Add the possibility to unlock users from the user interface

5 files changed, 33 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index b35f920d..8ea71453 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Version 1.0.33 (unreleased)
 
 New features:
 
+* Add the possibility to unlock users from the user interface
 * New API calls for task metadata
 * New automatic actions:
     - Define colour by Swimlane
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index 4021dc37..98fe967d 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -106,4 +106,21 @@ class UserCredentialController extends BaseController
 
         return $this->changeAuthentication($values, $errors);
     }
+
+    /**
+     * Unlock user
+     */
+    public function unlock()
+    {
+        $user = $this->getUser();
+        $this->checkCSRFParam();
+
+        if ($this->userLockingModel->resetFailedLogin($user['username'])) {
+            $this->flash->success(t('User unlocked successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to unlock the user.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
+    }
 }
diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php
index 978bc05b..adff1e63 100644
--- a/app/ServiceProvider/AuthenticationProvider.php
+++ b/app/ServiceProvider/AuthenticationProvider.php
@@ -151,7 +151,7 @@ class AuthenticationProvider implements ServiceProviderInterface
         $acl->add('UserCreationController', '*', Role::APP_ADMIN);
         $acl->add('UserListController', '*', Role::APP_ADMIN);
         $acl->add('UserStatusController', '*', Role::APP_ADMIN);
-        $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
+        $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication', 'unlock'), Role::APP_ADMIN);
 
         return $acl;
     }
diff --git a/app/Template/user_view/show.php b/app/Template/user_view/show.php
index fc11f8a1..2f5a73af 100644
--- a/app/Template/user_view/show.php
+++ b/app/Template/user_view/show.php
@@ -18,6 +18,11 @@
     <li><?= t('Number of failed login:') ?> <strong><?= $user['nb_failed_login'] ?></strong></li>
     <?php if ($user['lock_expiration_date'] != 0): ?>
         <li><?= t('Account locked until:') ?> <strong><?= $this->dt->datetime($user['lock_expiration_date']) ?></strong></li>
+        <?php if ($this->user->isAdmin()): ?>
+            <li>
+                <?= $this->url->link(t('Unlock this user'), 'UserCredentialController', 'unlock', array('user_id' => $user['id']), true) ?>
+            </li>
+        <?php endif ?>
     <?php endif ?>
 </ul>
 
diff --git a/doc/bruteforce-protection.markdown b/doc/bruteforce-protection.markdown
index a7bef45e..2f75b919 100644
--- a/doc/bruteforce-protection.markdown
+++ b/doc/bruteforce-protection.markdown
@@ -12,6 +12,9 @@ However, **after three authentication failure through the user API**, the accoun
 
 Kanboard doesn't block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like [fail2ban](http://www.fail2ban.org) to avoid massive scans.
 
+Configuration
+-------------
+
 Default settings can be changed with these configuration variables:
 
 ```php
@@ -24,3 +27,9 @@ define('BRUTEFORCE_LOCKDOWN', 6);
 // Lock account duration in minutes
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
 ```
+
+Unlocking users
+---------------
+
+If you don't want to wait 15 minutes, you can unlock a user from the user interface.
+As administrator, go to the user profile and click on "Unlock this user".