[icinga-checkins] icinga.org: icingaweb2/feature/change-password-10616: Allow users to change their password if backend is db

git at icinga.org git at icinga.org
Thu Jul 21 17:38:38 CEST 2016


Module: icingaweb2
Branch: feature/change-password-10616
Commit: e62d94209f9f4016d2eac5b9afa3ef949624756d
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=e62d94209f9f4016d2eac5b9afa3ef949624756d

Author: Eric Lippmann <eric.lippmann at netways.de>
Date:   Thu Jul 21 17:38:19 2016 +0200

Allow users to change their password if backend is db

refs #10616

---

 application/controllers/AccountController.php    |   17 +++
 application/forms/Account/ChangePasswordForm.php |  123 ++++++++++++++++++++++
 application/views/scripts/account/index.phtml    |   11 +-
 library/Icinga/Authentication/AuthChain.php      |    2 +
 4 files changed, 150 insertions(+), 3 deletions(-)

diff --git a/application/controllers/AccountController.php b/application/controllers/AccountController.php
index 378848b..25bc977 100644
--- a/application/controllers/AccountController.php
+++ b/application/controllers/AccountController.php
@@ -4,7 +4,10 @@
 namespace Icinga\Controllers;
 
 use Icinga\Application\Config;
+use Icinga\Authentication\User\UserBackend;
 use Icinga\Data\ConfigObject;
+use Icinga\Exception\ConfigurationError;
+use Icinga\Forms\Account\ChangePasswordForm;
 use Icinga\Forms\PreferenceForm;
 use Icinga\User\Preferences\PreferencesStore;
 use Icinga\Web\Controller;
@@ -39,6 +42,20 @@ class AccountController extends Controller
     {
         $config = Config::app()->getSection('global');
         $user = $this->Auth()->getUser();
+        if ($user->getAdditional('backend_type') === 'db') {
+            try {
+                $userBackend = UserBackend::create($user->getAdditional('backend_name'));
+            } catch (ConfigurationError $e) {
+                $userBackend = null;
+            }
+            if ($userBackend !== null) {
+                $changePasswordForm = new ChangePasswordForm();
+                $changePasswordForm
+                    ->setBackend($userBackend)
+                    ->handleRequest();
+                $this->view->changePasswordForm = $changePasswordForm;
+            }
+        }
 
         $form = new PreferenceForm();
         $form->setPreferences($user->getPreferences());
diff --git a/application/forms/Account/ChangePasswordForm.php b/application/forms/Account/ChangePasswordForm.php
new file mode 100644
index 0000000..60c5860
--- /dev/null
+++ b/application/forms/Account/ChangePasswordForm.php
@@ -0,0 +1,123 @@
+<?php
+/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Forms\Account;
+
+use Icinga\Authentication\User\DbUserBackend;
+use Icinga\Data\Filter\Filter;
+use Icinga\User;
+use Icinga\Web\Form;
+use Icinga\Web\Notification;
+
+/**
+ * Form for changing user passwords
+ */
+class ChangePasswordForm extends Form
+{
+    /**
+     * The user backend
+     *
+     * @var DbUserBackend
+     */
+    protected $backend;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function init()
+    {
+        $this->setSubmitLabel($this->translate('Update Account'));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function createElements(array $formData)
+    {
+        $this->addElement(
+            'password',
+            'old_password',
+            array(
+                'label'         => $this->translate('Old Password'),
+                'required'      => true
+            )
+        );
+        $this->addElement(
+            'password',
+            'new_password',
+            array(
+                'label'         => $this->translate('New Password'),
+                'required'      => true
+            )
+        );
+        $this->addElement(
+            'password',
+            'new_password_confirmation',
+            array(
+                'label'         => $this->translate('Confirm New Password'),
+                'required'      => true,
+                'validators'        => array(
+                    array('identical', false, array('new_password'))
+                )
+            )
+        );
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function onSuccess()
+    {
+        $backend = $this->getBackend();
+        $backend->update(
+            $backend->getBaseTable(),
+            array('password' => $this->getElement('new_password')->getValue()),
+            Filter::where('user_name', $this->Auth()->getUser()->getUsername())
+        );
+        Notification::success($this->translate('Account updated'));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isValid($formData)
+    {
+        $valid = parent::isValid($formData);
+        if (! $valid) {
+            return false;
+        }
+
+        $oldPasswordEl = $this->getElement('old_password');
+
+        if (! $this->backend->authenticate($this->Auth()->getUser(), $oldPasswordEl->getValue())) {
+            $oldPasswordEl->addError($this->translate('Old password is invalid'));
+            $this->markAsError();
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Get the user backend
+     *
+     * @return  DbUserBackend
+     */
+    public function getBackend()
+    {
+        return $this->backend;
+    }
+
+    /**
+     * Set the user backend
+     *
+     * @param   DbUserBackend $backend
+     *
+     * @return  $this
+     */
+    public function setBackend(DbUserBackend $backend)
+    {
+        $this->backend = $backend;
+        return $this;
+    }
+}
diff --git a/application/views/scripts/account/index.phtml b/application/views/scripts/account/index.phtml
index 4ca5e68..efc2bcb 100644
--- a/application/views/scripts/account/index.phtml
+++ b/application/views/scripts/account/index.phtml
@@ -1,6 +1,11 @@
 <div class="controls">
-    <?= $tabs; ?>
+    <?= $tabs ?>
 </div>
 <div class="content">
-    <?= $form; ?>
-</div>
\ No newline at end of file
+<?php if (isset($changePasswordForm)): ?>
+    <h1><?= $this->translate('Account') ?></h1>
+    <?= $changePasswordForm ?>
+<?php endif ?>
+    <h1><?= $this->translate('Preferences') ?></h1>
+    <?= $form ?>
+</div>
diff --git a/library/Icinga/Authentication/AuthChain.php b/library/Icinga/Authentication/AuthChain.php
index c2cf8b9..396e947 100644
--- a/library/Icinga/Authentication/AuthChain.php
+++ b/library/Icinga/Authentication/AuthChain.php
@@ -118,6 +118,8 @@ class AuthChain implements Authenticatable, Iterator
                 continue;
             }
             if ($authenticated) {
+                $user->setAdditional('backend_name', $backend->getName());
+                $user->setAdditional('backend_type', $this->config->current()->get('backend'));
                 return true;
             }
         }



More information about the icinga-checkins mailing list