aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet/App')
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth.pm23
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth/Profile.pm3
-rw-r--r--perllib/FixMyStreet/App/Controller/Root.pm22
3 files changed, 45 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 041a8b76e..96ca8fdbc 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -67,6 +67,25 @@ sub forgot : Path('forgot') : Args(0) {
$c->detach('code_sign_in');
}
+sub expired : Path('expired') : Args(0) {
+ my ( $self, $c ) = @_;
+
+ $c->detach('/page_error_403_access_denied', []) unless $c->user_exists;
+
+ my $expiry = $c->cobrand->call_hook('password_expiry');
+ $c->detach('/page_error_403_access_denied', []) unless $expiry;
+
+ my $last_change = $c->user->get_extra_metadata('last_password_change') || 0;
+ my $midnight = int(time()/86400)*86400;
+ my $expired = $last_change + $expiry < $midnight;
+ $c->detach('/page_error_403_access_denied', []) unless $expired;
+
+ $c->stash->{expired_password} = 1;
+ $c->stash->{template} = 'auth/create.html';
+ return unless $c->req->method eq 'POST';
+ $c->detach('code_sign_in', [ $c->user->email ]);
+}
+
sub authenticate : Private {
my ($self, $c, $type, $username, $password) = @_;
return 1 if $type eq 'email' && $c->authenticate({ email => $username, email_verified => 1, password => $password });
@@ -121,9 +140,9 @@ they come back with a token (which contains the email/phone).
=cut
sub code_sign_in : Private {
- my ( $self, $c ) = @_;
+ my ( $self, $c, $override_username ) = @_;
- my $username = $c->stash->{username} = $c->get_param('username') || '';
+ my $username = $c->stash->{username} = $override_username || $c->get_param('username') || '';
my $parsed = FixMyStreet::SMS->parse_username($username);
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
index 91ffac205..a1bbfc570 100644
--- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
@@ -74,7 +74,8 @@ sub change_password : Path('/auth/change_password') {
if ($c->user->password) {
# we should have a usable password - save it to the user
- $c->user->obj->update( { password => $new } );
+ $c->user->obj->password($new);
+ $c->user->obj->update;
$c->stash->{password_changed} = 1;
} else {
# Set up arguments for code sign in
diff --git a/perllib/FixMyStreet/App/Controller/Root.pm b/perllib/FixMyStreet/App/Controller/Root.pm
index 2c7e28e5f..fb6d063be 100644
--- a/perllib/FixMyStreet/App/Controller/Root.pm
+++ b/perllib/FixMyStreet/App/Controller/Root.pm
@@ -39,6 +39,7 @@ sub auto : Private {
# decide which cobrand this request should use
$c->setup_request();
+ $c->forward('check_password_expiry');
$c->detach('/auth/redirect') if $c->cobrand->call_hook('check_login_disallowed');
return 1;
@@ -166,6 +167,27 @@ sub check_login_required : Private {
$c->detach( '/auth/redirect' );
}
+sub check_password_expiry : Private {
+ my ($self, $c) = @_;
+
+ return unless $c->user_exists;
+
+ return if $c->action eq $c->controller('JS')->action_for('translation_strings');
+ return if $c->controller eq $c->controller('Auth');
+
+ my $expiry = $c->cobrand->call_hook('password_expiry');
+ return unless $expiry;
+
+ my $last_change = $c->user->get_extra_metadata('last_password_change') || 0;
+ my $midnight = int(time()/86400)*86400;
+ my $expired = $last_change + $expiry < $midnight;
+ return unless $expired;
+
+ my $uri = $c->uri_for('/auth/expired');
+ $c->res->redirect( $uri );
+ $c->detach;
+}
+
=head2 end
Attempt to render a view, if needed.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 15:03:24 +0000