gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2023-08-25 12:37:36 +02:00
commit 0c99740d25
8 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
conf/settings.xml.template
View File

@ -120,6 +120,7 @@
- restricted: Restricted access: only allow users to log in if they have an entry in the local database (irrespective of successful authentication with LDAP). - restricted: Restricted access: only allow users to log in if they have an entry in the local database (irrespective of successful authentication with LDAP).
- enableUserImage: enable users images - enableUserImage: enable users images
- disableSelfEdit: if true user cannot edit his own profile - disableSelfEdit: if true user cannot edit his own profile
- disableChangePassword: if true user cannot change the password
- passwordStrength: minimum strength of password, set to 0 to disable - passwordStrength: minimum strength of password, set to 0 to disable
- passwordStrengthAlgorithm: algorithm used to calculate password strenght (simple or advanced) - passwordStrengthAlgorithm: algorithm used to calculate password strenght (simple or advanced)
- passwordExpiration: number of days after password expires - passwordExpiration: number of days after password expires
@ -137,6 +138,7 @@
restricted = "true" restricted = "true"
enableUserImage = "false" enableUserImage = "false"
disableSelfEdit = "false" disableSelfEdit = "false"
disableChangePassword = "false"
passwordStrength = "0" passwordStrength = "0"
passwordStrengthAlgorithm = "simple" passwordStrengthAlgorithm = "simple"
passwordExpiration = "0" passwordExpiration = "0"
@ -168,6 +170,7 @@
bindDN = "" bindDN = ""
bindPw = "" bindPw = ""
filter = "" filter = ""
groupField = ""
/> />
<!-- ***** CONNECTOR Microsoft Active Directory ***** <!-- ***** CONNECTOR Microsoft Active Directory *****
- enable: enable/disable connector - enable: enable/disable connector
@ -189,6 +192,8 @@
accountDomainName = "example.com" accountDomainName = "example.com"
bindDN = "" bindDN = ""
bindPw = "" bindPw = ""
filter = ""
groupField = ""
/> />
</connectors> </connectors>
</authentication> </authentication>

13
inc/inc.ClassAuthenticationService.php
View File

@ -63,6 +63,19 @@ class SeedDMS_AuthenticationService {
return $this->errors; return $this->errors;
} /* }}} */ } /* }}} */
/**
* Run each authentication service
*
* This method calls authenticate() of each authentication service and
* evaluates the returned value.
* If the authentication method returns false (some internal error which
* prevented to check authentication at all), this method will return
* false imediately, in case of null (no valid authentication) the next
* service will be tried and in all other cases the value will be returned.
*
* @param string $username name of user
* @param string $password password of user
*/
public function authenticate($username, $password) { /* {{{ */ public function authenticate($username, $password) { /* {{{ */
$user = null; $user = null;
foreach($this->services as $name => $service) { foreach($this->services as $name => $service) {

12
inc/inc.ClassLdapAuthentication.php
View File

@ -110,6 +110,9 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
if (!is_bool($ds)) { if (!is_bool($ds)) {
/* Check if ldap base dn is set, and use ldap server if it is */ /* Check if ldap base dn is set, and use ldap server if it is */
/* $tmpDN will be set to a 'wild' guess how the user's dn might
* look like if searching for that user didn't return a dn.
*/
if (isset($settings->_ldapBaseDN)) { if (isset($settings->_ldapBaseDN)) {
$ldapSearchAttribut = "uid="; $ldapSearchAttribut = "uid=";
$tmpDN = "uid=".$username.",".$settings->_ldapBaseDN; $tmpDN = "uid=".$username.",".$settings->_ldapBaseDN;
@ -164,7 +167,14 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
} }
/* If the previous bind failed, try it with the users creditionals /* If the previous bind failed, try it with the users creditionals
* by simply setting $dn to a default string * by simply setting $dn to a guessed dn (see above)
* FIXME: This is probably a bad idea because users filtered out
* may still be able to authenticate, because $tmpDN could be a
* valid DN. Example: if baseDN is 'dc=seeddms,dc=org' and the
* user 'test' logs in, then $tmpDN will be 'uid=test,dc=seeddms,dc=org'
* If that user was filtered out, because filter was set to '(mail=*)'
* and the user doesn't have a mail address, then $dn will not be
* set and $tmpDN will be used instead, allowing a successfull bind.
*/ */
if (is_bool($dn)) { if (is_bool($dn)) {
$dn = $tmpDN; $dn = $tmpDN;

4
inc/inc.ClassSettings.php
View File

@ -49,6 +49,8 @@ class Settings { /* {{{ */
var $_enable2FactorAuthentication = false; var $_enable2FactorAuthentication = false;
// Allow users to reset their password // Allow users to reset their password
var $_enablePasswordForgotten = false; var $_enablePasswordForgotten = false;
// Do not allow users to change password
var $_disableChangePassword = false;
// Minimum password strength (0 - x, 0 means no check) // Minimum password strength (0 - x, 0 means no check)
var $_passwordStrength = 0; var $_passwordStrength = 0;
// Password strength algorithm (simple, advanced) // Password strength algorithm (simple, advanced)
@ -678,6 +680,7 @@ class Settings { /* {{{ */
$this->_restricted = Settings::boolVal($tab["restricted"]); $this->_restricted = Settings::boolVal($tab["restricted"]);
$this->_enableUserImage = Settings::boolVal($tab["enableUserImage"]); $this->_enableUserImage = Settings::boolVal($tab["enableUserImage"]);
$this->_disableSelfEdit = Settings::boolVal($tab["disableSelfEdit"]); $this->_disableSelfEdit = Settings::boolVal($tab["disableSelfEdit"]);
$this->_disableChangePassword = Settings::boolVal($tab["disableChangePassword"]);
} }
// XML Path: /configuration/system/authentication/connectors/connector // XML Path: /configuration/system/authentication/connectors/connector
@ -1069,6 +1072,7 @@ class Settings { /* {{{ */
$this->setXMLAttributValue($node, "restricted", $this->_restricted); $this->setXMLAttributValue($node, "restricted", $this->_restricted);
$this->setXMLAttributValue($node, "enableUserImage", $this->_enableUserImage); $this->setXMLAttributValue($node, "enableUserImage", $this->_enableUserImage);
$this->setXMLAttributValue($node, "disableSelfEdit", $this->_disableSelfEdit); $this->setXMLAttributValue($node, "disableSelfEdit", $this->_disableSelfEdit);
$this->setXMLAttributValue($node, "disableChangePassword", $this->_disableChangePassword);
// XML Path: /configuration/system/authentication/connectors // XML Path: /configuration/system/authentication/connectors
foreach($this->_usersConnectors as $keyConn => $paramConn) foreach($this->_usersConnectors as $keyConn => $paramConn)

1
op/op.Settings.php
View File

@ -201,6 +201,7 @@ if ($action == "saveSettings")
setBoolValue("restricted"); setBoolValue("restricted");
setBoolValue("enableUserImage"); setBoolValue("enableUserImage");
setBoolValue("disableSelfEdit"); setBoolValue("disableSelfEdit");
setBoolValue("disableChangePassword");
setBoolValue("enablePasswordForgotten"); setBoolValue("enablePasswordForgotten");
setIntValue("passwordStrength"); setIntValue("passwordStrength");
setStrValue("passwordStrengthAlgorithm"); setStrValue("passwordStrengthAlgorithm");

1
out/out.EditUserData.php
View File

@ -48,6 +48,7 @@ if($view) {
$view->setParam('enablelanguageselector', $settings->_enableLanguageSelector); $view->setParam('enablelanguageselector', $settings->_enableLanguageSelector);
$view->setParam('enablethemeselector', $settings->_enableThemeSelector); $view->setParam('enablethemeselector', $settings->_enableThemeSelector);
$view->setParam('passwordstrength', $settings->_passwordStrength); $view->setParam('passwordstrength', $settings->_passwordStrength);
$view->setParam('disablechangepassword', $settings->_disableChangePassword);
$view->setParam('httproot', $settings->_httpRoot); $view->setParam('httproot', $settings->_httpRoot);
$view->setParam('accessobject', $accessop); $view->setParam('accessobject', $accessop);
$view($_GET); $view($_GET);

3
views/bootstrap/class.EditUserData.php
View File

@ -75,6 +75,7 @@ $(document).ready( function() {
$enablelanguageselector = $this->params['enablelanguageselector']; $enablelanguageselector = $this->params['enablelanguageselector'];
$enablethemeselector = $this->params['enablethemeselector']; $enablethemeselector = $this->params['enablethemeselector'];
$passwordstrength = $this->params['passwordstrength']; $passwordstrength = $this->params['passwordstrength'];
$disablechangepassword = $this->params['disablechangepassword'];
$httproot = $this->params['httproot']; $httproot = $this->params['httproot'];
$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js'); $this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js');
@ -102,6 +103,7 @@ $(document).ready( function() {
'required'=>true 'required'=>true
) )
); );
if(!$disablechangepassword) {
$this->formField( $this->formField(
getMLText("new_password"), getMLText("new_password"),
'<input class="form-control pwd" type="password" rel="strengthbar" id="pwd" name="pwd" size="30">' '<input class="form-control pwd" type="password" rel="strengthbar" id="pwd" name="pwd" size="30">'
@ -122,6 +124,7 @@ $(document).ready( function() {
'autocomplete'=>'off', 'autocomplete'=>'off',
) )
); );
}
$this->formField( $this->formField(
getMLText("name"), getMLText("name"),
array( array(

1
views/bootstrap/class.Settings.php
View File

@ -457,6 +457,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk))
<?php $this->showConfigCheckbox('settings_restricted', 'restricted'); ?> <?php $this->showConfigCheckbox('settings_restricted', 'restricted'); ?>
<?php $this->showConfigCheckbox('settings_enableUserImage', 'enableUserImage'); ?> <?php $this->showConfigCheckbox('settings_enableUserImage', 'enableUserImage'); ?>
<?php $this->showConfigCheckbox('settings_disableSelfEdit', 'disableSelfEdit'); ?> <?php $this->showConfigCheckbox('settings_disableSelfEdit', 'disableSelfEdit'); ?>
<?php $this->showConfigCheckbox('settings_disableChangePassword', 'disableChangePassword'); ?>
<?php $this->showConfigCheckbox('settings_enablePasswordForgotten', 'enablePasswordForgotten'); ?> <?php $this->showConfigCheckbox('settings_enablePasswordForgotten', 'enablePasswordForgotten'); ?>
<?php $this->showConfigText('settings_passwordStrength', 'passwordStrength'); ?> <?php $this->showConfigText('settings_passwordStrength', 'passwordStrength'); ?>
<?php $this->showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?> <?php $this->showConfigOption('settings_passwordStrengthAlgorithm', 'passwordStrengthAlgorithm', array('simple'=>'settings_passwordStrengthAlgorithm_valsimple', 'advanced'=>'settings_passwordStrengthAlgorithm_valadvanced'), false, true); ?>