diff options
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 23 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Root.pm | 22 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 8 |
4 files changed, 53 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 041a8b76e..96ca8fdbc 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -67,6 +67,25 @@ sub forgot : Path('forgot') : Args(0) { $c->detach('code_sign_in'); } +sub expired : Path('expired') : Args(0) { + my ( $self, $c ) = @_; + + $c->detach('/page_error_403_access_denied', []) unless $c->user_exists; + + my $expiry = $c->cobrand->call_hook('password_expiry'); + $c->detach('/page_error_403_access_denied', []) unless $expiry; + + my $last_change = $c->user->get_extra_metadata('last_password_change') || 0; + my $midnight = int(time()/86400)*86400; + my $expired = $last_change + $expiry < $midnight; + $c->detach('/page_error_403_access_denied', []) unless $expired; + + $c->stash->{expired_password} = 1; + $c->stash->{template} = 'auth/create.html'; + return unless $c->req->method eq 'POST'; + $c->detach('code_sign_in', [ $c->user->email ]); +} + sub authenticate : Private { my ($self, $c, $type, $username, $password) = @_; return 1 if $type eq 'email' && $c->authenticate({ email => $username, email_verified => 1, password => $password }); @@ -121,9 +140,9 @@ they come back with a token (which contains the email/phone). =cut sub code_sign_in : Private { - my ( $self, $c ) = @_; + my ( $self, $c, $override_username ) = @_; - my $username = $c->stash->{username} = $c->get_param('username') || ''; + my $username = $c->stash->{username} = $override_username || $c->get_param('username') || ''; my $parsed = FixMyStreet::SMS->parse_username($username); diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index 91ffac205..a1bbfc570 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -74,7 +74,8 @@ sub change_password : Path('/auth/change_password') { if ($c->user->password) { # we should have a usable password - save it to the user - $c->user->obj->update( { password => $new } ); + $c->user->obj->password($new); + $c->user->obj->update; $c->stash->{password_changed} = 1; } else { # Set up arguments for code sign in diff --git a/perllib/FixMyStreet/App/Controller/Root.pm b/perllib/FixMyStreet/App/Controller/Root.pm index 2c7e28e5f..fb6d063be 100644 --- a/perllib/FixMyStreet/App/Controller/Root.pm +++ b/perllib/FixMyStreet/App/Controller/Root.pm @@ -39,6 +39,7 @@ sub auto : Private { # decide which cobrand this request should use $c->setup_request(); + $c->forward('check_password_expiry'); $c->detach('/auth/redirect') if $c->cobrand->call_hook('check_login_disallowed'); return 1; @@ -166,6 +167,27 @@ sub check_login_required : Private { $c->detach( '/auth/redirect' ); } +sub check_password_expiry : Private { + my ($self, $c) = @_; + + return unless $c->user_exists; + + return if $c->action eq $c->controller('JS')->action_for('translation_strings'); + return if $c->controller eq $c->controller('Auth'); + + my $expiry = $c->cobrand->call_hook('password_expiry'); + return unless $expiry; + + my $last_change = $c->user->get_extra_metadata('last_password_change') || 0; + my $midnight = int(time()/86400)*86400; + my $expired = $last_change + $expiry < $midnight; + return unless $expired; + + my $uri = $c->uri_for('/auth/expired'); + $c->res->redirect( $uri ); + $c->detach; +} + =head2 end Attempt to render a view, if needed. diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 805ea4776..9554bbe7e 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -167,6 +167,14 @@ __PACKAGE__->add_columns( }, ); +around password => sub { + my ($orig, $self) = (shift, shift); + if (@_) { + $self->set_extra_metadata(last_password_change => time()); + } + $self->$orig(@_); +}; + =head2 username Returns a verified email or phone for this user, preferring email, |