diff options
| author | Frederic Guillot <fred@kanboard.net> | 2016-05-18 21:27:36 -0400 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2016-05-18 21:27:36 -0400 |
| commit | bfd59d9e544028a1ea041806fd60e112f3a90167 (patch) | |
| tree | 0576ae4c6a948cd6af882b23da6073dfef1cae2c | |
| parent | 0830fe22b777e419e42cfb3349e61098be9e4127 (diff) | |
Reset failed login counter and unlock user when changing password
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Controller/UserCredentialController.php | 109 | ||||
| -rw-r--r-- | app/Controller/UserModificationController.php | 69 | ||||
| -rw-r--r-- | app/Controller/UserViewController.php | 141 | ||||
| -rw-r--r-- | app/ServiceProvider/AuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | app/ServiceProvider/RouteProvider.php | 6 | ||||
| -rw-r--r-- | app/Template/user_credential/authentication.php (renamed from app/Template/user_view/authentication.php) | 2 | ||||
| -rw-r--r-- | app/Template/user_credential/password.php (renamed from app/Template/user_view/password.php) | 9 | ||||
| -rw-r--r-- | app/Template/user_modification/show.php (renamed from app/Template/user_view/edit.php) | 2 | ||||
| -rw-r--r-- | app/Template/user_view/show.php | 4 | ||||
| -rw-r--r-- | app/Template/user_view/sidebar.php | 16 |
11 files changed, 214 insertions, 147 deletions
@@ -10,6 +10,7 @@ New features: Improvements: +* Reset failed login counter and unlock user when changing password * Task do not open anymore in a new window on the Gantt chart * Do not display task progress for tasks with no start/end date * Use Gulp and Bower to manage assets diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php new file mode 100644 index 00000000..3310aaa8 --- /dev/null +++ b/app/Controller/UserCredentialController.php @@ -0,0 +1,109 @@ +<?php + +namespace Kanboard\Controller; + +/** + * Class UserCredentialController + * + * @package Kanboard\Controller + * @author Frederic Guillot + */ +class UserCredentialController extends BaseController +{ + /** + * Password modification form + * + * @access public + * @param array $values + * @param array $errors + * @throws \Kanboard\Core\Controller\AccessForbiddenException + * @throws \Kanboard\Core\Controller\PageNotFoundException + */ + public function changePassword(array $values = array(), array $errors = array()) + { + $user = $this->getUser(); + + return $this->response->html($this->helper->layout->user('user_credential/password', array( + 'values' => $values + array('id' => $user['id']), + 'errors' => $errors, + 'user' => $user, + ))); + } + + /** + * Save new password + * + * @throws \Kanboard\Core\Controller\AccessForbiddenException + * @throws \Kanboard\Core\Controller\PageNotFoundException + */ + public function savePassword() + { + $user = $this->getUser(); + $values = $this->request->getValues(); + + list($valid, $errors) = $this->userValidator->validatePasswordModification($values); + + if ($valid) { + if ($this->user->update($values)) { + $this->flash->success(t('Password modified successfully.')); + $this->userLocking->resetFailedLogin($user['username']); + } else { + $this->flash->failure(t('Unable to change the password.')); + } + + return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); + } + + return $this->changePassword($values, $errors); + } + + /** + * Display a form to edit authentication + * + * @access public + * @param array $values + * @param array $errors + * @throws \Kanboard\Core\Controller\AccessForbiddenException + * @throws \Kanboard\Core\Controller\PageNotFoundException + */ + public function changeAuthentication(array $values = array(), array $errors = array()) + { + $user = $this->getUser(); + + if (empty($values)) { + $values = $user; + unset($values['password']); + } + + return $this->response->html($this->helper->layout->user('user_credential/authentication', array( + 'values' => $values, + 'errors' => $errors, + 'user' => $user, + ))); + } + + /** + * Save authentication + * + * @throws \Kanboard\Core\Controller\AccessForbiddenException + * @throws \Kanboard\Core\Controller\PageNotFoundException + */ + public function saveAuthentication() + { + $user = $this->getUser(); + $values = $this->request->getValues() + array('disable_login_form' => 0, 'is_ldap_user' => 0); + list($valid, $errors) = $this->userValidator->validateModification($values); + + if ($valid) { + if ($this->user->update($values)) { + $this->flash->success(t('User updated successfully.')); + } else { + $this->flash->failure(t('Unable to update your user.')); + } + + return $this->response->redirect($this->helper->url->to('UserCredentialController', 'changeAuthentication', array('user_id' => $user['id']))); + } + + return $this->changeAuthentication($values, $errors); + } +} diff --git a/app/Controller/UserModificationController.php b/app/Controller/UserModificationController.php new file mode 100644 index 00000000..0a50eb5b --- /dev/null +++ b/app/Controller/UserModificationController.php @@ -0,0 +1,69 @@ +<?php + +namespace Kanboard\Controller; + +/** + * Class UserModificationController + * + * @package Kanboard\Controller + * @author Frederic Guillot + */ +class UserModificationController extends BaseController +{ + /** + * Display a form to edit user information + * + * @access public + * @param array $values + * @param array $errors + * @throws \Kanboard\Core\Controller\AccessForbiddenException + * @throws \Kanboard\Core\Controller\PageNotFoundException + */ + public function show(array $values = array(), array $errors = array()) + { + $user = $this->getUser(); + + if (empty($values)) { + $values = $user; + unset($values['password']); + } + + return $this->response->html($this->helper->layout->user('user_modification/show', array( + 'values' => $values, + 'errors' => $errors, + 'user' => $user, + 'timezones' => $this->timezone->getTimezones(true), + 'languages' => $this->language->getLanguages(true), + 'roles' => $this->role->getApplicationRoles(), + ))); + } + + /** + * Save user information + */ + public function save() + { + $user = $this->getUser(); + $values = $this->request->getValues(); + + if (! $this->userSession->isAdmin()) { + if (isset($values['role'])) { + unset($values['role']); + } + } + + list($valid, $errors) = $this->userValidator->validateModification($values); + + if ($valid) { + if ($this->user->update($values)) { + $this->flash->success(t('User updated successfully.')); + } else { + $this->flash->failure(t('Unable to update your user.')); + } + + return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); + } + + return $this->show($values, $errors); + } +} diff --git a/app/Controller/UserViewController.php b/app/Controller/UserViewController.php index dc03f419..b299e35b 100644 --- a/app/Controller/UserViewController.php +++ b/app/Controller/UserViewController.php @@ -29,7 +29,7 @@ class UserViewController extends BaseController $this->response->html($this->helper->layout->app('user_view/profile', array( 'title' => $user['name'] ?: $user['username'], - 'user' => $user, + 'user' => $user, ))); } @@ -42,7 +42,7 @@ class UserViewController extends BaseController { $user = $this->getUser(); $this->response->html($this->helper->layout->user('user_view/show', array( - 'user' => $user, + 'user' => $user, 'timezones' => $this->timezone->getTimezones(true), 'languages' => $this->language->getLanguages(true), ))); @@ -67,7 +67,7 @@ class UserViewController extends BaseController $this->response->html($this->helper->layout->user('user_view/timesheet', array( 'subtask_paginator' => $subtask_paginator, - 'user' => $user, + 'user' => $user, ))); } @@ -81,7 +81,7 @@ class UserViewController extends BaseController $user = $this->getUser(); $this->response->html($this->helper->layout->user('user_view/password_reset', array( 'tokens' => $this->passwordReset->getAll($user['id']), - 'user' => $user, + 'user' => $user, ))); } @@ -95,7 +95,7 @@ class UserViewController extends BaseController $user = $this->getUser(); $this->response->html($this->helper->layout->user('user_view/last', array( 'last_logins' => $this->lastLogin->getAll($user['id']), - 'user' => $user, + 'user' => $user, ))); } @@ -109,7 +109,7 @@ class UserViewController extends BaseController $user = $this->getUser(); $this->response->html($this->helper->layout->user('user_view/sessions', array( 'sessions' => $this->rememberMeSession->getAll($user['id']), - 'user' => $user, + 'user' => $user, ))); } @@ -143,11 +143,11 @@ class UserViewController extends BaseController } return $this->response->html($this->helper->layout->user('user_view/notifications', array( - 'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)), + 'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)), 'notifications' => $this->userNotification->readSettings($user['id']), - 'types' => $this->userNotificationType->getTypes(), - 'filters' => $this->userNotificationFilter->getFilters(), - 'user' => $user, + 'types' => $this->userNotificationType->getTypes(), + 'filters' => $this->userNotificationFilter->getFilters(), + 'user' => $user, ))); } @@ -168,7 +168,7 @@ class UserViewController extends BaseController } $this->response->html($this->helper->layout->user('user_view/integrations', array( - 'user' => $user, + 'user' => $user, 'values' => $this->userMetadata->getAll($user['id']), ))); } @@ -183,7 +183,7 @@ class UserViewController extends BaseController $user = $this->getUser(); $this->response->html($this->helper->layout->user('user_view/external', array( 'last_logins' => $this->lastLogin->getAll($user['id']), - 'user' => $user, + 'user' => $user, ))); } @@ -200,7 +200,7 @@ class UserViewController extends BaseController if ($switch === 'enable' || $switch === 'disable') { $this->checkCSRFParam(); - if ($this->user->{$switch.'PublicAccess'}($user['id'])) { + if ($this->user->{$switch . 'PublicAccess'}($user['id'])) { $this->flash->success(t('User updated successfully.')); } else { $this->flash->failure(t('Unable to update this user.')); @@ -210,121 +210,8 @@ class UserViewController extends BaseController } return $this->response->html($this->helper->layout->user('user_view/share', array( - 'user' => $user, + 'user' => $user, 'title' => t('Public access'), ))); } - - /** - * Password modification - * - * @access public - */ - public function password() - { - $user = $this->getUser(); - $values = array('id' => $user['id']); - $errors = array(); - - if ($this->request->isPost()) { - $values = $this->request->getValues(); - list($valid, $errors) = $this->userValidator->validatePasswordModification($values); - - if ($valid) { - if ($this->user->update($values)) { - $this->flash->success(t('Password modified successfully.')); - } else { - $this->flash->failure(t('Unable to change the password.')); - } - - return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); - } - } - - return $this->response->html($this->helper->layout->user('user_view/password', array( - 'values' => $values, - 'errors' => $errors, - 'user' => $user, - ))); - } - - /** - * Display a form to edit a user - * - * @access public - */ - public function edit() - { - $user = $this->getUser(); - $values = $user; - $errors = array(); - - unset($values['password']); - - if ($this->request->isPost()) { - $values = $this->request->getValues(); - - if (! $this->userSession->isAdmin()) { - if (isset($values['role'])) { - unset($values['role']); - } - } - - list($valid, $errors) = $this->userValidator->validateModification($values); - - if ($valid) { - if ($this->user->update($values)) { - $this->flash->success(t('User updated successfully.')); - } else { - $this->flash->failure(t('Unable to update your user.')); - } - - return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); - } - } - - return $this->response->html($this->helper->layout->user('user_view/edit', array( - 'values' => $values, - 'errors' => $errors, - 'user' => $user, - 'timezones' => $this->timezone->getTimezones(true), - 'languages' => $this->language->getLanguages(true), - 'roles' => $this->role->getApplicationRoles(), - ))); - } - - /** - * Display a form to edit authentication - * - * @access public - */ - public function authentication() - { - $user = $this->getUser(); - $values = $user; - $errors = array(); - - unset($values['password']); - - if ($this->request->isPost()) { - $values = $this->request->getValues() + array('disable_login_form' => 0, 'is_ldap_user' => 0); - list($valid, $errors) = $this->userValidator->validateModification($values); - - if ($valid) { - if ($this->user->update($values)) { - $this->flash->success(t('User updated successfully.')); - } else { - $this->flash->failure(t('Unable to update your user.')); - } - - return $this->response->redirect($this->helper->url->to('UserViewController', 'authentication', array('user_id' => $user['id']))); - } - } - - return $this->response->html($this->helper->layout->user('user_view/authentication', array( - 'values' => $values, - 'errors' => $errors, - 'user' => $user, - ))); - } } diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index 193929c7..1ac4656c 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -143,7 +143,7 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('UserCreationController', '*', Role::APP_ADMIN); $acl->add('UserListController', '*', Role::APP_ADMIN); $acl->add('UserStatusController', '*', Role::APP_ADMIN); - $acl->add('UserViewController', array('authentication'), Role::APP_ADMIN); + $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN); return $acl; } diff --git a/app/ServiceProvider/RouteProvider.php b/app/ServiceProvider/RouteProvider.php index 2bf3b6db..eb567e46 100644 --- a/app/ServiceProvider/RouteProvider.php +++ b/app/ServiceProvider/RouteProvider.php @@ -149,13 +149,13 @@ class RouteProvider implements ServiceProviderInterface $container['route']->addRoute('user/show/:user_id/timesheet', 'UserViewController', 'timesheet'); $container['route']->addRoute('user/show/:user_id/last-logins', 'UserViewController', 'lastLogin'); $container['route']->addRoute('user/show/:user_id/sessions', 'UserViewController', 'sessions'); - $container['route']->addRoute('user/:user_id/edit', 'UserViewController', 'edit'); - $container['route']->addRoute('user/:user_id/password', 'UserViewController', 'password'); + $container['route']->addRoute('user/:user_id/edit', 'UserModificationController', 'show'); + $container['route']->addRoute('user/:user_id/password', 'UserCredentialController', 'changePassword'); $container['route']->addRoute('user/:user_id/share', 'UserViewController', 'share'); $container['route']->addRoute('user/:user_id/notifications', 'UserViewController', 'notifications'); $container['route']->addRoute('user/:user_id/accounts', 'UserViewController', 'external'); $container['route']->addRoute('user/:user_id/integrations', 'UserViewController', 'integrations'); - $container['route']->addRoute('user/:user_id/authentication', 'UserViewController', 'authentication'); + $container['route']->addRoute('user/:user_id/authentication', 'UserCredentialController', 'changeAuthentication'); $container['route']->addRoute('user/:user_id/2fa', 'twofactor', 'index'); $container['route']->addRoute('user/:user_id/avatar', 'AvatarFile', 'show'); diff --git a/app/Template/user_view/authentication.php b/app/Template/user_credential/authentication.php index 44643388..fbe2e915 100644 --- a/app/Template/user_view/authentication.php +++ b/app/Template/user_credential/authentication.php @@ -1,7 +1,7 @@ <div class="page-header"> <h2><?= t('Edit Authentication') ?></h2> </div> -<form method="post" action="<?= $this->url->href('UserViewController', 'authentication', array('user_id' => $user['id'])) ?>" autocomplete="off"> +<form method="post" action="<?= $this->url->href('UserCredentialController', 'saveAuthentication', array('user_id' => $user['id'])) ?>" autocomplete="off"> <?= $this->form->csrf() ?> <?= $this->form->hidden('id', $values) ?> diff --git a/app/Template/user_view/password.php b/app/Template/user_credential/password.php index 32ff9d5c..5a6e4403 100644 --- a/app/Template/user_view/password.php +++ b/app/Template/user_credential/password.php @@ -2,15 +2,12 @@ <h2><?= t('Password modification') ?></h2> </div> -<form method="post" action="<?= $this->url->href('UserViewController', 'password', array('user_id' => $user['id'])) ?>" autocomplete="off"> - +<form method="post" action="<?= $this->url->href('UserCredentialController', 'savePassword', array('user_id' => $user['id'])) ?>" autocomplete="off"> <?= $this->form->hidden('id', $values) ?> <?= $this->form->csrf() ?> - <div class="alert alert-error"> - <?= $this->form->label(t('Current password for the user "%s"', $this->user->getFullname()), 'current_password') ?> - <?= $this->form->password('current_password', $values, $errors) ?> - </div> + <?= $this->form->label(t('Current password for the user "%s"', $this->user->getFullname()), 'current_password') ?> + <?= $this->form->password('current_password', $values, $errors) ?> <?= $this->form->label(t('New password for the user "%s"', $this->user->getFullname($user)), 'password') ?> <?= $this->form->password('password', $values, $errors) ?> diff --git a/app/Template/user_view/edit.php b/app/Template/user_modification/show.php index 18947905..396d550d 100644 --- a/app/Template/user_view/edit.php +++ b/app/Template/user_modification/show.php @@ -1,7 +1,7 @@ <div class="page-header"> <h2><?= t('Edit user') ?></h2> </div> -<form method="post" action="<?= $this->url->href('UserViewController', 'edit', array('user_id' => $user['id'])) ?>" autocomplete="off"> +<form method="post" action="<?= $this->url->href('UserModificationController', 'save', array('user_id' => $user['id'])) ?>" autocomplete="off"> <?= $this->form->csrf() ?> diff --git a/app/Template/user_view/show.php b/app/Template/user_view/show.php index df0affb8..390a1e45 100644 --- a/app/Template/user_view/show.php +++ b/app/Template/user_view/show.php @@ -15,6 +15,10 @@ <li><?= t('Role:') ?> <strong><?= $this->user->getRoleName($user['role']) ?></strong></li> <li><?= t('Account type:') ?> <strong><?= $user['is_ldap_user'] ? t('Remote') : t('Local') ?></strong></li> <li><?= $user['twofactor_activated'] == 1 ? t('Two factor authentication enabled') : t('Two factor authentication disabled') ?></li> + <li><?= t('Number of failed login:') ?> <strong><?= $user['nb_failed_login'] ?></strong></li> + <?php if ($user['lock_expiration_date'] != 0): ?> + <li><?= t('Account locked until:') ?> <strong><?= $this->dt->datetime($user['lock_expiration_date']) ?></strong></li> + <?php endif ?> </ul> <div class="page-header"> diff --git a/app/Template/user_view/sidebar.php b/app/Template/user_view/sidebar.php index 9a25df16..5eb0457b 100644 --- a/app/Template/user_view/sidebar.php +++ b/app/Template/user_view/sidebar.php @@ -33,9 +33,9 @@ <ul> <?php if ($this->user->isAdmin() || $this->user->isCurrentUser($user['id'])): ?> - <?php if ($this->user->hasAccess('UserViewController', 'edit')): ?> - <li <?= $this->app->checkMenuSelection('UserViewController', 'edit') ?>> - <?= $this->url->link(t('Edit profile'), 'UserViewController', 'edit', array('user_id' => $user['id'])) ?> + <?php if ($this->user->hasAccess('UserModificationController', 'show')): ?> + <li <?= $this->app->checkMenuSelection('UserModificationController', 'show') ?>> + <?= $this->url->link(t('Edit profile'), 'UserModificationController', 'show', array('user_id' => $user['id'])) ?> </li> <li <?= $this->app->checkMenuSelection('AvatarFile') ?>> <?= $this->url->link(t('Avatar'), 'AvatarFile', 'show', array('user_id' => $user['id'])) ?> @@ -43,8 +43,8 @@ <?php endif ?> <?php if ($user['is_ldap_user'] == 0): ?> - <li <?= $this->app->checkMenuSelection('UserViewController', 'password') ?>> - <?= $this->url->link(t('Change password'), 'UserViewController', 'password', array('user_id' => $user['id'])) ?> + <li <?= $this->app->checkMenuSelection('UserCredentialController', 'changePassword') ?>> + <?= $this->url->link(t('Change password'), 'UserCredentialController', 'changePassword', array('user_id' => $user['id'])) ?> </li> <?php endif ?> @@ -72,9 +72,9 @@ </li> <?php endif ?> - <?php if ($this->user->hasAccess('UserViewController', 'authentication')): ?> - <li <?= $this->app->checkMenuSelection('UserViewController', 'authentication') ?>> - <?= $this->url->link(t('Edit Authentication'), 'UserViewController', 'authentication', array('user_id' => $user['id'])) ?> + <?php if ($this->user->hasAccess('UserCredentialController', 'changeAuthentication')): ?> + <li <?= $this->app->checkMenuSelection('UserCredentialController', 'changeAuthentication') ?>> + <?= $this->url->link(t('Edit Authentication'), 'UserCredentialController', 'changeAuthentication', array('user_id' => $user['id'])) ?> </li> <?php endif ?> |