From 7abfda291519eb59acbc1502e7c25466ca313565 Mon Sep 17 00:00:00 2001 From: cdujeu Date: Wed, 18 Mar 2015 22:46:01 +0100 Subject: [PATCH] Fix various issues with Forget Password action - Fix #863 --- .../class.KeystoreAuthFrontend.php | 16 ++++---- .../gui.ajax/class.AJXP_ClientDriver.php | 2 +- .../gui.user/class.UserGuiController.php | 38 +++++++++++++------ 3 files changed, 34 insertions(+), 22 deletions(-) diff --git a/core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php b/core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php index 17fbc2d77f..44c1e91189 100644 --- a/core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php +++ b/core/src/plugins/authfront.keystore/class.KeystoreAuthFrontend.php @@ -79,16 +79,14 @@ public function revokeUserTokens($userId){ $this->storage = ConfService::getConfStorageImpl(); if(!is_a($this->storage, "sqlConfDriver")) return false; - $user = AuthService::getLoggedUser()->getId(); - if($userId == $user || AuthService::getLoggedUser()->isAdmin()){ - $keys = $this->storage->simpleStoreList("keystore", null, "", "serial", '%"USER_ID";s:'.strlen($userId).':"'.$userId.'"%'); - foreach($keys as $keyId => $keyData){ - $this->storage->simpleStoreClear("keystore", $keyId); - } - if(count($keys)){ - $this->logInfo(__FUNCTION__, "Revoking ".count($keys)." keys for user '".$userId."' on password change action."); - } + $keys = $this->storage->simpleStoreList("keystore", null, "", "serial", '%"USER_ID";s:'.strlen($userId).':"'.$userId.'"%'); + foreach($keys as $keyId => $keyData){ + $this->storage->simpleStoreClear("keystore", $keyId); + } + if(count($keys)){ + $this->logInfo(__FUNCTION__, "Revoking ".count($keys)." keys for user '".$userId."' on password change action."); } + return null; } /** diff --git a/core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php b/core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php index f2ce51c165..aaea714901 100644 --- a/core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php +++ b/core/src/plugins/gui.ajax/class.AJXP_ClientDriver.php @@ -144,7 +144,7 @@ public function switchAction($action, $httpVars, $fileVars) $root = '/'.ltrim(parse_url($configUrl, PHP_URL_PATH), '/'); if(strlen($root) > 1) $root = rtrim($root, '/').'/'; }else{ - preg_match ('/ws-(.)*\/|settings|dashboard|welcome/', $root, $matches, PREG_OFFSET_CAPTURE); + preg_match ('/ws-(.)*\/|settings|dashboard|welcome|user/', $root, $matches, PREG_OFFSET_CAPTURE); if(count($matches)){ $capture = $matches[0][1]; $root = substr($root, 0, $capture); diff --git a/core/src/plugins/gui.user/class.UserGuiController.php b/core/src/plugins/gui.user/class.UserGuiController.php index 025fba868c..78ad2cace2 100644 --- a/core/src/plugins/gui.user/class.UserGuiController.php +++ b/core/src/plugins/gui.user/class.UserGuiController.php @@ -60,15 +60,26 @@ public function processUserAccessPoint($action, $httpVars, $fileVars) { switch ($action) { case "user_access_point": - - $uri = explode("/", trim($_SERVER["REQUEST_URI"], "/")); - array_shift($uri); - $action = array_shift($uri); - $this->processSubAction($action, $uri); - $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array( - "REBASE"=>"../../", - "USER_GUI_ACTION" => $action - ); + $setUrl = ConfService::getCoreConf("SERVER_URL"); + $realUri = "/"; + if(!empty($setUrl)){ + $realUri = parse_url(ConfService::getCoreConf("SERVER_URL"), PHP_URL_PATH); + } + $requestURI = str_replace("//", "/", $_SERVER["REQUEST_URI"]); + $uri = trim(str_replace(rtrim($realUri, "/")."/user", "", $requestURI), "/"); + $uriParts = explode("/", $uri); + $action = array_shift($uriParts); + try{ + $this->processSubAction($action, $uriParts); + $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array( + "REBASE"=>"../../", + "USER_GUI_ACTION" => $action + ); + }catch(Exception $e){ + $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array( + "ALERT" => $e->getMessage() + ); + } AJXP_Controller::findActionAndApply("get_boot_gui", array(), array()); unset($_SESSION['OVERRIDE_GUI_START_PARAMETERS']); @@ -106,10 +117,13 @@ public function processUserAccessPoint($action, $httpVars, $fileVars) // This is a reset password if (isSet($httpVars["key"]) && isSet($httpVars["user_id"])) { $key = ConfService::getConfStorageImpl()->loadTemporaryKey("password-reset", $httpVars["key"]); + ConfService::getConfStorageImpl()->deleteTemporaryKey("password-reset", $httpVars["key"]); if ($key != null && $key["user_id"] == $httpVars["user_id"] && AuthService::userExists($key["user_id"])) { AuthService::updatePassword($key["user_id"], $httpVars["new_pass"]); + }else{ + echo 'ERROR'; + break; } - ConfService::getConfStorageImpl()->deleteTemporaryKey("password-reset", $httpVars["key"]); } AuthService::disconnect(); echo 'SUCCESS'; @@ -129,8 +143,8 @@ protected function processSubAction($actionName, $args) if (count($args)) { $token = $args[0]; $key = ConfService::getConfStorageImpl()->loadTemporaryKey("password-reset", $token); - if ($key == null) { - + if ($key == null || $key["user_id"] === false) { + throw new Exception("Invalid password reset key! Did you make sure to copy the correct link?"); } } break;