Commit b5c64615 authored by Côme Chilliet's avatar Côme Chilliet

feat(core) Improved and cleaned standAlone page support and fake userinfo

issue #5854
parent 8f2a733d
......@@ -99,7 +99,7 @@ if (!session::global_is_set('config')) {
$config = session::global_get('config');
IconTheme::loadThemes('themes');
/* Fake user bypassing acl system */
$ui = new fake_userinfo();
$ui = new userinfoNoAuth('setup');
/* Call setup */
$display = "";
require_once("../setup/main.inc");
......
......@@ -595,7 +595,7 @@ class listing
} elseif ($action == 'BACK') {
$this->tryAndSetBase(preg_replace('/^[^,]+,/', '', $this->base));
} elseif ($action == 'HOME') {
$this->tryAndSetBase(get_base_from_people($ui->dn));
$this->tryAndSetBase($ui->getBase());
}
}
}
......@@ -1141,7 +1141,7 @@ class listing
}
/* Check if we are in users home department */
if (!count($deps) || ($this->filter->base == get_base_from_people($ui->dn)) || !in_array_ics(get_base_from_people($ui->dn), $deps)) {
if (!count($deps) || ($this->filter->base == $ui->getBase()) || !in_array_ics($ui->getBase(), $deps)) {
$enableHome = FALSE;
}
......
<?php
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2016 FusionDirectory
Copyright (C) 2011-2018 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -20,230 +19,6 @@
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
require_once("../include/php_setup.inc");
require_once("functions.inc");
require_once("variables.inc");
/* base class for passwordRecovery and such classes handling requests on their own */
class standAlonePage {
var $directory;
var $activated;
protected $interactive;
/* Constructor */
function __construct($interactive = TRUE)
{
global $config, $ssl, $ui;
$this->interactive = $interactive;
if ($this->interactive) {
/* Destroy old session if exists.
Else you will get your old session back, if you not logged out correctly. */
session::destroy();
session::start();
/* Reset errors */
reset_errors();
$config = $this->loadConfig();
/* If SSL is forced, just forward to the SSL enabled site */
if (($config->get_cfg_value("forcessl") == "TRUE") && ($ssl != '')) {
header ("Location: $ssl");
exit;
}
$this->setupSmarty();
$smarty = get_smarty();
/* Generate server list */
$servers = array();
foreach ($config->data['LOCATIONS'] as $key => $ignored) {
$servers[$key] = $key;
}
$smarty->assign("show_directory_chooser", FALSE);
if (isset($_POST['server'])) {
$this->directory = validate($_POST['server']);
} elseif (isset($_GET['directory']) && isset($servers[$_GET['directory']])) {
$this->directory = validate($_GET['directory']);
} else {
$this->directory = $config->data['MAIN']['DEFAULT'];
if (!isset($servers[$this->directory])) {
$this->directory = key($servers);
}
if (count($servers) > 1) {
$smarty->assign("show_directory_chooser", TRUE);
$smarty->assign("server_options", $servers);
$smarty->assign("server_id", $this->directory);
}
}
/* Set config to selected one */
$config->set_current($this->directory);
session::global_set('config', $config);
}
$this->activated = $this->readLdapConfig();
if (!$this->activated) { /* Password recovery has been disabled */
return;
}
if ($this->interactive) {
Language::init();
if (session::global_is_set('plist')) {
session::global_un_set('plist');
}
$ui = new fake_userinfo();
load_plist();
$ssl = $this->checkForSSL();
static::securityHeaders();
}
}
function loadConfig()
{
global $BASE_DIR;
/* Check if CONFIG_FILE is accessible */
if (!is_readable(CONFIG_DIR."/".CONFIG_FILE)) {
msg_dialog::display(_("Fatal error"),
sprintf(_("FusionDirectory configuration %s/%s is not readable. Aborted."),
CONFIG_DIR, CONFIG_FILE), FATAL_ERROR_DIALOG);
exit();
}
/* Parse configuration file */
$config = new config(CONFIG_DIR."/".CONFIG_FILE, $BASE_DIR);
session::global_set('DEBUGLEVEL', $config->get_cfg_value("debuglevel"));
@DEBUG(DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config");
return $config;
}
function setupSmarty()
{
global $config;
$smarty = get_smarty();
/* Set template compile directory */
$smarty->compile_dir = $config->get_cfg_value("templateCompileDirectory", SPOOL_DIR);
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
msg_dialog::display(_("Configuration error"),
sprintf(_("Directory '%s' specified as compile directory is not accessible!"),
$smarty->compile_dir),
FATAL_ERROR_DIALOG);
exit();
}
/* Check for old files in compile directory */
clean_smarty_compile_dir($smarty->compile_dir);
$smarty->assign('date', gmdate('D, d M Y H:i:s'));
$smarty->assign('params', '');
$smarty->assign('message', '');
$smarty->assign('changed', FALSE);
$smarty->assign('revision', FD_VERSION);
$smarty->assign('year', date('Y'));
}
function checkForSSL()
{
global $config;
$smarty = get_smarty();
/* Check for SSL connection */
$ssl = '';
$smarty->assign('ssl', '');
if (!sslOn()) {
$ssl = sslUrl();
/* If SSL is forced, just forward to the SSL enabled site */
if ($config->get_cfg_value('forcessl') == 'TRUE') {
header("Location: $ssl");
exit;
} elseif ($config->get_cfg_value('warnssl') == 'TRUE') {
/* Display SSL mode warning? */
$smarty->assign ('ssl', sprintf(_('Warning: <a href="%s">Session is not encrypted!</a>'), $ssl));
}
}
return $ssl;
}
function getPageURL()
{
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
$protocol .= 's';
}
$port = '80';
if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) {
$port = $_SERVER['HTTP_X_FORWARDED_PORT'];
}
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
$protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
}
} else {
$host = $_SERVER['SERVER_NAME'];
$port = $_SERVER['SERVER_PORT'];
}
$pageURL = $protocol.'://';
$pageURL .= $host;
if ($port != '80') {
$pageURL .= ':'.$port;
}
if (empty($_SERVER['PATH_INFO'])) {
$pageURL .= $_SERVER['PHP_SELF'];
} else {
$pageURL .= $_SERVER['PATH_INFO'];
}
return $pageURL;
}
function encodeParams($keys)
{
$params = '';
foreach ($keys as $key) {
$params .= "&amp;$key=".urlencode($this->$key);
}
return preg_replace('/^&amp;/', '?', $params);
}
static function securityHeaders()
{
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: deny');
}
static function generateRandomHash()
{
/* Generate a very long random value */
$len = 56;
$base = 'ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz123456789';
$max = strlen($base) - 1;
$randomhash = '';
while (strlen($randomhash) < $len + 1) {
$randomhash .= $base{random_int(0, $max)};
}
return $randomhash;
}
}
class passwordRecovery extends standAlonePage {
protected $loginAttribute;
protected $login;
......@@ -325,7 +100,6 @@ class passwordRecovery extends standAlonePage {
function displayPWchanger()
{
global $error_collector, $error_collector_mailto;
/* Do we need to show error messages? */
if (count($this->message) != 0) {
/* Show error message and continue editing */
......@@ -336,26 +110,12 @@ class passwordRecovery extends standAlonePage {
$smarty = get_smarty();
$smarty->assign("PHPSESSID", session_id());
if (session::is_set('errors')) {
$smarty->assign("errors", session::get('errors'));
}
if ($error_collector != "") {
$smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector)."</div>");
} else {
$smarty->assign("php_errors", "");
}
$this->assignSmartyVars();
$smarty->assign('msg_dialogs', msg_dialog::get_dialogs());
$smarty->assign('usePrototype', 'FALSE');
$smarty->append('js_files', 'include/pwdStrength.js');
$smarty->append('css_files', get_template_path('login.css'));
$lang = session::global_get('lang');
$smarty->assign('lang', preg_replace('/_.*$/', '', $lang));
$smarty->assign('rtl', Language::isRTL($lang));
$smarty->display(get_template_path('headers.tpl'));
$smarty->assign('version', FD_VERSION);
$smarty->assign('step', $this->step);
$smarty->assign('delay_allowed', $this->delay_allowed);
$smarty->assign('activated', $this->activated);
......
<?php
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2003-2010 Cajus Pollmeier
Copyright (C) 2011-2018 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/* base class for passwordRecovery and such classes handling requests on their own */
class standAlonePage {
protected $directory;
protected $activated;
protected $interactive;
/* Constructor */
function __construct($interactive = TRUE)
{
global $config, $ssl, $ui;
$this->interactive = $interactive;
if ($this->interactive) {
/* Destroy old session if exists.
Else you will get your old session back, if you not logged out correctly. */
session::destroy();
session::start();
/* Reset errors */
reset_errors();
$config = $this->loadConfig();
/* If SSL is forced, just forward to the SSL enabled site */
if (($config->get_cfg_value('forcessl') == 'TRUE') && ($ssl != '')) {
header ("Location: $ssl");
exit;
}
static::securityHeaders();
$this->setupSmarty();
$smarty = get_smarty();
/* Generate server list */
$servers = array();
foreach ($config->data['LOCATIONS'] as $key => $ignored) {
$servers[$key] = $key;
}
$smarty->assign('show_directory_chooser', FALSE);
if (isset($_POST['server'])) {
$this->directory = validate($_POST['server']);
} elseif (isset($_GET['directory']) && isset($servers[$_GET['directory']])) {
$this->directory = validate($_GET['directory']);
} else {
$this->directory = $config->data['MAIN']['DEFAULT'];
if (!isset($servers[$this->directory])) {
$this->directory = key($servers);
}
if (count($servers) > 1) {
$smarty->assign('show_directory_chooser', TRUE);
$smarty->assign('server_options', $servers);
$smarty->assign('server_id', $this->directory);
}
}
/* Set config to selected one */
$config->set_current($this->directory);
session::global_set('config', $config);
}
$this->activated = $this->readLdapConfig();
if (!$this->activated) { /* Password recovery has been disabled */
return;
}
if ($this->interactive) {
Language::init();
if (session::global_is_set('plist')) {
session::global_un_set('plist');
}
$ui = new userinfoNoAuth(get_class($this));
load_plist();
$ssl = $this->checkForSSL();
}
}
function loadConfig()
{
global $BASE_DIR;
/* Check if CONFIG_FILE is accessible */
if (!is_readable(CONFIG_DIR.'/'.CONFIG_FILE)) {
msg_dialog::display(_('Fatal error'),
sprintf(_('FusionDirectory configuration %s/%s is not readable. Aborted.'),
CONFIG_DIR, CONFIG_FILE), FATAL_ERROR_DIALOG);
exit();
}
/* Parse configuration file */
$config = new config(CONFIG_DIR.'/'.CONFIG_FILE, $BASE_DIR);
session::global_set('DEBUGLEVEL', $config->get_cfg_value('debuglevel'));
@DEBUG(DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, 'config');
return $config;
}
function setupSmarty()
{
global $config;
$smarty = get_smarty();
/* Set template compile directory */
$smarty->compile_dir = $config->get_cfg_value('templateCompileDirectory', SPOOL_DIR);
/* Check for compile directory */
if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
msg_dialog::display(_('Configuration error'),
sprintf(_("Directory '%s' specified as compile directory is not accessible!"),
$smarty->compile_dir),
FATAL_ERROR_DIALOG);
exit();
}
/* Check for old files in compile directory */
clean_smarty_compile_dir($smarty->compile_dir);
$smarty->assign('date', gmdate('D, d M Y H:i:s'));
$smarty->assign('params', '');
$smarty->assign('message', '');
$smarty->assign('changed', FALSE);
$smarty->assign('revision', FD_VERSION);
$smarty->assign('year', date('Y'));
$lang = session::global_get('lang');
$smarty->assign('lang', preg_replace('/_.*$/', '', $lang));
$smarty->assign('rtl', Language::isRTL($lang));
$smarty->assign('must', '<span class="must">*</span>');
$smarty->assign('usePrototype', 'FALSE');
}
function assignSmartyVars()
{
global $error_collector, $error_collector_mailto;
$smarty = get_smarty();
$smarty->assign('PHPSESSID', session_id());
if (session::is_set('errors')) {
$smarty->assign('errors', session::get('errors'));
}
if ($error_collector != '') {
$smarty->assign('php_errors', preg_replace('/%BUGBODY%/', $error_collector_mailto, $error_collector).'</div>');
} else {
$smarty->assign('php_errors', '');
}
$smarty->assign('msg_dialogs', msg_dialog::get_dialogs());
}
function checkForSSL()
{
global $config;
$smarty = get_smarty();
/* Check for SSL connection */
$ssl = '';
$smarty->assign('ssl', '');
if (!sslOn()) {
$ssl = sslUrl();
/* If SSL is forced, just forward to the SSL enabled site */
if ($config->get_cfg_value('forcessl') == 'TRUE') {
header("Location: $ssl");
exit;
} elseif ($config->get_cfg_value('warnssl') == 'TRUE') {
/* Display SSL mode warning? */
$smarty->assign ('ssl', sprintf(_('Warning: <a href="%s">Session is not encrypted!</a>'), $ssl));
}
}
return $ssl;
}
function getPageURL()
{
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) {
$protocol .= 's';
}
$port = '80';
if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) {
$port = $_SERVER['HTTP_X_FORWARDED_PORT'];
}
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
$protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
}
} else {
$host = $_SERVER['SERVER_NAME'];
$port = $_SERVER['SERVER_PORT'];
}
$pageURL = $protocol.'://';
$pageURL .= $host;
if ($port != '80') {
$pageURL .= ':'.$port;
}
if (empty($_SERVER['PATH_INFO'])) {
$pageURL .= $_SERVER['PHP_SELF'];
} else {
$pageURL .= $_SERVER['PATH_INFO'];
}
return $pageURL;
}
function encodeParams($keys)
{
$params = '';
foreach ($keys as $key) {
$params .= "&amp;$key=".urlencode($this->$key);
}
return preg_replace('/^&amp;/', '?', $params);
}
static function securityHeaders()
{
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: deny');
}
static function generateRandomHash()
{
/* Generate a very long random value */
$len = 56;
$base = 'ABCDEFGHKLMNOPQRSTWXYZabcdefghjkmnpqrstwxyz123456789';
$max = strlen($base) - 1;
$randomhash = '';
while (strlen($randomhash) < $len + 1) {
$randomhash .= $base{random_int(0, $max)};
}
return $randomhash;
}
}
......@@ -206,7 +206,7 @@ class template
$plugin->attributesAccess[$attr]->renderAttribute($attributesRendered, FALSE);
}
$smarty->assign('section', $class);
$smarty->assign('section', $this->tabObject->by_name[$class]);
$smarty->assign('sectionId', $class);
$smarty->assign('sectionClasses', ' fullwidth');
$smarty->assign('attributes', $attributesRendered);
......
......@@ -582,7 +582,7 @@ class userinfo
if ($attribute == "") {
foreach ($config->data['CATEGORIES'][$ocs]['classes'] as $oc) {
if (isset($subacl['acl'][$ocs.'/'.$oc])) {
// Skip ACLs wich are defined for ourselfs only - if not checking against ($ui->dn)
// Skip ACLs which are defined for ourselfs only - if not checking against ($ui->dn)
if (isset($subacl['acl'][$ocs.'/'.$oc][0]) &&
($dn != $this->dn) &&
(strpos($subacl['acl'][$ocs.'/'.$oc][0], "s") !== FALSE)) {
......@@ -1026,5 +1026,10 @@ class userinfo
{
return $this->sizeLimitHandler;
}
function getBase()
{
return get_base_from_people($this->dn);
}
}
?>
<?php
/*
This code is part of FusionDirectory (http://www.fusiondirectory.org/)
Copyright (C) 2017-2018 FusionDirectory
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*!
* \file class_userinfoNoAuth.inc
* Source code for the class userinfoNoAuth
*/
/*!
* \brief Class userinfoNoAuth
* This represents a fake user used by public pages such as password recovery or setup
*/
class userinfoNoAuth extends userinfo
{
function __construct($context = 'fake')
{
$this->cn = $context;
$this->dn = $context;
$this->uid = $context;
$this->ip = $_SERVER['REMOTE_ADDR'];
/* This fake user have all rights */
$this->ignoreACL = TRUE;
/* Initialize ACL_CACHE */
$this->reset_acl_cache();
}
function getBase()
{
global $config;
return $config->current['BASE'];
}
}
......@@ -267,7 +267,7 @@ class managementListing
$this->tryAndSetBase($parentBase);
} elseif ($action == 'HOME') {
$ui = get_userinfo();
$this->tryAndSetBase(get_base_from_people($ui->dn));
$this->tryAndSetBase($ui->getBase());
}
}
}
......@@ -355,7 +355,7 @@ class managementListing
}
/* Check if we are in users home department */
if (!count($deps) || ($this->base == get_base_from_people($ui->dn)) || !in_array_ics(get_base_from_people($ui->dn), $deps)) {
if (!count($deps) || ($this->base == $ui->getBase()) || !in_array_ics($ui->getBase(), $deps)) {
$enableHome = FALSE;
}
......
......@@ -61,7 +61,7 @@ class BaseSelectorAttribute extends Attribute
}
if ($this->plugin->dn == "new") {
$ui = get_userinfo();
$this->setValue(dn2base(session::global_is_set("CurrentMainBase") ? "cn=dummy,".session::global_get("CurrentMainBase") : $ui->dn));
$this->setValue(session::global_is_set("CurrentMainBase") ? session::global_get("CurrentMainBase") : $ui->getBase());
} else {
$this->setValue(dn2base($this->plugin->dn, $this->ou));
}
......
......@@ -21,23 +21,6 @@
require_once("class_setupStep.inc");
class fake_userinfo extends userinfo
{
function __construct()
{
$this->cn = 'fake_cn';
$this->dn = 'fake_dn';
$this->uid = 'fake_uid';
$this->ip = $_SERVER['REMOTE_ADDR'];
/* This fake user have all rights */
$this->ignoreACL = TRUE;
/* Initialize ACL_CACHE */
$this->reset_acl_cache();
}
}
class setup
{
/* Number of setup steps */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment