| [vhffs-dev] [2280] fixed cleartext box password in mail database upon box creation |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 2280
Author: gradator
Date: 2015-04-10 22:01:10 +0200 (Fri, 10 Apr 2015)
Log Message:
-----------
fixed cleartext box password in mail database upon box creation
Mail::Localpart::create cannot set the password in the hashed form into database,
this leads to Mail::add_box calling Localpart::create if localpart does not
previously exist with a cleartext password, hence storing the password
in cleartext in database instead of its hashed form.
Setting the password is only necessary for Mail::add_box, removing password
management from Localpart::create and adding it to Mail::add_box with proper
hashing.
Modified Paths:
--------------
branches/vhffs-4.5/vhffs-api/src/Vhffs/Services/Mail.pm
trunk/vhffs-api/src/Vhffs/Services/Mail.pm
Modified: branches/vhffs-4.5/vhffs-api/src/Vhffs/Services/Mail.pm
===================================================================
--- branches/vhffs-4.5/vhffs-api/src/Vhffs/Services/Mail.pm 2015-02-24 23:01:14 UTC (rev 2279)
+++ branches/vhffs-4.5/vhffs-api/src/Vhffs/Services/Mail.pm 2015-04-10 20:01:10 UTC (rev 2280)
@@ -85,13 +85,12 @@
sub create {
my $mail = shift; # a C<Vhffs::Services::Mail>
my $localpart = shift;
- my $password = shift;
return undef unless defined $localpart and $localpart =~ Vhffs::Constants::MAIL_VALID_LOCAL_PART;
- my $query = 'INSERT INTO vhffs_mx_localpart (localpart_id, mx_id, localpart, password, nospam, novirus) VALUES(DEFAULT, ?, ?, ?, DEFAULT, DEFAULT) RETURNING localpart_id,localpart,password,nospam,novirus';
+ my $query = 'INSERT INTO vhffs_mx_localpart (localpart_id, mx_id, localpart, password, nospam, novirus) VALUES(DEFAULT, ?, ?, DEFAULT, DEFAULT, DEFAULT) RETURNING localpart_id,localpart,password,nospam,novirus';
my $request = $mail->get_db->prepare( $query );
- $request->execute( $mail->{mx_id}, $localpart, $password ) or return;
+ $request->execute( $mail->{mx_id}, $localpart ) or return;
my @returning = $request->fetchrow_array;
return _new Vhffs::Services::Mail::Localpart( $mail, @returning );
@@ -1422,18 +1421,16 @@
eval {
# create localpart if necessary
unless( defined $lp ) {
- $lp = Vhffs::Services::Mail::Localpart::create( $self, $localpart, $password );
+ $lp = Vhffs::Services::Mail::Localpart::create( $self, $localpart );
die unless defined $lp;
}
- # if localpart exists, update the password
- else {
- unless( $ishashed ) {
- $lp->set_password( $password );
- } else {
- $lp->{password} = $password;
- }
- $lp->commit
+ # update the password
+ unless( $ishashed ) {
+ $lp->set_password( $password );
+ } else {
+ $lp->{password} = $password;
}
+ $lp->commit
# create box
$box = Vhffs::Services::Mail::Box::create( $lp );
Modified: trunk/vhffs-api/src/Vhffs/Services/Mail.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Services/Mail.pm 2015-02-24 23:01:14 UTC (rev 2279)
+++ trunk/vhffs-api/src/Vhffs/Services/Mail.pm 2015-04-10 20:01:10 UTC (rev 2280)
@@ -85,13 +85,12 @@
sub create {
my $mail = shift; # a C<Vhffs::Services::Mail>
my $localpart = shift;
- my $password = shift;
return undef unless defined $localpart and $localpart =~ Vhffs::Constants::MAIL_VALID_LOCAL_PART;
- my $query = 'INSERT INTO vhffs_mx_localpart (localpart_id, mx_id, localpart, password, nospam, novirus) VALUES(DEFAULT, ?, ?, ?, DEFAULT, DEFAULT) RETURNING localpart_id,localpart,password,nospam,novirus';
+ my $query = 'INSERT INTO vhffs_mx_localpart (localpart_id, mx_id, localpart, password, nospam, novirus) VALUES(DEFAULT, ?, ?, DEFAULT, DEFAULT, DEFAULT) RETURNING localpart_id,localpart,password,nospam,novirus';
my $request = $mail->get_db->prepare( $query );
- $request->execute( $mail->{mx_id}, $localpart, $password ) or return;
+ $request->execute( $mail->{mx_id}, $localpart ) or return;
my @returning = $request->fetchrow_array;
return _new Vhffs::Services::Mail::Localpart( $mail, @returning );
@@ -1422,18 +1421,16 @@
eval {
# create localpart if necessary
unless( defined $lp ) {
- $lp = Vhffs::Services::Mail::Localpart::create( $self, $localpart, $password );
+ $lp = Vhffs::Services::Mail::Localpart::create( $self, $localpart );
die unless defined $lp;
}
- # if localpart exists, update the password
- else {
- unless( $ishashed ) {
- $lp->set_password( $password );
- } else {
- $lp->{password} = $password;
- }
- $lp->commit
+ # update the password
+ unless( $ishashed ) {
+ $lp->set_password( $password );
+ } else {
+ $lp->{password} = $password;
}
+ $lp->commit
# create box
$box = Vhffs::Services::Mail::Box::create( $lp );