AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reset failed login counter and unlock user when changing password

Browse Source
This commit is contained in:
Frederic Guillot
2016-05-18 21:27:36 -04:00
parent 0830fe22b7
commit bfd59d9e54
11 changed files with 214 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
app/Controller/UserCredentialController.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
namespace Kanboard\Controller;
/**
* Class UserCredentialController
*
* @package Kanboard\Controller
* @author Frederic Guillot
*/
class UserCredentialController extends BaseController
{
/**
* Password modification form
*
* @access public
* @param array $values
* @param array $errors
* @throws \Kanboard\Core\Controller\AccessForbiddenException
* @throws \Kanboard\Core\Controller\PageNotFoundException
*/
public function changePassword(array $values = array(), array $errors = array())
{
$user = $this->getUser();
return $this->response->html($this->helper->layout->user('user_credential/password', array(
'values' => $values + array('id' => $user['id']),
'errors' => $errors,
'user' => $user,
)));
}
/**
* Save new password
*
* @throws \Kanboard\Core\Controller\AccessForbiddenException
* @throws \Kanboard\Core\Controller\PageNotFoundException
*/
public function savePassword()
{
$user = $this->getUser();
$values = $this->request->getValues();
list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('Password modified successfully.'));
$this->userLocking->resetFailedLogin($user['username']);
} else {
$this->flash->failure(t('Unable to change the password.'));
}
return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
}
return $this->changePassword($values, $errors);
}
/**
* Display a form to edit authentication
*
* @access public
* @param array $values
* @param array $errors
* @throws \Kanboard\Core\Controller\AccessForbiddenException
* @throws \Kanboard\Core\Controller\PageNotFoundException
*/
public function changeAuthentication(array $values = array(), array $errors = array())
{
$user = $this->getUser();
if (empty($values)) {
$values = $user;
unset($values['password']);
}
return $this->response->html($this->helper->layout->user('user_credential/authentication', array(
'values' => $values,
'errors' => $errors,
'user' => $user,
)));
}
/**
* Save authentication
*
* @throws \Kanboard\Core\Controller\AccessForbiddenException
* @throws \Kanboard\Core\Controller\PageNotFoundException
*/
public function saveAuthentication()
{
$user = $this->getUser();
$values = $this->request->getValues() + array('disable_login_form' => 0, 'is_ldap_user' => 0);
list($valid, $errors) = $this->userValidator->validateModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('User updated successfully.'));
} else {
$this->flash->failure(t('Unable to update your user.'));
}
return $this->response->redirect($this->helper->url->to('UserCredentialController', 'changeAuthentication', array('user_id' => $user['id'])));
}
return $this->changeAuthentication($values, $errors);
}
}

69
app/Controller/UserModificationController.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace Kanboard\Controller;
/**
* Class UserModificationController
*
* @package Kanboard\Controller
* @author Frederic Guillot
*/
class UserModificationController extends BaseController
{
/**
* Display a form to edit user information
*
* @access public
* @param array $values
* @param array $errors
* @throws \Kanboard\Core\Controller\AccessForbiddenException
* @throws \Kanboard\Core\Controller\PageNotFoundException
*/
public function show(array $values = array(), array $errors = array())
{
$user = $this->getUser();
if (empty($values)) {
$values = $user;
unset($values['password']);
}
return $this->response->html($this->helper->layout->user('user_modification/show', array(
'values' => $values,
'errors' => $errors,
'user' => $user,
'timezones' => $this->timezone->getTimezones(true),
'languages' => $this->language->getLanguages(true),
'roles' => $this->role->getApplicationRoles(),
)));
}
/**
* Save user information
*/
public function save()
{
$user = $this->getUser();
$values = $this->request->getValues();
if (! $this->userSession->isAdmin()) {
if (isset($values['role'])) {
unset($values['role']);
}
}
list($valid, $errors) = $this->userValidator->validateModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('User updated successfully.'));
} else {
$this->flash->failure(t('Unable to update your user.'));
}
return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
}
return $this->show($values, $errors);
}
}

141
app/Controller/UserViewController.php
View File

@@ -29,7 +29,7 @@ class UserViewController extends BaseController
$this->response->html($this->helper->layout->app('user_view/profile', array(
'title' => $user['name'] ?: $user['username'],
'user' => $user,
'user' => $user,
)));
}
@@ -42,7 +42,7 @@ class UserViewController extends BaseController
{
$user = $this->getUser();
$this->response->html($this->helper->layout->user('user_view/show', array(
'user' => $user,
'user' => $user,
'timezones' => $this->timezone->getTimezones(true),
'languages' => $this->language->getLanguages(true),
)));
@@ -67,7 +67,7 @@ class UserViewController extends BaseController
$this->response->html($this->helper->layout->user('user_view/timesheet', array(
'subtask_paginator' => $subtask_paginator,
'user' => $user,
'user' => $user,
)));
}
@@ -81,7 +81,7 @@ class UserViewController extends BaseController
$user = $this->getUser();
$this->response->html($this->helper->layout->user('user_view/password_reset', array(
'tokens' => $this->passwordReset->getAll($user['id']),
'user' => $user,
'user' => $user,
)));
}
@@ -95,7 +95,7 @@ class UserViewController extends BaseController
$user = $this->getUser();
$this->response->html($this->helper->layout->user('user_view/last', array(
'last_logins' => $this->lastLogin->getAll($user['id']),
'user' => $user,
'user' => $user,
)));
}
@@ -109,7 +109,7 @@ class UserViewController extends BaseController
$user = $this->getUser();
$this->response->html($this->helper->layout->user('user_view/sessions', array(
'sessions' => $this->rememberMeSession->getAll($user['id']),
'user' => $user,
'user' => $user,
)));
}
@@ -143,11 +143,11 @@ class UserViewController extends BaseController
}
return $this->response->html($this->helper->layout->user('user_view/notifications', array(
'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)),
'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)),
'notifications' => $this->userNotification->readSettings($user['id']),
'types' => $this->userNotificationType->getTypes(),
'filters' => $this->userNotificationFilter->getFilters(),
'user' => $user,
'types' => $this->userNotificationType->getTypes(),
'filters' => $this->userNotificationFilter->getFilters(),
'user' => $user,
)));
}
@@ -168,7 +168,7 @@ class UserViewController extends BaseController
}
$this->response->html($this->helper->layout->user('user_view/integrations', array(
'user' => $user,
'user' => $user,
'values' => $this->userMetadata->getAll($user['id']),
)));
}
@@ -183,7 +183,7 @@ class UserViewController extends BaseController
$user = $this->getUser();
$this->response->html($this->helper->layout->user('user_view/external', array(
'last_logins' => $this->lastLogin->getAll($user['id']),
'user' => $user,
'user' => $user,
)));
}
@@ -200,7 +200,7 @@ class UserViewController extends BaseController
if ($switch === 'enable' || $switch === 'disable') {
$this->checkCSRFParam();
if ($this->user->{$switch.'PublicAccess'}($user['id'])) {
if ($this->user->{$switch . 'PublicAccess'}($user['id'])) {
$this->flash->success(t('User updated successfully.'));
} else {
$this->flash->failure(t('Unable to update this user.'));
@@ -210,121 +210,8 @@ class UserViewController extends BaseController
}
return $this->response->html($this->helper->layout->user('user_view/share', array(
'user' => $user,
'user' => $user,
'title' => t('Public access'),
)));
}
/**
* Password modification
*
* @access public
*/
public function password()
{
$user = $this->getUser();
$values = array('id' => $user['id']);
$errors = array();
if ($this->request->isPost()) {
$values = $this->request->getValues();
list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('Password modified successfully.'));
} else {
$this->flash->failure(t('Unable to change the password.'));
}
return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
}
}
return $this->response->html($this->helper->layout->user('user_view/password', array(
'values' => $values,
'errors' => $errors,
'user' => $user,
)));
}
/**
* Display a form to edit a user
*
* @access public
*/
public function edit()
{
$user = $this->getUser();
$values = $user;
$errors = array();
unset($values['password']);
if ($this->request->isPost()) {
$values = $this->request->getValues();
if (! $this->userSession->isAdmin()) {
if (isset($values['role'])) {
unset($values['role']);
}
}
list($valid, $errors) = $this->userValidator->validateModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('User updated successfully.'));
} else {
$this->flash->failure(t('Unable to update your user.'));
}
return $this->response->redirect($this->helper->url->to('UserViewController', 'show', array('user_id' => $user['id'])));
}
}
return $this->response->html($this->helper->layout->user('user_view/edit', array(
'values' => $values,
'errors' => $errors,
'user' => $user,
'timezones' => $this->timezone->getTimezones(true),
'languages' => $this->language->getLanguages(true),
'roles' => $this->role->getApplicationRoles(),
)));
}
/**
* Display a form to edit authentication
*
* @access public
*/
public function authentication()
{
$user = $this->getUser();
$values = $user;
$errors = array();
unset($values['password']);
if ($this->request->isPost()) {
$values = $this->request->getValues() + array('disable_login_form' => 0, 'is_ldap_user' => 0);
list($valid, $errors) = $this->userValidator->validateModification($values);
if ($valid) {
if ($this->user->update($values)) {
$this->flash->success(t('User updated successfully.'));
} else {
$this->flash->failure(t('Unable to update your user.'));
}
return $this->response->redirect($this->helper->url->to('UserViewController', 'authentication', array('user_id' => $user['id'])));
}
}
return $this->response->html($this->helper->layout->user('user_view/authentication', array(
'values' => $values,
'errors' => $errors,
'user' => $user,
)));
}
}