Skip to content
GitLab
Select Git revision
  • 6380-core-new-password-method-argon-2
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_user.inc 23.54 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2013-2018  FusionDirectory
5
6 
  This program is free software; you can redistribute it and/or modify
7 
  it under the terms of the GNU General Public License as published by
8 
  the Free Software Foundation; either version 2 of the License, or
9 
  (at your option) any later version.
10
11 
  This program is distributed in the hope that it will be useful,
12 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
13 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 
  GNU General Public License for more details.
15
16 
  You should have received a copy of the GNU General Public License
17 
  along with this program; if not, write to the Free Software
18 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
19 
*/
20
21 
/* Handle a password and its hash method */
22 
class UserPasswordAttribute extends CompositeAttribute
23 
{
24 
  protected $needPassword;
25 
  protected $previousMethod;
26
27 
  function __construct ($label, $description, $ldapName, $required = FALSE, $defaultValue = "", $acl = "")
28 
  {
29 
    $temp = passwordMethod::get_available_methods();
30
31 
    /* Create password methods array */
32 
    $pwd_methods = [];
33 
    $this->needPassword = [];
34 
    foreach($temp['name'] as $id => $name) {
35 
      $this->needPassword[$name] = $temp[$id]['object']->need_password();
36 
      $pwd_methods[$name] = $name;
37 
      if (!empty($temp[$id]['desc'])) {
38 
        $pwd_methods[$name] .= " (".$temp[$id]['desc'].")";
39 
      }
40 
    }
41
42 
    parent::__construct (
43 
      $description, $ldapName,
44 
      [
45 
        new SelectAttribute(
46 
          _('Password method'), _('Password hash method to use'),
47 
          $ldapName.'_pwstorage', TRUE,
48 
          array_keys($pwd_methods), '', array_values($pwd_methods)
49 
        ),
50 
        new PasswordAttribute(
51 
          _('Password'), _('Password (Leave empty if you do not wish to change it)'),
52 
          $ldapName.'_password', $required
53 
        ),
54 
        new PasswordAttribute(
55 
          _('Password again'), _('Same password as above, to avoid errors'),
56 
          $ldapName.'_password2', $required
57 
        ),
58 
        new HiddenAttribute(
59 
          $ldapName.'_hash'
60 
        ),
61 
        new HiddenAttribute(
62 
          $ldapName.'_locked', FALSE,
63 
          FALSE
64 
        )
65 
      ],
66 
      '', '', $acl, $label
67 
    );
68 
    $this->attributes[0]->setSubmitForm(TRUE);
69 
  }
70
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
public function setParent (&$plugin) { global $config; parent::setParent($plugin); if (is_object($this->plugin)) { $hash = $config->get_cfg_value('passwordDefaultHash', 'ssha'); $this->attributes[0]->setDefaultValue($hash); if ($config->get_cfg_value('forcePasswordDefaultHash', 'FALSE') == 'TRUE') { $this->attributes[0]->setValue($hash); $this->attributes[0]->setDisabled(TRUE); } $this->checkIfMethodNeedsPassword(); } } /* We need to handle method select disabling manually */ function renderAttribute (&$attributes, $readOnly) { global $config; if ($this->visible) { if ($this->linearRendering) { parent::renderAttribute($attributes, $readOnly); } else { foreach($this->attributes as $key => &$attribute) { if (is_object($this->plugin) && $this->plugin->is_template && ($key == 2)) { /* Do not display confirmation field in template mode */ continue; } if (($key == 0) && ($config->get_cfg_value('forcePasswordDefaultHash', 'FALSE') == 'TRUE')) { $attribute->setDisabled(TRUE); } else { $attribute->setDisabled($this->disabled); } $attribute->renderAttribute($attributes, $readOnly); } unset($attribute); } } } /*! \brief Loads this attribute value from the attrs array */ protected function loadAttrValue ($attrs) { if (isset($attrs[$this->getLdapName()])) { $this->setValue($this->inputValue($attrs[$this->getLdapName()][0])); $this->setRequired(FALSE); $this->attributes[1]->setRequired(FALSE); $this->attributes[2]->setRequired(FALSE); } else { $this->setRequired(TRUE); $this->attributes[0]->resetToDefault(); $this->attributes[1]->setRequired(TRUE); $this->attributes[2]->setRequired(TRUE); $this->checkIfMethodNeedsPassword(); } } function setValue ($value) { reset($value); $key = key($value); if ($this->attributes[0]->isDisabled() || ($value[$key] == '')) { $value[$key] = $this->attributes[0]->getValue(); } parent::setValue($value); $this->checkIfMethodNeedsPassword(); } function applyPostValue ()
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
{ parent::applyPostValue(); $this->checkIfMethodNeedsPassword(); } function checkIfMethodNeedsPassword () { $method = $this->attributes[0]->getValue(); if ($method != $this->previousMethod) { if ($this->needPassword[$method]) { $this->attributes[1]->setVisible(TRUE); $this->attributes[2]->setVisible(TRUE); } else { $this->attributes[1]->setVisible(FALSE); $this->attributes[1]->setValue(''); $this->attributes[2]->setVisible(FALSE); $this->attributes[2]->setValue(''); } } $this->previousMethod = $method; } function readValues ($value) { global $config; $pw_storage = $config->get_cfg_value('passwordDefaultHash', 'ssha'); $locked = FALSE; $password = ''; if ($this->plugin->is_template) { list($value, $password) = explode('|', $value, 2); } if (preg_match ('/^{[^}]+}/', $value)) { $tmp = passwordMethod::get_method($value); if (is_object($tmp)) { $pw_storage = $tmp->get_hash(); $locked = $tmp->is_locked($this->plugin->dn); if ($this->plugin->is_template) { $value = $tmp->generate_hash($password); } } } else { if ($value != '') { $pw_storage = 'clear'; } } return [$pw_storage, $password, $password, $value, $locked]; } function writeValues ($values) { if ($this->needPassword[$values[0]] && ($values[1] == '')) { if ($this->plugin->is_template) { return ''; } else { return $values[3]; } } $temp = passwordMethod::get_available_methods(); if (!isset($temp[$values[0]])) { trigger_error('Unknown password method '.$values[0]); return $values[3]; } $test = new $temp[$values[0]]($this->plugin->dn, $this->plugin); $test->set_hash($values[0]); if ($this->plugin->is_template) { return $test->generate_hash($values[1]).'|'.$values[1]; } else { return $test->generate_hash($values[1]); } }
211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
function check () { $method = $this->attributes[0]->getValue(); if (!$this->needPassword[$method]) { $this->attributes[1]->setRequired(FALSE); $this->attributes[2]->setRequired(FALSE); } $error = parent::check(); if (!empty($error)) { return $error; } if (($this->attributes[1]->getValue() != '') || ($this->attributes[2]->getValue() != '')) { return user::reportPasswordProblems($this->plugin->dn, $this->attributes[1]->getValue(), $this->attributes[2]->getValue()); } } function getMethod () { return $this->attributes[0]->getValue(); } function getClear () { return $this->attributes[1]->getValue(); } function isLocked () { return $this->attributes[4]->getValue(); } } class PostalAddressAttribute extends TextAreaAttribute { function inputValue ($ldapValue) { return str_replace( ['$', '\24','\5C'], ["\n", '$', '\\'], $ldapValue ); } function computeLdapValue () { return str_replace( ["\r\n", "\n", "\r"], '$', str_replace( ['\\', '$'], ['\5C','\24'], $this->getValue() ) ); } } class user extends simplePlugin { var $objectclasses = ['inetOrgPerson','organizationalPerson','person']; private $was_locked; static function plInfo () { return [ 'plShortName' => _('User'), 'plDescription' => _('User account information'), 'plIcon' => 'geticon.php?context=applications&icon=user-info&size=48',
281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350
'plSmallIcon' => 'geticon.php?context=applications&icon=user-info&size=16', 'plSelfModify' => TRUE, 'plObjectType' => ['user' => [ 'name' => _('User'), 'description' => _('User account'), 'filter' => '(objectClass=inetOrgPerson)', 'mainAttr' => 'uid', 'nameAttr' => 'cn', 'icon' => 'geticon.php?context=types&icon=user&size=16', 'ou' => get_ou('userRDN'), ]], 'plForeignKeys' => [ 'manager' => ['user','dn','manager=%oldvalue%','*'] ], 'plProvidedAcls' => array_merge( parent::generatePlProvidedAcls(static::getAttributesInfo()), ['userLock' => _('User lock status')] ) ]; } // The main function : information about attributes static function getAttributesInfo () { global $config; $languages = Language::getList(TRUE); asort($languages); $languages = array_merge(['' => ''], $languages); $attributesInfo = [ 'perso' => [ 'name' => _('Personal information'), 'icon' => 'geticon.php?context=types&icon=user&size=16', 'attrs' => [ new HiddenAttribute('cn'), new StringAttribute ( _('Last name'), _('Last name of this user'), 'sn', TRUE, '', '', '/[^,+"?()=<>;\\\\]/' ), new StringAttribute ( _('First name'), _('First name of this user'), 'givenName', TRUE, '', '', '/[^,+"?()=<>;\\\\]/' ), new TextAreaAttribute ( _('Description'), _('Short description of the user'), 'description', FALSE ), new ImageAttribute ( _('Picture'), _('The avatar for this user'), 'jpegPhoto', FALSE, 150, 200, 'jpeg' ), ] ], 'contact' => [ 'name' => _('Organizational contact information'), 'icon' => 'geticon.php?context=types&icon=contact&size=16', 'attrs' => [ new StringAttribute ( _('Location'), _('Location'), 'l', FALSE ), new StringAttribute ( _('State'), _('State'), 'st', FALSE ), new PostalAddressAttribute ( _('Address'), _('Business postal address'),
351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420
'postalAddress', FALSE ), new StringAttribute ( _('Room No.'), _('Room number'), 'roomNumber', FALSE ), new PhoneNumberButtonAttribute ( _('Phone'), _('Business phone number'), 'telephoneNumber', FALSE, '', 'phone' ), new PhoneNumberButtonAttribute ( _('Mobile'), _('Business mobile number'), 'mobile', FALSE, '', 'mobile' ), new PhoneNumberAttribute ( _('Pager'), _('Business pager number'), 'pager', FALSE ), new PhoneNumberAttribute ( _('Fax'), _('Business fax number'), 'facsimileTelephoneNumber', FALSE ), new URLAttribute ( _('Homepage'), _('Personal homepage'), 'labeledURI', FALSE ), ] ], 'account' => [ 'name' => _('Account information'), 'icon' => 'geticon.php?context=applications&icon=ldap&size=16', 'attrs' => [ new BaseSelectorAttribute (get_ou("userRDN")), new UidAttribute ( _('Login'), _('Login of this user'), 'uid', TRUE ), new SelectAttribute ( _('Preferred language'), _('Preferred language'), 'preferredLanguage', FALSE, array_keys($languages), '', array_values($languages) ), new UserPasswordAttribute( _('Password'), _('Password of the user'), 'userPassword', FALSE ), ] ], 'homecontact' => [ 'name' => _('Personal contact information'), 'icon' => 'geticon.php?context=types&icon=contact&size=16', 'attrs' => [ new StringAttribute ( _('Display name'), _('Name this user should appear as. Used by Exchange.'), 'displayName', FALSE ), new PostalAddressAttribute ( _('Home address'), _('Home postal address'), 'homePostalAddress', FALSE ), new PhoneNumberAttribute ( _('Private phone'), _('Home phone number'), 'homePhone', FALSE ), ] ],
421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490
'organization' => [ 'name' => _('Organizational information'), 'icon' => 'geticon.php?context=places&icon=folder&size=16', 'attrs' => [ new SetAttribute ( new StringAttribute ( _('Title'), _('Title of a person in their organizational context. Each title is one value of this multi-valued attribute'), 'title', FALSE ) ), new StringAttribute ( _('Organization'), _('Organization'), 'o', FALSE ), new StringAttribute ( _('Unit'), _('Organizational unit this user belongs to'), 'ou', FALSE ), new StringAttribute ( _('Department No.'), _('Department number'), 'departmentNumber', FALSE ), new StringAttribute ( _('Employee No.'), _('Employee number'), 'employeeNumber', FALSE ), new StringAttribute ( _('Employee type'), _('Employee type'), 'employeeType', FALSE ), new UserAttribute( _('Manager'), _('Manager'), 'manager', FALSE ), ] ], ]; if ($config->get_cfg_value('SplitPostalAddress') == 'TRUE') { $attributesInfo['contact']['attrs'][2]->setVisible(FALSE); array_splice($attributesInfo['contact']['attrs'], 3, 0, [ new StringAttribute ( _('Street'), _('Street part of the address'), 'street', FALSE ), new StringAttribute ( _('Post office box'), _('Post office box'), 'postOfficeBox', FALSE ), new IntAttribute ( _('Postal code'), _('Postal code'), 'postalCode', FALSE, 0, FALSE ), ]); } return $attributesInfo; } function __construct ($dn = NULL, $object = NULL, $parent = NULL, $mainTab = FALSE) { parent::__construct($dn, $object, $parent, $mainTab); $this->attributesAccess['uid']->setUnique('whole'); $this->attributesAccess['uid']->setAutocomplete(FALSE); $this->attributesAccess['uid']->setDisabled($this->initially_was_account && !$this->is_template); $filename = './plugins/users/images/default.jpg'; $fd = fopen($filename, 'rb'); $this->attributesAccess['jpegPhoto']->setPlaceholder(fread($fd, filesize($filename)));
491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560
$this->was_locked = $this->attributesAccess['userPassword']->isLocked(); } function is_this_account ($attrs) { /* Only inetOrgPerson is needed, it has the two others as SUP classes */ return (isset($attrs['objectClass']) && in_array_ics('inetOrgPerson', $attrs['objectClass'])); } function resetCopyInfos () { parent::resetCopyInfos(); $this->attributesAccess['uid']->setDisabled($this->initially_was_account && !$this->is_template); } private function update_cn () { global $config; $pattern = $config->get_cfg_value('CnPattern', '%givenName% %sn%'); $this->attributesAccess['cn']->setValue($this->applyPattern($pattern)); } private function applyPattern ($pattern) { $fields = templateHandling::listFields($pattern); $attrs = []; foreach($fields as $field) { if (in_array($field, $this->attributes)) { $attrs[$field] = $this->$field; continue; } if (isset($this->parent->by_object)) { foreach ($this->parent->by_object as $object) { if (in_array($field, $object->attributes)) { $attrs[$field] = $object->$field; continue 2; } } } trigger_error('Could not find field '.$field.' in any tab!'); } return templateHandling::parseString($pattern, $attrs); } function compute_dn () { global $config; if ($this->is_template) { $dn = 'cn='.ldap_escape_dn($this->_template_cn).',ou=templates,'.get_ou('userRDN').$this->base; return $dn; } $this->update_cn(); $attribute = $config->get_cfg_value('accountPrimaryAttribute', 'uid'); return $this->create_unique_dn($attribute, get_ou('userRDN').$this->base); } function execute () { $smarty = get_smarty(); $smarty->append('css_files', 'plugins/users/style/user_tab.css'); return parent::execute(); } protected function shouldSave () { if ($this->attributesAccess['userPassword']->getClear() != '') {
561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630
/* There may be hooks using this even if LDAP object is not modified */ return TRUE; } return parent::shouldSave(); } protected function prepare_save () { global $config; if ($config->get_cfg_value('SplitPostalAddress') == 'TRUE') { $pattern = $config->get_cfg_value('PostalAddressPattern', ''); if (!empty($pattern)) { $this->postalAddress = $this->applyPattern($this->attributesAccess['postalAddress']->inputValue($pattern)); } } return parent::prepare_save(); } function ldap_save () { $errors = parent::ldap_save(); if (!empty($errors)) { return $errors; } if (!$this->is_template && $this->was_locked && $this->attributesAccess['userPassword']->hasChanged()) { $methods = passwordMethod::get_available_methods(); $pmethod = new $methods[$this->attributesAccess['userPassword']->getMethod()]($this->dn); $pmethod->lock_account($this->dn); } return $errors; } function post_save () { global $ui; /* Update current locale settings, if we have edited ourselves */ if (isset($this->attrs['preferredLanguage']) && ($this->dn == $ui->dn)) { $ui->language = $this->preferredLanguage; session::set('ui', $ui); session::set('Last_init_lang', 'update'); } return parent::post_save(); } function adapt_from_template ($attrs, $skip = []) { if ($this->uid != '') { $skip[] = 'uid'; } parent::adapt_from_template($attrs, $skip); if (isset($this->attrs['userPassword']) && !in_array('userPassword', $skip)) { list($hash,$password) = explode('|', $this->attrs['userPassword'][0], 2); if (preg_match ('/^{[^}]+}/', $hash)) { $tmp = passwordMethod::get_method($hash); if (is_object($tmp)) { $hash = $tmp->generate_hash($password); } } $this->userPassword = [ '', $password, $password, $hash, $this->attributesAccess['userPassword']->isLocked()