Permalink
Browse files

MDL-21559: fixed force password change for internal and external auth…

…entication in user upload.
  • Loading branch information...
1 parent e0be5f1 commit 3f12c146393022b92a2a7075955d065583e756b1 Rossiani Wijaya committed Nov 5, 2010
Showing with 148 additions and 45 deletions.
  1. +140 −44 admin/uploaduser.php
  2. +5 −1 admin/uploaduser_form.php
  3. +3 −0 lang/en/error.php
View
@@ -61,6 +61,7 @@
$struserauthunsupported = get_string('userauthunsupported', 'error');
$stremailduplicate = get_string('useremailduplicate', 'error');
+$strinvalidpasswordpolicy = get_string('invalidpasswordpolicy', 'error');
$errorstr = get_string('error');
$returnurl = $CFG->wwwroot.'/'.$CFG->admin.'/uploaduser.php';
@@ -203,20 +204,9 @@
foreach ($line as $key => $value) {
if ($value !== '') {
$key = $columns[$key];
- // password is special field
- if ($key == 'password') {
- if ($value !== '') {
- $user->password = hash_internal_user_password($value);
- if (!empty($CFG->passwordpolicy) and !check_password_policy($value, $errmsg)) {
- $forcechangepassword = true;
- $weakpasswords++;
- }
- }
- } else {
- $user->$key = $value;
- if (in_array($key, $upt->columns)) {
- $upt->track($key, $value);
- }
+ $user->$key = $value;
+ if (in_array($key, $upt->columns)) {
+ $upt->track($key, $value);
}
}
}
@@ -438,21 +428,12 @@
$allowed = array_merge($STD_FIELDS, $PRF_FIELDS);
}
foreach ($allowed as $column) {
+ $temppasswordhandler = '';
if ($column == 'username') {
continue;
}
- if ($column == 'password') {
- if (!$updatepasswords or $updatetype == 3) {
- continue;
- } else if (!empty($user->password)) {
- $upt->track('password', get_string('updated'));
- if ($forcechangepassword) {
- set_user_preference('auth_forcepasswordchange', 1, $existinguser->id);
- }
- }
- }
if ((property_exists($existinguser, $column) and property_exists($user, $column)) or in_array($column, $PRF_FIELDS)) {
- if ($updatetype == 3 and $existinguser->$column !== '') {
+ if ($updatetype == 3 && $existinguser->$column !== '') {
//missing == non-empty only
continue;
}
@@ -469,11 +450,43 @@
}
}
}
- if ($column != 'password' and in_array($column, $upt->columns)) {
- $upt->track($column, '', 'normal', false); // clear previous
+
+ if ($column == 'password') {
+ $temppasswordhandler = $existinguser->password;
+ }
+
+ if ($column == 'auth') {
+ if (isset($user->auth) && empty($user->auth)) {
+ $user->auth = 'manual';
+ }
+
+ $existinguserauth = get_auth_plugin($existinguser->auth);
+ $existingisinternalauth = $existinguserauth->is_internal();
+
+ $userauth = get_auth_plugin($user->auth);
+ $isinternalauth = $userauth->is_internal();
+
+ if ($isinternalauth === $existingisinternalauth) {
+ if ($updatepasswords) {
+ if (empty($user->password)) {
+ $forcechangepassword = true;
+ }
+ }
+ } else if ($isinternalauth) {
+ $existinguser->password = '';
+ $forcechangepassword = true;
+ }
+ }
+
+ $upt->track($column, '', 'normal', false); // clear previous
+ if ($column != 'password' && in_array($column, $upt->columns)) {
$upt->track($column, $existinguser->$column.'-->'.$user->$column, 'info');
}
$existinguser->$column = $user->$column;
+
+ if (!isset($user->auth) && !$updatepasswords) {
+ $existinguser->password = $temppasswordhandler;
+ }
}
}
}
@@ -488,7 +501,48 @@
$upt->track('auth', $struserauthunsupported, 'warning');
}
+ $auth = get_auth_plugin($existinguser->auth);
+ $isinternalauth = $auth->is_internal();
+
+ if ($isinternalauth && $updatepasswords && !check_password_policy($user->password, $errmsg)) {
+ $upt->track('password', get_string('internalauthpassworderror', 'error', $existinguser->password), 'error');
+ $upt->track('status', $strusernotupdated, 'error');
+ $userserrors++;
+ continue;
+ } else {
+ $forcechangepassword = true;
+ }
+
+ if (!$isinternalauth) {
+ $existinguser->password = 'not cached';
+ $upt->track('password', 'not cached');
+ $forcechangepassword = false;
+ } else if ($updatepasswords){
+ $existinguser->password = hash_internal_user_password($existinguser->password);
+ } else {
+ $existinguser->password = $temppasswordhandler;
+ }
+
$DB->update_record('user', $existinguser);
+
+ //remove user preference
+
+ if (get_user_preferences('create_password', false, $existinguser)) {
+ unset_user_preference('create_password', $existinguser);
+ }
+ if (get_user_preferences('auth_forcepasswordchange', false, $existinguser)) {
+ unset_user_preference('auth_forcepasswordchange', $existinguser);
+ }
+
+ if ($isinternalauth && $updatepasswords) {
+ if (empty($existinguser->password)) {
+ set_user_preference('create_password', 1, $existinguser->id);
+ set_user_preference('auth_forcepasswordchange', 1, $existinguser->id);
+ $upt->track('password', get_string('new'));
+ } else if ($forcechangepassword) {
+ set_user_preference('auth_forcepasswordchange', 1, $existinguser->id);
+ }
+ }
$upt->track('status', $struserupdated);
$usersupdated++;
// save custom profile fields data from csv file
@@ -509,11 +563,24 @@
$user->timemodified = time();
$user->timecreated = time();
- if (!$createpasswords and empty($user->password)) {
- $upt->track('password', get_string('missingfield', 'error', 'password'), 'error');
- $upt->track('status', $strusernotaddederror, 'error');
- $userserrors++;
- continue;
+ if (isset($user->auth) && empty($user->auth)) {
+ $user->auth = 'manual';
+ }
+ $auth = get_auth_plugin($user->auth);
+ $isinternalauth = $auth->is_internal();
+
+ if (!$createpasswords && $isinternalauth) {
+ if (empty($user->password)) {
+ $upt->track('password', get_string('missingfield', 'error', 'password'), 'error');
+ $upt->track('status', $strusernotaddederror, 'error');
+ $userserrors++;
+ continue;
+ } else if ($forcechangepassword) {
+ $upt->track('password', $strinvalidpasswordpolicy);
+ $upt->track('status', $strusernotaddederror, 'error');
+ $userserrors++;
+ continue;
+ }
}
// do not insert record if new auth plguin does not exist!
@@ -538,20 +605,27 @@
$upt->track('email', $stremailduplicate, 'warning');
}
}
+ if (!$isinternalauth) {
+ $user->password = 'not cached';
+ $upt->track('password', 'not cached');
+ } else {
+ $user->password = hash_internal_user_password($user->password);
+ }
$user->id = $DB->insert_record('user', $user);
$info = ': ' . $user->username .' (ID = ' . $user->id . ')';
$upt->track('status', $struseradded);
$upt->track('id', $user->id, 'normal', false);
$usersnew++;
- if ($createpasswords and empty($user->password)) {
- // passwords will be created and sent out on cron
- set_user_preference('create_password', 1, $user->id);
- set_user_preference('auth_forcepasswordchange', 1, $user->id);
- $upt->track('password', get_string('new'));
- }
- if ($forcechangepassword) {
- set_user_preference('auth_forcepasswordchange', 1, $user->id);
+ if ($createpasswords && $isinternalauth) {
+ if (empty($user->password) || $forcechangepassword) {
+ // passwords will be created and sent out on cron
+ set_user_preference('create_password', 1, $user->id);
+ set_user_preference('auth_forcepasswordchange', 1, $user->id);
+ $upt->track('password', get_string('new'));
+ } else {
+ set_user_preference('auth_forcepasswordchange', 1, $user->id);
+ }
}
// save custom profile fields data
@@ -745,7 +819,8 @@
echo $OUTPUT->heading(get_string('uploaduserspreview', 'admin'));
$cir->init();
-
+$availableauths = get_plugin_list('auth');
+$availableauths = array_keys($availableauths);
$contents = array();
while ($fields = $cir->next()) {
$errormsg = array();
@@ -769,6 +844,28 @@
}
}
+ //check password column
+ if (array_key_exists('auth', $rowcols)) {
+ if (isset($rowcols['auth']) && empty($rowcols['auth'])) {
+ $rowcols['auth'] = 'manual';
+ }
+ $rowauth = get_auth_plugin($rowcols['auth']);
+ $rowisinternalauth = $rowauth->is_internal();
+ if (!$rowisinternalauth) {
+ if (array_key_exists('password', $rowcols) && !empty($rowcols['password'])) {
+ $errormsg['password'] = get_string('externalauthpassworderror', 'error');
+ }
+ }
+
+ if (!in_array($rowcols['auth'], $availableauths)) {
+ $errormsg['auth'] = get_string('userautherror', 'error');
+ }
+ }
+
+ if (empty($optype) ) {
+ $optype = $uploadtype;
+ }
+
switch($optype) {
case UU_ADDNEW:
if ($usernameexist || $emailexist ) {
@@ -911,10 +1008,9 @@
$countcontent++;
}
}
-echo html_writer::table($table);
+echo html_writer::tag('div', html_writer::table($table), array('class'=>'flexible-wrap'));
if ($haserror) {
-
echo $OUTPUT->container(get_string('useruploadtype', 'moodle', $choices[$uploadtype]), 'centerpara');
echo $OUTPUT->container(get_string('uploadinvalidpreprocessedcount', 'moodle', $countcontent), 'centerpara');
echo $OUTPUT->container(get_string('invalidusername', 'moodle'), 'centerpara');
@@ -943,7 +1039,7 @@ function uu_progress_tracker() {
function init() {
$ci = 0;
- echo '<table id="uuresults" class="generaltable boxaligncenter" summary="'.get_string('uploadusersresult', 'admin').'">';
+ echo '<table id="uuresults" class="generaltable boxaligncenter flexible-wrap" summary="'.get_string('uploadusersresult', 'admin').'">';
echo '<tr class="heading r0">';
echo '<th class="header c'.$ci++.'" scope="col">'.get_string('status').'</th>';
echo '<th class="header c'.$ci++.'" scope="col">'.get_string('uucsvline', 'admin').'</th>';
@@ -62,7 +62,7 @@ function definition (){
$choices = array(0 => get_string('infilefield', 'auth'), 1 => get_string('createpasswordifneeded', 'auth'));
$mform->addElement('select', 'uupasswordnew', get_string('uupasswordnew', 'admin'), $choices);
- $mform->setDefault('uupasswordnew', 0);
+ $mform->setDefault('uupasswordnew', 1);
$mform->disabledIf('uupasswordnew', 'uutype', 'eq', UU_UPDATE);
$choices = array(0 => get_string('nochanges', 'admin'),
@@ -314,6 +314,10 @@ function validation($data, $files) {
break;
case UU_ADDNEW:
+ if (empty($data['uupasswordnew'])) {
+ $errors['uupasswordnew'] = get_string('missingfield', 'error', 'password');
+ }
+ break;
case UU_ADDINC:
if (empty($data['uupasswordnew'])) {
$errors['uupasswordnew'] = get_string('missingfield', 'error', 'password');
View
@@ -218,6 +218,7 @@
$string['errorsettinguserpref'] = 'Error setting user preference';
$string['errorunzippingfiles'] = 'Error unzipping files';
$string['expiredkey'] = 'Expired key';
+$string['externalauthpassworderror'] = 'Non-empty password for external authentication';
$string['failtoloadblocks'] = 'One or more blocks are registered in the database, but they all failed to load!';
$string['fieldrequired'] = '"{$a}" is a required field';
$string['fileexists'] = 'File exists';
@@ -247,6 +248,7 @@
$string['idnumbertaken'] = 'ID number is already used for another course';
$string['importformatnotimplement'] = 'Sorry, importing this format is not yet implemented!';
$string['incorrectext'] = 'File has an incorrect extension';
+$string['internalauthpassworderror'] = 'Missing passowrd or invalid password policy for internal authentication';
$string['invalidaccess'] = 'This page was not accessed correctly';
$string['invalidaccessparameter'] = 'Invalid access parameter';
$string['invalidaction'] = 'Invalid action parameter';
@@ -290,6 +292,7 @@
$string['invalidnumkey'] = '$conditions array may not contain numeric keys, please fix the code!';
$string['invalidoutcome'] = 'Incorrect outcome id';
$string['invalidpagesize'] = 'Invalid page size';
+$string['invalidpasswordpolicy'] = 'Invalid password policy';
$string['invalidpaymentmethod'] = 'Invalid payment method: {$a}';
$string['invalidqueryparam'] = 'ERROR: Incorrect number of query parameters. Expected {$a->expected}, got {$a->actual}.';
$string['invalidrecord'] = 'Can not find data record in database table {$a}.';

0 comments on commit 3f12c14

Please sign in to comment.