From: Jeff Godin <jgodin@tadl.org>
Date: Thu, 29 Nov 2012 21:53:36 +0000 (-0500)
Subject: Suggest password change on login if 4 digit PIN
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=b060a9ff3922225012e7789002ca5b1f8b409fcb;p=working%2FEvergreen.git

Suggest password change on login if 4 digit PIN

Suggest that the user change their password at login if the password
is a four digit PIN. Do this by redirecting to the update_password
page with a CGI param to trigger an optional message.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index b1527fb87d..fee693c3b3 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -461,27 +461,37 @@ sub load_login {
     # both login-related cookies should expire at the same time
     my $login_cookie_expires = ($persist) ? CORE::time + $response->{payload}->{authtime} : undef;
 
+    # define cookies here
+    my $cookies = [
+        # contains the actual auth token and should be sent only over https
+        $cgi->cookie(
+            -name => COOKIE_SES,
+            -path => '/',
+            -secure => 1,
+            -value => $response->{payload}->{authtoken},
+            -expires => $login_cookie_expires
+        ),
+        # contains only a hint that we are logged in, and is used to
+        # trigger a redirect to https
+        $cgi->cookie(
+            -name => COOKIE_LOGGEDIN,
+            -path => '/',
+            -secure => 0,
+            -value => '1',
+            -expires => $login_cookie_expires
+        )
+    ];
+
+    # test for four-digit PIN as password -- suggest password change
+    if ($password =~ m/^\d{4}$/) {
+        my $update_password = sprintf(
+                'https://%s%s/myopac/update_password?initial=1',
+                $self->apache->hostname, $self->ctx->{opac_root} );
+        return $self->generic_redirect($update_password, $cookies);
+    }
+
     return $self->generic_redirect(
-        $cgi->param('redirect_to') || $acct,
-        [
-            # contains the actual auth token and should be sent only over https
-            $cgi->cookie(
-                -name => COOKIE_SES,
-                -path => '/',
-                -secure => 1,
-                -value => $response->{payload}->{authtoken},
-                -expires => $login_cookie_expires
-            ),
-            # contains only a hint that we are logged in, and is used to
-            # trigger a redirect to https
-            $cgi->cookie(
-                -name => COOKIE_LOGGEDIN,
-                -path => '/',
-                -secure => 0,
-                -value => '1',
-                -expires => $login_cookie_expires
-            )
-        ]
+        $cgi->param('redirect_to') || $acct, $cookies
     );
 }