summaryrefslogtreecommitdiff
path: root/app/Controller/UserCredentialController.php
blob: 23e7edba19442bba557a1c7064732b1609851570 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php

namespace Kanboard\Controller;

/**
 * Class UserCredentialController
 *
 * @package Kanboard\Controller
 * @author  Frederic Guillot
 */
class UserCredentialController extends BaseController
{
    /**
     * Password modification form
     *
     * @access public
     * @param array $values
     * @param array $errors
     * @throws \Kanboard\Core\Controller\AccessForbiddenException
     * @throws \Kanboard\Core\Controller\PageNotFoundException
     */
    public function changePassword(array $values = array(), array $errors = array())
    {
        $user = $this->getUser();

        return $this->response->html($this->helper->layout->user('user_credential/password', array(
            'values' => $values + array('id' => $user['id']),
            'errors' => $errors,
            'user' => $user,
        )));
    }

    /**
     * Save new password
     *
     * @throws \Kanboard\Core\Controller\AccessForbiddenException
     * @throws \Kanboard\Core\Controller\PageNotFoundException
     */
    public function savePassword()
    {
        $user = $this->getUser();
        $values = $this->request->getValues();

        list($valid, $errors) = $this->userValidator->validatePasswordModification($values);

        if ($valid) {
            if ($this->userModel->update($values)) {
                $this->flash->success(t('Password modified successfully.'));
                $this->userLockingModel->resetFailedLogin($user['username']);
                $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])), true);
                return;
            } else {
                $this->flash->failure(t('Unable to change the password.'));
            }
        }

        $this->changePassword($values, $errors);
    }

    /**
     * Display a form to edit authentication
     *
     * @access public
     * @param array $values
     * @param array $errors
     * @throws \Kanboard\Core\Controller\AccessForbiddenException
     * @throws \Kanboard\Core\Controller\PageNotFoundException
     */
    public function changeAuthentication(array $values = array(), array $errors = array())
    {
        $user = $this->getUser();

        if (empty($values)) {
            $values = $user;
            unset($values['password']);
        }

        return $this->response->html($this->helper->layout->user('user_credential/authentication', array(
            'values' => $values,
            'errors' => $errors,
            'user' => $user,
        )));
    }

    /**
     * Save authentication
     *
     * @throws \Kanboard\Core\Controller\AccessForbiddenException
     * @throws \Kanboard\Core\Controller\PageNotFoundException
     */
    public function saveAuthentication()
    {
        $user = $this->getUser();
        $values = $this->request->getValues() + array('disable_login_form' => 0, 'is_ldap_user' => 0);
        list($valid, $errors) = $this->userValidator->validateModification($values);

        if ($valid) {
            if ($this->userModel->update($values)) {
                $this->flash->success(t('User updated successfully.'));
                $this->response->redirect($this->helper->url->to('UserCredentialController', 'changeAuthentication', array('user_id' => $user['id'])), true);
                return;
            } else {
                $this->flash->failure(t('Unable to update this user.'));
            }
        }

        $this->changeAuthentication($values, $errors);
    }

    /**
     * Unlock user
     */
    public function unlock()
    {
        $user = $this->getUser();
        $this->checkCSRFParam();

        if ($this->userLockingModel->resetFailedLogin($user['username'])) {
            $this->flash->success(t('User unlocked successfully.'));
        } else {
            $this->flash->failure(t('Unable to unlock the user.'));
        }

        $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
    }
}