diff --git a/docs/upgrades/upgrade_5.9.9-6.0.0.pl b/docs/upgrades/upgrade_5.9.9-6.0.0.pl
index c9e67aa65..24fabc81b 100644
--- a/docs/upgrades/upgrade_5.9.9-6.0.0.pl
+++ b/docs/upgrades/upgrade_5.9.9-6.0.0.pl
@@ -433,6 +433,8 @@ foreach my $wobject (@{$wobjects}) {
}
push(@newWobjects,"WSClient");
$conf->set("wobjects"=>\@newWobjects);
+$conf->set("emailRecoveryLoggingEnabled"=>1);
+$conf->set("passwordChangeLoggingEnabled"=>1);
$conf->write;
@@ -440,10 +442,15 @@ $conf->write;
print "\tUpdating Authentication.\n" unless ($quiet);
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='passwordLastUpdated'");
WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='passwordTimeout'");
+WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='changeUsername'");
+WebGUI::SQL->write("delete from authentication where authMethod='WebGUI' and fieldName='changePassword'");
+
my $authSth = WebGUI::SQL->read("select userId from users where authMethod='WebGUI'");
while (my $authHash = $authSth->hashRef){
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','passwordLastUpdated','".time()."')");
WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','passwordTimeout','3122064000')");
+ WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','changeUsername','1')");
+ WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldName,fieldData) values ('".$authHash->{userId}."','WebGUI','changePassword','1')");
}
diff --git a/docs/upgrades/upgrade_5.9.9-6.0.0.sql b/docs/upgrades/upgrade_5.9.9-6.0.0.sql
index a8d004421..d941f12e6 100644
--- a/docs/upgrades/upgrade_5.9.9-6.0.0.sql
+++ b/docs/upgrades/upgrade_5.9.9-6.0.0.sql
@@ -413,3 +413,16 @@ names set for them by the SOAP server (i.e. perhaps "localTime" for a time query
INSERT INTO template VALUES (1,'Xmethods: getTemp','
\n\n\n
\n\n\n\r\n\r\n \r\n The current temp is: \r\n \r\n\r\n Failed to retrieve temp.\r\n','WSClient');
INSERT INTO template VALUES (2,'Google: doGoogleSearch','\n\n
\n\n\n
\n\n\n\n\n\n \n \n You searched for . We found around matching records.
\n \n\n \n \">\n \n \n \n \n \n
\n \n
\n \n \n
\n Description:
\n \n
\">\n
\n - \n \n
\n \n \n\n Could not retrieve results from Google.\n','WSClient');
+insert into settings (name,value) values ('webguiChangePassword',1);
+insert into settings (name,value) values ('webguiChangeUsername',1);
+
+delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=22;
+insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (22,1,'Auth/WebGUI','There are no fields to update.', 1076361800,'');
+delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=21;
+insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (21,1,'Auth/WebGUI','Allow User to Change Username?', 1076358688,'');
+delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=20;
+insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (20,1,'Auth/WebGUI','Allow User to Change Password?', 1076358606,'');
+delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=19;
+insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (19,1,'Auth/WebGUI','Allow Users to Change Username?', 1076358029,'');
+delete from international where languageId=1 and namespace='Auth/WebGUI' and internationalId=18;
+insert into international (internationalId,languageId,namespace,message,lastUpdated,context) values (18,1,'Auth/WebGUI','Allow Users to Change Passwords?', 1076357595,'');
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index be4fc7817..c05ba056a 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -22,6 +22,21 @@ use WebGUI::Utility;
our @ISA = qw(WebGUI::Auth);
+
+#-------------------------------------------------------------------
+
+=head2 addUserForm ( )
+
+ Creates user form elements specific to this Auth Method.
+
+=cut
+
+sub _logSecurityMessage {
+ if($session{config}{passwordChangeLoggingEnabled}) {
+ WebGUI::ErrorHandler::security("change password. Password changed successfully");
+ }
+}
+
#-------------------------------------------------------------------
=head2 addUserForm ( )
@@ -36,6 +51,24 @@ sub addUserForm {
my $f = WebGUI::HTMLForm->new;
$f->password("authWebGUI.identifier",WebGUI::International::get(51),"password");
$f->interval("authWebGUI.passwordTimeout",WebGUI::International::get(16,'Auth/WebGUI'),WebGUI::DateTime::secondsToInterval(($userData->{passwordTimeout} || $session{setting}{webguiPasswordTimeout})));
+ my $userChange = $session{setting}{webguiChangeUsername};
+ if($userChange || $userChange eq "0"){
+ $userChange = $userData->{changeUsername};
+ }
+ $f->yesNo(
+ -name=>"authWebGUI.changeUsername",
+ -value=>$userChange,
+ -label=>WebGUI::International::get(21,'Auth/WebGUI')
+ );
+ my $passwordChange = $session{setting}{webguiChangePassword};
+ if($passwordChange || $passwordChange eq "0"){
+ $passwordChange = $userData->{changePassword};
+ }
+ $f->yesNo(
+ -name=>"authWebGUI.changePassword",
+ -value=>$passwordChange,
+ -label=>WebGUI::International::get(20,'Auth/WebGUI')
+ );
return $f->printRowsOnly;
}
@@ -53,7 +86,8 @@ sub addUserFormSave {
unless ($session{form}{'authWebGUI.identifier'} eq "password") {
$properties->{identifier} = Digest::MD5::md5_base64($session{form}{'authWebGUI.identifier'});
}
-
+ $properties->{changeUsername} = $session{form}{'authWebGUI.changeUsername'};
+ $properties->{changePassword} = $session{form}{'authWebGUI.changePassword'};
$properties->{passwordTimeout} = WebGUI::DateTime::intervalToSeconds($session{form}{'authWebGUI.passwordTimeout_interval'},$session{form}{'authWebGUI.passwordTimeout_units'});
$properties->{passwordLastUpdated} = time();
if($session{setting}{webguiExpirePasswordOnCreation}){
@@ -149,13 +183,22 @@ sub displayAccount {
my $self = shift;
my $vars;
return $self->displayLogin($_[0]) if ($self->userId == 1);
+ my $userData = $self->getParams;
$vars->{'account.message'} = $_[0] if ($_[0]);
- $vars->{'account.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$self->username});
- $vars->{'account.form.username.label'} = WebGUI::International::get(50);
- $vars->{'account.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>"password"});
- $vars->{'account.form.password.label'} = WebGUI::International::get(51);
- $vars->{'account.form.passwordConfirm'} = WebGUI::Form::password({"name"=>"authWebGUI.identifierConfirm","value"=>"password"});
- $vars->{'account.form.passwordConfirm.label'} = WebGUI::International::get(2,'Auth/WebGUI');
+ if($userData->{changeUsername}){
+ $vars->{'account.form.username'} = WebGUI::Form::text({"name"=>"authWebGUI.username","value"=>$self->username});
+ $vars->{'account.form.username.label'} = WebGUI::International::get(50);
+ }
+ if($userData->{changePassword}){
+ $vars->{'account.form.password'} = WebGUI::Form::password({"name"=>"authWebGUI.identifier","value"=>"password"});
+ $vars->{'account.form.password.label'} = WebGUI::International::get(51);
+ $vars->{'account.form.passwordConfirm'} = WebGUI::Form::password({"name"=>"authWebGUI.identifierConfirm","value"=>"password"});
+ $vars->{'account.form.passwordConfirm.label'} = WebGUI::International::get(2,'Auth/WebGUI');
+ }
+ if(!$userData->{changeUsername} && !$userData->{changePassword}){
+ $vars->{'account.noform'} = "true";
+ }
+ $vars->{'account.nofields'} = WebGUI::International::get(22,'Auth/WebGUI');
return $self->SUPER::displayAccount("updateAccount",$vars);
}
@@ -207,6 +250,9 @@ sub editUserFormSave {
}
}
$properties->{passwordTimeout} = WebGUI::DateTime::intervalToSeconds($session{form}{'authWebGUI.passwordTimeout_interval'},$session{form}{'authWebGUI.passwordTimeout_units'});
+ $properties->{changeUsername} = $session{form}{'authWebGUI.changeUsername'};
+ $properties->{changePassword} = $session{form}{'authWebGUI.changePassword'};
+
$self->SUPER::editUserFormSave($properties);
}
@@ -244,6 +290,16 @@ sub editUserSettingsForm {
-value=>$session{setting}{webguiWelcomeMessage},
-label=>WebGUI::International::get(869)
);
+ $f->yesNo(
+ -name=>"webguiChangeUsername",
+ -value=>$session{setting}{webguiChangeUsername},
+ -label=>WebGUI::International::get(19,'Auth/WebGUI')
+ );
+ $f->yesNo(
+ -name=>"webguiChangePassword",
+ -value=>$session{setting}{webguiChangePassword},
+ -label=>WebGUI::International::get(18,'Auth/WebGUI')
+ );
$f->yesNo(
-name=>"webguiPasswordRecovery",
-value=>$session{setting}{webguiPasswordRecovery},
@@ -315,6 +371,10 @@ sub recoverPasswordFinish {
}
$encryptedPassword = Digest::MD5::md5_base64($password);
$self->saveParams($userId,"WebGUI",{identifier=>$encryptedPassword});
+ _logSecurityMessage();
+ if($session{config}{emailRecoveryLoggingEnabled}) {
+ WebGUI::ErrorHandler::security("recover a password. Password emailed to: ".$session{form}{email});
+ }
$message = $session{setting}{webguiRecoverPasswordEmail};
$message .= "\n".WebGUI::International::get(50).": ".$username."\n";
$message .= WebGUI::International::get(51).": ".$password."\n";
@@ -370,6 +430,7 @@ sub resetExpiredPasswordSave {
$properties->{passwordLastUpdated} = time();
$self->saveParams($u->userId,$self->authMethod,$properties);
+ _logSecurityMessage();
$msg = $self->login;
if($msg eq ""){
@@ -393,28 +454,54 @@ sub updateAccount {
my $password = $session{form}{'authWebGUI.identifier'};
my $passConfirm = $session{form}{'authWebGUI.identifierConfirm'};
my $display = ''.WebGUI::International::get(81).'';
+ my $error = "";
if($self->userId == 1){
return $self->displayLogin;
}
- if(!$self->validUsernameAndPassword($username,$password,$passConfirm)){
- $display = $self->error; #overwrite display
+ if($username){
+ if($self->_isDuplicateUsername($username)){
+ $error .= $self->error;
+ }
+
+ if(!$self->_isValidUsername($username)){
+ $error .= $self->error;
+ }
}
+
+ if($password){
+ if(!$self->_isValidPassword($password,$passConfirm)){
+ $error .= $self->error;
+ }
+ }
+
+ if($error){
+ $display = $error;
+ }
+
+ #if(!$self->validUsernameAndPassword($username,$password,$passConfirm)){
+ # $display = $self->error; #overwrite display
+ #}
my $properties;
my $u = $self->user;
- $u->username($username);
- my $userData = $self->getParams;
-
- unless ($password eq "password") {
- $properties->{identifier} = Digest::MD5::md5_base64($password);
- if($userData->{identifier} ne $properties->{identifier}){
- $properties->{passwordLastUpdated} = time();
+ if(!$error){
+ if($username){
+ $u->username($username);
+ $session{form}{uid} = $u->userId;
+ }
+ if($password){
+ my $userData = $self->getParams;
+ unless ($password eq "password") {
+ $properties->{identifier} = Digest::MD5::md5_base64($password);
+ _logSecurityMessage();
+ if($userData->{identifier} ne $properties->{identifier}){
+ $properties->{passwordLastUpdated} = time();
+ }
+ }
}
}
-
- $session{form}{uid} = $u->userId;
$self->saveParams($u->userId,$self->authMethod,$properties);
WebGUI::Session::refreshUserInfo($u->userId);