From 1f50a3ae50a50ec52f404e9784a324cffe63cd5b Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Sat, 8 Jun 2013 13:11:40 +0200 Subject: [PATCH] Fix administrator handling. Actually use admins table for authentication of reseller and admin. Save pass as md5 hash (should be bcrypt at some point!) Display proper user name in view. --- lib/NGCP/Panel.pm | 30 +++++++----------- lib/NGCP/Panel/Controller/Administrator.pm | 5 +++ lib/NGCP/Panel/Controller/Login.pm | 37 +++++++++++++++++++++- share/layout/body.tt | 3 +- 4 files changed, 55 insertions(+), 20 deletions(-) diff --git a/lib/NGCP/Panel.pm b/lib/NGCP/Panel.pm index 44f22cb5de..7517fd442c 100644 --- a/lib/NGCP/Panel.pm +++ b/lib/NGCP/Panel.pm @@ -109,33 +109,27 @@ __PACKAGE__->config( reseller => { credential => { class => 'Password', - password_field => 'password', - password_type => 'clear' + password_field => 'md5pass', + password_type => 'hashed', + password_hash_type => 'MD5' }, store => { - class => 'Minimal', - users => { - reseller => { - password => 'reseller', - roles => [qw/reseller/], - } - } + class => 'DBIx::Class', + user_model => 'billing::admins', + id_field => 'id', } }, admin => { credential => { class => 'Password', - password_field => 'password', - password_type => 'clear' + password_field => 'md5pass', + password_type => 'hashed', + password_hash_type => 'MD5' }, store => { - class => 'Minimal', - users => { - administrator => { - password => 'administrator', - roles => [qw/administrator/], - }, - } + class => 'DBIx::Class', + user_model => 'billing::admins', + id_field => 'id', } } } diff --git a/lib/NGCP/Panel/Controller/Administrator.pm b/lib/NGCP/Panel/Controller/Administrator.pm index 145f1abfaa..e73d8a8c51 100644 --- a/lib/NGCP/Panel/Controller/Administrator.pm +++ b/lib/NGCP/Panel/Controller/Administrator.pm @@ -4,6 +4,7 @@ use namespace::sweep; BEGIN { extends 'Catalyst::Controller'; } use NGCP::Panel::Form::Administrator qw(); use NGCP::Panel::Utils qw(); +use Digest::MD5 qw(md5_hex); sub list_admin :PathPart('administrator') :Chained('/') :CaptureArgs(0) { my ($self, $c) = @_; @@ -50,6 +51,7 @@ sub create :Chained('list_admin') :PathPart('create') :Args(0) { if ($form->validated) { try { delete $form->params->{save}; + $form->params->{md5pass} = md5_hex($form->params->{md5pass}); $c->model('billing')->resultset('admins')->create($form->params); $c->flash(messages => [{type => 'success', text => 'Administrator created.'}]); $c->response->redirect($c->uri_for); @@ -93,6 +95,9 @@ sub edit :Chained('base') :PathPart('edit') :Args(0) { # flatten nested hashref instead of recursive update $form_values->{reseller_id} = delete $form_values->{reseller}{id}; delete $form_values->{reseller}; + if($form_values->{md5pass} and length $form_values->{md5pass}) { + $form_values->{md5pass} = md5_hex($form_values->{md5pass}); + } $c->stash->{admins}->search_rs({ id => $form_values->{id} })->update($form_values); $c->flash(messages => [{type => 'success', text => 'Administrator changed.'}]); } catch($e) { diff --git a/lib/NGCP/Panel/Controller/Login.pm b/lib/NGCP/Panel/Controller/Login.pm index fdccb2706e..d6279f139c 100644 --- a/lib/NGCP/Panel/Controller/Login.pm +++ b/lib/NGCP/Panel/Controller/Login.pm @@ -42,7 +42,42 @@ sub index :Path Form { my $user = $form->field('username')->value; my $pass = $form->field('password')->value; $c->log->debug("*** Login::index user=$user, pass=$pass, realm=$realm"); - if($c->authenticate({ username => $user, password => $pass }, $realm)) { + my $res; + if($realm eq 'admin') { + $res = $c->authenticate( + { + login => $user, + md5pass => $pass, + 'dbix_class' => { + searchargs => [{ + -and => [ + login => $user, + is_active => 1, + reseller_id => 1 + ], + }], + } + }, + $realm); + } elsif($realm eq 'reseller') { + $res = $c->authenticate( + { + login => $user, + md5pass => $pass, + 'dbix_class' => { + searchargs => [{ + -and => [ + login => $user, + is_active => 1, + reseller_id => { '>' => 1 } + ], + }], + } + }, + $realm); + } + + if($res) { # auth ok my $target = $c->session->{'target'} || '/'; delete $c->session->{target}; diff --git a/share/layout/body.tt b/share/layout/body.tt index 15b200053e..c85ca1acc8 100644 --- a/share/layout/body.tt +++ b/share/layout/body.tt @@ -29,7 +29,8 @@