diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | app/Controller/UserCredentialController.php | 17 | ||||
| -rw-r--r-- | app/ServiceProvider/AuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | app/Template/user_view/show.php | 5 | ||||
| -rw-r--r-- | doc/bruteforce-protection.markdown | 9 |
5 files changed, 33 insertions, 1 deletions
@@ -3,6 +3,7 @@ Version 1.0.33 (unreleased) New features: +* Add the possibility to unlock users from the user interface * New API calls for task metadata * New automatic actions: - Define colour by Swimlane diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php index 4021dc37..98fe967d 100644 --- a/app/Controller/UserCredentialController.php +++ b/app/Controller/UserCredentialController.php @@ -106,4 +106,21 @@ class UserCredentialController extends BaseController return $this->changeAuthentication($values, $errors); } + + /** + * Unlock user + */ + public function unlock() + { + $user = $this->getUser(); + $this->checkCSRFParam(); + + if ($this->userLockingModel->resetFailedLogin($user['username'])) { + $this->flash->success(t('User unlocked successfully.')); + } else { + $this->flash->failure(t('Unable to unlock the user.')); + } + + $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); + } } diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index 978bc05b..adff1e63 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -151,7 +151,7 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('UserCreationController', '*', Role::APP_ADMIN); $acl->add('UserListController', '*', Role::APP_ADMIN); $acl->add('UserStatusController', '*', Role::APP_ADMIN); - $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN); + $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication', 'unlock'), Role::APP_ADMIN); return $acl; } diff --git a/app/Template/user_view/show.php b/app/Template/user_view/show.php index fc11f8a1..2f5a73af 100644 --- a/app/Template/user_view/show.php +++ b/app/Template/user_view/show.php @@ -18,6 +18,11 @@ <li><?= t('Number of failed login:') ?> <strong><?= $user['nb_failed_login'] ?></strong></li> <?php if ($user['lock_expiration_date'] != 0): ?> <li><?= t('Account locked until:') ?> <strong><?= $this->dt->datetime($user['lock_expiration_date']) ?></strong></li> + <?php if ($this->user->isAdmin()): ?> + <li> + <?= $this->url->link(t('Unlock this user'), 'UserCredentialController', 'unlock', array('user_id' => $user['id']), true) ?> + </li> + <?php endif ?> <?php endif ?> </ul> diff --git a/doc/bruteforce-protection.markdown b/doc/bruteforce-protection.markdown index a7bef45e..2f75b919 100644 --- a/doc/bruteforce-protection.markdown +++ b/doc/bruteforce-protection.markdown @@ -12,6 +12,9 @@ However, **after three authentication failure through the user API**, the accoun Kanboard doesn't block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like [fail2ban](http://www.fail2ban.org) to avoid massive scans. +Configuration +------------- + Default settings can be changed with these configuration variables: ```php @@ -24,3 +27,9 @@ define('BRUTEFORCE_LOCKDOWN', 6); // Lock account duration in minutes define('BRUTEFORCE_LOCKDOWN_DURATION', 15); ``` + +Unlocking users +--------------- + +If you don't want to wait 15 minutes, you can unlock a user from the user interface. +As administrator, go to the user profile and click on "Unlock this user". |