Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-09 18:06:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [FIX] Enforced readonly user login for LDAP users

Browse Source
This commit is contained in:
nuxsmin
2017-04-21 11:03:58 +02:00
parent 830c069dfb
commit b05ef56846
5 changed files with 123 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
inc/SP/Controller/ItemActionController.class.php
View File

@@ -64,6 +64,7 @@ use SP\Mgmt\Profiles\Profile;
use SP\Mgmt\PublicLinks\PublicLink;
use SP\Mgmt\Tags\Tag;
use SP\Mgmt\Users\User;
use SP\Mgmt\Users\UserLdap;
use SP\Mgmt\Users\UserLdapSync;
use SP\Mgmt\Users\UserUtil;
use SP\Util\Checks;
@@ -217,6 +218,7 @@ class ItemActionController implements ItemControllerInterface
protected function userAction()
{
$Form = new UserForm($this->itemId);
$Form->setIsLdap(Request::analyze('isLdap', 0));
$Form->validate($this->actionId);
$this->setCustomFieldData(ActionsInterface::ACTION_USR_USERS);
@@ -224,6 +226,7 @@ class ItemActionController implements ItemControllerInterface
switch ($this->actionId) {
case ActionsInterface::ACTION_USR_USERS_NEW:
User::getItem($Form->getItemData())->add();
$this->addCustomFieldData();
$this->LogMessage->setAction(__('Crear Usuario', false));
@@ -238,7 +241,12 @@ class ItemActionController implements ItemControllerInterface
}
break;
case ActionsInterface::ACTION_USR_USERS_EDIT:
User::getItem($Form->getItemData())->update();
if ($Form->getIsLdap()) {
UserLdap::getItem($Form->getItemData())->update();
} else {
User::getItem($Form->getItemData())->update();
}
$this->updateCustomFieldData();
$this->LogMessage->setAction(__('Actualizar Usuario', false));

155
inc/SP/Forms/UserForm.class.php
View File

@@ -43,6 +43,10 @@ class UserForm extends FormBase implements FormInterface
* @var UserData
*/
protected $UserData;
/**
* @var int
*/
protected $isLdap = 0;
/**
* Validar el formulario
@@ -75,67 +79,6 @@ class UserForm extends FormBase implements FormInterface
return true;
}
/**
* @throws ValidationException
*/
protected function checkCommon()
{
$isLdap = Request::analyze('isLdap', 0);
if (!$isLdap && !$this->UserData->getUserName()) {
throw new ValidationException(__('Es necesario un nombre de usuario', false));
} elseif (!$isLdap && !$this->UserData->getUserLogin()) {
throw new ValidationException(__('Es necesario un login', false));
} elseif (!$this->UserData->getUserProfileId()) {
throw new ValidationException(__('Es necesario un perfil', false));
} elseif (!$this->UserData->getUserGroupId()) {
throw new ValidationException(__('Es necesario un grupo', false));
} elseif (!$isLdap && !$this->UserData->getUserEmail()) {
throw new ValidationException(__('Es necesario un email', false));
} elseif (Checks::demoIsEnabled() && !Session::getUserData()->isUserIsAdminApp() && $this->UserData->getUserLogin() === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
}
}
/**
* @throws ValidationException
*/
protected function checkPass()
{
$userPassR = Request::analyzeEncrypted('passR');
if (Checks::demoIsEnabled() && UserUtil::getUserLoginById($this->itemId) === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
} elseif (!$userPassR || !$this->UserData->getUserPass()) {
throw new ValidationException(__('La clave no puede estar en blanco', false));
} elseif ($this->UserData->getUserPass() !== $userPassR) {
throw new ValidationException(__('Las claves no coinciden', false));
}
}
/**
* @throws ValidationException
*/
protected function checkDelete()
{
if (Checks::demoIsEnabled() && UserUtil::getUserLoginById($this->itemId) === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
} elseif (
(!is_array($this->itemId) === Session::getUserData()->getUserId())
|| (is_array($this->itemId) && in_array(Session::getUserData()->getUserId(), $this->itemId))
) {
throw new ValidationException(__('No es posible eliminar, usuario en uso', false));
}
}
/**
* @return UserData
*/
public function getItemData()
{
return $this->UserData;
}
/**
* Analizar los datos de la petición HTTP
*
@@ -157,4 +100,94 @@ class UserForm extends FormBase implements FormInterface
$this->UserData->setUserIsChangePass(Request::analyze('changepass', 0, false, 1));
$this->UserData->setUserPass(Request::analyzeEncrypted('pass'));
}
/**
* @throws ValidationException
*/
protected function checkCommon()
{
if (!$this->isLdap && !$this->UserData->getUserName()) {
throw new ValidationException(__('Es necesario un nombre de usuario', false));
}
if (!$this->isLdap && !$this->UserData->getUserLogin()) {
throw new ValidationException(__('Es necesario un login', false));
}
if (!$this->UserData->getUserProfileId()) {
throw new ValidationException(__('Es necesario un perfil', false));
}
if (!$this->UserData->getUserGroupId()) {
throw new ValidationException(__('Es necesario un grupo', false));
}
if (!$this->isLdap && !$this->UserData->getUserEmail()) {
throw new ValidationException(__('Es necesario un email', false));
}
if (Checks::demoIsEnabled() && !Session::getUserData()->isUserIsAdminApp() && $this->UserData->getUserLogin() === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
}
}
/**
* @throws ValidationException
*/
protected function checkPass()
{
$userPassR = Request::analyzeEncrypted('passR');
if (Checks::demoIsEnabled() && UserUtil::getUserLoginById($this->itemId) === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
}
if (!$userPassR || !$this->UserData->getUserPass()) {
throw new ValidationException(__('La clave no puede estar en blanco', false));
}
if ($this->UserData->getUserPass() !== $userPassR) {
throw new ValidationException(__('Las claves no coinciden', false));
}
}
/**
* @throws ValidationException
*/
protected function checkDelete()
{
if (Checks::demoIsEnabled() && UserUtil::getUserLoginById($this->itemId) === 'demo') {
throw new ValidationException(__('Ey, esto es una DEMO!!', false));
}
if ((!is_array($this->itemId) === Session::getUserData()->getUserId())
|| (is_array($this->itemId) && in_array(Session::getUserData()->getUserId(), $this->itemId))
) {
throw new ValidationException(__('No es posible eliminar, usuario en uso', false));
}
}
/**
* @return UserData
*/
public function getItemData()
{
return $this->UserData;
}
/**
* @return int
*/
public function getIsLdap()
{
return $this->isLdap;
}
/**
* @param int $isLdap
*/
public function setIsLdap($isLdap)
{
$this->isLdap = $isLdap;
}
}

29
inc/SP/Mgmt/Users/UserLdap.class.php
View File

@@ -68,9 +68,6 @@ class UserLdap extends User
/**
* @return mixed
* @throws \SP\Core\Exceptions\QueryException
* @throws \SP\Core\Exceptions\ConstraintException
* @throws \phpmailer\phpmailerException
* @throws SPException
*/
public function add()
@@ -170,22 +167,32 @@ class UserLdap extends User
*/
public function update()
{
$query = 'UPDATE usrData SET
user_pass = ?,
user_hashSalt = \'\',
$query = /** @lang SQL */
'UPDATE usrData SET
user_name = ?,
user_email = ?,
user_notes = ?,
user_groupId = ?,
user_profileId = ?,
user_isAdminApp = ?,
user_isAdminAcc = ?,
user_isDisabled = ?,
user_lastUpdate = NOW(),
user_isLdap = 1
WHERE LOWER(user_login) = LOWER(?) LIMIT 1';
user_isLdap = 1
WHERE user_id = ? LIMIT 1';
$Data = new QueryData();
$Data->setQuery($query);
$Data->addParam(Hash::hashKey($this->itemData->getUserPass()));
$Data->addParam($this->itemData->getUserName());
$Data->addParam($this->itemData->getUserEmail());
$Data->addParam($this->itemData->getUserLogin());
$Data->setOnErrorMessage(__('Error al actualizar la clave del usuario en la BBDD', false));
$Data->addParam($this->itemData->getUserNotes());
$Data->addParam($this->itemData->getUserGroupId());
$Data->addParam($this->itemData->getUserProfileId());
$Data->addParam($this->itemData->isUserIsAdminApp());
$Data->addParam($this->itemData->isUserIsAdminAcc());
$Data->addParam($this->itemData->isUserIsDisabled());
$Data->addParam($this->itemData->getUserId());
$Data->setOnErrorMessage(__('Error al actualizar el usuario', false));
DB::getQuery($Data);

2
inc/SP/Util/Util.class.php
View File

@@ -407,7 +407,7 @@ class Util
*/
public static function getVersion($retBuild = false, $normalized = false)
{
$build = 17042005;
$build = 17042101;
$version = [2, 1, 7];
if ($normalized === true) {

2
inc/themes/material-blue/views/itemshow/users.inc
View File

@@ -40,7 +40,7 @@ if ($user->getUserLogin() === 'demo') {
<input id="login" name="login" type="text" required
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $user->getUserLogin(); ?>"
maxlength="80" <?php echo $user->isUserIsLdap() || $isReadonly ? $isReadonly : ''; ?>>
maxlength="80" <?php echo $user->isUserIsLdap() || $isReadonly ? 'readonly' : ''; ?>>
<label class="mdl-textfield__label"
for="login"><?php echo __('Login de inicio de sesión'); ?></label>
</div>