diff options
Diffstat (limited to 'perllib')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 34 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Oxfordshire.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 9 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Test.pm | 13 |
5 files changed, 48 insertions, 16 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 86e3e8434..95f8bb9a2 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -85,6 +85,12 @@ sub sign_in : Private { my $parsed = FixMyStreet::SMS->parse_username($username); if ($parsed->{username} && $password && $c->forward('authenticate', [ $parsed->{type}, $parsed->{username}, $password ])) { + # Upgrade hash count if necessary + my $cost = sprintf("%02d", FixMyStreet::DB::Result::User->cost); + if ($c->user->password !~ /^\$2a\$$cost\$/) { + $c->user->update({ password => $password }); + } + # unless user asked to be remembered limit the session to browser $c->set_session_cookie_expire(0) unless $remember_me; diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index d1fb32c41..2d8ae081e 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -19,7 +19,7 @@ verifying email, phone, password. =cut -sub auto { +sub auto : Private { my ( $self, $c ) = @_; $c->detach( '/auth/redirect' ) unless $c->user; @@ -49,8 +49,17 @@ sub change_password : Path('/auth/change_password') { my $new = $c->get_param('new_password') // ''; my $confirm = $c->get_param('confirm') // ''; + my $password_error; + + # Check existing password, if available + if ($c->user->password) { + my $current = $c->get_param('current_password') // ''; + $c->stash->{current_password} = $current; + $password_error = 'incorrect' unless $c->user->check_password($current); + } + # check for errors - my $password_error = + $password_error ||= !$new && !$confirm ? 'missing' : $new ne $confirm ? 'mismatch' : !$c->forward('/auth/test_password', [ $new ]) ? 'failed' @@ -63,10 +72,17 @@ sub change_password : Path('/auth/change_password') { return; } - # we should have a usable password - save it to the user - $c->user->obj->update( { password => $new } ); - $c->stash->{password_changed} = 1; - + if ($c->user->password) { + # we should have a usable password - save it to the user + $c->user->obj->update( { password => $new } ); + $c->stash->{password_changed} = 1; + } else { + # Set up arguments for code sign in + $c->set_param('username', $c->user->username); + $c->set_param('password_register', $new); + $c->set_param('r', 'auth/change_password/success'); + $c->detach('/auth/code_sign_in'); + } } =head2 change_email @@ -149,6 +165,12 @@ sub change_phone_success : Path('/auth/change_phone/success') { $c->res->redirect('/my'); } +sub change_password_success : Path('/auth/change_password/success') { + my ( $self, $c ) = @_; + $c->flash->{flash_message} = _('Your password has been changed'); + $c->res->redirect('/my'); +} + sub generate_token : Path('/auth/generate_token') { my ($self, $c) = @_; diff --git a/perllib/FixMyStreet/Cobrand/Oxfordshire.pm b/perllib/FixMyStreet/Cobrand/Oxfordshire.pm index 23324e763..00f099278 100644 --- a/perllib/FixMyStreet/Cobrand/Oxfordshire.pm +++ b/perllib/FixMyStreet/Cobrand/Oxfordshire.pm @@ -15,8 +15,6 @@ sub is_council_with_case_management { return FixMyStreet->config('STAGING_SITE'); } -sub map_type { 'OSM' } - sub base_url { my $self = shift; return $self->next::method() if FixMyStreet->config('STAGING_SITE'); diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index d02039ac3..97f2132b1 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -125,11 +125,15 @@ with 'FixMyStreet::Roles::Extra'; __PACKAGE__->many_to_many( planned_reports => 'user_planned_reports', 'report' ); +sub cost { + FixMyStreet->test_mode ? 1 : 12; +} + __PACKAGE__->add_columns( "password" => { encode_column => 1, encode_class => 'Crypt::Eksblowfish::Bcrypt', - encode_args => { cost => 8 }, + encode_args => { cost => cost() }, encode_check_method => 'check_password', }, ); @@ -150,8 +154,9 @@ sub username { sub phone_display { my $self = shift; return $self->phone unless $self->phone; + my $country = FixMyStreet->config('PHONE_COUNTRY'); my $parsed = FixMyStreet::SMS->parse_username($self->phone); - return $parsed->{phone} ? $parsed->{phone}->format : $self->phone; + return $parsed->{phone} ? $parsed->{phone}->format_for_country($country) : $self->phone; } sub latest_anonymity { diff --git a/perllib/FixMyStreet/Test.pm b/perllib/FixMyStreet/Test.pm index 572ae0a44..aa1a63c21 100644 --- a/perllib/FixMyStreet/Test.pm +++ b/perllib/FixMyStreet/Test.pm @@ -7,6 +7,13 @@ use warnings FATAL => 'all'; use utf8; use Test::More; use mySociety::Locale; + +BEGIN { + use FixMyStreet; + FixMyStreet->test_mode(1); + mySociety::Locale::gettext_domain('FixMyStreet', 1); +} + use FixMyStreet::DB; my $db = FixMyStreet::DB->schema->storage; @@ -19,12 +26,6 @@ sub import { $db->txn_begin; } -BEGIN { - use FixMyStreet; - FixMyStreet->test_mode(1); - mySociety::Locale::gettext_domain('FixMyStreet', 1); -} - END { $db->txn_rollback if $db; } |