[open-ils-commits] r16129 - branches/rel_1_6/Open-ILS/src/perlmods/OpenILS/Application (dbs)
svn at svn.open-ils.org
svn at svn.open-ils.org
Sun Apr 4 21:40:10 EDT 2010
Author: dbs
Date: 2010-04-04 21:40:09 -0400 (Sun, 04 Apr 2010)
New Revision: 16129
Modified:
branches/rel_1_6/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
Log:
Use a simpler method for checking against FALSE values in json_query (aside: update json tutorial)
Add TODOs for checking password strictness, checking for restricted group
Change TTL calculation to add threshold instead of subtracting; simplifies comparison
Modified: branches/rel_1_6/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
===================================================================
--- branches/rel_1_6/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm 2010-04-05 01:07:20 UTC (rev 16128)
+++ branches/rel_1_6/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm 2010-04-05 01:40:09 UTC (rev 16129)
@@ -3402,7 +3402,6 @@
my $threshold_time = DateTime->now(time_zone => 'local')->subtract(seconds => $aupr_ttl)->iso8601();
# 2. Get time of last request and number of active requests (num_active)
- # we use the weird test of usr = -1000 to generate a FALSE condition
my $active_requests = $e->json_query({
from => 'aupr',
select => {
@@ -3414,14 +3413,16 @@
]
},
where => {
- has_been_reset => { '=' => { 'usr' => { '=' => -1000 } } },
+ has_been_reset => { '=' => 'f' } },
request_time => { '>' => $threshold_time }
}
});
# 3. if (num_active > throttle_threshold) and (now - last_request < 1 minute)
# ... delay - set cache - return event correspondingly ...
- #
+
+ # TODO Check to see if the user is in a password-reset-restricted group
+
# Otherwise, go ahead and try to get the user.
# Check the number of active requests for this user
@@ -3437,7 +3438,7 @@
},
where => {
usr => { '=' => $user->id },
- has_been_reset => { '=' => { 'usr' => { '=' => -1000 } } },
+ has_been_reset => { '=' => 'f' },
request_time => { '>' => $threshold_time }
}
});
@@ -3495,7 +3496,6 @@
my $aupr = $e->search_actor_usr_password_reset({
uuid => $uuid,
has_been_reset => 0
-
});
if (!$aupr->[0]) {
@@ -3507,13 +3507,14 @@
# Ensure we're still within the TTL for the request
my $aupr_ttl = $U->ou_ancestor_setting_value($user->home_ou, 'circ.password_reset_request_time_to_live') || 24*60*60;
- my $threshold_time = DateTime->now(time_zone => 'local')->subtract(seconds => $aupr_ttl);
- my $request_time = DateTime::Format::ISO8601->parse_datetime(clense_ISO8601($aupr->[0]->request_time));
- if ($request_time < $threshold_time) {
+ my $threshold = DateTime::Format::ISO8601->parse_datetime(clense_ISO8601($aupr->[0]->request_time))->add(seconds => $aupr_ttl);
+ if ($threshold > DateTime->now(time_zone => 'local')) {
$e->die_event;
return OpenILS::Event->new('PATRON_NOT_AN_ACTIVE_PASSWORD_RESET_REQUEST');
}
+ # TODO Check complexity of password against OU-defined regex
+
# All is well; update the password
$user->passwd($password);
$e->update_actor_user($user);
@@ -3527,4 +3528,3 @@
}
1;
-
More information about the open-ils-commits
mailing list