wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Require password confirmation for user management

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2016-10-25 13:05:13 +02:00 committed by Lukas Reschke
parent 410e0fc28f
commit 2fd2e45e42
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
6 changed files with 74 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
settings/Controller/ChangePasswordController.php
View file

@ -131,6 +131,7 @@ class ChangePasswordController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $password

2
settings/Controller/GroupsController.php
View file

@ -95,6 +95,7 @@ class GroupsController extends Controller {
}
/**
* @PasswordConfirmationRequired
* @param string $id
* @return DataResponse
*/
@ -128,6 +129,7 @@ class GroupsController extends Controller {
}
/**
* @PasswordConfirmationRequired
* @param string $id
* @return DataResponse
*/

3
settings/Controller/UsersController.php
View file

@ -301,6 +301,7 @@ class UsersController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $password
@ -433,6 +434,7 @@ class UsersController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $id
* @return DataResponse
@ -616,6 +618,7 @@ class UsersController extends Controller {
*
* @NoAdminRequired
* @NoSubadminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $displayName

7
settings/ajax/togglegroups.php
View file

@ -28,6 +28,13 @@
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
exit();
}
$success = true;
$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

7
settings/ajax/togglesubadmins.php
View file

@ -24,6 +24,13 @@
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
exit();
}
$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

68
settings/js/users/users.js
View file

@ -353,6 +353,14 @@ var UserList = {
$userListBody.on('click', '.delete', function () {
// Call function for handling delete/undo
var uid = UserList.getUID(this);
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
UserDeleteHandler.mark(uid);
});
return;
}
UserDeleteHandler.mark(uid);
});
@ -405,6 +413,11 @@ var UserList = {
},
applyGroupSelect: function (element, user, checked) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.applySubadminSelect, this, arguments));
return;
}
var $element = $(element);
var checkHandler = null;
@ -467,6 +480,11 @@ var UserList = {
},
applySubadminSelect: function (element, user, checked) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.applySubadminSelect, this, arguments));
return;
}
var $element = $(element);
var checkHandler = function (group) {
if (group === 'admin') {
@ -478,7 +496,10 @@ var UserList = {
username: user,
group: group
},
function () {
function (response) {
if (response.data.message) {
OC.Notification.show(response.data.message);
}
}
);
};
@ -635,6 +656,27 @@ $(document).ready(function () {
// TODO: move other init calls inside of initialize
UserList.initialize($('#userlist'));
var _submitPasswordChange = function(uid, password, recoveryPasswordVal) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
_submitPasswordChange(uid, password, recoveryPasswordVal);
});
return;
}
$.post(
OC.generateUrl('/settings/users/changepassword'),
{username: uid, password: password, recoveryPassword: recoveryPasswordVal},
function (result) {
if (result.status === 'success') {
OC.Notification.showTemporary(t('admin', 'Password successfully changed'));
} else {
OC.Notification.showTemporary(t('admin', result.data.message));
}
}
);
};
$userListBody.on('click', '.password', function (event) {
event.stopPropagation();
@ -657,17 +699,7 @@ $(document).ready(function () {
if (event.keyCode === 13) {
if ($(this).val().length > 0) {
var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
$.post(
OC.generateUrl('/settings/users/changepassword'),
{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
function (result) {
if (result.status === 'success') {
OC.Notification.showTemporary(t('admin', 'Password successfully changed'));
} else {
OC.Notification.showTemporary(t('admin', result.data.message));
}
}
);
_submitPasswordChange(uid, $(this).val(), recoveryPasswordVal);
$input.blur();
} else {
$input.blur();
@ -796,7 +828,14 @@ $(document).ready(function () {
});
UserList._updateGroupListLabel($('#newuser .groups'), []);
$('#newuser').submit(function (event) {
var _submitNewUserForm = function (event) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
_submitNewUserForm(event);
});
return;
}
event.preventDefault();
var username = $('#newusername').val();
var password = $('#newuserpassword').val();
@ -866,7 +905,8 @@ $(document).ready(function () {
$('#newuser').get(0).reset();
});
});
});
}
$('#newuser').submit(_submitNewUserForm);
if ($('#CheckboxStorageLocation').is(':checked')) {
$("#userlist .storageLocation").show();