From a24840a5332d717d2afa8516d1df0b4e4b958dd1 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Fri, 26 Aug 2016 21:27:30 -0400 Subject: Add the possibility to unlock users from the user interface --- ChangeLog | 1 + app/Controller/UserCredentialController.php | 17 +++++++++++++++++ app/ServiceProvider/AuthenticationProvider.php | 2 +- app/Template/user_view/show.php | 5 +++++ doc/bruteforce-protection.markdown | 9 +++++++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b35f920d..8ea71453 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ Version 1.0.33 (unreleased) New features: +* Add the possibility to unlock users from the user interface * New API calls for task metadata * New automatic actions: - Define colour by Swimlane diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php index 4021dc37..98fe967d 100644 --- a/app/Controller/UserCredentialController.php +++ b/app/Controller/UserCredentialController.php @@ -106,4 +106,21 @@ class UserCredentialController extends BaseController return $this->changeAuthentication($values, $errors); } + + /** + * Unlock user + */ + public function unlock() + { + $user = $this->getUser(); + $this->checkCSRFParam(); + + if ($this->userLockingModel->resetFailedLogin($user['username'])) { + $this->flash->success(t('User unlocked successfully.')); + } else { + $this->flash->failure(t('Unable to unlock the user.')); + } + + $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id']))); + } } diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index 978bc05b..adff1e63 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -151,7 +151,7 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('UserCreationController', '*', Role::APP_ADMIN); $acl->add('UserListController', '*', Role::APP_ADMIN); $acl->add('UserStatusController', '*', Role::APP_ADMIN); - $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN); + $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication', 'unlock'), Role::APP_ADMIN); return $acl; } diff --git a/app/Template/user_view/show.php b/app/Template/user_view/show.php index fc11f8a1..2f5a73af 100644 --- a/app/Template/user_view/show.php +++ b/app/Template/user_view/show.php @@ -18,6 +18,11 @@
  • dt->datetime($user['lock_expiration_date']) ?>
    • + user->isAdmin()): ?> +
  • + url->link(t('Unlock this user'), 'UserCredentialController', 'unlock', array('user_id' => $user['id']), true) ?> +
    • + diff --git a/doc/bruteforce-protection.markdown b/doc/bruteforce-protection.markdown index a7bef45e..2f75b919 100644 --- a/doc/bruteforce-protection.markdown +++ b/doc/bruteforce-protection.markdown @@ -12,6 +12,9 @@ However, **after three authentication failure through the user API**, the accoun Kanboard doesn't block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like [fail2ban](http://www.fail2ban.org) to avoid massive scans. +Configuration +------------- + Default settings can be changed with these configuration variables: ```php @@ -24,3 +27,9 @@ define('BRUTEFORCE_LOCKDOWN', 6); // Lock account duration in minutes define('BRUTEFORCE_LOCKDOWN_DURATION', 15); ``` + +Unlocking users +--------------- + +If you don't want to wait 15 minutes, you can unlock a user from the user interface. +As administrator, go to the user profile and click on "Unlock this user". -- cgit v1.2.3