PHRAS-3890: Admin - add "auth failure" - display and purge auth failu…

…re - only for super U (#4368) * admin auth failure * add check superU
alchemy-fr · Sep 5, 2023 · ec4a225 · ec4a225
1 parent 2c56cff
commit ec4a225
Show file tree

Hide file tree

Showing 14 changed files with 764 additions and 545 deletions.
diff --git a/lib/Alchemy/Phrasea/Authentication/Phrasea/FailureManager.php b/lib/Alchemy/Phrasea/Authentication/Phrasea/FailureManager.php
@@ -98,6 +98,31 @@ public function resetLockedFailureByUsername($username)
         return $this;
     }
 
+    public function removeFailureById($failureId)
+    {
+        // truncate table if failureId == 0
+        if ($failureId == 0) {
+            $connection = $this->em->getConnection();
+            $platform = $connection->getDatabasePlatform();
+            $this->em->beginTransaction();
+            try {
+                $connection->executeUpdate($platform->getTruncateTableSQL('AuthFailures'));
+            }
+            catch (\Exception $e) {
+                $this->em->rollback();
+            }
+        } else {
+            $failure = $this->repository->find($failureId);
+
+            if (empty($failure)) {
+                return;
+            }
+
+            $this->em->remove($failure);
+            $this->em->flush($failure);
+        }
+    }
+
     /**
      * Checks a request for previous failures
      *

diff --git a/lib/Alchemy/Phrasea/Controller/Admin/UserController.php b/lib/Alchemy/Phrasea/Controller/Admin/UserController.php
@@ -511,6 +511,21 @@ public function displayRegistrationsAction()
         ]);
     }
 
+    public function displayAuthFailureAction(Request $request)
+    {
+        return $this->render('admin/auth-failure.html.twig', [
+        ]);
+    }
+
+    public function deleteAuthFailureAction(Request $request)
+    {
+        if ($this->getAuthenticatedUser()->isAdmin()) {
+            $this->app['auth.native.failure-manager']->removeFailureById($request->request->get('failureId'));
+        }
+
+        return $this->render('admin/auth-failure.html.twig', []);
+    }
+
     public function submitRegistrationAction(Request $request)
     {
         $templates = $this->normalizeTemplateArray($request->request->get('template', []));

diff --git a/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php b/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php
@@ -90,6 +90,9 @@ public function connect(Application $app)
         $controllers->get('/feed-entry/', 'controller.admin.users:listFeedEntry');
         $controllers->post('/feed-entry/delete/', 'controller.admin.users:deleteFeedEntry');
         $controllers->get('/records-basket/', 'controller.admin.users:listRecordBasket');
+        $controllers->get('/auth-failure/', 'controller.admin.users:displayAuthFailureAction')
+            ->bind('users_display_auth_failure');
+        $controllers->post('/auth-failure/delete/', 'controller.admin.users:deleteAuthFailureAction');
 
         return $controllers;
     }

diff --git a/resources/locales/messages.de.xlf b/resources/locales/messages.de.xlf
diff --git a/resources/locales/messages.en.xlf b/resources/locales/messages.en.xlf
diff --git a/resources/locales/messages.fr.xlf b/resources/locales/messages.fr.xlf
diff --git a/resources/locales/messages.nl.xlf b/resources/locales/messages.nl.xlf
diff --git a/resources/locales/validators.de.xlf b/resources/locales/validators.de.xlf
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2023-07-27T13:57:52Z" source-language="en" target-language="de" datatype="plaintext" original="not.available">
+  <file date="2023-08-30T11:26:01Z" source-language="en" target-language="de" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/resources/locales/validators.en.xlf b/resources/locales/validators.en.xlf
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2023-07-27T13:58:02Z" source-language="en" target-language="en" datatype="plaintext" original="not.available">
+  <file date="2023-08-30T11:26:17Z" source-language="en" target-language="en" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/resources/locales/validators.fr.xlf b/resources/locales/validators.fr.xlf
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2023-07-27T13:58:16Z" source-language="en" target-language="fr" datatype="plaintext" original="not.available">
+  <file date="2023-08-30T11:26:36Z" source-language="en" target-language="fr" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/resources/locales/validators.nl.xlf b/resources/locales/validators.nl.xlf
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" xmlns:jms="urn:jms:translation" version="1.2">
-  <file date="2023-07-27T13:58:33Z" source-language="en" target-language="nl" datatype="plaintext" original="not.available">
+  <file date="2023-08-30T11:26:59Z" source-language="en" target-language="nl" datatype="plaintext" original="not.available">
     <header>
       <tool tool-id="JMSTranslationBundle" tool-name="JMSTranslationBundle" tool-version="1.1.0-DEV"/>
       <note>The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.</note>

diff --git a/resources/www/admin/images/failure.png b/resources/www/admin/images/failure.png
diff --git a/templates/web/admin/auth-failure.html.twig b/templates/web/admin/auth-failure.html.twig
@@ -0,0 +1,55 @@
+<div class="page-header">
+    <h1>{{ 'admin:: auth failure list' | trans }}</h1>
+</div>
+
+<div id="auth_failure_locked">
+    {% set failuresLocked = app['repo.auth-failures'].findBy({}, {'created': 'desc'}) %}
+    {% if failuresLocked | length > 0 %}
+        <button data-failure-id="0" style="margin-bottom: 30px;" data-message="erase authfailures table" class="btn btn-danger delete-auth-failure">
+            {{ 'admin::users: erase auth failure table' | trans }}
+        </button>
+
+        <table class="admintable">
+            <thead>
+            <tr>
+                <th>{{ 'admin::users: username' | trans }}</th>
+                <th>{{ 'admin::users: ip' | trans }}</th>
+                <th>{{ 'admin::users: locked' | trans }}</th>
+                <th>{{ 'admin::users: creation date' | trans }}</th>
+            </tr>
+            </thead>
+            <tbody >
+            {% for failure in failuresLocked %}
+                <tr>
+                    <td>{{ failure.getUsername() }}</td>
+                    <td>{{ failure.getIp() }}</td>
+                    <td>{{ failure.getLocked()? 'true': 'false' }}</td>
+                    <td>{{ failure.getCreated() | date('Y-m-d H:i:s') }}</td>
+                    <td><button data-failure-id="{{ failure.getId() }}" data-message="delete this auth failure for {{ failure.getUsername() }}" class="btn btn-warning delete-auth-failure">{{ 'admin::users: delete auth failure' | trans }}</button></td>
+                </tr>
+            {% endfor %}
+            </tbody>
+        </table>
+
+    {% endif %}
+</div>
+
+<script type="text/javascript">
+    $(document).ready(function() {
+        $('.delete-auth-failure').on('click', function() {
+            let $this = $(this);
+            if (confirm("Are you sure you want to " + $this.attr('data-message') + " ?")) {
+                $.ajax({
+                    type: 'POST',
+                    url: '/admin/users/auth-failure/delete/',
+                    data: {
+                        failureId: $this.attr('data-failure-id')
+                    },
+                    success: function (data) {
+                        $('#mainContainer #right-ajax').empty().html(data);
+                    }
+                });
+            }
+        });
+    });
+</script>
diff --git a/templates/web/admin/tree.html.twig b/templates/web/admin/tree.html.twig
@@ -58,6 +58,15 @@
   </li>
   {% endif %}
 
+  {% if app.getAclForUser(app.getAuthenticatedUser()).is_admin() %}
+    <li class="auth-failure">
+      <a target="right" href="{{ path('users_display_auth_failure') }}" class="ajax">
+        <img width="16" src="/assets/admin/images/failure.png" />
+        <span>{% trans %}Auth failure{% endtrans %}</span>
+      </a>
+    </li>
+  {% endif %}
+
   {% if app.getAclForUser(app.getAuthenticatedUser()).has_right(constant('\\ACL::BAS_CHUPUB')) %}
   <li class="">
     <a target="right" href="{{ path('admin_feeds_list') }}" class="ajax">