oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into WebGUI8

Browse source
This commit is contained in:
Graham Knop 2010-04-13 07:50:02 -05:00
commit 2400f19099
797 changed files with 33894 additions and 27196 deletions
Download patch file Download diff file Expand all files Collapse all files

82
lib/WebGUI/Auth/LDAP.pm
View file

@ -39,9 +39,11 @@ i.e., it does not validate their username or ensure their account is active.
=cut
sub _isValidLDAPUser {
my $self = shift;
my $self = shift;
my $session = $self->session;
my $form = $session->form;
my ($error, $ldap, $search, $auth, $connectDN);
my $i18n = WebGUI::International->new($self->session);
my $i18n = WebGUI::International->new($session);
my $connection = $self->getLDAPConnection;
return 0 unless $connection;
@ -52,8 +54,8 @@ sub _isValidLDAPUser {
$self->error('<li>'.$i18n->get(2,'AuthLDAP').'</li>');
return 0;
}
my $username = $self->session->form->get("authLDAP_ldapId") || $self->session->form->get("username");
my $password = $self->session->form->get("authLDAP_identifier") || $self->session->form->get("identifier");
my $username = $form->get("authLDAP_ldapId") || $form->get("username");
my $password = $form->get("authLDAP_identifier") || $form->get("identifier");
my $uri = URI->new($connection->{ldapUrl}) or $error = '<li>'.$i18n->get(2,'AuthLDAP').'</li>';
@ -63,7 +65,7 @@ sub _isValidLDAPUser {
}
# Create an LDAP object
if ($ldap = Net::LDAP->new($uri->host, (port=>$uri->port))) {
if ($ldap = Net::LDAP->new($uri->host, (port=>$uri->port,scheme=>$uri->scheme))) {
# Bind as a proxy user to search for the user trying to login
if($connection->{connectDn}) {
@ -101,27 +103,27 @@ sub _isValidLDAPUser {
# Invalid login credentials, directory did not authenticate the user
if ($auth->code == 48 || $auth->code == 49) {
$error .= '<li>'.$i18n->get(68).'</li>';
$self->session->errorHandler->warn("Invalid LDAP information for registration of LDAP ID: ".$self->session->form->process('authLDAP_ldapId'));
$session->log->warn("Invalid LDAP information for registration of LDAP ID: ".$self->session->form->process('authLDAP_ldapId'));
}
elsif ($auth->code > 0) { # Some other LDAP error occured
$error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured. '.$i18n->get(69).'</li>';
$self->session->errorHandler->error("LDAP error: ".$self->ldapStatusCode($auth->code));
$session->log->error("LDAP error: ".$self->ldapStatusCode($auth->code));
}
$ldap->unbind;
}
else { # Could not find the user in the directory to build a DN
$error .= '<li>'.$i18n->get(68).'</li>';
$self->session->errorHandler->warn("Invalid LDAP information for registration of LDAP ID: ".$self->session->form->process("authLDAP_ldapId"));
$session->log->warn("Invalid LDAP information for registration of LDAP ID: ".$self->session->form->process("authLDAP_ldapId"));
}
}
else { # Unable to bind with proxy user credentials or anonymously for our search
$error = '<li>'.$i18n->get(2,'AuthLDAP').'</li>';
$self->session->errorHandler->error("Couldn't bind to LDAP server: ".$connection->{ldapUrl});
$session->log->error("Couldn't bind to LDAP server: ".$connection->{ldapUrl});
}
}
else { # Could not create our LDAP object
$error = '<li>'.$i18n->get(2,'AuthLDAP').'</li>';
$self->session->errorHandler->error("Couldn't create LDAP object: ".$connection->{ldapUrl});
$session->log->error("Couldn't create LDAP object: ".$connection->{ldapUrl});
}
$self->error($error);
@ -175,21 +177,32 @@ sub authenticate {
# Try to bind using the users dn and password
$auth = $ldap->bind(dn=>$userData->{connectDN}, password=>$identifier);
# Failure to bind could have resulted from change to in DN on LDAP server.
# Test for new DN and update user account as needed
if ($auth->code > 0 && $self->_isValidLDAPUser()) {
# Update user profile and log change
# _isValidLDAPUser will set _connectDN to new correct value
$auth = $ldap->bind(dn=>$self->{_connectDN}, password=>$identifier);
my $message = "DN has been changed for user ".$_[0]." from \"".$userData->{connectDN}."\" to \"".$self->{_connectDN}."\"";
$self->saveParams($self->user->userId, $self->authMethod, { connectDN => $self->{_connectDN} });
$self->session->errorHandler->warn($message);
}
# Authentication failed
if ($auth->code == 48 || $auth->code == 49){
if ($auth->code == 48 || $auth->code == 49 || $auth->code == 32){
$error .= $self->SUPER::authenticationError;
}
elsif ($auth->code > 0) { # Some other LDAP error happened
$error .= '<li>LDAP error "'.$self->ldapStatusCode($auth->code).'" occured.'.$i18n->get(69).'</li>';
$self->session->errorHandler->error("LDAP error: ".$self->ldapStatusCode($auth->code));
$self->session->log->error("LDAP error: ".$self->ldapStatusCode($auth->code));
}
$ldap->unbind;
}
else {
$error .= '<li>'.$i18n->get(13,'AuthLDAP').'</li>';
$self->session->errorHandler->error("Could not process this LDAP URL: ".$userData->{ldapUrl});
$self->session->log->error("Could not process this LDAP URL: ".$userData->{ldapUrl});
}
if($error ne ""){
@ -311,7 +324,7 @@ sub createAccountSave {
}
#Get connectDN from settings
my $uri = URI->new($connection->{ldapUrl});
my $ldap = Net::LDAP->new($uri->host, (port=>$uri->port));
my $ldap = Net::LDAP->new($uri->host, (port=>$uri->port,scheme=>$uri->scheme));
my $auth;
if($connection->{connectDn}) {
$auth = $ldap->bind(dn=>$connection->{connectDn}, password=>$connection->{identifier});
@ -480,7 +493,7 @@ sub editUserForm {
);
$f->text(
-name => "authLDAP_connectDN",
-label => $i18n->get(4),
-label => $i18n->get('LDAP User DN'),
-value => $connectDN,
);
$self->session->style->setRawHeadTags($jscript);
@ -586,7 +599,34 @@ sub getCreateAccountTemplateId {
my $self = shift;
my $ldapConnect = $self->getLDAPConnection;
return "PBtmpl0000000000000005" unless $ldapConnect;
return ($self->getLDAPConnection->{ldapCreateAccountTemplate} || "PBtmpl0000000000000005");
return ($ldapConnect->{ldapCreateAccountTemplate} || "PBtmpl0000000000000005");
}
#-------------------------------------------------------------------
=head2 getDeactivateAccountTemplateId ( )
Get the default template ID for the deactivate account form.
=cut
sub getDeactivateAccountTemplateId {
my $self = shift;
my $ldapConnect = $self->getLDAPConnection;
return $self->SUPER::getDeactivateAccountTemplateId unless $ldapConnect;
return ($ldapConnect->{ldapDeactivateAccountTemplate} || $self->SUPER::getDeactivateAccountTemplateId);
}
#-------------------------------------------------------------------
=head2 getDefaultLoginTemplateId ( )
Get the default template ID for the login form.
=cut
sub getDefaultLoginTemplateId {
return "PBtmpl0000000000000006";
}
#-------------------------------------------------------------------
@ -629,8 +669,8 @@ Get the template ID for the login form.
sub getLoginTemplateId {
my $self = shift;
my $ldapConnect = $self->getLDAPConnection;
return "PBtmpl0000000000000006" unless $ldapConnect;
return ($self->getLDAPConnection->{ldapLoginTemplate} || "PBtmpl0000000000000006");
return $self->getDefaultLoginTemplateId unless $ldapConnect;
return ($self->getLDAPConnection->{ldapLoginTemplate} || $self->getDefaultLoginTemplateId);
}
#-------------------------------------------------------------------
@ -644,8 +684,8 @@ Process the login form. Create a new account if auto registration is enabled.
sub login {
my $self = shift;
my $i18n = WebGUI::International->new($self->session);
my $username = $self->session->form->process("username");
my $identifier = $self->session->form->process("identifier");
my $username = $self->session->form->process("username");
my $identifier = $self->session->form->process("identifier");
my $autoRegistration = $self->session->setting->get("automaticLDAPRegistration");
my $hasAuthenticated = 0;
@ -683,7 +723,7 @@ sub login {
}
return $self->SUPER::login() if $hasAuthenticated; #Standard login routine for login
$self->session->errorHandler->security("login to account ".$self->session->form->process("username")." with invalid information.");
$self->session->log->security("login to account ".$self->session->form->process("username")." with invalid information.");
return $self->displayLogin("<h1>".$i18n->get(70)."</h1>".$self->error);
}

77
lib/WebGUI/Auth/WebGUI.pm
View file

@ -165,7 +165,7 @@ sub createAccount {
unless($setting->get('webguiUseEmailAsUsername')){
my $username = $form->process("authWebGUI.username");
$vars->{'create.form.username'}
= WebGUI::Form::text($self->session, {
= WebGUI::Form::username($self->session, {
name => "authWebGUI.username",
value => $username,
extras => $self->getExtrasStyle($username)
@ -266,7 +266,7 @@ sub createAccountSave {
$properties->{ changeUsername } = $setting->get("webguiChangeUsername");
$properties->{ changePassword } = $setting->get("webguiChangePassword");
$properties->{ identifier } = $self->hashPassword($password);
$properties->{ passwordLastUpdated } = $session->datetime->time();
$properties->{ passwordLastUpdated } = time();
$properties->{ passwordTimeout } = $setting->get("webguiPasswordTimeout");
$properties->{ status } = 'Deactivated' if ($setting->get("webguiValidateEmail"));
@ -288,7 +288,7 @@ WebGUI::Asset::Template->newById($self->session,$self->getSetting('accountActiva
WebGUI::Macro::process($self->session,\$text);
$mail->addText($text);
$mail->addFooter;
$mail->send;
$mail->queue;
$self->user->status("Deactivated");
$session->var->end($session->var->get("sessionId"));
$session->var->start(1,$session->getId);
@ -326,6 +326,18 @@ sub deactivateAccountConfirm {
return $self->displayLogin(sprintf( $i18n->get("deactivateAccount success"), $username ));
}
#-------------------------------------------------------------------
=head2 checkField ( )
Performs AJAX checks on form field input. For example, can check whether a user
name is free for registration.
Returns the JSON {"error":"errorString"} where errorString is an error message
or an empty string if the check was successful.
=cut
#-------------------------------------------------------------------
sub displayAccount {
my $self = shift;
@ -433,16 +445,16 @@ sub editUserFormSave {
unless (!$identifier || $identifier eq "password") {
$properties->{identifier} = $self->hashPassword($self->session->form->process('authWebGUI.identifier'));
if($userData->{identifier} ne $properties->{identifier}){
$properties->{passwordLastUpdated} =$self->session->datetime->time();
$properties->{passwordLastUpdated} =time();
}
}
$properties->{passwordTimeout} = $self->session->form->interval('authWebGUI.passwordTimeout');
$properties->{changeUsername} = $self->session->form->process('authWebGUI.changeUsername');
$properties->{changePassword} = $self->session->form->process('authWebGUI.changePassword');
if($userId eq "new") {
$properties->{passwordLastUpdated} =$self->session->datetime->time();
$properties->{passwordLastUpdated} =time();
if ($self->session->setting->get("webguiExpirePasswordOnCreation")){
$properties->{passwordLastUpdated} =$self->session->datetime->time() - $properties->{passwordTimeout};
$properties->{passwordLastUpdated} =time() - $properties->{passwordTimeout};
}
}
@ -568,6 +580,13 @@ sub editUserSettingsForm {
-namespace => "Auth/WebGUI/Create",
-label => $i18n->get("create account template"),
-hoverHelp => $i18n->get("create account template help"),
);
$f->template(
-name => "webguiDeactivateAccountTemplate",
-value => $self->session->setting->get("webguiDeactivateAccountTemplate"),
-namespace => "Auth/WebGUI/Deactivate",
-label => $i18n->get("deactivate account template"),
-hoverHelp => $i18n->get("deactivate account template help"),
);
$f->template(
-name => "webguiExpiredPasswordTemplate",
@ -649,15 +668,16 @@ sub editUserSettingsFormSave {
}
$s->set("webguiPasswordRecoveryRequireUsername", $f->process("webguiPasswordRecoveryRequireUsername","yesNo"));
$s->set("webguiValidateEmail", $f->process("webguiValidateEmail","yesNo"));
$s->set("webguiUseCaptcha", $f->process("webguiUseCaptcha","yesNo"));
$s->set("webguiAccountTemplate", $f->process("webguiAccountTemplate","template"));
$s->set("webguiCreateAccountTemplate", $f->process("webguiCreateAccountTemplate","template"));
$s->set("webguiExpiredPasswordTemplate", $f->process("webguiExpiredPasswordTemplate","template"));
$s->set("webguiLoginTemplate", $f->process("webguiLoginTemplate","template"));
$s->set("webguiPasswordRecoveryTemplate", $f->process("webguiPasswordRecoveryTemplate","template"));
$s->set("webguiWelcomeMessageTemplate", $f->process("webguiWelcomeMessageTemplate","template"));
$s->set("webguiAccountActivationTemplate", $f->process("webguiAccountActivationTemplate","template"));
$s->set("webguiValidateEmail", $f->process("webguiValidateEmail","yesNo"));
$s->set("webguiUseCaptcha", $f->process("webguiUseCaptcha","yesNo"));
$s->set("webguiAccountTemplate", $f->process("webguiAccountTemplate","template"));
$s->set("webguiCreateAccountTemplate", $f->process("webguiCreateAccountTemplate","template"));
$s->set("webguiDeactivateAccountTemplate", $f->process("webguiDeactivateAccountTemplate","template"));
$s->set("webguiExpiredPasswordTemplate", $f->process("webguiExpiredPasswordTemplate","template"));
$s->set("webguiLoginTemplate", $f->process("webguiLoginTemplate","template"));
$s->set("webguiPasswordRecoveryTemplate", $f->process("webguiPasswordRecoveryTemplate","template"));
$s->set("webguiWelcomeMessageTemplate", $f->process("webguiWelcomeMessageTemplate","template"));
$s->set("webguiAccountActivationTemplate", $f->process("webguiAccountActivationTemplate","template"));
if (@errors) {
return \@errors;
@ -679,6 +699,17 @@ sub getCreateAccountTemplateId {
return $self->session->setting->get("webguiCreateAccountTemplate") || "PBtmpl0000000000000011";
}
#-------------------------------------------------------------------
sub getDeactivateAccountTemplateId {
my $self = shift;
return $self->session->setting->get("webguiDeactivateAccountTemplate") || $self->SUPER::getDeactivateAccountTemplateId;
}
#-------------------------------------------------------------------
sub getDefaultLoginTemplateId {
return "PBtmpl0000000000000013";
}
#-------------------------------------------------------------------
sub getExpiredPasswordTemplateId {
my $self = shift;
@ -688,7 +719,7 @@ sub getExpiredPasswordTemplateId {
#-------------------------------------------------------------------
sub getLoginTemplateId {
my $self = shift;
return $self->session->setting->get("webguiLoginTemplate") || "PBtmpl0000000000000013";
return $self->session->setting->get("webguiLoginTemplate") || $self->getDefaultLoginTemplateId;
}
#-------------------------------------------------------------------
@ -753,7 +784,7 @@ sub login {
my $userData = $self->getParams;
if($self->getSetting("passwordTimeout") && $userData->{passwordTimeout}){
my $expireTime = $userData->{passwordLastUpdated} + $userData->{passwordTimeout};
if ($self->session->datetime->time() >= $expireTime){
if (time() >= $expireTime){
my $userId = $self->userId;
$self->logout;
return $self->resetExpiredPassword($userId);
@ -1031,7 +1062,7 @@ sub profileRecoverPasswordFinish {
$self->user( $user );
$self->saveParams($userId, $self->authMethod,
{ identifier => $self->hashPassword($password),
passwordLastUpdated => $self->session->datetime->time });
passwordLastUpdated => time });
$self->_logSecurityMessage;
return $self->SUPER::login;
} else {
@ -1086,7 +1117,7 @@ sub emailRecoverPasswordFinish {
my $mail = WebGUI::Mail::Send->create($session, { to=>$email, subject=>$i18n->get('WebGUI password recovery')});
$mail->addText($i18n->get('recover password email text1', 'AuthWebGUI') . $url. ". \n\n".$i18n->get('recover password email text2', 'AuthWebGUI')." \n\n ".$url."?op=auth;method=emailResetPassword;token=$recoveryGuid"."\n\n ". $i18n->get('recover password email text3', 'AuthWebGUI'));
$mail->send;
$mail->queue;
return "<h1>". $i18n->get('recover password banner', 'AuthWebGUI')." </h1> <br> <br> <h3>". $i18n->get('email recover password finish message', 'AuthWebGUI') . "</h3>";
}
@ -1182,7 +1213,7 @@ sub emailResetPasswordFinish {
$self->user(WebGUI::User->new($self->session, $userId));
$self->saveParams($userId, $self->authMethod,
{ identifier => $self->hashPassword($password),
passwordLastUpdated => $self->session->datetime->time });
passwordLastUpdated => time });
$self->_logSecurityMessage;
# delete the emailRecoverPasswordVerificationNumber
@ -1236,7 +1267,7 @@ sub resetExpiredPasswordSave {
return $self->resetExpiredPassword($u->userId, "<h1>".$i18n->get(70)."</h1><ul>".$error.'</ul>') if ($error);
$properties->{identifier} = $self->hashPassword($self->session->form->process("identifier"));
$properties->{passwordLastUpdated} =$self->session->datetime->time();
$properties->{passwordLastUpdated} =time();
$self->saveParams($u->userId,$self->authMethod,$properties);
$self->_logSecurityMessage();
@ -1299,7 +1330,7 @@ sub updateAccount {
}
if($error){
$display = $error;
$display = '<ul>'.$error.'</ul>';
}
my $properties;
@ -1314,7 +1345,7 @@ sub updateAccount {
$properties->{identifier} = $self->hashPassword($password);
$self->_logSecurityMessage();
if($userData->{identifier} ne $properties->{identifier}){
$properties->{passwordLastUpdated} =$self->session->datetime->time();
$properties->{passwordLastUpdated} =time();
}
}
}