* [DEV] Auth (work in progress)

ajax/ajax_accViewPass.php

@@ -75,7 +75,7 @@ $Acl->setAccountData($Account->getAccountDataForACL());
 
 if (!Acl::checkUserAccess(Acl::ACTION_ACC_VIEW_PASS) || !$Acl->checkAccountAccess()) {
     Response::printJson(_('No tiene permisos para acceder a esta cuenta'));
-} elseif (!UserPass::checkUserUpdateMPass(Session::getUserData()->getUserId())) {
+} elseif (!UserPass::getItem(Session::getUserData())->checkUserUpdateMPass()) {
     Response::printJson(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla'));
 }
 

ajax/ajax_configSave.php

@@ -363,7 +363,7 @@ if ($actionId === ActionsInterface::ACTION_CFG_GENERAL
     $confirmPassChange = Request::analyze('confirmPassChange', 0, false, 1);
     $noAccountPassChange = Request::analyze('chkNoAccountChange', 0, false, 1);
 
-    if (!UserPass::checkUserUpdateMPass(Session::getUserData()->getUserId())) {
+    if (!UserPass::getItem(Session::getUserData())->checkUserUpdateMPass()) {
         $Json->setDescription(_('Clave maestra actualizada'));
         $Json->addMessage(_('Reinicie la sesión para cambiarla'));
         Json::returnJson($Json);

inc/SP/Api/ApiBase.class.php

@@ -102,11 +102,12 @@ abstract class ApiBase
             User::getItem($UserData)->getById($this->userId);
 
             $UserPass = UserPass::getItem($UserData);
+            $Auth = new Auth($UserData);
             
             if (!$UserData->isUserIsDisabled()
-                && Auth::authUserMySQL($UserData)
+                && $Auth->doAuth()
                 && $UserPass->loadUserMPass()
-                && UserPass::checkUserUpdateMPass($UserData->getUserId())
+                && $UserPass->checkUserUpdateMPass()
             ) {
                 $this->mPass = $UserPass->getClearUserMPass();
                 SessionUtil::loadUserSession($UserData);

inc/SP/Auth/Auth.class.php

@@ -125,12 +125,12 @@ class Auth extends PluginAwareBase
 
         $Ldap = Config::getConfig()->isLdapAds() ? new LdapMsAds() : new LdapStd();
 
-        if (!$Ldap->authenticate($this->UserData)) {
-            return false;
-        }
-
         $LdapAuthData = $Ldap->getLdapAuthData();
 
+        if (!$Ldap->authenticate($this->UserData)) {
+            return $LdapAuthData->getAuthenticated() === 1 ? $LdapAuthData : false;
+        }
+
         // Comprobamos si la cuenta está bloqueada o expirada
         if ($LdapAuthData->getExpire() > 0) {
             $LdapAuthData->setStatusCode(701);

inc/SP/Auth/Ldap/LdapBase.class.php

@@ -173,6 +173,8 @@ abstract class LdapBase implements LdapInterface, AuthInterface
             $Log->addDetails('LDAP DN', $dn);
             $Log->writeLog();
 
+            $this->getLdapAuthData()->setAuthenticated(1);
+
             throw new SPException(SPException::SP_ERROR, $Log->getDescription());
         }
 
@@ -642,7 +644,7 @@ abstract class LdapBase implements LdapInterface, AuthInterface
         $error = ldap_error($this->ldapHandler);
         $errno = ldap_errno($this->ldapHandler);
 
-        $this->LdapAuthData->setAuthenticated($error);
+        $this->LdapAuthData->setAuthenticated(0);
         $this->LdapAuthData->setStatusCode($errno);
 
         return sprintf('%s (%d)', $error, $errno);

inc/SP/Controller/AccountController.class.php

@@ -152,7 +152,7 @@ class AccountController extends ControllerBase implements ActionsInterface
         if (!Acl::checkUserAccess($this->getAction())) {
             $this->showError(self::ERR_PAGE_NO_PERMISSION);
             return false;
-        } elseif (!UserPass::checkUserUpdateMPass($this->UserData->getUserId())) {
+        } elseif (!UserPass::getItem($this->UserData)->checkUserUpdateMPass()) {
             $this->showError(self::ERR_UPDATE_MPASS);
             return false;
         } elseif ($this->id > 0) {

inc/SP/Controller/LoginController.class.php

@@ -60,6 +60,12 @@ use SP\Util\Util;
  */
 class LoginController
 {
+    const STATUS_INVALID_LOGIN = 1;
+    const STATUS_INVALID_MASTER_PASS = 2;
+    const STATUS_USER_DISABLED = 3;
+    const STATUS_INTERNAL_ERROR = 4;
+    const STATUS_NEED_OLD_PASS = 5;
+
     /**
      * @var JsonResponse
      */
@@ -108,11 +114,12 @@ class LoginController
             $result = $Auth->doAuth();
 
             if ($result !== false) {
-                foreach ($result as $auth){
+                // Ejecutar la acción asociada al tipo de autentificación
+                foreach ($result as $auth) {
                     $this->{$auth['auth']}($auth['data']);
                 }
             } else {
-                throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'));
+                throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'), '', self::STATUS_INVALID_LOGIN);
             }
 
             $this->getUserData($userPass);
@@ -122,6 +129,8 @@ class LoginController
             $this->loadUserPreferences();
         } catch (SPException $e) {
             $this->jsonResponse->setDescription($e->getMessage());
+            $this->jsonResponse->setStatus($e->getCode());
+
             Json::returnJson($this->jsonResponse);
         }
 
@@ -149,7 +158,7 @@ class LoginController
             $this->Log->addDescription(_('Error al obtener los datos del usuario de la BBDD'));
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_ERROR, _('Error interno'));
+            throw new AuthException(SPException::SP_ERROR, _('Error interno'), '', self::STATUS_INTERNAL_ERROR);
         }
     }
 
@@ -168,7 +177,7 @@ class LoginController
             $this->Log->addDetails(_('Usuario'), $this->UserData->getUserLogin());
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_INFO, _('Usuario deshabilitado'));
+            throw new AuthException(SPException::SP_INFO, _('Usuario deshabilitado'), '', self::STATUS_USER_DISABLED);
         }
 
         return false;
@@ -225,7 +234,7 @@ class LoginController
             $this->Log->addDescription(_('Error al obtener la clave maestra del usuario'));
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_ERROR, _('Error interno'));
+            throw new AuthException(SPException::SP_ERROR, _('Error interno'), '', self::STATUS_INTERNAL_ERROR);
         }
     }
 
@@ -239,17 +248,11 @@ class LoginController
         $this->Log->resetDescription();
 
         $masterPass = Request::analyzeEncrypted('mpass');
+        $oldPass = Request::analyzeEncrypted('oldpass');
 
         $UserPass = UserPass::getItem($this->UserData);
 
-        // Comprobamos que la clave maestra del usuario es correcta y está actualizada
-        if (!$masterPass
-            && (!$UserPass->loadUserMPass() || !UserPass::checkUserUpdateMPass($this->UserData->getUserId()))
-        ) {
-            $this->jsonResponse->setStatus(2);
-
-            throw new AuthException(SPException::SP_INFO, _('La clave maestra no ha sido guardada o es incorrecta'));
-        } elseif ($masterPass) {
+        if ($masterPass) {
             if (CryptMasterPass::checkTempMasterPass($masterPass)) {
                 $masterPass = CryptMasterPass::getTempMasterPass($masterPass);
             }
@@ -258,9 +261,24 @@ class LoginController
                 $this->Log->addDescription(_('Clave maestra incorrecta'));
                 $this->Log->writeLog();
 
-                $this->jsonResponse->setStatus(2);
+                throw new AuthException(SPException::SP_INFO, _('Clave maestra incorrecta'), '', self::STATUS_INVALID_MASTER_PASS);
+            }
+        } else if ($oldPass) {
+            if (!$UserPass->updateMasterPass($oldPass)) {
+                $this->Log->addDescription(_('Clave maestra incorrecta'));
+                $this->Log->writeLog();
 
-                throw new AuthException(SPException::SP_INFO, _('Clave maestra incorrecta'));
+                throw new AuthException(SPException::SP_INFO, _('Clave maestra incorrecta'), '', self::STATUS_INVALID_MASTER_PASS);
+            }
+        } else {
+            $loadMPass = $UserPass->loadUserMPass();
+
+            // Comprobar si es necesario actualizar la clave maestra
+            if ($loadMPass === false) {
+                throw new AuthException(SPException::SP_INFO, _('Es necesaria su clave anterior'), '', self::STATUS_NEED_OLD_PASS);
+            // La clave no está establecida o se ha sido cambiada por el administrador
+            } else if ($loadMPass === null || !$UserPass->checkUserUpdateMPass()) {
+                throw new AuthException(SPException::SP_INFO, _('La clave maestra no ha sido guardada o es incorrecta'), '', self::STATUS_INVALID_MASTER_PASS);
             }
         }
 
@@ -309,17 +327,25 @@ class LoginController
 
             if ($LdapAuthData->getStatusCode() === 49) {
                 $this->Log->addDescription(_('Login incorrecto'));
+                $this->Log->writeLog();
+
+                throw new AuthException(SPException::SP_INFO, $this->Log->getDescription(), '', self::STATUS_INVALID_LOGIN);
             } elseif ($LdapAuthData->getStatusCode() === 701) {
                 $this->Log->addDescription(_('Cuenta expirada'));
+                $this->Log->writeLog();
+
+                throw new AuthException(SPException::SP_INFO, $this->Log->getDescription(), '', self::STATUS_USER_DISABLED);
             } else if ($LdapAuthData->getStatusCode() === 702) {
                 $this->Log->addDescription(_('El usuario no tiene grupos asociados'));
+                $this->Log->writeLog();
+
+                throw new AuthException(SPException::SP_INFO, $this->Log->getDescription(), '', self::STATUS_USER_DISABLED);
             } else {
                 $this->Log->addDescription(_('Error interno'));
+                $this->Log->writeLog();
+
+                throw new AuthException(SPException::SP_INFO, $this->Log->getDescription(), '', self::STATUS_INTERNAL_ERROR);
             }
-
-            $this->Log->writeLog();
-
-            throw new AuthException(SPException::SP_INFO, $this->Log->getDescription());
         }
 
         $this->UserData->setUserName($LdapAuthData->getName());
@@ -342,7 +368,7 @@ class LoginController
             $this->Log->addDescription($e->getMessage());
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_ERROR, _('Error interno'));
+            throw new AuthException(SPException::SP_ERROR, _('Error interno'), '', self::STATUS_INTERNAL_ERROR);
         }
 
         return true;
@@ -365,7 +391,7 @@ class LoginController
             $this->Log->addDetails(_('Usuario'), $this->UserData->getUserLogin());
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'));
+            throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'), '', self::STATUS_INVALID_LOGIN);
         }
 
         $this->Log->addDetails(_('Tipo'), __FUNCTION__);
@@ -388,10 +414,10 @@ class LoginController
             $this->Log->addDescription(_('Login incorrecto'));
             $this->Log->addDetails(_('Tipo'), __FUNCTION__);
             $this->Log->addDetails(_('Usuario'), $this->UserData->getUserLogin());
-            $this->Log->addDetails(_('Autentificación'), sprintf('%s (%s)', AuthUtil::getServerAuthType(), AuthUtil::getServerAuthUser()));
+            $this->Log->addDetails(_('Autentificación'), sprintf('%s (%s)', AuthUtil::getServerAuthType(), $AuthData->getName()));
             $this->Log->writeLog();
 
-            throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'));
+            throw new AuthException(SPException::SP_INFO, _('Usuario/Clave incorrectos'), '', self::STATUS_INVALID_LOGIN);
         }
 
         return true;

inc/SP/Core/Plugin/PluginAwareBase.class.php

@@ -36,6 +36,10 @@ use SplSubject;
  */
 abstract class PluginAwareBase implements SplSubject
 {
+    /**
+     * @var string
+     */
+    protected $state;
     /**
      * @var SplObserver[]
      */
@@ -93,4 +97,15 @@ abstract class PluginAwareBase implements SplSubject
             $observer->update($this);
         }
     }
+
+    /**
+     * Notificar un estado
+     *
+     * @param $state
+     */
+    protected function notifyState($state)
+    {
+        $this->state = $state;
+        $this->notify();
+    }
 }

inc/SP/Mgmt/Users/UserPass.class.php

@@ -62,34 +62,6 @@ class UserPass extends UserBase
         parent::__construct($itemData);
     }
 
-    /**
-     * Comprobar si el usuario tiene actualizada la clave maestra actual.
-     *
-     * @param string $userId El id del usuario
-     * @return bool
-     */
-    public static function checkUserUpdateMPass($userId)
-    {
-        $configMPassTime = ConfigDB::getValue('lastupdatempass');
-
-        if ($configMPassTime === false) {
-            return false;
-        }
-
-        $query = /** @lang SQL */
-            'SELECT user_lastUpdateMPass FROM usrData WHERE user_id = ? LIMIT 1';
-
-        $Data = new QueryData();
-        $Data->setMapClassName('SP\DataModel\UserPassData');
-        $Data->setQuery($query);
-        $Data->addParam($userId);
-
-        /** @var UserPassData $queryRes */
-        $queryRes = DB::getResults($Data);
-
-        return ($queryRes !== false && $queryRes->getUserLastUpdateMPass() > $configMPassTime);
-    }
-
     /**
      * Obtener el IV del usuario a partir del Id.
      *
@@ -114,6 +86,33 @@ class UserPass extends UserBase
         return $queryRes->user_mIV;
     }
 
+    /**
+     * Comprobar si el usuario tiene actualizada la clave maestra actual.
+     *
+     * @return bool
+     */
+    public function checkUserUpdateMPass()
+    {
+        $configMPassTime = ConfigDB::getValue('lastupdatempass');
+
+        if ($configMPassTime === false) {
+            return false;
+        }
+
+        $query = /** @lang SQL */
+            'SELECT user_lastUpdateMPass FROM usrData WHERE user_id = ? LIMIT 1';
+
+        $Data = new QueryData();
+        $Data->setMapClassName('SP\DataModel\UserPassData');
+        $Data->setQuery($query);
+        $Data->addParam($this->itemData->getUserId());
+
+        /** @var UserPassData $queryRes */
+        $queryRes = DB::getResults($Data);
+
+        return ($queryRes !== false && $queryRes->getUserLastUpdateMPass() > $configMPassTime);
+    }
+
     /**
      * Modificar la clave de un usuario.
      *
@@ -137,8 +136,8 @@ class UserPass extends UserBase
 
         $Data = new QueryData();
         $Data->setQuery($query);
-        $Data->addParam($passdata['pass'], 'pass');
-        $Data->addParam($passdata['salt'], 'hashSalt');
+        $Data->addParam($passdata['pass']);
+        $Data->addParam($passdata['salt']);
         $Data->addParam($userId);
 
         if (DB::getQuery($Data) === false) {
@@ -182,6 +181,8 @@ class UserPass extends UserBase
             || null === $configHashMPass
         ) {
             return false;
+        } elseif ($userMPass === null) {
+            return null;
         }
 
         // Comprobamos el hash de la clave del usuario con la guardada
@@ -196,9 +197,10 @@ class UserPass extends UserBase
     /**
      * Desencriptar la clave maestra del usuario para la sesión.
      *
+     * @param string $cypher Clave de cifrado
      * @return false|string Devuelve bool se hay error o string si se devuelve la clave
      */
-    public function getUserMPass()
+    public function getUserMPass($cypher = null)
     {
         $query = /** @lang SQL */
             'SELECT user_mPass, user_mIV FROM usrData WHERE user_id = ? LIMIT 1';
@@ -207,25 +209,30 @@ class UserPass extends UserBase
         $Data->setQuery($query);
         $Data->addParam($this->itemData->getUserId());
 
-        /** @var UserPassData $queryRes */
         $queryRes = DB::getResults($Data);
 
         if ($queryRes === false) {
             return false;
+        } elseif ($queryRes->user_mPass === null
+            || $queryRes->user_mIV === null
+        ) {
+            return null;
         }
 
-        return Crypt::getDecrypt($queryRes->user_mPass, $queryRes->user_mIV, $this->getCypherPass());
-//      return ($showPass === true) ? $clearMasterPass : SessionUtil::saveSessionMPass($clearMasterPass);
+        return Crypt::getDecrypt($queryRes->user_mPass, $queryRes->user_mIV, $this->getCypherPass($cypher));
     }
 
     /**
      * Obtener una clave de cifrado basada en la clave del usuario y un salt.
      *
+     * @param string $cypher Clave de cifrado
      * @return string con la clave de cifrado
      */
-    private function getCypherPass()
+    private function getCypherPass($cypher = null)
     {
-        return Crypt::generateAesKey($this->itemData->getUserPass() . $this->itemData->getUserLogin());
+        $pass = $cypher === null ? $this->itemData->getUserPass() : $cypher;
+
+        return Crypt::generateAesKey($pass . $this->itemData->getUserLogin());
     }
 
     /**
@@ -278,4 +285,21 @@ class UserPass extends UserBase
     {
         return $this->clearUserMPass;
     }
+
+    /**
+     * Actualizar la clave maestra con la clave anterior del usuario
+     *
+     * @param $oldUserPass
+     * @return bool
+     */
+    public function updateMasterPass($oldUserPass)
+    {
+        $masterPass = $this->getUserMPass($oldUserPass);
+
+        if ($masterPass) {
+            return $this->updateUserMPass($masterPass);
+        }
+
+        return false;
+    }
 }

inc/themes/material-blue/js/app-theme.js

@@ -37,9 +37,6 @@ sysPass.Theme = function (Common) {
 
             // Actualizar componentes de MDL cargados con AJAX
             componentHandler.upgradeDom();
-
-            // Activar tooltips
-            //activeTooltip();
         }
     };
 

inc/themes/material-blue/js/app-theme.min.js

@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(a,f,d){a instanceof String&&(a=String(a));for(var g=a.length,h=0;h<g;h++){var m=a[h];if(f.call(d,m,h,a))return{i:h,v:m}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,d){if(d.get||d.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=d.value)};
-$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,d,g){if(f){d=$jscomp.global;a=a.split(".");for(g=0;g<a.length-1;g++){var h=a[g];h in d||(d[h]={});d=d[h]}a=a[a.length-1];g=d[a];f=f(g);f!=g&&null!=f&&$jscomp.defineProperty(d,a,{configurable:!0,writable:!0,value:f})}};
+$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,f,d,g){if(f){d=$jscomp.global;a=a.split(".");for(g=0;g<a.length-1;g++){var h=a[g];h in d||(d[h]={});d=d[h]}a=a[a.length-1];g=d[a];f=f(g);f!=g&&null!=f&&$jscomp.defineProperty(d,a,{configurable:!0,writable:!0,value:f})}};
 $jscomp.polyfill("Array.prototype.find",function(a){return a?a:function(a,d){return $jscomp.findInternal(this,a,d).v}},"es6-impl","es3");
 sysPass.Theme=function(a){var f=a.log,d=function(a){"undefined"===typeof a&&(a=$("body"));a.find(".active-tooltip").tooltip({content:function(){return $(this).attr("title")},tooltipClass:"tooltip"})},g=function(b){for(var l=0,e="",c;l<a.passwordData.complexity.numlength;){c=Math.floor(100*Math.random())%94+33;if(!a.passwordData.complexity.symbols){if(33<=c&&47>=c)continue;if(58<=c&&64>=c)continue;if(91<=c&&96>=c)continue;if(123<=c&&126>=c)continue}!a.passwordData.complexity.numbers&&48<=c&&57>=c||
 !a.passwordData.complexity.uppercase&&65<=c&&90>=c||(l++,e+=String.fromCharCode(c))}$("#viewPass").attr("title",e);var k=zxcvbn(e);a.passwordData.passLength=e.length;b?(l=b.parent(),c=$("#"+b.attr("id")+"R"),a.outputResult(k,b),b=new MaterialTextfield,l.find("input:password").val(e),l.addClass(b.CssClasses_.IS_DIRTY).removeClass(b.CssClasses_.IS_INVALID),c.val(e).parent().addClass(b.CssClasses_.IS_DIRTY).removeClass(b.CssClasses_.IS_INVALID),a.encryptFormValue(c),l.find("#passLevel").show(500)):(a.outputResult(k),

inc/themes/material-blue/js/mdl-jquery-modal-dialog.min.js

@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(a,c,b){a instanceof String&&(a=String(a));for(var e=a.length,d=0;d<e;d++){var f=a[d];if(c.call(b,f,d,a))return{i:d,v:f}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,c,b){if(b.get||b.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[c]=b.value)};
-$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,c,b,e){if(c){b=$jscomp.global;a=a.split(".");for(e=0;e<a.length-1;e++){var d=a[e];d in b||(b[d]={});b=b[d]}a=a[a.length-1];e=b[a];c=c(e);c!=e&&null!=c&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:c})}};
+$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(a,c,b,e){if(c){b=$jscomp.global;a=a.split(".");for(e=0;e<a.length-1;e++){var d=a[e];d in b||(b[d]={});b=b[d]}a=a[a.length-1];e=b[a];c=c(e);c!=e&&null!=c&&$jscomp.defineProperty(b,a,{configurable:!0,writable:!0,value:c})}};
 $jscomp.polyfill("Array.prototype.find",function(a){return a?a:function(a,b){return $jscomp.findInternal(this,a,b).v}},"es6-impl","es3");function showLoading(){$(".loading-container").remove();$('<div id="orrsLoader" class="loading-container"><div><div class="mdl-spinner mdl-js-spinner is-active"></div></div></div>').appendTo("body");componentHandler.upgradeElements($(".mdl-spinner").get());setTimeout(function(){$("#orrsLoader").css({opacity:1})},1)}
 function hideLoading(){$("#orrsLoader").css({opacity:0});setTimeout(function(){$("#orrsLoader").remove()},400)}
 function showDialog(a){a=$.extend({id:"orrsDiag",title:null,text:null,neutral:!1,negative:!1,positive:!1,cancelable:!0,contentStyle:null,onLoaded:!1,hideOther:!0},a);a.hideOther&&($(".dialog-container").remove(),$(document).unbind("keyup.dialog"));$('<div id="'+a.id+'" class="dialog-container"><div class="mdl-card mdl-shadow--16dp" id="'+a.id+'_content"></div></div>').appendTo("body");var c=$("#"+a.id),b=c.find(".mdl-card");null!=a.contentStyle&&b.css(a.contentStyle);null!=a.title&&$("<header>"+a.title+

inc/themes/material-blue/views/main/login.inc

@@ -63,6 +63,17 @@
                             </div>
                         </div>
 
+                        <div id="soldpass" style="display: none">
+                            <i class="material-icons">vpn_key</i>
+                            <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
+                                <input id="oldpass" name="oldpass" type="password"
+                                       class="mdl-textfield__input mdl-color-text--indigo-400"
+                                       maxlength="80" autocomplete="off">
+                                <label class="mdl-textfield__label"
+                                       for="oldpass"><?php echo _('Clave Anterior'); ?></label>
+                            </div>
+                        </div>
+
                         <div id="smpass" style="display: none">
                             <i class="material-icons">vpn_key</i>
                             <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">

js/app-actions.js

@@ -294,6 +294,15 @@ sysPass.Actions = function (Common) {
                         $("#mpass").prop("disabled", false).val("");
                         $("#smpass").show();
                         break;
+                    case 5:
+                        Common.msg.out(json);
+
+                        $obj.find("input[type='text'],input[type='password']").val("");
+                        $obj.find("input:first").focus();
+
+                        $("#oldpass").prop("disabled", false).val("");
+                        $("#soldpass").show();
+                        break;
                     default:
                         Common.msg.out(json);
 

js/app-actions.min.js

@@ -1,17 +1,17 @@
 var $jscomp={scope:{},findInternal:function(c,d,h){c instanceof String&&(c=String(c));for(var e=c.length,f=0;f<e;f++){var m=c[f];if(d.call(h,m,f,c))return{i:f,v:m}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(c,d,h){if(h.get||h.set)throw new TypeError("ES3 does not support getters and setters.");c!=Array.prototype&&c!=Object.prototype&&(c[d]=h.value)};
-$jscomp.getGlobal=function(c){return"undefined"!=typeof window&&window===c?c:"undefined"!=typeof global?global:c};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(c,d,h,e){if(d){h=$jscomp.global;c=c.split(".");for(e=0;e<c.length-1;e++){var f=c[e];f in h||(h[f]={});h=h[f]}c=c[c.length-1];e=h[c];d=d(e);d!=e&&null!=d&&$jscomp.defineProperty(h,c,{configurable:!0,writable:!0,value:d})}};
+$jscomp.getGlobal=function(c){return"undefined"!=typeof window&&window===c?c:"undefined"!=typeof global&&null!=global?global:c};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(c,d,h,e){if(d){h=$jscomp.global;c=c.split(".");for(e=0;e<c.length-1;e++){var f=c[e];f in h||(h[f]={});h=h[f]}c=c[c.length-1];e=h[c];d=d(e);d!=e&&null!=d&&$jscomp.defineProperty(h,c,{configurable:!0,writable:!0,value:d})}};
 $jscomp.polyfill("Array.prototype.find",function(c){return c?c:function(c,h){return $jscomp.findInternal(this,c,h).v}},"es6-impl","es3");
 sysPass.Actions=function(c){var d=c.log,h,e={doAction:"/ajax/ajax_getContent.php",updateItems:"/ajax/ajax_getItems.php",user:{savePreferences:"/ajax/ajax_userPrefsSave.php",password:"/ajax/ajax_usrpass.php",passreset:"/ajax/ajax_passReset.php"},main:{login:"/ajax/ajax_doLogin.php",install:"/ajax/ajax_install.php",twofa:"/ajax/ajax_2fa.php",getUpdates:"/ajax/ajax_checkUpds.php"},checks:"/ajax/ajax_checkConnection.php",config:{save:"/ajax/ajax_configSave.php","export":"/ajax/ajax_export.php","import":"/ajax/ajax_import.php"},
 file:"/ajax/ajax_filesMgmt.php",link:"/ajax/ajax_itemSave.php",account:{save:"/ajax/ajax_itemSave.php",showPass:"/ajax/ajax_accViewPass.php",saveFavorite:"/ajax/ajax_itemSave.php",request:"/ajax/ajax_sendRequest.php",getFiles:"/ajax/ajax_accGetFiles.php",search:"/ajax/ajax_accSearch.php"},appMgmt:{show:"/ajax/ajax_itemShow.php",save:"/ajax/ajax_itemSave.php",search:"/ajax/ajax_itemSearch.php"},eventlog:"/ajax/ajax_eventlog.php",wiki:{show:"/ajax/ajax_wiki.php"}},f=function(a){a={actionId:a.actionId,
 itemId:"undefined"!==typeof a.itemId?a.itemId:0,isAjax:1};var b=c.appRequests().getRequestOpts();b.url=e.doAction;b.type="html";b.addHistory=!0;b.data=a;c.appRequests().getActionCall(b,function(c){$("#content").empty().html(c)})},m=function(a){d.info("updateItems");var b=$("#"+a.data("item-dst"))[0].selectize;b.clearOptions();b.load(function(b){var g=c.appRequests().getRequestOpts();g.url=e.updateItems;g.method="get";g.data={sk:c.sk.get(),itemType:a.data("item-type")};c.appRequests().getActionCall(g,
 function(c){b(c.items)})})},q=function(a,b){$.magnificPopup.open({items:{src:b,type:"inline"},callbacks:{open:function(){c.appTriggers().views.common("#fancyContainer")},close:function(){a.data("item-dst")&&m(a)}},showCloseBtn:!1})},r=function(a,b){var g=$('<div id="fancyContainer" class="image">'+b+"</div>"),d=g.find("img");d.hide();$.magnificPopup.open({items:{src:g,type:"inline"},callbacks:{open:function(){var a=this;d.on("click",function(){a.close()});setTimeout(function(){var a=c.resizeImage(d);
 g.css({backgroundColor:"#fff",width:a.width,height:"auto"});d.show("slow")},500)}}})},p={logout:function(){var a=window.location.search;c.redirect(0<a.length?"index.php"+a+"&logout=1":"index.php?logout=1")},login:function(a){d.info("main:login");var b=c.appRequests().getRequestOpts();b.url=e.main.login;b.data=a.serialize();c.appRequests().getActionCall(b,function(b){switch(b.status){case 0:c.redirect(b.data.url);break;case 2:c.msg.out(b);a.find("input[type='text'],input[type='password']").val("");
-a.find("input:first").focus();$("#mpass").prop("disabled",!1).val("");$("#smpass").show();break;default:c.msg.out(b),a.find("input[type='text'],input[type='password']").val(""),a.find("input:first").focus()}})},install:function(a){d.info("main:install");var b=c.appRequests().getRequestOpts();b.url=e.main.install;b.data=a.serialize();c.appRequests().getActionCall(b,function(a){c.msg.out(a);0==a.status&&setTimeout(function(){c.redirect("index.php")},1E3)})},twofa:function(a){d.info("main:twofa");var b=
-c.appRequests().getRequestOpts();b.url=e.main.twofa;b.data=a.serialize();c.appRequests().getActionCall(b,function(a){c.msg.out(a);0==a.status&&setTimeout(function(){c.redirect("index.php")},1E3)})},getUpdates:function(a){d.info("main:getUpdates");a=c.appRequests().getRequestOpts();a.url=e.main.getUpdates;a.type="html";a.method="get";a.timeout=1E4;a.useLoading=!1;a.data={isAjax:1};c.appRequests().getActionCall(a,function(a){$("#updates").html(a);"undefined"!==typeof componentHandler&&componentHandler.upgradeDom()},
-function(){$("#updates").html("!")})}},l={show:function(a){d.info("account:show");f({actionId:a.data("action-id"),itemId:a.data("item-id")})},showHistory:function(a){d.info("account:showHistory");f({actionId:a.data("action-id"),itemId:a.val()})},edit:function(a){d.info("account:edit");f({actionId:a.data("action-id"),itemId:a.data("item-id")})},"delete":function(a){d.info("account:delete");var b='<div id="alert"><p id="alert-text">'+c.config().LANG[3]+"</p></div>";showDialog({text:b,negative:{title:c.config().LANG[44],
-onClick:function(a){a.preventDefault();c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b=c.appRequests().getRequestOpts();b.url=e.account.save;b.data={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get()};c.appRequests().getActionCall(b,function(a){c.msg.out(a);l.search()})}}})},showpass:function(a){d.info("account:showpass");var b=c.appRequests().getRequestOpts();b.url=e.account.showPass;b.data={itemId:a.data("item-id"),isHistory:a.data("history"),
-isFull:a.data("full"),isAjax:1};c.appRequests().getActionCall(b,function(a){if(10===a.status)p.logout();else{var b;$("<div></div>").dialog({modal:!0,title:c.config().LANG[47],width:"auto",open:function(){b=$(this);var g,d="";g='<button class="dialog-clip-user-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary" data-clipboard-target=".dialog-user-text"><span class="ui-button-icon-primary ui-icon ui-icon-clipboard"></span><span class="ui-button-text">'+c.config().LANG[33]+
-"</span></button>";var e='<button class="dialog-clip-pass-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary" data-clipboard-target=".dialog-pass-text"><span class="ui-button-icon-primary ui-icon ui-icon-clipboard"></span><span class="ui-button-text">'+c.config().LANG[34]+"</span></button>",d=a.useimage,k='<p class="dialog-user-text">'+a.acclogin+"</p>";0===a.status?(0===d?d='<p class="dialog-pass-text">'+a.accpass+"</p>":(d='<img class="dialog-pass-text" src="data:image/png;base64,'+
+a.find("input:first").focus();$("#mpass").prop("disabled",!1).val("");$("#smpass").show();break;case 5:c.msg.out(b);a.find("input[type='text'],input[type='password']").val("");a.find("input:first").focus();$("#oldpass").prop("disabled",!1).val("");$("#soldpass").show();break;default:c.msg.out(b),a.find("input[type='text'],input[type='password']").val(""),a.find("input:first").focus()}})},install:function(a){d.info("main:install");var b=c.appRequests().getRequestOpts();b.url=e.main.install;b.data=
+a.serialize();c.appRequests().getActionCall(b,function(a){c.msg.out(a);0==a.status&&setTimeout(function(){c.redirect("index.php")},1E3)})},twofa:function(a){d.info("main:twofa");var b=c.appRequests().getRequestOpts();b.url=e.main.twofa;b.data=a.serialize();c.appRequests().getActionCall(b,function(a){c.msg.out(a);0==a.status&&setTimeout(function(){c.redirect("index.php")},1E3)})},getUpdates:function(a){d.info("main:getUpdates");a=c.appRequests().getRequestOpts();a.url=e.main.getUpdates;a.type="html";
+a.method="get";a.timeout=1E4;a.useLoading=!1;a.data={isAjax:1};c.appRequests().getActionCall(a,function(a){$("#updates").html(a);"undefined"!==typeof componentHandler&&componentHandler.upgradeDom()},function(){$("#updates").html("!")})}},l={show:function(a){d.info("account:show");f({actionId:a.data("action-id"),itemId:a.data("item-id")})},showHistory:function(a){d.info("account:showHistory");f({actionId:a.data("action-id"),itemId:a.val()})},edit:function(a){d.info("account:edit");f({actionId:a.data("action-id"),
+itemId:a.data("item-id")})},"delete":function(a){d.info("account:delete");var b='<div id="alert"><p id="alert-text">'+c.config().LANG[3]+"</p></div>";showDialog({text:b,negative:{title:c.config().LANG[44],onClick:function(a){a.preventDefault();c.msg.error(c.config().LANG[44])}},positive:{title:c.config().LANG[43],onClick:function(b){b=c.appRequests().getRequestOpts();b.url=e.account.save;b.data={itemId:a.data("item-id"),actionId:a.data("action-id"),sk:c.sk.get()};c.appRequests().getActionCall(b,function(a){c.msg.out(a);
+l.search()})}}})},showpass:function(a){d.info("account:showpass");var b=c.appRequests().getRequestOpts();b.url=e.account.showPass;b.data={itemId:a.data("item-id"),isHistory:a.data("history"),isFull:a.data("full"),isAjax:1};c.appRequests().getActionCall(b,function(a){if(10===a.status)p.logout();else{var b;$("<div></div>").dialog({modal:!0,title:c.config().LANG[47],width:"auto",open:function(){b=$(this);var g,d="";g='<button class="dialog-clip-user-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary" data-clipboard-target=".dialog-user-text"><span class="ui-button-icon-primary ui-icon ui-icon-clipboard"></span><span class="ui-button-text">'+
+c.config().LANG[33]+"</span></button>";var e='<button class="dialog-clip-pass-button ui-button ui-widget ui-state-default ui-corner-all ui-button-text-icon-primary" data-clipboard-target=".dialog-pass-text"><span class="ui-button-icon-primary ui-icon ui-icon-clipboard"></span><span class="ui-button-text">'+c.config().LANG[34]+"</span></button>",d=a.useimage,k='<p class="dialog-user-text">'+a.acclogin+"</p>";0===a.status?(0===d?d='<p class="dialog-pass-text">'+a.accpass+"</p>":(d='<img class="dialog-pass-text" src="data:image/png;base64,'+
 a.accpass+'" />',e=""),g=k+d+'<div class="dialog-buttons">'+g+e+"</div>"):(g='<span class="altTxtRed">'+a.description+"</span>",b.dialog("option","buttons",[{text:"Ok",icons:{primary:"ui-icon-close"},click:function(){b.dialog("close")}}]));b.html(g);b.dialog("option","position","center");b.parent().on("mouseleave",function(){clearTimeout(h);h=setTimeout(function(){b.dialog("close")},3E4)})},close:function(){clearTimeout(h);b.dialog("destroy")}})}})},copypass:function(a){d.info("account:copypass");
 var b=c.appRequests().getRequestOpts();b.url=e.account.showPass;b.async=!1;b.data={itemId:a.data("item-id"),isHistory:a.data("history"),isAjax:1};return c.appRequests().getActionCall(b)},copy:function(a){d.info("account:copy");f({actionId:a.data("action-id"),itemId:a.data("item-id")})},savefavorite:function(a,b){d.info("account:saveFavorite");var g="on"===a.data("status"),k={actionId:g?a.data("action-id-off"):a.data("action-id-on"),itemId:a.data("item-id"),sk:c.sk.get(),isAjax:1},f=c.appRequests().getRequestOpts();
 f.url=e.account.saveFavorite;f.data=k;c.appRequests().getActionCall(f,function(d){c.msg.out(d);0===d.status&&(a.data("status",g?"off":"on"),"function"===typeof b&&b())})},request:function(a){d.info("account:request");var b=c.appRequests().getRequestOpts();b.url=e.account.request;b.data=a.serialize();c.appRequests().getActionCall(b,function(a){c.msg.out(a)})},menu:function(a){a.hide();a.parent().children(".actions-optional").show(250)},sort:function(a){d.info("account:sort");var c=$("#frmSearch");

js/app-main.min.js

@@ -1,4 +1,4 @@
-var $jscomp={scope:{}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,e){if(e.get||e.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=e.value)};$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.SYMBOL_PREFIX="jscomp_symbol_";
+var $jscomp={scope:{}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(a,f,e){if(e.get||e.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype&&a!=Object.prototype&&(a[f]=e.value)};$jscomp.getGlobal=function(a){return"undefined"!=typeof window&&window===a?a:"undefined"!=typeof global&&null!=global?global:a};$jscomp.global=$jscomp.getGlobal(this);$jscomp.SYMBOL_PREFIX="jscomp_symbol_";
 $jscomp.initSymbol=function(){$jscomp.initSymbol=function(){};$jscomp.global.Symbol||($jscomp.global.Symbol=$jscomp.Symbol)};$jscomp.symbolCounter_=0;$jscomp.Symbol=function(a){return $jscomp.SYMBOL_PREFIX+(a||"")+$jscomp.symbolCounter_++};
 $jscomp.initSymbolIterator=function(){$jscomp.initSymbol();var a=$jscomp.global.Symbol.iterator;a||(a=$jscomp.global.Symbol.iterator=$jscomp.global.Symbol("iterator"));"function"!=typeof Array.prototype[a]&&$jscomp.defineProperty(Array.prototype,a,{configurable:!0,writable:!0,value:function(){return $jscomp.arrayIterator(this)}});$jscomp.initSymbolIterator=function(){}};$jscomp.arrayIterator=function(a){var f=0;return $jscomp.iteratorPrototype(function(){return f<a.length?{done:!1,value:a[f++]}:{done:!0}})};
 $jscomp.iteratorPrototype=function(a){$jscomp.initSymbolIterator();a={next:a};a[$jscomp.global.Symbol.iterator]=function(){return this};return a};$jscomp.array=$jscomp.array||{};$jscomp.iteratorFromArray=function(a,f){$jscomp.initSymbolIterator();a instanceof String&&(a+="");var e=0,c={next:function(){if(e<a.length){var g=e++;return{value:f(g,a[g]),done:!1}}c.next=function(){return{done:!0,value:void 0}};return c.next()}};c[Symbol.iterator]=function(){return c};return c};

js/app-triggers.min.js

@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(b,c,e){b instanceof String&&(b=String(b));for(var f=b.length,a=0;a<f;a++){var d=b[a];if(c.call(e,d,a,b))return{i:a,v:d}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(b,c,e){if(e.get||e.set)throw new TypeError("ES3 does not support getters and setters.");b!=Array.prototype&&b!=Object.prototype&&(b[c]=e.value)};
-$jscomp.getGlobal=function(b){return"undefined"!=typeof window&&window===b?b:"undefined"!=typeof global?global:b};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(b,c,e,f){if(c){e=$jscomp.global;b=b.split(".");for(f=0;f<b.length-1;f++){var a=b[f];a in e||(e[a]={});e=e[a]}b=b[b.length-1];f=e[b];c=c(f);c!=f&&null!=c&&$jscomp.defineProperty(e,b,{configurable:!0,writable:!0,value:c})}};
+$jscomp.getGlobal=function(b){return"undefined"!=typeof window&&window===b?b:"undefined"!=typeof global&&null!=global?global:b};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(b,c,e,f){if(c){e=$jscomp.global;b=b.split(".");for(f=0;f<b.length-1;f++){var a=b[f];a in e||(e[a]={});e=e[a]}b=b[b.length-1];f=e[b];c=c(f);c!=f&&null!=c&&$jscomp.defineProperty(e,b,{configurable:!0,writable:!0,value:c})}};
 $jscomp.polyfill("Array.prototype.find",function(b){return b?b:function(b,e){return $jscomp.findInternal(this,b,e).v}},"es6-impl","es3");
 sysPass.Triggers=function(b){var c=b.log,e=function(a){var d={valueField:"id",labelField:"name",searchField:["name"]};a.find(".select-box").each(function(a){var c=$(this);d.plugins=c.hasClass("select-box-deselect")?{clear_selection:{title:b.config().LANG[51]}}:{};if(c.data("onchange")){var g=c.data("onchange").split("/");d.onChange=function(a){if(0<a)if(2===g.length)sysPassApp.actions()[g[0]][g[1]](c);else sysPassApp.actions()[g[0]](c)}}c.selectize(d)});a.find("#allowed_exts").selectize({create:function(a){return{value:a.toUpperCase(),
 text:a.toUpperCase()}},createFilter:/^[a-z0-9]{1,4}$/i,plugins:["remove_button"]});a.find("#wikifilter").selectize({create:!0,createFilter:/^[a-z0-9._-]+$/i,plugins:["remove_button"]})},f=function(){c.info("bodyHooks");$("body").on("click",".btn-action[data-onclick],.btn-action-pager[data-onclick]",function(){var a=$(this),d=a.data("onclick").split("/"),c=b.appActions();if(2===d.length)c[d[0]][d[1]](a);else c[d[0]](a)}).on("click",".btn-back",function(){var a=b.appRequests();if(0<a.history.length()){c.info("back");

js/jquery.magnific-popup.min.js

@@ -1,5 +1,5 @@
 var $jscomp={scope:{},findInternal:function(e,a,h){e instanceof String&&(e=String(e));for(var g=e.length,n=0;n<g;n++){var p=e[n];if(a.call(h,p,n,e))return{i:n,v:p}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(e,a,h){if(h.get||h.set)throw new TypeError("ES3 does not support getters and setters.");e!=Array.prototype&&e!=Object.prototype&&(e[a]=h.value)};
-$jscomp.getGlobal=function(e){return"undefined"!=typeof window&&window===e?e:"undefined"!=typeof global?global:e};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(e,a,h,g){if(a){h=$jscomp.global;e=e.split(".");for(g=0;g<e.length-1;g++){var n=e[g];n in h||(h[n]={});h=h[n]}e=e[e.length-1];g=h[e];a=a(g);a!=g&&null!=a&&$jscomp.defineProperty(h,e,{configurable:!0,writable:!0,value:a})}};
+$jscomp.getGlobal=function(e){return"undefined"!=typeof window&&window===e?e:"undefined"!=typeof global&&null!=global?global:e};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(e,a,h,g){if(a){h=$jscomp.global;e=e.split(".");for(g=0;g<e.length-1;g++){var n=e[g];n in h||(h[n]={});h=h[n]}e=e[e.length-1];g=h[e];a=a(g);a!=g&&null!=a&&$jscomp.defineProperty(h,e,{configurable:!0,writable:!0,value:a})}};
 $jscomp.polyfill("Array.prototype.find",function(e){return e?e:function(a,e){return $jscomp.findInternal(this,a,e).v}},"es6-impl","es3");
 (function(e){"function"===typeof define&&define.amd?define(["jquery"],e):"object"===typeof exports?e(require("jquery")):e(window.jQuery||window.Zepto)})(function(e){var a,h=function(){},g=!!window.jQuery,n,p=e(window),q,x,t,G,k=function(b,c){a.ev.on("mfp"+b+".mfp",c)},u=function(a,c,d,f){var b=document.createElement("div");b.className="mfp-"+a;d&&(b.innerHTML=d);f?c&&c.appendChild(b):(b=e(b),c&&b.appendTo(c));return b},m=function(b,c){a.ev.triggerHandler("mfp"+b,c);a.st.callbacks&&(b=b.charAt(0).toLowerCase()+
 b.slice(1),a.st.callbacks[b]&&a.st.callbacks[b].apply(a,e.isArray(c)?c:[c]))},A=function(b){b===G&&a.currTemplate.closeBtn||(a.currTemplate.closeBtn=e(a.st.closeMarkup.replace("%title%",a.st.tClose)),G=b);return a.currTemplate.closeBtn},B=function(){e.magnificPopup.instance||(a=new h,a.init(),e.magnificPopup.instance=a)},K=function(){var a=document.createElement("p").style,c=["ms","O","Moz","Webkit"];if(void 0!==a.transition)return!0;for(;c.length;)if(c.pop()+"Transition"in a)return!0;return!1};h.prototype=