Add the possibility to unlock users from the user interface

2016-08-26 21:27:30 -04:00 · 2016-08-26 21:27:30 -04:00 · a24840a533
parent 793eb1074f
commit a24840a533
5 changed files with 33 additions and 1 deletions
--- a/1
+++ b/1
@ -3,6 +3,7 @@ Version 1.0.33 (unreleased)

 New features:

+* Add the possibility to unlock users from the user interface
 * New API calls for task metadata
 * New automatic actions:
    - Define colour by Swimlane
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@ -106,4 +106,21 @@ class UserCredentialController extends BaseController

        return $this->changeAuthentication($values, $errors);
    }
+
+    /**
+     * Unlock user
+     */
+    public function unlock()
+    {
+        $user = $this->getUser();
+        $this->checkCSRFParam();
+
+        if ($this->userLockingModel->resetFailedLogin($user['username'])) {
+            $this->flash->success(t('User unlocked successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to unlock the user.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
+    }
 }
--- a/app/ServiceProvider/AuthenticationProvider.php
+++ b/app/ServiceProvider/AuthenticationProvider.php
@ -151,7 +151,7 @@ class AuthenticationProvider implements ServiceProviderInterface
        $acl->add('UserCreationController', '*', Role::APP_ADMIN);
        $acl->add('UserListController', '*', Role::APP_ADMIN);
        $acl->add('UserStatusController', '*', Role::APP_ADMIN);
-        $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
+        $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication', 'unlock'), Role::APP_ADMIN);

        return $acl;
    }
--- a/app/Template/user_view/show.php
+++ b/app/Template/user_view/show.php
@ -18,6 +18,11 @@
    <li><?= t('Number of failed login:') ?> <strong><?= $user['nb_failed_login'] ?></strong></li>
    <?php if ($user['lock_expiration_date'] != 0): ?>
        <li><?= t('Account locked until:') ?> <strong><?= $this->dt->datetime($user['lock_expiration_date']) ?></strong></li>
+        <?php if ($this->user->isAdmin()): ?>
+            <li>
+                <?= $this->url->link(t('Unlock this user'), 'UserCredentialController', 'unlock', array('user_id' => $user['id']), true) ?>
+            </li>
+        <?php endif ?>
    <?php endif ?>
 </ul>

--- a/doc/bruteforce-protection.markdown
+++ b/doc/bruteforce-protection.markdown
@ -12,6 +12,9 @@ However, **after three authentication failure through the user API**, the accoun

 Kanboard doesn't block any IP addresses since bots can use several anonymous proxies. However, you can use external tools like [fail2ban](http://www.fail2ban.org) to avoid massive scans.

+Configuration
+-------------
+
 Default settings can be changed with these configuration variables:

 ```php
@ -24,3 +27,9 @@ define('BRUTEFORCE_LOCKDOWN', 6);
 // Lock account duration in minutes
 define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
 ```
+
+Unlocking users
+---------------
+
+If you don't want to wait 15 minutes, you can unlock a user from the user interface.
+As administrator, go to the user profile and click on "Unlock this user".