Permalink
Browse files

Ability to set multiple locks on users, they will be stacked and appl…

…ied one by one.
  • Loading branch information...
1 parent 3d75e96 commit 608c2cd451847d2b8bc4962b51ec104adfee44d6 @cdujeu cdujeu committed Sep 7, 2016
@@ -95,7 +95,13 @@ public function setLock($lockAction);
/**
* @throws \Exception
*/
- public function removeLock();
+ public function removeLock($lockAction);
+
+ /**
+ * @param $lockAction
+ * @return string|false
+ */
+ public function hasLockByName($lockAction);
/**
* @return string|false
@@ -125,7 +125,7 @@ public static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin
}
- if ($user->getLock() === "logout") {
+ if ($user->hasLockByName("logout")) {
Logger::warning(__CLASS__, "Login failed", array("user" => InputFilter::sanitize($user_id, InputFilter::SANITIZE_EMAILCHARS), "error" => "Locked user"));
throw new LoginException(-1);
}
@@ -290,7 +290,7 @@ public function usersActions(ServerRequestInterface $requestInterface, ResponseI
$userMessage = new UserMessage("Successfully set lock on user ($lockType)");
$responseInterface = $responseInterface->withBody(new SerializableResponseStream([$userMessage]));
} else {
- $userObject->removeLock();
+ $userObject->removeLock($lockType);
$userMessage = new UserMessage("Successfully unlocked user");
$responseInterface = $responseInterface->withBody(new SerializableResponseStream([$userMessage]));
}
@@ -65,7 +65,7 @@ public function toggleDisclaimer(ServerRequestInterface &$request, ResponseInter
if ($httpVars["validate"] == "true") {
- $u->removeLock();
+ $u->removeLock("validate_disclaimer");
$u->save("superuser");
AuthService::updateUser($u);
$repo = SessionRepositoryMiddleware::switchUserToRepository($u, $request);
@@ -116,7 +116,7 @@ public function loadDisclaimer(ServerRequestInterface &$request, ResponseInterfa
*/
public function updateSharedUser(ContextInterface $ctx, UserInterface $userObject){
if($userObject->isHidden() && !$this->getContextualOption($ctx, "DISCLAIMER_ENABLE_SHARED")){
- $userObject->removeLock();
+ $userObject->removeLock("validate_disclaimer");
$userObject->getPersonalRole()->setParameterValue("action.disclaimer", "DISCLAIMER_ACCEPTED", "yes", AJXP_REPO_SCOPE_SHARED);
$userObject->save("superuser");
}
@@ -131,6 +131,13 @@ public function updateSharedUser(ContextInterface $ctx, UserInterface $userObjec
* @param UserInterface $userObject
*/
public function updateSharedUserLogin(ContextInterface $ctx, UserInterface $userObject){
+ if(!$userObject->isHidden()){
+ $param = $userObject->getPersonalRole()->filterParameterValue("action.disclaimer", "DISCLAIMER_ACCEPTED", AJXP_REPO_SCOPE_ALL, "no");
+ if($param === "no"){
+ $userObject->setLock("validate_disclaimer");
+ $userObject->save("superuser");
+ }
+ }
if($userObject->isHidden() && $this->getContextualOption($ctx, "DISCLAIMER_ENABLE_SHARED")){
$userObject->setLock("validate_disclaimer");
$userObject->getPersonalRole()->setParameterValue("action.disclaimer", "DISCLAIMER_ACCEPTED", "no", AJXP_REPO_SCOPE_SHARED);
@@ -114,7 +114,7 @@ public function postVerificationCode(\Psr\Http\Message\ServerRequestInterface $r
$verif = Duo::verifyResponse($iKey, $sKey, $appUnique, $sigResponse);
if ($verif != null && $verif == $u->getId()) {
- $u->removeLock();
+ $u->removeLock("duo_show_iframe");
$u->save("superuser");
$u->recomputeMergedRole();
AuthService::updateUser($u);
@@ -104,7 +104,10 @@ function tryToLogUser(ServerRequestInterface &$request, ResponseInterface &$resp
$userid = InputFilter::sanitize($httpVars["userid"], InputFilter::SANITIZE_EMAILCHARS);
$this->loadConfig(UsersService::getUserById($userid));
// if there is no configuration for OTP, this means that this user don't have OTP
- if ((empty($this->googleEnabled) && empty($this->google) && empty($this->googleLast) && empty($this->yubikey1) && empty($this->yubikey2))) {
+ if(empty($this->googleEnabled)){
+ return false;
+ }
+ if (empty($this->google) && empty($this->googleLast) && empty($this->yubikey1) && empty($this->yubikey2)) {
return false;
}
@@ -224,7 +227,7 @@ public function getConfigurationCode(ServerRequestInterface $requestInterface, R
$otp = $requestInterface->getParsedBody()["otp"];
if($this->checkGooglePass($uObject->getId(), $otp, $this->google, $this->googleLast)){
$responseInterface = new JsonResponse(["RESULT" => "OK"]);
- $uObject->removeLock();
+ $uObject->removeLock("otp_show_setup_screen");
$uObject->save("superuser");
}else{
throw new PydioException($mess["authfront.otp.7"]);
@@ -90,8 +90,8 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
}
if (UsersService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
UsersService::updatePassword($userObject->getId(), $newPass);
- if ($userObject->getLock() == "pass_change") {
- $userObject->removeLock();
+ if ($userObject->hasLockByName("pass_change")) {
+ $userObject->removeLock("pass_change");
$userObject->save("superuser");
}
} else {
@@ -247,17 +247,31 @@ public function setProfile($profile)
*/
public function setLock($lockAction)
{
- //$this->rights["ajxp.lock"] = $lockAction;
- $this->personalRole->setParameterValue('core.conf', 'USER_LOCK_ACTION', $lockAction);
+ $sLock = $this->getLock();
+ $currentLocks = !empty($sLock) ? explode(",", $sLock) : [] ;
+ if(!in_array($lockAction, $currentLocks)){
+ array_unshift($currentLocks, $lockAction);
+ }
+ $locks = implode(",", $currentLocks);
+ $this->personalRole->setParameterValue('core.conf', 'USER_LOCK_ACTION', $locks);
$this->recomputeMergedRole();
}
- public function removeLock()
+ /**
+ * @param $lockAction
+ * @throws \Exception
+ */
+ public function removeLock($lockAction)
{
- if(isSet($this->rights['ajxp.lock'])){
- $this->rights["ajxp.lock"] = false;
+ $sLock = $this->getLock();
+ $currentLocks = !empty($sLock) ? explode(",", $sLock) : [] ;
+ $pos = array_search($lockAction, $currentLocks);
+ if($pos !== false){
+ unset($currentLocks[$pos]);
}
- $this->personalRole->setParameterValue('core.conf', 'USER_LOCK_ACTION', AJXP_VALUE_CLEAR);
+ $this->rights["ajxp.lock"] = !count($currentLocks) ? false: implode(",", $currentLocks);
+ $newValue = !count($currentLocks) ? AJXP_VALUE_CLEAR : implode(",", $currentLocks);
+ $this->personalRole->setParameterValue('core.conf', 'USER_LOCK_ACTION', $newValue);
$this->recomputeMergedRole();
}
@@ -266,14 +280,25 @@ public function removeLock()
*/
public function getLock()
{
- if(AJXP_SERVER_DEBUG && $this->isAdmin() && $this->getGroupPath() == "/") return false;
+ if(AJXP_SERVER_DEBUG && $this->isAdmin() && $this->getGroupPath() === "/") return false;
if (!empty($this->rights["ajxp.lock"])) {
return $this->rights["ajxp.lock"];
}
return $this->mergedRole->filterParameterValue('core.conf', 'USER_LOCK_ACTION', AJXP_REPO_SCOPE_ALL, false);
}
/**
+ * @param $lockAction
+ * @return string|false
+ */
+ public function hasLockByName($lockAction){
+ $sLock = $this->getLock();
+ $currentLocks = !empty($sLock) ? explode(",", $sLock) : [] ;
+ return array_search($lockAction, $currentLocks) !== false;
+ }
+
+
+ /**
* @return bool
*/
public function isAdmin()
@@ -364,8 +364,11 @@ Class.create("RoleEditor", AbstractEditor, {
});
modal.currentLightBoxModal.setStyle({display:'block'});
}.bind(this));
- var locked = this.roleData.USER.LOCK ? true : false;
- var b1 = new Element("span", {className:'m-2'}).update((locked?MessageHash["ajxp_role_editor.27"]:MessageHash["ajxp_role_editor.26"]));
+ var locked = this.roleData.USER.LOCK || "";
+ var uLockedOut = locked.indexOf('logout') > 1;
+ var uLockedPass = locked.indexOf('pass_change') > 1;
+
+ var b1 = new Element("span", {className:'m-2'}).update((uLockedOut ?MessageHash["ajxp_role_editor.27"]:MessageHash["ajxp_role_editor.26"]));
buttonPane.insert(b1);
var userId = this.roleId.replace("AJXP_USR_/", "");
b1.observe("click", function(){
@@ -374,16 +377,16 @@ Class.create("RoleEditor", AbstractEditor, {
get_action:"edit",
sub_action:"user_set_lock",
user_id : userId,
- lock : (locked?"false":"true")
+ lock_type:"logout",
+ lock : (uLockedOut?"false":"true")
});
- if(!locked) conn.addParameter("lock_type", "logout");
conn.onComplete = function(transport){
- locked = !locked;
- b1.update((locked?MessageHash["ajxp_role_editor.27"]:MessageHash["ajxp_role_editor.26"]));
+ uLockedOut = !uLockedOut;
+ b1.update((uLockedOut?MessageHash["ajxp_role_editor.27"]:MessageHash["ajxp_role_editor.26"]));
}.bind(this);
conn.sendAsync();
}.bind(this) );
- var b2 = new Element("span", {className:'m-2'}).update(MessageHash["ajxp_role_editor.28"]);
+ var b2 = new Element("span", {className:'m-2'}).update(uLockedPass ? MessageHash["ajxp_role_editor.28b"]: MessageHash["ajxp_role_editor.28"]);
buttonPane.insert(b2);
var userId = this.roleId.replace("AJXP_USR_/", "");
b2.observe("click", function(){
@@ -392,9 +395,13 @@ Class.create("RoleEditor", AbstractEditor, {
get_action:"edit",
sub_action:"user_set_lock",
user_id : userId,
- lock : "true",
+ lock : uLockedPass ? "false" : "true",
lock_type : "pass_change"
});
+ conn.onComplete = function(transport){
+ uLockedPass = !uLockedPass;
+ b2.update((uLockedPass?MessageHash["ajxp_role_editor.28b"]:MessageHash["ajxp_role_editor.28"]));
+ }.bind(this);
conn.sendAsync();
});
@@ -58,6 +58,7 @@
"26" => "Benutzer sperren",
"27" => "Benutzer aktivieren",
"28" => "Passwortänderung erzwingen",
+"28b"=> "Cancel password change",
"29" => "Geben Sie ein neues Passwort für den Benutzer ein",
"30" => "Wiederholen",
"31" => "Rollen-ID",
@@ -52,6 +52,7 @@
"26" => "Lock out user",
"27" => "Reactivate user",
"28" => "Force password change",
+"28b"=> "Cancel password change",
"29" => "Enter new password for this user",
"30" => "Confirm",
"31" => "Role ID",
@@ -52,6 +52,7 @@
"26" => "Exclure l'utilisateur",
"27" => "Réactiver l'utilisateur",
"28" => "Forcer une mise à jour du mot de passe",
+"28b"=> "Annuler la mise à jour forcée du mot de passe",
"29" => "Entrez le nouveau mot de passe pour cet utilisateur",
"30" => "Confirmez",
"31" => "ID rôle",
@@ -52,6 +52,7 @@
"26" => "Blocca Utente",
"27" => "Riattiva Utente",
"28" => "Forza cambio",
+"28b"=> "Cancel password change",
"29" => "Inserisci la nuova password per questo utente",
"30" => "Conferma",
"31" => "ID Ruolo",
@@ -52,6 +52,7 @@
"26" => "Bloquear Utilizador",
"27" => "Reactivar utilizador",
"28" => "Forçar Mudança de Palavra-Chave",
+"28b"=> "Cancel password change",
"29" => "Introduza uma nova Palavra-Chave para este utilizador",
"30" => "Confirmar",
"31" => "ID de Papel",
@@ -52,6 +52,7 @@
"26" => "Блокировка пользователя",
"27" => "Переактивировать пользователя",
"28" => "Принудительная смена пароля",
+"28b"=> "Cancel password change",
"29" => "Введите новый пароль для этого пользователя",
"30" => "Подтверждение",
"31" => "ID роли",
@@ -178,8 +178,9 @@ class Pydio extends Observable{
if(!repositoryObject){
if(this.user.lock){
this.Controller.loadActionsFromRegistry(this.getXmlRegistry());
+ let lock = this.user.lock.split(",").shift();
window.setTimeout(function(){
- this.Controller.fireAction(this.user.lock);
+ this.Controller.fireAction(lock);
}.bind(this), 50);
return;
}

0 comments on commit 608c2cd

Please sign in to comment.