Skip to content
Permalink
Browse files

Move user password entry point to a controller

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
  • Loading branch information
mauriciofauth committed Dec 2, 2019
1 parent f87e318 commit acf37d7921d0fcda33fa2f6384efd36bdc8983e5
@@ -658,7 +658,7 @@ Functions.displayGitRevision = function () {
};

/**
* for PhpMyAdmin\Display\ChangePassword and /user_password
* for PhpMyAdmin\Display\ChangePassword and /user-password
*/
Functions.displayPasswordGenerateButton = function () {
var generatePwdRow = $('<tr></tr>').addClass('vmiddle');
@@ -4958,7 +4958,7 @@ AJAX.registerOnload('functions.js', function () {
/*
* Display warning regarding SSL when sha256_password
* method is selected
* Used in /user_password (Change Password link on index.php)
* Used in /user-password (Change Password link on index.php)
*/
$(document).on('change', 'select#select_authentication_plugin_cp', function () {
if (this.value === 'sha256_password') {
@@ -121,7 +121,7 @@ public function index(array $params): string
'id' => 'li_change_password',
'class' => 'no_bullets',
'url' => [
'href' => Url::getFromRoute('/user_password'),
'href' => Url::getFromRoute('/user-password'),
'target' => null,
'id' => 'change_password_anchor',
'class' => 'ajax',
@@ -0,0 +1,97 @@
<?php
/**
* @package PhpMyAdmin\Controllers
*/
declare(strict_types=1);
namespace PhpMyAdmin\Controllers;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\Display\ChangePassword;
use PhpMyAdmin\Message;
use PhpMyAdmin\Response;
use PhpMyAdmin\Template;
use PhpMyAdmin\UserPassword;
/**
* Displays and handles the form where the user can change their password.
* @package PhpMyAdmin\Controllers
*/
class UserPasswordController extends AbstractController
{
/**
* @var UserPassword
*/
private $userPassword;
/**
* @param Response $response Response object
* @param DatabaseInterface $dbi DatabaseInterface object
* @param Template $template Template that should be used
* @param UserPassword $userPassword UserPassword object
*/
public function __construct($response, $dbi, Template $template, UserPassword $userPassword)
{
parent::__construct($response, $dbi, $template);
$this->userPassword = $userPassword;
}
/**
* @return void
*/
public function index(): void
{
global $cfg, $hostname, $username, $password, $change_password_message, $msg;
$header = $this->response->getHeader();
$scripts = $header->getScripts();
$scripts->addFile('server/privileges.js');
$scripts->addFile('vendor/zxcvbn.js');
/**
* Displays an error message and exits if the user isn't allowed to use this
* script
*/
if (! $cfg['ShowChgPassword']) {
$cfg['ShowChgPassword'] = $this->dbi->selectDb('mysql');
}
if ($cfg['Server']['auth_type'] == 'config' || ! $cfg['ShowChgPassword']) {
Message::error(
__('You don\'t have sufficient privileges to be here right now!')
)->display();
return;
}
/**
* If the "change password" form has been submitted, checks for valid values
* and submit the query or logout
*/
if (isset($_POST['nopass'])) {
if ($_POST['nopass'] == '1') {
$password = '';
} else {
$password = $_POST['pma_pw'];
}
$change_password_message = $this->userPassword->setChangePasswordMsg();
$msg = $change_password_message['msg'];
if (! $change_password_message['error']) {
$this->userPassword->changePassword($password, $msg, $change_password_message);
} else {
$this->userPassword->getChangePassMessage($change_password_message);
}
}
/**
* If the "change password" form hasn't been submitted or the values submitted
* aren't valid -> displays the form
*/
// Displays an error message if required
if (isset($msg)) {
$msg->display();
unset($msg);
}
echo ChangePassword::getHtml('change_pw', $username, $hostname);
}
}
@@ -52,7 +52,7 @@ public static function getHtml($mode, $username, $hostname)
$is_privileges = isset($_REQUEST['route']) && $_REQUEST['route'] === '/server/privileges';
$action = Url::getFromRoute('/user_password');
$action = Url::getFromRoute('/user-password');
if ($is_privileges) {
$action = Url::getFromRoute('/server/privileges');
}
@@ -1054,7 +1054,7 @@ public function getGrants($user, $host)
*/
public function updatePassword($err_url, $username, $hostname)
{
// similar logic in /user_password
// similar logic in /user-password
$message = null;
if (isset($_POST['pma_pw'], $_POST['pma_pw2']) && empty($_POST['nopass'])) {
@@ -209,7 +209,7 @@ private function changePassUrlParamsAndSubmitQuery(
$hashing_function,
$orig_auth_plugin
) {
$err_url = Url::getFromRoute('/user_password');
$err_url = Url::getFromRoute('/user-password');
$serverType = Util::getServerType();
$serverVersion = $GLOBALS['dbi']->getVersion();

This file was deleted.

@@ -36,6 +36,7 @@
use PhpMyAdmin\Controllers\Server\Status\StatusController;
use PhpMyAdmin\Controllers\Server\Status\VariablesController as StatusVariables;
use PhpMyAdmin\Controllers\Server\VariablesController;
use PhpMyAdmin\Controllers\UserPasswordController;
use PhpMyAdmin\Controllers\VersionCheckController;
use PhpMyAdmin\Response;
@@ -550,8 +551,10 @@
require_once ROOT_PATH . 'libraries/entry_points/transformation/wrapper.php';
});
});
$routes->addRoute(['GET', 'POST'], '/user_password', function () {
require_once ROOT_PATH . 'libraries/entry_points/user_password.php';
$routes->addRoute(['GET', 'POST'], '/user-password', function () use ($containerBuilder) {
/** @var UserPasswordController $controller */
$controller = $containerBuilder->get(UserPasswordController::class);
$controller->index();
});
$routes->addRoute(['GET', 'POST'], '/version-check', function () use ($containerBuilder) {
/** @var VersionCheckController $controller */
@@ -401,6 +401,14 @@ services:
template: '@template'
transformations: '@transformations'

PhpMyAdmin\Controllers\UserPasswordController:
class: 'PhpMyAdmin\Controllers\UserPasswordController'
arguments:
response: '@response'
dbi: '@dbi'
template: '@template'
userPassword: '@user_password'

PhpMyAdmin\Controllers\VersionCheckController:
class: 'PhpMyAdmin\Controllers\VersionCheckController'
arguments:

0 comments on commit acf37d7

Please sign in to comment.
You can’t perform that action at this time.