Commit 66946e8f authored by Maxime Besson's avatar Maxime Besson
Browse files

Fix auth process in password-testing plugins (#2611)

parent 83e95cd0
......@@ -73,7 +73,10 @@ sub extractFormInfo {
my $res = PE_OK;
# 1. No user defined at all -> first access
unless ( $defUser and $req->method =~ /^POST$/i ) {
# _pwdCheck is a workaround to make CheckUser work while using a GET
unless ( $defUser
and ( uc( $req->method ) eq "POST" or $req->data->{_pwdCheck} ) )
{
$res = PE_FIRSTACCESS;
}
......
......@@ -41,16 +41,22 @@ sub check {
if ( my $user = $req->param('user') and my $pwd = $req->param('password') )
{
$req->user($user);
$req->data->{password} = $pwd;
$req->parameters->{user} = ($user);
$req->parameters->{password} = $pwd;
$req->data->{skipToken} = 1;
# This makes Auth::Choice use authChoiceAuthBasic if defined
$req->data->{_pwdCheck} = 1;
# Not launched methods:
# - "extractFormInfo" due to "token"
# - "buildCookie" useless here
$req->steps( [
'getUser', 'authenticate',
@{ $self->p->betweenAuthAndData }, $self->p->sessionData,
@{ $self->p->afterData }, 'storeHistory',
@{ $self->p->beforeAuth },
$self->p->authProcess,
@{ $self->p->betweenAuthAndData },
$self->p->sessionData,
@{ $self->p->afterData },
'storeHistory',
@{ $self->p->endAuth }
]
);
......
......@@ -698,12 +698,13 @@ sub pwdConfirm {
400 );
}
$req->user($user);
$req->data->{password} = $password;
$req->data->{_pwdCheck} = 1;
$req->parameters->{user} = $user;
$req->parameters->{password} = $password;
$req->data->{_pwdCheck} = 1;
$req->data->{skipToken} = 1;
if ( $self->p->_userDB ) {
$req->steps( [ 'getUser', 'authenticate' ] );
$req->steps( [ $self->p->authProcess ] );
my $result = $self->p->process($req);
if ( $result == PE_PASSWORD_OK or $result == PE_OK ) {
return $self->p->sendJSONresponse( $req,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment