Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-03 07:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [ADD] Preliminary API implementation. Need doc

Browse Source 
* [ADD] API token authentication
* [FIX] Fixed issue on account searches
This commit is contained in:
nuxsmin
2015-08-10 10:20:42 +02:00
parent e7ae7d6154
commit 29873ef313
22 changed files with 1159 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

215
ajax/ajax_appMgmtData.php
View File

@@ -50,104 +50,123 @@ $tpl->assign('actionId', $actionId);
$tpl->assign('isView', false);
switch ($actionId) {
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW:
$tpl->assign('header', _('Ver Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT:
$tpl->assign('header', _('Editar Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW:
$tpl->assign('header', _('Nuevo Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_VIEW:
$tpl->assign('header', _('Ver Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT:
$tpl->assign('header', _('Editar Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW:
$tpl->assign('header', _('Nuevo Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_VIEW:
$tpl->assign('header', _('Ver Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT:
$tpl->assign('header', _('Editar Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW:
$tpl->assign('header', _('Nuevo Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_VIEW:
$tpl->assign('header', _('Ver Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$tpl->assign('isView', true);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT:
$tpl->assign('header', _('Editar Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW:
$tpl->assign('header', _('Nuevo Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_VIEW:
$tpl->assign('header', _('Ver Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$tpl->assign('isView', true);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT:
$tpl->assign('header', _('Editar Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW:
$tpl->assign('header', _('Nueva Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
default :
exit();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW:
$tpl->assign('header', _('Ver Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT:
$tpl->assign('header', _('Editar Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW:
$tpl->assign('header', _('Nuevo Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_VIEW:
$tpl->assign('header', _('Ver Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT:
$tpl->assign('header', _('Editar Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW:
$tpl->assign('header', _('Nuevo Grupo'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getGroup();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_VIEW:
$tpl->assign('header', _('Ver Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT:
$tpl->assign('header', _('Editar Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW:
$tpl->assign('header', _('Nuevo Perfil'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getProfile();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_VIEW:
$tpl->assign('header', _('Ver Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$tpl->assign('isView', true);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT:
$tpl->assign('header', _('Editar Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW:
$tpl->assign('header', _('Nuevo Cliente'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCustomer();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_VIEW:
$tpl->assign('header', _('Ver Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$tpl->assign('isView', true);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT:
$tpl->assign('header', _('Editar Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW:
$tpl->assign('header', _('Nueva Categoría'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_MGM);
$controller = new SP\Controller\AccountsMgmtC($tpl);
$controller->getCategory();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_VIEW:
$tpl->assign('header', _('Ver Autorización'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getToken();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW:
$tpl->assign('header', _('Nueva Autorización'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getToken();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT:
$tpl->assign('header', _('Editar Autorización'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getToken();
break;
default :
exit();
break;
}
$controller->view();

60
ajax/ajax_appMgmtSave.php
View File

@@ -183,8 +183,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW
SP\Common::printJSON(_('Error al eliminar el usuario'));
}
SP\Common::printJSON(_('Acción Inválida'));
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT
|| $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_DELETE
@@ -247,8 +245,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW
SP\Common::printJSON(_('Error al eliminar el grupo'));
}
}
SP\Common::printJSON(_('Acción Inválida'));
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_EDIT
|| $actionId === \SP\Controller\ActionsInterface::ACTION_USR_PROFILES_DELETE
@@ -316,8 +312,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW
SP\Common::printJSON(_('Error al eliminar el perfil'));
}
}
SP\Common::printJSON(_('Acción Inválida'));
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_EDIT
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMERS_DELETE
@@ -362,8 +356,6 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW
SP\Common::printJSON(_('Cliente eliminado'), 0, $doActionOnClose);
}
SP\Common::printJSON(_('Acción Inválida'));
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_EDIT
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CATEGORIES_DELETE
@@ -409,6 +401,58 @@ if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW
SP\Common::printJSON(_('Categoría eliminada'), 0, $doActionOnClose);
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE
) {
// Variables POST del formulario
$frmUserId = SP\Request::analyze('users', 0);
$frmTokenActionId = SP\Request::analyze('actions', 0);
$frmRefreshToken = SP\Request::analyze('refreshtoken', false, false, true);
if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW
|| $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT)
{
if ($frmUserId === 0 || $frmTokenActionId === 0) {
SP\Common::printJSON(_('Usuario o acción no indicado'), 2);
}
$ApiTokens = new \SP\ApiTokens();
$ApiTokens->setUserId($frmUserId);
$ApiTokens->setActionId($frmTokenActionId);
$ApiTokens->setTokenId($itemId);
$ApiTokens->setRefreshToken($frmRefreshToken);
if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_NEW){
try {
$ApiTokens->addToken();
} catch (\SP\SPException $e) {
SP\Common::printJSON($e->getMessage(), 2);
}
SP\Common::printJSON(_('Autorización creada'), 0, $doActionOnClose);
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_EDIT){
try {
$ApiTokens->updateToken();
} catch (\SP\SPException $e) {
SP\Common::printJSON($e->getMessage(), 2);
}
SP\Common::printJSON(_('Autorización actualizada'), 0, $doActionOnClose);
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE){
$ApiTokens = new \SP\ApiTokens();
$ApiTokens->setTokenId($itemId);
try {
$ApiTokens->deleteToken();
} catch (\SP\SPException $e) {
SP\Common::printJSON($e->getMessage(), 2);
}
SP\Common::printJSON(_('Autorización eliminada'), 0, $doActionOnClose);
}
} else {
SP\Common::printJSON(_('Acción Inválida'));
}

1
ajax/ajax_getContent.php
View File

@@ -121,6 +121,7 @@ switch ($actionId) {
$controller->getUsersList();
$controller->getGroupsList();
$controller->getProfilesList();
$controller->getAPITokensList();
break;
case \SP\Controller\ActionsInterface::ACTION_MGM:
$controller = new SP\Controller\AccountsMgmtC($tpl);

68
api.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
/**
* sysPass
*
* @author nuxsmin
* @link http://syspass.org
* @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.or
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
define('APP_ROOT', '.');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
$userLogin = \SP\Request::analyze('u');
$userPass = \SP\Request::analyze('up');
$authToken = \SP\Request::analyze('t');
$actionId = \SP\Request::analyze('a', 0);
if (!$userLogin || !$authToken || !$actionId){
\SP\Common::printJSON(_('Parámetros incorrectos'));
}
try {
switch ($actionId) {
case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW:
$itemId = \SP\Request::analyze('i', 0);
$Api = new \SP\Api($userLogin, $actionId, $authToken);
$out = $Api->getAccountData($itemId);
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW_PASS:
$itemId = \SP\Request::analyze('i', 0);
$Api = new \SP\Api($userLogin, $actionId, $authToken, $userPass);
$out = $Api->getAccountPassword($itemId);
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH:
$search = \SP\Request::analyze('s');
$count = \SP\Request::analyze('c', 10);
$Api = new \SP\Api($userLogin, $actionId, $authToken);
$out = $Api->getAccountSearch($search, $count);
break;
default:
throw new Exception(_('Acción Inválida'));
}
} catch (Exception $e) {
\SP\Common::printJSON($e->getMessage(), 1, $actionId);
}
header('Content-type: application/json');
echo $out;

4
inc/Account.class.php
View File

@@ -294,8 +294,8 @@ class Account extends AccountBase implements AccountInterface
. 'category_name,'
. 'account_login,'
. 'account_url,'
. 'account_pass,'
. 'account_IV,'
// . 'account_pass,'
// . 'account_IV,'
. 'account_notes,'
. 'account_countView,'
. 'account_countDecrypt,'

169
inc/AccountSearch.class.php
View File

@@ -229,7 +229,7 @@ class AccountSearch
$arrFilterUser = array();
$arrQueryWhere = array();
switch ($this->getSortKey()) {
switch ($this->_sortKey) {
case self::SORT_NAME:
$orderKey = 'account_name';
break;
@@ -250,18 +250,18 @@ class AccountSearch
break;
}
if ($this->getTxtSearch()) {
if ($this->_txtSearch) {
// Analizar la cadena de búsqueda por etiquetas especiales
$stringFilters = $this->analyzeQueryString();
if($stringFilters !== false){
if ($stringFilters !== false) {
$i = 0;
foreach($stringFilters as $column => $value){
foreach ($stringFilters as $column => $value) {
$parameter = 'P_' . $column . $i;
$rel = '=';
if (preg_match('/name/i', $column)){
if (preg_match('/name/i', $column)) {
$rel = 'LIKE';
$value = '%' . $value . '%';
}
@@ -277,23 +277,23 @@ class AccountSearch
$arrFilterCommon[] = 'account_url LIKE :url';
$arrFilterCommon[] = 'account_notes LIKE :notes';
$data['name'] = '%' . $this->getTxtSearch() . '%';
$data['login'] = '%' . $this->getTxtSearch() . '%';
$data['url'] = '%' . $this->getTxtSearch() . '%';
$data['notes'] = '%' . $this->getTxtSearch() . '%';
$data['name'] = '%' . $this->_txtSearch . '%';
$data['login'] = '%' . $this->_txtSearch . '%';
$data['url'] = '%' . $this->_txtSearch . '%';
$data['notes'] = '%' . $this->_txtSearch . '%';
}
}
if ($this->getCategoryId() !== 0) {
if ($this->_categoryId !== 0) {
$arrFilterSelect[] = 'category_id = :categoryId';
$data['categoryId'] = $this->getCategoryId();
$data['categoryId'] = $this->_categoryId;
}
if ($this->getCustomerId() !== 0) {
if ($this->_customerId !== 0) {
$arrFilterSelect[] = 'account_customerId = :customerId';
$data['customerId'] = $this->getCustomerId();
$data['customerId'] = $this->_customerId;
}
if (count($arrFilterCommon) > 0) {
@@ -304,7 +304,7 @@ class AccountSearch
$arrQueryWhere[] = '(' . implode(' AND ', $arrFilterSelect) . ')';
}
if (!$isAdmin && !$this->getGlobalSearch()) {
if (!$isAdmin && !$this->_globalSearch) {
$subQueryGroupsA = '(SELECT user_groupId FROM usrData WHERE user_id = :userIduA UNION ALL SELECT usertogroup_groupId FROM usrToGroups WHERE usertogroup_userId = :userIdgA)';
$subQueryGroupsB = '(SELECT user_groupId FROM usrData WHERE user_id = :userIduB UNION ALL SELECT usertogroup_groupId FROM usrToGroups WHERE usertogroup_userId = :userIdgB)';
@@ -329,53 +329,50 @@ class AccountSearch
$arrQueryWhere[] = '(' . implode(' OR ', $arrFilterUser) . ')';
}
$orderDir = ($this->getSortOrder() === 0) ? 'ASC' : 'DESC';
$orderDir = ($this->_sortOrder === 0) ? 'ASC' : 'DESC';
$queryOrder = 'ORDER BY ' . $orderKey . ' ' . $orderDir;
if ($this->getLimitCount() != 99) {
if ($this->_limitCount != 99) {
$queryLimit = 'LIMIT :limitStart,:limitCount';
$data['limitStart'] = $this->getLimitStart();
$data['limitCount'] = $this->getLimitCount();
$data['limitStart'] = $this->_limitStart;
$data['limitCount'] = $this->_limitCount;
}
if (count($arrQueryWhere) === 1) {
$queryWhere = ' WHERE ' . implode($arrQueryWhere) . ' ';
// $query = $querySelect . ' WHERE ' . implode($arrQueryWhere) . ' ' . $queryOrder . ' ' . $queryLimit;
$queryWhere = ' WHERE ' . implode($arrQueryWhere);
} elseif (count($arrQueryWhere) > 1) {
$queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere . ' ');
// $queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere) . ' ' . $queryOrder . ' ' . $queryLimit;
$queryWhere = ' WHERE ' . implode(' AND ', $arrQueryWhere);
} else {
$queryWhere = '';
// $query = $querySelect . ' ' . $queryOrder . ' ' . $queryLimit;
}
$query = 'SELECT DISTINCT '
. 'account_id,'
. 'account_customerId,'
. 'category_name,'
. 'account_name,'
. 'account_login,'
. 'account_url,'
. 'account_notes,'
. 'account_userId,'
. 'account_userGroupId,'
. 'BIN(account_otherUserEdit) AS account_otherUserEdit,'
. 'BIN(account_otherGroupEdit) AS account_otherGroupEdit,'
. 'usergroup_name,'
. 'customer_name,'
. 'count(accfile_id) as num_files '
. 'FROM accounts '
. 'LEFT JOIN accFiles ON account_id = accfile_accountId '
. 'LEFT JOIN categories ON account_categoryId = category_id '
. 'LEFT JOIN usrGroups ug ON account_userGroupId = usergroup_id '
. 'LEFT JOIN customers ON customer_id = account_customerId '
. 'LEFT JOIN accUsers ON accuser_accountId = account_id '
. 'LEFT JOIN accGroups ON accgroup_accountId = account_id '
. $queryWhere
. 'GROUP BY account_id '
. $queryOrder . ' '
. $queryLimit . ' ';
$query = 'SELECT DISTINCT ' .
'account_id,' .
'account_customerId,' .
'category_name,' .
'account_name,' .
'account_login,' .
'account_url,' .
'account_notes,' .
'account_userId,' .
'account_userGroupId,' .
'BIN(account_otherUserEdit) AS account_otherUserEdit,' .
'BIN(account_otherGroupEdit) AS account_otherGroupEdit,' .
'usergroup_name,' .
'customer_name,' .
'count(accfile_id) as num_files ' .
'FROM accounts ' .
'LEFT JOIN accFiles ON account_id = accfile_accountId ' .
'LEFT JOIN categories ON account_categoryId = category_id ' .
'LEFT JOIN usrGroups ug ON account_userGroupId = usergroup_id ' .
'LEFT JOIN customers ON customer_id = account_customerId ' .
'LEFT JOIN accUsers ON accuser_accountId = account_id ' .
'LEFT JOIN accGroups ON accgroup_accountId = account_id ' .
$queryWhere . ' ' .
'GROUP BY account_id ' .
$queryOrder . ' ' .
$queryLimit;
// print_r($query);
// error_log($query);
@@ -404,6 +401,43 @@ class AccountSearch
return $queryRes;
}
/**
* Analizar la cadena de consulta por eqituetas especiales y devolver un array
* con las columnas y los valores a buscar.
*
* @return array|bool
*/
private function analyzeQueryString()
{
preg_match('/:(user|group|file)\s(.*)/i', $this->_txtSearch, $filters);
if (!is_array($filters) || count($filters) === 0) {
return false;
}
switch ($filters[1]) {
case 'user':
return array(
'account_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])),
'accuser_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2]))
);
break;
case 'group':
return array(
'account_userGroupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])),
'accgroup_groupId' => Groups::getGroupIdByName(Html::sanitize($filters[2]))
);
break;
case 'file':
return array(
'accfile_name' => Html::sanitize($filters[2])
);
break;
default:
return false;
}
}
/**
* Obtiene el número de cuentas que un usuario puede ver.
*
@@ -437,41 +471,4 @@ class AccountSearch
return $queryRes->numacc;
}
/**
* Analizar la cadena de consulta por eqituetas especiales y devolver un array
* con las columnas y los valores a buscar.
*
* @return array|bool
*/
private function analyzeQueryString()
{
preg_match('/:(user|group|file)\s(.*)/i', $this->_txtSearch, $filters);
if(count($filters) === 1){
return false;
}
switch ($filters[1]){
case 'user':
return array(
'account_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2])),
'accuser_userId' => UserUtil::getUserIdByLogin(Html::sanitize($filters[2]))
);
break;
case 'group':
return array(
'account_userGroupId' => Groups::getGroupIdByName(Html::sanitize($filters[2])),
'accgroup_groupId' => Groups::getGroupIdByName(Html::sanitize($filters[2]))
);
break;
case 'file':
return array(
'accfile_name' => Html::sanitize($filters[2])
);
break;
default:
return false;
}
}
}

57
inc/Acl.class.php
View File

@@ -105,7 +105,7 @@ class Acl implements Controller\ActionsInterface
return ($curUserIsAdminApp || $curUserProfile->isEvl());
}
Log::writeNewLog(__FUNCTION__, _('Denegado acceso a') . " '" . self::getActionName($action) . "'");
Log::writeNewLog(__FUNCTION__, sprintf('%s \'%s\'', _('Denegado acceso a'), self::getActionName($action)));
return false;
}
@@ -116,32 +116,33 @@ class Acl implements Controller\ActionsInterface
* @param int $action El id de la acción
* @return string
*/
public static function getActionName($action)
public static function getActionName($action, $shortName = false)
{
$actionName = array(
self::ACTION_ACC_SEARCH => 'acc_search',
self::ACTION_ACC_VIEW => 'acc_view',
self::ACTION_ACC_COPY => 'acc_copy',
self::ACTION_ACC_NEW => 'acc_new',
self::ACTION_ACC_EDIT => 'acc_edit',
self::ACTION_ACC_EDIT_PASS => 'acc_editpass',
self::ACTION_ACC_VIEW_HISTORY => 'acc_viewhist',
self::ACTION_ACC_VIEW_PASS => 'acc_viewpass',
self::ACTION_ACC_DELETE => 'acc_delete',
self::ACTION_ACC_FILES => 'acc_files',
self::ACTION_ACC_REQUEST => 'acc_request',
self::ACTION_MGM => 'mgm',
self::ACTION_MGM_CATEGORIES => 'mgm_categories',
self::ACTION_MGM_CUSTOMERS => 'mgm_customers',
self::ACTION_USR => 'usr',
self::ACTION_USR_USERS => 'usr_users',
self::ACTION_USR_GROUPS => 'usr_groups',
self::ACTION_USR_PROFILES => 'usr_profiles',
self::ACTION_CFG => 'cfg',
self::ACTION_CFG_GENERAL => 'cfg_general',
self::ACTION_CFG_ENCRYPTION => 'cfg_encryption',
self::ACTION_CFG_BACKUP => 'cfg_backup',
self::ACTION_CFG_IMPORT => 'cfg_import',
self::ACTION_ACC_SEARCH => array('acc_search', _('Buscar Cuentas')),
self::ACTION_ACC_VIEW => array('acc_view', _('Ver Cuenta')),
self::ACTION_ACC_COPY => array('acc_copy', _('Copiar Cuenta')),
self::ACTION_ACC_NEW => array('acc_new', _('Nueva Cuenta')),
self::ACTION_ACC_EDIT => array('acc_edit', _('Editar Cuenta')),
self::ACTION_ACC_EDIT_PASS => array('acc_editpass', _('Editar Clave de Cuenta')),
self::ACTION_ACC_VIEW_HISTORY => array('acc_viewhist', _('Ver Historial')),
self::ACTION_ACC_VIEW_PASS => array('acc_viewpass', _('Ver Clave')),
self::ACTION_ACC_DELETE => array('acc_delete', _('Eliminar Cuenta')),
self::ACTION_ACC_FILES => array('acc_files', _('Archivos')),
self::ACTION_ACC_REQUEST => array('acc_request', _('Peticiones')),
self::ACTION_MGM => array('mgm', _('Gestión Aplicación')),
self::ACTION_MGM_CATEGORIES => array('mgm_categories', _('Gestión Categorías')),
self::ACTION_MGM_CUSTOMERS => array('mgm_customers', _('Gestión Clientes')),
self::ACTION_USR => array('usr', _('Gestión Usuarios')),
self::ACTION_USR_USERS => array('usr_users', _('Gestión Usuarios')),
self::ACTION_USR_GROUPS => array('usr_groups', _('Gestión Grupos')),
self::ACTION_USR_PROFILES => array('usr_profiles', _('Gestión Perfiles')),
self::ACTION_CFG => array('cfg', _('Configuración')),
self::ACTION_CFG_GENERAL => array('cfg_general', _('Configuración General')),
self::ACTION_CFG_ENCRYPTION => array('cfg_encryption', _('Encriptación')),
self::ACTION_CFG_BACKUP => array('cfg_backup', _('Copia de Seguridad')),
self::ACTION_CFG_EXPORT => array('cfg_export', _('Exportar')),
self::ACTION_CFG_IMPORT => array('cfg_import', _('Importar')),
self::ACTION_EVL => 'evl'
);
@@ -149,7 +150,11 @@ class Acl implements Controller\ActionsInterface
return 'action';
}
return $actionName[$action];
if ($shortName){
return $actionName[$action][0];
}
return $actionName[$action][1];
}
/**

5
inc/ActionsInterface.class.php
View File

@@ -54,6 +54,11 @@ interface ActionsInterface {
const ACTION_MGM_CUSTOMERS_NEW = 621;
const ACTION_MGM_CUSTOMERS_EDIT = 622;
const ACTION_MGM_CUSTOMERS_DELETE = 623;
const ACTION_MGM_APITOKENS = 63;
const ACTION_MGM_APITOKENS_NEW = 630;
const ACTION_MGM_APITOKENS_VIEW = 631;
const ACTION_MGM_APITOKENS_EDIT = 632;
const ACTION_MGM_APITOKENS_DELETE = 633;
const ACTION_USR = 70;
const ACTION_USR_USERS = 71;
const ACTION_USR_USERS_VIEW= 710;

210
inc/Api.class.php Normal file
View File

@@ -0,0 +1,210 @@
<?php
/**
* sysPass
*
* @author nuxsmin
* @link http://syspass.org
* @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.or
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace SP;
use SP\Controller\ActionsInterface;
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
/**
* Class Api para la gestión de peticiones a la API de sysPass
*
* @package SP
*/
class Api
{
/**
* @var int
*/
private $_userId = 0;
/**
* @var int
*/
private $_actionId = 0;
/**
* @var bool
*/
private $_auth = false;
/**
* @var string
*/
private $_mPass = '';
/**
* @param $userLogin string El login del usuario
* @param $actionId int El id de la acción
* @param $authToken string El token de seguridad
* @param null $userPass string La clave del usuario
* @throws SPException
*/
public function __construct($userLogin, $actionId, $authToken, $userPass = null)
{
$this->_userId = UserUtil::getUserIdByLogin($userLogin);
if (!Auth::checkAuthToken($this->_userId, $actionId, $authToken)) {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
$this->_actionId = $actionId;
$this->_auth = true;
if (!is_null($userPass)) {
$User = new User();
$User->setUserId($this->_userId);
$User->setUserLogin($userLogin);
$User->setUserPass($userPass);
if (Auth::authUserMySQL($userLogin, $userPass)
&& !UserUtil::checkUserIsDisabled($userLogin)
&& UserUtil::checkUserMPass($User)
&& UserUtil::checkUserUpdateMPass($userLogin)
&& !$User->isUserChangePass()
) {
$this->_mPass = $User->getUserMPass(true);
} else {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
}
Session::setUserId($this->_userId);
}
/**
* Devolver la clave de una cuenta
*
* @param $accountId
* @return string
*/
public function getAccountPassword($accountId)
{
$this->checkActionAccess(ActionsInterface::ACTION_ACC_VIEW_PASS);
$Account = new Account($accountId);
$Account->getAccountPassData();
$Account->incrementDecryptCounter();
$ret = array(
'accountId' => $accountId,
'pass' => Crypt::getDecrypt($Account->getAccountPass(), $this->_mPass, $Account->getAccountIV())
);
return $this->wrapJSON($ret);
}
/**
* Comprobar el acceso a la acción
*
* @param $action
* @throws SPException
*/
private function checkActionAccess($action)
{
if ($this->_actionId !== $action) {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
}
/**
* Devuelve una respuesta en formato JSON con el estado y el mensaje.
*
* @param string $data Los datos a devolver
* @return bool
* @throws SPException
*/
private function wrapJSON($data)
{
$arrStrFrom = array("\\", '"', "'");
$arrStrTo = array("\\", '\"', "\'");
if (is_array($data) || is_object($data)) {
array_walk($data,
function (&$value) use ($arrStrFrom, $arrStrTo) {
if (is_object($value)) {
foreach ($value as &$attribute) {
str_replace($arrStrFrom, $arrStrTo, $attribute);
}
return $value;
} else {
return str_replace($arrStrFrom, $arrStrTo, $value);
}
}
);
} else {
$data = str_replace($arrStrFrom, $arrStrTo, $data);
}
$json = json_encode(array(
'action' => Acl::getActionName($this->_actionId, true),
'data' => $data,
));
if ($json === false) {
throw new SPException(SPException::SP_CRITICAL, sprintf('%s : %s', _('Error de codificación'), json_last_error_msg()));
}
return $json;
}
/**
* Devolver los resultados de una búsqueda
*
* @param $search
* @return string
*/
public function getAccountSearch($search, $count = 0)
{
$this->checkActionAccess(ActionsInterface::ACTION_ACC_SEARCH);
$Search = new AccountSearch();
$Search->setTxtSearch($search);
if ($count > 0) {
$Search->setLimitCount($count);
}
$ret = $Search->getAccounts();
return $this->wrapJSON($ret);
}
/**
* Devolver la clave de una cuenta
*
* @param $accountId
* @return string
*/
public function getAccountData($accountId)
{
$this->checkActionAccess(ActionsInterface::ACTION_ACC_VIEW);
$Account = new Account($accountId);
$ret = $Account->getAccountData();
$Account->incrementViewCounter();
return $this->wrapJSON($ret);
}
}

330
inc/ApiTokens.class.php Normal file
View File

@@ -0,0 +1,330 @@
<?php
/**
* sysPass
*
* @author nuxsmin
* @link http://syspass.org
* @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace SP;
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
use SP\Controller\ActionsInterface;
class ApiTokens
{
/**
* @var int
*/
private $_tokenId = 0;
/**
* @var int
*/
private $_userId = 0;
/**
* @var int
*/
private $_actionId = 0;
/**
* @var string
*/
private $_token = '';
/**
* @var bool
*/
private $_refreshToken = false;
/**
* Obtener los tokens de la API
*
* @param int $tokenId opcional, con el Id del token a consultar
* @param bool $returnRawData Devolver la consulta tal cual
* @return array|false con la lista de tokens
*/
public static function getTokens($tokenId = null, $returnRawData = false)
{
$query = 'SELECT authtoken_id,' .
'authtoken_userId,' .
'authtoken_actionId, ' .
'authtoken_token, ' .
'user_login ' .
'FROM authTokens ' .
'LEFT JOIN usrData ON user_id = authtoken_userId ';
$data = null;
if (!is_null($tokenId)) {
$query .= "WHERE authtoken_id = :id LIMIT 1";
$data['id'] = $tokenId;
} else {
$query .= "ORDER BY user_login";
}
if (!$returnRawData) {
DB::setReturnArray();
}
$queryRes = DB::getResults($query, __FUNCTION__, $data);
if ($queryRes === false) {
return false;
}
if (!$returnRawData) {
foreach ($queryRes as &$token) {
$token->authtoken_actionId = Acl::getActionName($token->authtoken_actionId);
}
}
return $queryRes;
}
/**
* Devuelver un array de acciones posibles para los tokens
*
* @return array
*/
public static function getTokenActions()
{
$actions = array(
ActionsInterface::ACTION_ACC_SEARCH => Acl::getActionName(ActionsInterface::ACTION_ACC_SEARCH),
ActionsInterface::ACTION_ACC_VIEW => Acl::getActionName(ActionsInterface::ACTION_ACC_VIEW),
ActionsInterface::ACTION_ACC_VIEW_PASS => Acl::getActionName(ActionsInterface::ACTION_ACC_VIEW_PASS),
ActionsInterface::ACTION_ACC_DELETE => Acl::getActionName(ActionsInterface::ACTION_ACC_DELETE),
ActionsInterface::ACTION_CFG_BACKUP => Acl::getActionName(ActionsInterface::ACTION_CFG_BACKUP),
ActionsInterface::ACTION_CFG_EXPORT => Acl::getActionName(ActionsInterface::ACTION_CFG_EXPORT),
);
return $actions;
}
/**
* @param boolean $refreshToken
*/
public function setRefreshToken($refreshToken)
{
$this->_refreshToken = $refreshToken;
}
/**
* @param int $tokenId
*/
public function setTokenId($tokenId)
{
$this->_tokenId = $tokenId;
}
/**
* @param int $userId
*/
public function setUserId($userId)
{
$this->_userId = $userId;
}
/**
* @param int $actionId
*/
public function setActionId($actionId)
{
$this->_actionId = $actionId;
}
/**
* Añadir un nuevo token
*
* @throws SPException
*/
public function addToken()
{
$this->checkTokenExist();
if ($this->_refreshToken) {
$this->refreshToken();
}
$query = 'INSERT INTO authTokens ' .
'SET authtoken_userId = :userid,' .
'authtoken_actionId = :actionid,' .
'authtoken_createdBy = :createdby,' .
'authtoken_token = :token,' .
'authtoken_startDate = UNIX_TIMESTAMP()';
$data['userid'] = $this->_userId;
$data['actionid'] = $this->_actionId;
$data['createdby'] = Session::getUserId();
$data['token'] = ($this->getUserToken()) ? $this->_token : sha1(uniqid() . time());
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
$Log = new Log(_('Nuevo Token'));
$Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId)));
$Log->writeLog();
Email::sendEmail($Log);
}
/**
* Comprobar si el token ya existe
*
* @return bool
* @throws SPException
*/
private function checkTokenExist()
{
$query = 'SELECT authtoken_id FROM authTokens ' .
'WHERE authtoken_userId = :userid ' .
'AND authtoken_actionId = :actionid ' .
'AND authtoken_id <> :id ' .
'LIMIT 1';
$data['id'] = $this->_tokenId;
$data['userid'] = $this->_userId;
$data['actionid'] = $this->_actionId;
try {
DB::getResults($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
if (DB::$lastNumRows === 1) {
throw new SPException(SPException::SP_WARNING, _('La autorización ya existe'));
}
}
/**
* Actualizar un token
*
* @throws SPException
*/
public function updateToken()
{
$this->checkTokenExist();
if ($this->_refreshToken) {
$this->refreshToken();
}
$query = 'UPDATE authTokens ' .
'SET authtoken_userId = :userid,' .
'authtoken_actionId = :actionid,' .
'authtoken_createdBy = :createdby,' .
'authtoken_token = :token,' .
'authtoken_startDate = UNIX_TIMESTAMP() ' .
'WHERE authtoken_id = :id LIMIT 1';
$data['id'] = $this->_tokenId;
$data['userid'] = $this->_userId;
$data['actionid'] = $this->_actionId;
$data['createdby'] = Session::getUserId();
$data['token'] = ($this->getUserToken()) ? $this->_token : sha1(uniqid() . time());
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
$Log = new Log(_('Actualizar Token'));
$Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId)));
$Log->writeLog();
Email::sendEmail($Log);
}
/**
* Obtener el token de la API de un usuario
*
* @return bool
* @throws SPException
*/
private function getUserToken()
{
$query = 'SELECT authtoken_token FROM authTokens WHERE authtoken_userId = :userid LIMIT 1';
$data['userid'] = $this->_userId;
try {
$queryRes = DB::getResults($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
if (DB::$lastNumRows === 0) {
return false;
}
$this->_token = $queryRes->authtoken_token;
return true;
}
/**
* Eliminar token
*
* @throws SPException
*/
public function deleteToken()
{
$query = 'DELETE FROM authTokens WHERE authtoken_id = :id LIMIT 1';
$data['id'] = $this->_tokenId;
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
$Log = new Log(_('Eliminar Token'));
$Log->addDescription(sprintf('%d', $this->_tokenId));
$Log->writeLog();
Email::sendEmail($Log);
}
/**
* Regenerar el hash de los tokens de un usuario
*
* @throws SPException
*/
private function refreshToken()
{
$query = 'UPDATE authTokens SET ' .
'authtoken_token = :token,' .
'authtoken_startDate = UNIX_TIMESTAMP() ' .
'WHERE authtoken_userId = :userid';
$data['userid'] = $this->_userId;
$data['token'] = sha1(uniqid() . time());
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
}
}

30
inc/Auth.class.php
View File

@@ -167,8 +167,9 @@ class Auth
$data['login'] = $userLogin;
$data['pass'] = $userPass;
return (DB::getQuery($query, __FUNCTION__, $data) === true && DB::$lastNumRows === 1);
// return ($db->getFullRowCount($query) === 1);
$ret = (DB::getQuery($query, __FUNCTION__, $data) === true && DB::$lastNumRows === 1);
return $ret;
}
/**
@@ -202,4 +203,29 @@ class Auth
return false;
}
}
/**
* Comprobar el token de seguridad
*
* @param $userId int El id del usuario
* @param $actionId int El id de la accion
* @param $token string El token de seguridad
* @return bool
*/
public static function checkAuthToken($userId, $actionId, $token)
{
$query = 'SELECT authtoken_id FROM authTokens ' .
'WHERE authtoken_userId = :userId ' .
'AND authtoken_actionId = :actionId ' .
'AND authtoken_token = :token ' .
'LIMIT 1';
$data['userId'] = $userId;
$data['actionId'] = $actionId;
$data['token'] = $token;
DB::getQuery($query, __FUNCTION__, $data);
return (DB::$lastNumRows === 1);
}
}

3
inc/Controller.class.php
View File

@@ -25,6 +25,7 @@
namespace SP\Controller;
use SP\Session;
use SP\SPException;
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
@@ -145,7 +146,7 @@ abstract class Controller
$checkAction = $action;
}
if (!\SP\Acl::checkUserAccess($checkAction)) {
if (!Session::getUserIsAdminApp() && !\SP\Acl::checkUserAccess($checkAction)) {
// $this->showError(self::ERR_PAGE_NO_PERMISSION);
return false;
}

2
inc/Init.class.php
View File

@@ -398,7 +398,7 @@ class Init
private static function checkInitSourceInclude()
{
$srcScript = pathinfo($_SERVER["SCRIPT_NAME"], PATHINFO_BASENAME);
$skipInit = array('js.php', 'css.php');
$skipInit = array('js.php', 'css.php', 'api.php');
return (in_array($srcScript, $skipInit));
}

5
inc/LdapADS.class.php
View File

@@ -27,6 +27,11 @@ namespace SP;
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
/**
* Class LdapADS para gestión de LDAP de ADS
*
* @package SP
*/
class LdapADS extends Ldap
{
/**

12
inc/UserUtil.class.php
View File

@@ -149,7 +149,9 @@ class UserUtil
$queryRes = DB::getResults($query, __FUNCTION__, $data);
return ($queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime);
$ret = ($queryRes !== false && $queryRes->user_lastUpdateMPass > $configMPassTime);
return $ret;
}
@@ -291,7 +293,9 @@ class UserUtil
$queryRes = DB::getResults($query, __FUNCTION__, $data);
return ($queryRes !== false && intval($queryRes->user_isDisabled) === 1);
$ret = ($queryRes !== false && intval($queryRes->user_isDisabled) === 1);
return $ret;
}
/**
@@ -530,7 +534,9 @@ class UserUtil
}
// Comprobamos el hash de la clave del usuario con la guardada
return Crypt::checkHashPass($userMPass, $configMPass);
$ret = Crypt::checkHashPass($userMPass, $configMPass);
return $ret;
}
/**

6
inc/themes/material-blue/css/styles.css
View File

@@ -1087,7 +1087,7 @@ a:hover, a:active, a:focus {
}
#fancyContainer #resCheck {
float: left;
display: inline-block;
width: 80%;
height: 4em;
padding: 1em 0;
@@ -1295,7 +1295,7 @@ footer img {
}
.action-in-box {
float: right;
display: inline-block;
height: 4em;
margin: 0.7em 0;
text-align: right;
@@ -1391,6 +1391,8 @@ footer img {
z-index: 8050;
}
.fancybox-inner { overflow: visible !important; }
.passLevel {
width: 20px;
height: 20px;

12
inc/themes/material-blue/js/functions.js
View File

@@ -1296,6 +1296,18 @@ function chosenDetect() {
});
});
$(".sel-chosen-action").each(function(){
var deselect = $(this).hasClass('sel-chosen-deselect');
$(this).chosen({
allow_single_deselect: deselect,
placeholder_text_single: LANG[39],
disable_search_threshold: searchTreshold,
no_results_text: LANG[26],
width: selectWidth
});
});
$(".sel-chosen-ns").chosen({disable_search: true, width: selectWidth});
}

72
inc/themes/material-blue/tokens.inc Normal file
View File

@@ -0,0 +1,72 @@
<div id="fancyContainer" align="center">
<h2 class="midround"><?php echo $header; ?></H2>
<form method="post" name="frmTokens" id="frmTokens" onsubmit="appMgmtSave('frmTokens'); return false;">
<table class="fancydata">
<tbody>
<tr>
<td class="descField"><?php echo _('Usuario'); ?></td>
<td class="valField">
<select id="selUsers" name="users" class="select-box sel-chosen-user" <?php echo $isDisabled; ?>>
<option value="0"></option>
<?php foreach ($users as $id => $name): ?>
<?php $selected = ($id == $token->authtoken_userId) ? 'selected' : ''; ?>
<option value="<?php echo $id; ?>" <?php echo $selected; ?>><?php echo $name; ?></option>
<?php endforeach; ?>
</select>
</td>
</tr>
<tr>
<td class="descField"><?php echo _('Acción'); ?></td>
<td class="valField">
<select id="selActions" name="actions"
class="select-box sel-chosen-action" <?php echo $isDisabled; ?>>
<option value="0"></option>
<?php foreach ($actions as $id => $name): ?>
<?php $selected = ($id == $token->authtoken_actionId) ? 'selected' : ''; ?>
<option value="<?php echo $id; ?>" <?php echo $selected; ?>><?php echo $name; ?></option>
<?php endforeach; ?>
</select>
</td>
</tr>
<?php if (!$isView): ?>
<tr>
<td class="descField"><?php echo _('Opciones'); ?></td>
<td class="valField">
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="refreshtoken"
title="<?php echo _('Regenerar Autorización'); ?>">
<input type="checkbox" id="refreshtoken" class="mdl-switch__input fg-blue100"
name="refreshtoken"/>
<span class="mdl-switch__label"><?php echo _('Regenerar Autorización'); ?></span>
</label>
</td>
</tr>
<?php else: ?>
<tr>
<td class="descField"><?php echo _('Token'); ?></td>
<td class="valField"><?php echo $token->authtoken_token; ?></td>
</tr>
<?php endif; ?>
</tbody>
</table>
<input type="hidden" name="activeTab" value="<?php echo $activeTab ?>"/>
<input type="hidden" name="onCloseAction" value="<?php echo $onCloseAction ?>"/>
<input type="hidden" name="itemId" value="<?php echo $token->authtoken_id; ?>"/>
<input type="hidden" name="actionId" value="<?php echo $actionId; ?>"/>
<input type="hidden" name="sk" value="<?php echo $sk; ?>">
<input type="hidden" name="isAjax" value="1">
</form>
<div id="resCheck"><span id="resFancyAccion"></span></div>
<div class="action-in-box">
<button class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored bg-green80"
form="frmTokens" title="<?php echo _('Guardar'); ?>">
<i class="material-icons">save</i>
</button>
</div>
</div>
<script>
$(function () {
chosenDetect();
});
</script>

73
inc/themes/material-blue/users.inc
View File

@@ -42,7 +42,8 @@
<tr>
<td class="descField"><?php echo _('Perfil'); ?></td>
<td class="valField">
<select id="selProfile" name="profileid" class="select-box sel-chosen-profile" <?php echo $isDisabled; ?> required>
<select id="selProfile" name="profileid"
class="select-box sel-chosen-profile" <?php echo $isDisabled; ?> required>
<option value="0"></option>
<?php foreach ($profiles as $id => $name): ?>
<option
@@ -55,7 +56,8 @@
<tr>
<td class="descField"><?php echo _('Grupo'); ?></td>
<td class="valField">
<select id="selGroup" name="groupid" class="select-box sel-chosen-usergroup" <?php echo $isDisabled; ?> required>
<select id="selGroup" name="groupid"
class="select-box sel-chosen-usergroup" <?php echo $isDisabled; ?> required>
<option value="0"></option>
<?php foreach ($groups as $id => $name): ?>
<option
@@ -87,7 +89,8 @@
<td class="descField"><?php echo _('Clave'); ?></td>
<td class="valField">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="userpass" name="pass" type="password" required class="mdl-textfield__input passwordfield__input fg-blue100"
<input id="userpass" name="pass" type="password" required
class="mdl-textfield__input passwordfield__input fg-blue100"
maxlength="50" OnKeyUp="checkPassLevel(this.value)">
<label class="mdl-textfield__label"
for="userpass"><?php echo _('Clave'); ?></label>
@@ -99,7 +102,8 @@
<td class="descField"><?php echo _('Clave (repetir)'); ?></td>
<td class="valField">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="userpassR" name="passR" type="password" required class="mdl-textfield__input fg-blue100"
<input id="userpassR" name="passR" type="password" required
class="mdl-textfield__input fg-blue100"
maxlength="50">
<label class="mdl-textfield__label"
for="userpassR"><?php echo _('Clave (repetir)'); ?></label>
@@ -112,12 +116,12 @@
<td class="descField"><?php echo _('Notas') ?></td>
<td class="valField">
<?php if (!$isView): ?>
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<textarea class="mdl-textfield__input" rows="3" id="notes" name="notes"
maxlength="1000" <?php echo $user['user_notes']; ?>></textarea>
<label class="mdl-textfield__label"
for="notes"><?php echo _('Notas sobre la cuenta'); ?></label>
</div>
<label class="mdl-textfield__label"
for="notes"><?php echo _('Notas sobre la cuenta'); ?></label>
</div>
<?php else: ?>
<?php echo $user['user_notes']; ?>
<?php endif; ?>
@@ -127,33 +131,35 @@
<tr>
<td class="descField"><?php echo _('Opciones'); ?></td>
<td class="valField checkbox">
<div id="btnUserOptions" class="btn-checks round5">
<?php if (\SP\Session::getUserIsAdminApp() || $isDemo): ?>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="adminapp" title="<?php echo _('Administrador de la aplicación'); ?>">
<input type="checkbox" id="adminapp" class="mdl-switch__input fg-blue100"
name="adminapp" <?php echo $user['checks']['user_isAdminApp'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Admin. Aplicación'); ?></span>
</label>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="adminacc" title="<?php echo _('Administrador de cuentas'); ?>">
<input type="checkbox" id="adminacc" class="mdl-switch__input fg-blue100"
name="adminacc" <?php echo $user['checks']['user_isAdminAcc'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Admin. Cuentas'); ?></span>
</label>
<?php endif; ?>
<br>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="disabled" title="<?php echo _('Deshabilitado'); ?>">
<input type="checkbox" id="disabled" class="mdl-switch__input fg-blue100"
name="disabled" <?php echo $user['checks']['user_isDisabled'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Deshabilitado'); ?></span>
<?php if (\SP\Session::getUserIsAdminApp() || $isDemo): ?>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="adminapp"
title="<?php echo _('Administrador de la aplicación'); ?>">
<input type="checkbox" id="adminapp" class="mdl-switch__input fg-blue100"
name="adminapp" <?php echo $user['checks']['user_isAdminApp'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Admin. Aplicación'); ?></span>
</label>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="changepass" title="<?php echo _('Forzar cambio de clave'); ?>">
<input type="checkbox" id="changepass" class="mdl-switch__input fg-blue100"
name="changepass" <?php echo $user['checks']['user_isChangePass'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Cambio de Clave'); ?></span>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="adminacc"
title="<?php echo _('Administrador de cuentas'); ?>">
<input type="checkbox" id="adminacc" class="mdl-switch__input fg-blue100"
name="adminacc" <?php echo $user['checks']['user_isAdminAcc'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Admin. Cuentas'); ?></span>
</label>
</div>
<?php endif; ?>
<br>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="disabled"
title="<?php echo _('Deshabilitado'); ?>">
<input type="checkbox" id="disabled" class="mdl-switch__input fg-blue100"
name="disabled" <?php echo $user['checks']['user_isDisabled'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Deshabilitado'); ?></span>
</label>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="changepass"
title="<?php echo _('Forzar cambio de clave'); ?>">
<input type="checkbox" id="changepass" class="mdl-switch__input fg-blue100"
name="changepass" <?php echo $user['checks']['user_isChangePass'] . ' ' . $isDisabled; ?>/>
<span class="mdl-switch__label"><?php echo _('Cambio de Clave'); ?></span>
</label>
</td>
</tr>
<?php if ($isView): ?>
@@ -193,7 +199,8 @@
<?php if (!$isView): ?>
<div id="resCheck"><span id="resFancyAccion"></span></div>
<div class="action-in-box">
<button form="frmUsers" class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored bg-green80"
<button form="frmUsers"
class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored bg-green80"
title="<?php echo _('Guardar'); ?>">
<i class="material-icons">save</i>
</button>

1
js/strings.js.php
View File

@@ -63,6 +63,7 @@ $stringsJsLang = array(
36 => _('Incluir Mayúsculas'),
37 => _('Incluir Símbolos'),
38 => _('Longitud'),
39 => _('Seleccionar Acción'),
);

4
web/AccountsMgmtC.class.php
View File

@@ -25,6 +25,8 @@
namespace SP\Controller;
use SP\ApiTokens;
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
/**
@@ -211,7 +213,7 @@ class AccountsMgmtC extends Controller implements ActionsInterface
$this->view->assign('accountId', \SP\Request::analyze('id', 0));
$this->view->assign('deleteEnabled', \SP\Request::analyze('del', 0));
$this->view->assign('files', \SP\Files::getFileList($this->view->accountId, $this->view->deleteEnabled));
$this->view->assign('files', \SP\Files::getFileList($this->view->accountId));
if (!is_array($this->view->files) || count($this->view->files) === 0) {
return;

83
web/UsersMgmtC.class.php
View File

@@ -28,6 +28,7 @@ namespace SP\Controller;
use SP\Common;
use SP\DB;
use SP\Groups;
use SP\Log;
use SP\Profile;
use SP\Session;
use SP\Template;
@@ -362,4 +363,86 @@ class UsersMgmtC extends Controller implements ActionsInterface
// Obtener de nuevo el token de seguridad por si se habñia regenerado antes
$this->view->assign('sk', Common::getSessionKey());
}
/**
* Obtener los datos para la pestaña de tokens de API
*/
public function getAPITokensList()
{
$this->setAction(self::ACTION_MGM_APITOKENS);
if (!$this->checkAccess()) {
return;
}
$tokensTableProp = array(
'tblId' => 'tblTokens',
'header' => '',
'tblHeaders' => array(_('Usuario'), _('Acción')),
'tblRowSrc' => array('user_login', 'authtoken_actionId'),
'tblRowSrcId' => 'authtoken_id',
'onCloseAction' => self::ACTION_USR,
'actions' => array(
'new' => array(
'id' => self::ACTION_MGM_APITOKENS_NEW,
'title' => _('Nueva Autorización'),
'onclick' => 'appMgmtData(this,' . self::ACTION_MGM_APITOKENS_NEW . ',\'' . $this->view->sk . '\')',
'img' => 'imgs/new.png',
'icon' => 'add',
'skip' => true
),
'view' => array(
'id' => self::ACTION_MGM_APITOKENS_VIEW,
'title' => _('Ver token de Autorización'),
'onclick' => 'appMgmtData(this,' . self::ACTION_MGM_APITOKENS_VIEW . ',\'' . $this->view->sk . '\')',
'img' => 'imgs/view.png',
'icon' => 'visibility'
),
'edit' => array(
'id' => self::ACTION_MGM_APITOKENS_EDIT,
'title' => _('Editar Autorización'),
'onclick' => 'appMgmtData(this,' . self::ACTION_MGM_APITOKENS_EDIT . ',\'' . $this->view->sk . '\')',
'img' => 'imgs/edit.png',
'icon' => 'mode_edit'
),
'del' => array(
'id' => self::ACTION_MGM_APITOKENS_DELETE,
'title' => _('Eliminar Autorización'),
'onclick' => 'appMgmtDelete(this,' . self::ACTION_MGM_APITOKENS_DELETE . ',\'' . $this->view->sk . '\')',
'img' => 'imgs/delete.png',
'icon' => 'delete',
'isdelete' => true
)
)
);
$tokensTableProp['cellWidth'] = floor(65 / count($tokensTableProp['tblHeaders']));
$this->view->append(
'tabs', array(
'title' => _('Gestión de Autorizaciones API'),
'query' => \SP\ApiTokens::getTokens(),
'props' => $tokensTableProp,
'time' => round(microtime() - $this->view->queryTimeStart, 5))
);
}
/**
* Obtener los datos para la ficha de tokens de API
*/
public function getToken()
{
$this->view->addTemplate('tokens');
$token = \SP\ApiTokens::getTokens($this->view->itemId, true);
$this->view->assign('users', \SP\DB::getValuesForSelect('usrData', 'user_id', 'user_name'));
$this->view->assign('actions', \SP\ApiTokens::getTokenActions());
$this->view->assign('token', $token);
if (isset($this->view->isView)){
$msg = sprintf('%s ;;Usuario: %s', _('Token de autorización visualizado'), $token->user_login);
Log::writeNewLogAndEmail(_('Autorizaciones'), $msg);
}
}
}