Added code to authentication to allow admins to prevent users from changing usernames and passwords
This commit is contained in:
Frank Dillon
parent
6ea3d10e96
commit
7c853a309f
3 changed files with 125 additions and 18 deletions
|
|
@ -433,6 +433,8 @@ foreach my $wobject (@{$wobjects}) {
|
|||
}
|
||||
push(@newWobjects,"WSClient");
|
||||
$conf->set("wobjects"=>\@newWobjects);
|
||||
$conf->set("emailRecoveryLoggingEnabled"=>1);
|
||||
$conf->set("passwordChangeLoggingEnabled"=>1);
|
||||
$conf->write;
|
||||
|
||||
|
||||
|
|
@ -440,10 +442,15 @@ $conf->write;
|
|||
print "\tUpdating Authentication.\n" unless ($quiet);
|
||||
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='passwordLastUpdated'");
|
||||
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='passwordTimeout'");
|
||||
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='changeUsername'");
|
||||
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='changePassword'");
|
||||
|
||||
my $authSth = WebGUI::SQL->read("select userId from users where authMethod='WebGUI'");
|
||||
while (my $authHash = $authSth->hashRef){
|
||||
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','passwordLastUpdated','".time()."')");
|
||||
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','passwordTimeout','3122064000')");
|
||||
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','changeUsername','1')");
|
||||
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','changePassword','1')");
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -413,3 +413,16 @@ names set for them by the SOAP server (i.e. perhaps "localTime" for a time query
|
|||
INSERT INTO template VALUES (1,'Xmethods: getTemp','<h1><tmpl_var title></h1>\n\n<tmpl_if description>\n <tmpl_var description><br /><br />\n</tmpl_if>\n\n\r\n<tmpl_if results>\r\n <tmpl_loop results>\r\n The current temp is: <tmpl_var result>\r\n </tmpl_loop>\r\n<tmpl_else>\r\n Failed to retrieve temp.\r\n</tmpl_if>','WSClient');
|
||||
INSERT INTO template VALUES (2,'Google: doGoogleSearch','<style>\n.googleDetail {\n font-size: 9px;\n}\n</style>\n\n<h1><tmpl_var title></h1>\n\n<tmpl_if description>\n <tmpl_var description><br /><br />\n</tmpl_if>\n\n<form method=\"post\">\n <input type=\"hidden\" name=\"func\" value=\"view\">\n <input type=\"hidden\" name=\"wid\" value=\"<tmpl_var wobjectId>\">\n <input type=\"hidden\" name=\"targetWobjects\" value=\"doGoogleSearch\">\n <input type=\"text\" name=\"q\"><input type=\"submit\" value=\"Search\">\n</form>\n\n<tmpl_if results>\n <tmpl_loop results>\n <tmpl_if resultElements>\n <p> You searched for <b><tmpl_var searchQuery></b>. We found around <tmpl_var estimatedTotalResultsCount> matching records.</p>\n </tmpl_if>\n\n <tmpl_loop resultElements>\n <a href=\"<tmpl_var URL>\">\n <tmpl_if title>\n <tmpl_var title>\n <tmpl_else>\n <tmpl_var url>\n </tmpl_if>\n </a><br />\n <tmpl_if snippet>\n <tmpl_var snippet><br />\n </tmpl_if>\n <div class=\"googleDetail\">\n <tmpl_if summary>\n <b>Description:</b> <tmpl_var summary><br />\n </tmpl_if>\n <a href=\"<tmpl_var URL>\"><tmpl_var URL></a>\n <tmpl_if cachedSize>\n - <tmpl_var cachedSize>\n </tmpl_if>\n </div><br />\n </tmpl_loop>\n </tmpl_loop>\n<tmpl_else>\n Could not retrieve results from Google.\n</tmpl_if>','WSClient');
|
||||
|
||||
insert into settings (name,value) values ('webguiChangePassword',1);
|
||||
insert into settings (name,value) values ('webguiChangeUsername',1);
|
||||
|
||||
delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=22;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (22,1,'Auth/WebGUI','There are no fields to update.', 1076361800,'');
|
||||
delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=21;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (21,1,'Auth/WebGUI','Allow User to Change Username?', 1076358688,'');
|
||||
delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=20;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (20,1,'Auth/WebGUI','Allow User to Change Password?', 1076358606,'');
|
||||
delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=19;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (19,1,'Auth/WebGUI','Allow Users to Change Username?', 1076358029,'');
|
||||
delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=18;
|
||||
insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (18,1,'Auth/WebGUI','Allow Users to Change Passwords?', 1076357595,'');
|
||||
|
|
|
|||
|
|
@ -22,6 +22,21 @@ use WebGUI::Utility;
|
|||
|
||||
our @ISA = qw(WebGUI::Auth);
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 addUserForm ( )
|
||||
|
||||
Creates user form elements specific to this Auth Method.
|
||||
|
||||
=cut
|
||||
|
||||
sub _logSecurityMessage {
|
||||
if($session{config}{passwordChangeLoggingEnabled}) {
|
||||
WebGUI::ErrorHandler::security("change password. Password changed successfully");
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 addUserForm ( )
|
||||
|
|
@ -36,6 +51,24 @@ sub addUserForm {
|
|||
my $f = WebGUI::HTMLForm->new;
|
||||
$f->password("authWebGUI.identifier",WebGUI::International::get(51),"password");
|
||||
$f->interval("authWebGUI.passwordTimeout",WebGUI::International::get(16,'Auth/WebGUI'),WebGUI::DateTime::secondsToInterval(($userData->{passwordTimeout} || $session{setting}{webguiPasswordTimeout})));
|
||||
my $userChange = $session{setting}{webguiChangeUsername};
|
||||
if($userChange || $userChange eq "0"){
|
||||
$userChange = $userData->{changeUsername};
|
||||
}
|
||||
$f->yesNo(
|
||||
-name=>"authWebGUI.changeUsername",
|
||||
-value=>$userChange,
|
||||
-label=>WebGUI::International::get(21,'Auth/WebGUI')
|
||||
);
|
||||
my $passwordChange = $session{setting}{webguiChangePassword};
|
||||
if($passwordChange || $passwordChange eq "0"){
|
||||
$passwordChange = $userData->{changePassword};
|
||||
}
|
||||
$f->yesNo(
|
||||
-name=>"authWebGUI.changePassword",
|
||||
-value=>$passwordChange,
|
||||
-label=>WebGUI::International::get(20,'Auth/WebGUI')
|
||||
);
|
||||
return $f->printRowsOnly;
|
||||
}
|
||||
|
||||
|
|
@ -53,7 +86,8 @@ sub addUserFormSave {
|
|||
unless ($session{form}{'authWebGUI.identifier'} eq "password") {
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($session{form}{'authWebGUI.identifier'});
|
||||
}
|
||||
|
||||
$properties->{changeUsername} = $session{form}{'authWebGUI.changeUsername'};
|
||||
$properties->{changePassword} = $session{form}{'authWebGUI.changePassword'};
|
||||
$properties->{passwordTimeout} = WebGUI::DateTime::intervalToSeconds($session{form}{'authWebGUI.passwordTimeout_interval'},$session{form}{'authWebGUI.passwordTimeout_units'});
|
||||
$properties->{passwordLastUpdated} = time();
|
||||
if($session{setting}{webguiExpirePasswordOnCreation}){
|
||||
|
|
@ -149,13 +183,22 @@ sub displayAccount {
|
|||
my $self = shift;
|
||||
my $vars;
|
||||
return $self->displayLogin($_[0]) if ($self->userId == 1);
|
||||
my $userData = $self->getParams;
|
||||
$vars->{'account.message'} = $_[0] if ($_[0]);
|
||||
$vars->{'account.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$self->username});
|
||||
$vars->{'account.form.username.label'} = WebGUI::International::get(50);
|
||||
$vars->{'account.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>"password"});
|
||||
$vars->{'account.form.password.label'} = WebGUI::International::get(51);
|
||||
$vars->{'account.form.passwordConfirm'} = WebGUI::Form::password({"name"=>"authWebGUI.identifierConfirm","value"=>"password"});
|
||||
$vars->{'account.form.passwordConfirm.label'} = WebGUI::International::get(2,'Auth/WebGUI');
|
||||
if($userData->{changeUsername}){
|
||||
$vars->{'account.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$self->username});
|
||||
$vars->{'account.form.username.label'} = WebGUI::International::get(50);
|
||||
}
|
||||
if($userData->{changePassword}){
|
||||
$vars->{'account.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>"password"});
|
||||
$vars->{'account.form.password.label'} = WebGUI::International::get(51);
|
||||
$vars->{'account.form.passwordConfirm'} = WebGUI::Form::password({"name"=>"authWebGUI.identifierConfirm","value"=>"password"});
|
||||
$vars->{'account.form.passwordConfirm.label'} = WebGUI::International::get(2,'Auth/WebGUI');
|
||||
}
|
||||
if(!$userData->{changeUsername} && !$userData->{changePassword}){
|
||||
$vars->{'account.noform'} = "true";
|
||||
}
|
||||
$vars->{'account.nofields'} = WebGUI::International::get(22,'Auth/WebGUI');
|
||||
return $self->SUPER::displayAccount("updateAccount",$vars);
|
||||
}
|
||||
|
||||
|
|
@ -207,6 +250,9 @@ sub editUserFormSave {
|
|||
}
|
||||
}
|
||||
$properties->{passwordTimeout} = WebGUI::DateTime::intervalToSeconds($session{form}{'authWebGUI.passwordTimeout_interval'},$session{form}{'authWebGUI.passwordTimeout_units'});
|
||||
$properties->{changeUsername} = $session{form}{'authWebGUI.changeUsername'};
|
||||
$properties->{changePassword} = $session{form}{'authWebGUI.changePassword'};
|
||||
|
||||
$self->SUPER::editUserFormSave($properties);
|
||||
}
|
||||
|
||||
|
|
@ -244,6 +290,16 @@ sub editUserSettingsForm {
|
|||
-value=>$session{setting}{webguiWelcomeMessage},
|
||||
-label=>WebGUI::International::get(869)
|
||||
);
|
||||
$f->yesNo(
|
||||
-name=>"webguiChangeUsername",
|
||||
-value=>$session{setting}{webguiChangeUsername},
|
||||
-label=>WebGUI::International::get(19,'Auth/WebGUI')
|
||||
);
|
||||
$f->yesNo(
|
||||
-name=>"webguiChangePassword",
|
||||
-value=>$session{setting}{webguiChangePassword},
|
||||
-label=>WebGUI::International::get(18,'Auth/WebGUI')
|
||||
);
|
||||
$f->yesNo(
|
||||
-name=>"webguiPasswordRecovery",
|
||||
-value=>$session{setting}{webguiPasswordRecovery},
|
||||
|
|
@ -315,6 +371,10 @@ sub recoverPasswordFinish {
|
|||
}
|
||||
$encryptedPassword = Digest::MD5::md5_base64($password);
|
||||
$self->saveParams($userId,"WebGUI",{identifier=>$encryptedPassword});
|
||||
_logSecurityMessage();
|
||||
if($session{config}{emailRecoveryLoggingEnabled}) {
|
||||
WebGUI::ErrorHandler::security("recover a password. Password emailed to: ".$session{form}{email});
|
||||
}
|
||||
$message = $session{setting}{webguiRecoverPasswordEmail};
|
||||
$message .= "\n".WebGUI::International::get(50).": ".$username."\n";
|
||||
$message .= WebGUI::International::get(51).": ".$password."\n";
|
||||
|
|
@ -370,6 +430,7 @@ sub resetExpiredPasswordSave {
|
|||
$properties->{passwordLastUpdated} = time();
|
||||
|
||||
$self->saveParams($u->userId,$self->authMethod,$properties);
|
||||
_logSecurityMessage();
|
||||
|
||||
$msg = $self->login;
|
||||
if($msg eq ""){
|
||||
|
|
@ -393,28 +454,54 @@ sub updateAccount {
|
|||
my $password = $session{form}{'authWebGUI.identifier'};
|
||||
my $passConfirm = $session{form}{'authWebGUI.identifierConfirm'};
|
||||
my $display = '<li>'.WebGUI::International::get(81).'<p>';
|
||||
my $error = "";
|
||||
|
||||
if($self->userId == 1){
|
||||
return $self->displayLogin;
|
||||
}
|
||||
|
||||
if(!$self->validUsernameAndPassword($username,$password,$passConfirm)){
|
||||
$display = $self->error; #overwrite display
|
||||
if($username){
|
||||
if($self->_isDuplicateUsername($username)){
|
||||
$error .= $self->error;
|
||||
}
|
||||
|
||||
if(!$self->_isValidUsername($username)){
|
||||
$error .= $self->error;
|
||||
}
|
||||
}
|
||||
|
||||
if($password){
|
||||
if(!$self->_isValidPassword($password,$passConfirm)){
|
||||
$error .= $self->error;
|
||||
}
|
||||
}
|
||||
|
||||
if($error){
|
||||
$display = $error;
|
||||
}
|
||||
|
||||
#if(!$self->validUsernameAndPassword($username,$password,$passConfirm)){
|
||||
# $display = $self->error; #overwrite display
|
||||
#}
|
||||
|
||||
my $properties;
|
||||
my $u = $self->user;
|
||||
$u->username($username);
|
||||
my $userData = $self->getParams;
|
||||
|
||||
unless ($password eq "password") {
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($password);
|
||||
if($userData->{identifier} ne $properties->{identifier}){
|
||||
$properties->{passwordLastUpdated} = time();
|
||||
if(!$error){
|
||||
if($username){
|
||||
$u->username($username);
|
||||
$session{form}{uid} = $u->userId;
|
||||
}
|
||||
if($password){
|
||||
my $userData = $self->getParams;
|
||||
unless ($password eq "password") {
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($password);
|
||||
_logSecurityMessage();
|
||||
if($userData->{identifier} ne $properties->{identifier}){
|
||||
$properties->{passwordLastUpdated} = time();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$session{form}{uid} = $u->userId;
|
||||
$self->saveParams($u->userId,$self->authMethod,$properties);
|
||||
WebGUI::Session::refreshUserInfo($u->userId);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue