1
0
mirror of https://github.com/moparisthebest/user_sql synced 2024-12-21 15:08:49 -05:00

Password changing must be explicitly enabled now.

Push to 1.1
This commit is contained in:
Andreas Boehler 2014-12-29 10:56:36 +01:00
parent 80ce4728eb
commit 3aa9c2020f
6 changed files with 24 additions and 4 deletions

View File

@ -9,6 +9,10 @@ Enable it in your Admin -> Apps section and configure your server's details.
Currently, it supports most of postfixadmin's encryption options, except dovecot and saslauthd. Currently, it supports most of postfixadmin's encryption options, except dovecot and saslauthd.
It was tested and developed for a postfixadmin database. It was tested and developed for a postfixadmin database.
Password changing is disabled by default, but can be enabled in the Admin area.
Caution: user_sql does not recreate password salts, which imposes a security risk.
Password salts should be newly generated whenever the password changes.
Credits Credits
* Johan Hendriks provided his user_postfixadmin * Johan Hendriks provided his user_postfixadmin

View File

@ -14,7 +14,7 @@ $l = new OC_L10N('use_sql');
$params = array('sql_host', 'sql_user', 'sql_database', 'sql_password', $params = array('sql_host', 'sql_user', 'sql_database', 'sql_password',
'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type', 'sql_table', 'sql_column_username', 'sql_column_password', 'sql_type',
'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type', 'sql_column_active', 'strip_domain', 'default_domain', 'crypt_type',
'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array'); 'sql_column_displayname', 'domain_settings', 'map_array', 'domain_array', 'allow_password_change');
if(isset($_POST['appname']) && $_POST['appname'] == "user_sql") if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
{ {
@ -25,7 +25,12 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
if($param === 'strip_domain') if($param === 'strip_domain')
{ {
OCP\Config::setAppValue('user_sql', 'strip_domain', true); OCP\Config::setAppValue('user_sql', 'strip_domain', true);
} else }
elseif($param ==='allow_password_change')
{
OCP\Config::setAppValue('user_sql', 'allow_password_change', true);
}
else
{ {
OCP\Config::setAppValue('user_sql', $param, $_POST[$param]); OCP\Config::setAppValue('user_sql', $param, $_POST[$param]);
} }
@ -35,6 +40,10 @@ if(isset($_POST['appname']) && $_POST['appname'] == "user_sql")
{ {
OCP\Config::setAppValue('user_sql', 'strip_domain', false); OCP\Config::setAppValue('user_sql', 'strip_domain', false);
} }
elseif($param === 'allow_password_change')
{
OCP\Config::setAppValue('user_sql', 'allow_password_change', false);
}
} }
} }
} else } else

View File

@ -1 +1 @@
1.0 1.1

View File

@ -53,6 +53,7 @@ $tmpl -> assign('sql_column_displayname', OCP\Config::getAppValue('user_sql', 's
$tmpl -> assign('map_array', OCP\Config::getAppValue('user_sql', 'map_array', '')); $tmpl -> assign('map_array', OCP\Config::getAppValue('user_sql', 'map_array', ''));
$tmpl -> assign('domain_array', OCP\Config::getAppValue('user_sql', 'domain_array', '')); $tmpl -> assign('domain_array', OCP\Config::getAppValue('user_sql', 'domain_array', ''));
$tmpl -> assign('domain_settings', OCP\Config::getAppValue('user_sql', 'domain_settings', '')); $tmpl -> assign('domain_settings', OCP\Config::getAppValue('user_sql', 'domain_settings', ''));
$tmpl -> assign('allow_password_change', OCP\Config::getAppValue('user_sql', 'allow_password_change', 0));
// workaround to detect OC version // workaround to detect OC version
$ocVersion = @reset(OCP\Util::getVersion()); $ocVersion = @reset(OCP\Util::getVersion());
$tmpl -> assign('ocVersion', $ocVersion); $tmpl -> assign('ocVersion', $ocVersion);

View File

@ -42,6 +42,10 @@ $cfgClass = $ocVersion >= 7 ? 'section' : 'personalblock';
<table> <table>
<tr><td><label for="sql_column_username"><?php echo $l -> t('Username Column'); ?></label></td><td><input type="text" id="sql_column_username" name="sql_column_username" value="<?php echo $_['sql_column_username']; ?>" /></td></tr> <tr><td><label for="sql_column_username"><?php echo $l -> t('Username Column'); ?></label></td><td><input type="text" id="sql_column_username" name="sql_column_username" value="<?php echo $_['sql_column_username']; ?>" /></td></tr>
<tr><td><label for="sql_column_password"><?php echo $l -> t('Password Column'); ?></label></td><td><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></td></tr> <tr><td><label for="sql_column_password"><?php echo $l -> t('Password Column'); ?></label></td><td><input type="text" id="sql_column_password" name="sql_column_password" value="<?php echo $_['sql_column_password']; ?>" /></td></tr>
<tr><td><label for="sql_allow_password_change"><?php echo $l -> t('Allow password changing (read README!)'); ?></label></td><td><input type="checkbox" id="allow_password_change" name="allow_password_change" value="1"<?php
if($_['allow_password_change'])
echo ' checked';
?> title="Allow changing passwords. Imposes a security risk as password salts are not recreated"></td></tr>
<tr><td><label for="sql_column_displayname"><?php echo $l -> t('Real Name Column'); ?></label></td><td><input type="text" id="sql_column_displayname" name="sql_column_displayname" value="<?php echo $_['sql_column_displayname']; ?>" /></td></tr> <tr><td><label for="sql_column_displayname"><?php echo $l -> t('Real Name Column'); ?></label></td><td><input type="text" id="sql_column_displayname" name="sql_column_displayname" value="<?php echo $_['sql_column_displayname']; ?>" /></td></tr>
<tr><td><label for="crypt_type"><?php echo $l -> t('Encryption Type'); ?></label></td> <tr><td><label for="crypt_type"><?php echo $l -> t('Encryption Type'); ?></label></td>
<?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256'); ?> <?php $crypt_types = array('md5' => 'MD5', 'md5crypt' => 'MD5 Crypt', 'cleartext' => 'Cleartext', 'mysql_encrypt' => 'mySQL ENCRYPT()', 'system' => 'System (crypt)', 'mysql_password' => 'mySQL PASSWORD()', 'joomla' => 'Joomla MD5 Encryption', 'joomla2' => 'Joomla > 2.5.18 phpass', 'ssha256' => 'Salted SSHA256'); ?>

View File

@ -48,6 +48,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
protected $domain_settings; protected $domain_settings;
protected $domain_array; protected $domain_array;
protected $map_array; protected $map_array;
protected $allow_password_change;
public function __construct() public function __construct()
{ {
@ -65,6 +66,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
$this -> sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', ''); $this -> sql_type = OCP\Config::getAppValue('user_sql', 'sql_type', '');
$this -> default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', ''); $this -> default_domain = OCP\Config::getAppValue('user_sql', 'default_domain', '');
$this -> strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0); $this -> strip_domain = OCP\Config::getAppValue('user_sql', 'strip_domain', 0);
$this -> allow_password_change = OCP\Config::getAppValue('user_sql', 'allow_password_change', 0);
$this -> crypt_type = OCP\Config::getAppValue('user_sql', 'crypt_type', 'md5crypt'); $this -> crypt_type = OCP\Config::getAppValue('user_sql', 'crypt_type', 'md5crypt');
$this -> domain_settings = OCP\Config::getAppValue('user_sql', 'domain_settings', 'none'); $this -> domain_settings = OCP\Config::getAppValue('user_sql', 'domain_settings', 'none');
$this -> domain_array = explode(",", OCP\Config::getAppValue('user_sql', 'domain_array', '')); $this -> domain_array = explode(",", OCP\Config::getAppValue('user_sql', 'domain_array', ''));
@ -153,7 +155,7 @@ class OC_USER_SQL extends OC_User_Backend implements OC_User_Interface
// Update the user's password - this might affect other services, that // Update the user's password - this might affect other services, that
// use the same database, as well // use the same database, as well
OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG); OC_Log::write('OC_USER_SQL', "Entering setPassword for UID: $uid", OC_Log::DEBUG);
if(!$this -> db_conn) if(!$this -> db_conn || !$this->allow_password_change)
{ {
return false; return false;
} }