_auth_login, $http_auth_password) = $self->_parse_http_basic_auth;
|
||
my $login = $::form->{'{AUTH}login'} // $http_auth_login // $::auth->get_session_value('login');
|
||||
| 0e451e1b | Moritz Bunkus | return $self->_error(%param) if !defined $login;
|
||
| 6afd06ad | Moritz Bunkus | |||
| 4543999a | Moritz Bunkus | my $client_id = $::form->{'{AUTH}client_id'} // $::auth->get_session_value('client_id') // $::auth->get_default_client_id;
|
||
| 722fee3c | Moritz Bunkus | return $self->_error(%param) if !$client_id || !$::auth->set_client($client_id);
|
||
| 313367d3 | Moritz Bunkus | %::myconfig = User->get_default_myconfig($::auth->read_user(login => $login));
|
||
| 6afd06ad | Moritz Bunkus | |||
| 0e451e1b | Moritz Bunkus | return $self->_error(%param) unless $::myconfig{login};
|
||
| 6afd06ad | Moritz Bunkus | |||
$::locale = Locale->new($::myconfig{countrycode});
|
||||
| b6fd15a8 | Sven Schöling | $::request->{layout} = SL::Layout::Dispatcher->new(style => $::myconfig{menustyle});
|
||
| 6afd06ad | Moritz Bunkus | |||
| 77fda875 | Moritz Bunkus | my $ok = $::auth->is_api_token_cookie_valid;
|
||
| 4543999a | Moritz Bunkus | $ok ||= $::form->{'{AUTH}login'} && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $::form->{'{AUTH}password'}));
|
||
$ok ||= !$::form->{'{AUTH}login'} && $http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, $http_auth_password));
|
||||
$ok ||= !$::form->{'{AUTH}login'} && !$http_auth_login && (SL::Auth::OK() == $::auth->authenticate($::myconfig{login}, undef));
|
||||
| a3339fc7 | Moritz Bunkus | |||
| 0e451e1b | Moritz Bunkus | return $self->_error(%param) if !$ok;
|
||
| 6afd06ad | Moritz Bunkus | |||
$::auth->create_or_refresh_session;
|
||||
$::auth->delete_session_value('FLASH');
|
||||
| a2b2aea8 | Moritz Bunkus | $::instance_conf->reload->data;
|
||
| 540c0b5e | Moritz Bunkus | |||
| 0e451e1b | Moritz Bunkus | return 1;
|
||
| 540c0b5e | Moritz Bunkus | }
|
||
sub _error {
|
||||
| a4c8924a | Bernd Bleßmann | my ($self, %param) = @_;
|
||
| 540c0b5e | Moritz Bunkus | |||
$::auth->punish_wrong_login;
|
||||
| a4c8924a | Bernd Bleßmann | $::dispatcher->handle_login_error(%param, error => 'password');
|
||
| b8376fba | Sven Schöling | |||
| 0e451e1b | Moritz Bunkus | return 0;
|
||
| 6afd06ad | Moritz Bunkus | }
|
||
| 4543999a | Moritz Bunkus | sub _parse_http_basic_auth {
|
||
my ($self) = @_;
|
||||
# See RFC 7617.
|
||||
# Requires that the server passes the 'Authorization' header as the
|
||||
# environment variable 'HTTP_AUTHORIZATION'. Example code for
|
||||
# Apache:
|
||||
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
|
||||
my $data = $ENV{HTTP_AUTHORIZATION};
|
||||
return unless ($data // '') =~ m{^basic +(.+)}i;
|
||||
$data = Encode::decode('utf-8', MIME::Base64::decode($1));
|
||||
return unless $data =~ m{(.+?):(.+)};
|
||||
return ($1, $2);
|
||||
}
|
||||
| 6afd06ad | Moritz Bunkus | 1;
|