From: erickson Date: Thu, 12 Apr 2007 15:11:49 +0000 (+0000) Subject: moved password/username/email update code to cstore. now fetching user object from... X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=a97055997c16325c51ac56fcc82881abd3632988;p=Evergreen.git moved password/username/email update code to cstore. now fetching user object from db before updating to prevent transaction errors. re-enalbed transaction verification git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_1_0@7146 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm index 5de2c6a68a..4fa55c9cef 100644 --- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm +++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm @@ -208,6 +208,14 @@ sub ou_setting_delete { + + + + + + + + __PACKAGE__->register_method( method => "update_patron", api_name => "open-ils.actor.patron.update",); @@ -443,8 +451,8 @@ sub _update_patron { $patron->clear_ident_value; } - #$evt = verify_last_xact($session, $patron); - #return (undef, $evt) if $evt; + $evt = verify_last_xact($session, $patron); + return (undef, $evt) if $evt; my $stat = $session->request( "open-ils.storage.direct.actor.user.update",$patron )->gather(1); @@ -856,12 +864,7 @@ __PACKAGE__->register_method( sub search_username { my($self, $client, $username) = @_; - my $users = OpenILS::Application::AppUtils->simple_scalar_request( - "open-ils.cstore", - "open-ils.cstore.direct.actor.user.search.atomic", - { usrname => $username } - ); - return $users; + return new_editor()->search_actor_user({usrname=>$username}); } @@ -1121,6 +1124,7 @@ sub patron_adv_search { +=head old sub _verify_password { my($user_session, $password) = @_; my $user_obj = $apputils->check_user_session($user_session); @@ -1156,8 +1160,13 @@ sub update_password { my $evt; + my $session = $apputils->start_db_session(); my $user_obj = $apputils->check_user_session($user_session); + #fetch the in-database version so we get the latest xact_id + $user_obj = $session->request( + 'open-ils.storage.direct.actor.user.retrieve', $user_obj->id)->gather(1); + if($self->api_name =~ /password/o) { #make sure they know the current password @@ -1180,7 +1189,6 @@ sub update_password { $user_obj->email($new_value); } - my $session = $apputils->start_db_session(); ( $user_obj, $evt ) = _update_patron($session, $user_obj, $user_obj, 1); return $evt if $evt; @@ -1190,6 +1198,60 @@ sub update_password { if($user_obj) { return 1; } return undef; } +=cut + +__PACKAGE__->register_method( + method => "update_passwd", + api_name => "open-ils.actor.user.password.update"); + +__PACKAGE__->register_method( + method => "update_passwd", + api_name => "open-ils.actor.user.username.update"); + +__PACKAGE__->register_method( + method => "update_passwd", + api_name => "open-ils.actor.user.email.update"); + +sub update_passwd { + my( $self, $conn, $auth, $new_val, $orig_pw ) = @_; + my $e = new_editor(xact=>1, authtoken=>$auth); + return $e->die_event unless $e->checkauth; + + my $db_user = $e->retrieve_actor_user($e->requestor->id) + or return $e->die_event; + my $api = $self->api_name; + + if( $api =~ /password/o ) { + + # make sure the original password matches the in-database password + return OpenILS::Event->new('INCORRECT_PASSWORD') + if md5_hex($orig_pw) ne $db_user->passwd; + $db_user->passwd($new_val); + + } else { + + # if we don't clear the password, the user will be updated with + # a hashed version of the hashed version of their password + $db_user->clear_passwd; + + if( $api =~ /username/o ) { + + # make sure no one else has this username + my $exist = $e->search_actor_user({usrname=>$new_val},{idlist=>1}); + return OpenILS::Event->new('USERNAME_EXISTS') if @$exist; + $db_user->usrname($new_val); + + } elsif( $api =~ /email/o ) { + $db_user->email($new_val); + } + } + + $e->update_actor_user($db_user) or return $e->die_event; + $e->commit; + return 1; +} + + __PACKAGE__->register_method( @@ -2816,5 +2878,8 @@ sub user_retrieve_parts { + + + 1;