package EnsEMBL::Web::Filter::PasswordValid;
### Checks if a password matches the encrypted value stored in the database
use strict;
use warnings;
use EnsEMBL::Web::Data::User;
use EnsEMBL::Web::Tools::Encryption;
use EnsEMBL::Web::RegObj;
use base qw(EnsEMBL::Web::Filter);
{
sub BUILD {
my ($self, $ident, $args) = @_;
## Set the messages hash here
$self->set_messages({
'empty_password' => 'You did not supply a password. Please try again.',
'invalid_password' => qq(Sorry, the email address or password was entered incorrectly and could not be validated. Please try again.<br /><br />If you are unsure of your password, click the 'Lost Password' link in the lefthand menu to reactivate your account.),
});
}
sub catch {
my $self = shift;
my $object = $self->object;
$self->set_redirect('/Account/Login');
if ($object->param('password')) {
my $user = EnsEMBL::Web::Data::User->find(email => $object->param('email'));
if ($user) {
my $input_password = $object->param('password');
my $encrypted = EnsEMBL::Web::Tools::Encryption::encryptPassword($input_password, $user->salt);
if ($user->password ne $encrypted) {
$self->set_error_code('invalid_password');
}
}
else {
## N.B. for security reasons, we do not distinguish between
## an invalid email address and an invalid password
$self->set_error_code('invalid_password');
}
}
else {
$self->set_error_code('empty_password');
}
}
}
1;