Maintenance - Mise à jour mensuelle Lundi 6 Avril 2020 entre 7h00 et 9h00

Commit 416a939c authored by Penom Nom's avatar Penom Nom

Password hashing using salted blowfish method (from typo3 saltedpasswords extension).

Send a validation email on user updating
parent d1671a54
......@@ -106,6 +106,7 @@ if __name__ == '__main__':
f.write("$TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa';\n")
f.write("$TYPO3_CONF_VARS['FE']['loginSecurityLevel'] = 'rsa';\n")
f.write("$TYPO3_CONF_VARS['EXT']['extList_FE'] = 'extbase,css_styled_content,fluid,version,install,rtehtmlarea,t3skin,felogin,form,rsaauth,saltedpasswords,nG6';\n")
f.write("""$TYPO3_CONF_VARS['EXT']['extConf']['saltedpasswords'] = 'a:2:{s:3:"FE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:33:"tx_saltedpasswords_salts_blowfish";}s:3:"BE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:33:"tx_saltedpasswords_salts_blowfish";}}';\n""")
f.write("$TYPO3_CONF_VARS['BE']['disable_exec_function'] = '0';\n")
f.write("$TYPO3_CONF_VARS['GFX']['gdlib_png'] = '0';\n")
f.write("$TYPO3_CONF_VARS['GFX']['im_combine_filename'] = 'composite';\n")
......@@ -117,7 +118,7 @@ if __name__ == '__main__':
# Testing unzip binary path :
f.write("$TYPO3_CONF_VARS['BE']['unzip_path'] = 'unzip';\n")
f.write("?>\n")
#template html
with open( os.path.join(args["web_path"], "fileadmin", "templates", "nG6template","index.html")) as f:
template = f.readlines()
......@@ -137,7 +138,7 @@ if __name__ == '__main__':
ng6_tables.append(res.group(1))
database[iline] = re.sub("class=\"homeitem\"><a href=\"([\w/]+)\">", "class=\"homeitem\"><a href=\"/" + os.path.basename(args["web_path"]) + "\">",database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi1.data=([\w/.-]+)", "plugin.tx_nG6_pi1.data=" + fileadmin, database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi1.FromEmail=@", "plugin.tx_nG6_pi1.FromEmail=" + args["email"], database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi1.FromEmail=[\w\.]+\@[\w\.]+", "plugin.tx_nG6_pi1.FromEmail=" + args["email"], database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi5.temp=([\w/.-]+)", "plugin.tx_nG6_pi5.temp=" + fileadmin + "/tmp", database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi5.data=([\w/.-]+)", "plugin.tx_nG6_pi5.data=" + fileadmin + "/data", database[iline])
database[iline] = re.sub("plugin.tx_nG6_pi5.directory_prefix=([\w/.-]+)", "plugin.tx_nG6_pi5.directory_prefix=" + ng6reader.get("storage", "work_directory"), database[iline])
......
......@@ -477,7 +477,6 @@ class tx_nG6_eid {
$last_name = trim(t3lib_div::_GP('last_name'));
$password = trim(t3lib_div::_GP('password'));
$cruser_id = trim(t3lib_div::_GP('creator'));
$clearpassword = trim(t3lib_div::_GP('clearpassword'));
$from_email = trim(t3lib_div::_GP('from_email'));
$pid = trim(t3lib_div::_GP('pid'));
$project_url = trim(t3lib_div::_GP('project_url'));
......@@ -501,7 +500,7 @@ class tx_nG6_eid {
$create_user_email = trim(t3lib_div::_GP('create_user_email'));
$create_user_title = trim(t3lib_div::_GP('create_user_title'));
$res_code = tx_nG6_db::add_user($user_name, $first_name, $last_name, $email, $password, $cruser_id, $group_id, $pid);
$res_code = tx_nG6_db::add_user($user_name, $first_name, $last_name, $email, tx_nG6_utils::hash_password($password), $cruser_id, $group_id, $pid);
if ($res_code == 0) {
// find the new user id
......@@ -515,7 +514,7 @@ class tx_nG6_eid {
$message = str_replace("###USER_FIRST_NAME###", $first_name, $create_user_email);
$message = str_replace("###USER_LAST_NAME###", $last_name, $message);
$message = str_replace("###USER_LOGIN###", $user_name, $message);
$message = str_replace("###USER_PASSWORD###", $clearpassword, $message);
$message = str_replace("###USER_PASSWORD###", $password, $message);
$message = str_replace("###PROJECT_LINK###", $project_url, $message);
$msg_table = explode('\n', $message);
$message = implode("\n", $msg_table);
......@@ -570,17 +569,44 @@ class tx_nG6_eid {
$group_name = trim(t3lib_div::_GP('title'));
$location = trim(t3lib_div::_GP('location'));
$organism = trim(t3lib_div::_GP('organism'));
$id = trim(t3lib_div::_GP('id'));
$user_id = trim(t3lib_div::_GP('id'));
$password = trim(t3lib_div::_GP('password'));
$clearpassword = trim(t3lib_div::_GP('clearpassword'));
$cruser_id = trim(t3lib_div::_GP('creator'));
if ( tx_nG6_db::update_user($id, $first_name, $last_name, $email, $group_name, $organism, $location, $password) == 1 ) {
print '1';
}
else {
print '2';
}
$cruser_id = trim(t3lib_div::_GP('creator'));
$send_an_email = filter_var(trim(t3lib_div::_GP('send_an_email')), FILTER_VALIDATE_BOOLEAN);
$from_email = trim(t3lib_div::_GP('from_email'));
$updated = tx_nG6_db::update_user($user_id, $first_name, $last_name, $email, $group_name, $organism, $location, tx_nG6_utils::hash_password($password)) ;
$nb_updated = count($updated);
if ( $nb_updated > 0 && $send_an_email){
$user_infos = tx_nG6_db::get_user_informations($user_id);
$email = $user_infos['email'];
$first_name = $user_infos['first_name'];
$last_name = $user_infos['last_name'];
$mail_title = "[NG6]Your user informations have been updated.";
$mail_content = "Dear " . $first_name . " " . $last_name . ",\n\nSome of your personnal informations have been updated : \n\n";
if ($email != ''){
foreach($updated as $key => $value){
if($key == 'password'){
$mail_content .= 'password' . "\t: " . $password . "\n" ;
}
elseif ($key == 'usergroup'){
$mail_content .= 'title' . "\t: " . $group_name . "\n" ;
$mail_content .= 'location' . "\t: " . $location . "\n" ;
$mail_content .= 'organism' . "\t: " . $organism . "\n" ;
}
else {
$mail_content .= ucwords(str_replace("_", " ", $key)) . "\t: " . $value . "\n" ;
}
}
$mail_content .= "\nThe NG6 team";
mail($email, $mail_title, $mail_content, "From: <".$from_email.">");
}
}
print $nb_updated;
}
else if ($type == 'get_user_group'){
$id = trim(t3lib_div::_GP('id'));
......@@ -683,7 +709,7 @@ class tx_nG6_eid {
trim(t3lib_div::_GP('first_name')),
trim(t3lib_div::_GP('last_name')),
trim(t3lib_div::_GP('email')),
trim(t3lib_div::_GP('password')),
tx_nG6_utils::hash_password(trim(t3lib_div::_GP('password'))),
trim(t3lib_div::_GP('pid')),
trim(t3lib_div::_GP('project_name')),
trim(t3lib_div::_GP('description'))
......
......@@ -2067,32 +2067,41 @@ class tx_nG6_db {
*
* @param $id the id of the user to update
* @param array $user_data the user array
* @return
*/
function update_user( $id , $first_name, $last_name, $email, $group_name,$organism, $location, $password ){
function update_user( $user_id , $first_name, $last_name, $email, $group_name,$organism, $location, $password ){
$user_datas = array(
'first_name' => $first_name,
'last_name' => $last_name,
'email' => $email,
'password' => $password
'password' => $password,
'usergroup' => null
);
foreach ($user_datas as $key => $value) {
if (isset($value) and !empty($value)) {
tx_nG6_db::update_field('fe_users', $id, $key, $value);
}
}
// if group does not exists, create group
if (isset($group_name) and !empty($group_name)) {
$group_id = tx_nG6_db::get_group_id($group_name);
if( !isset($group_id) ){
$cruser_id = trim(t3lib_div::_GP('creator'));
tx_nG6_db::create_new_group($cruser_id, $group_name, $organism, $location);
$group_id = tx_nG6_db::get_group_id($group_name);
$user_datas['usergroup'] = $group_id;
}
}
return 1;
$updated = array();
foreach ($user_datas as $key => $value) {
if (isset($value) and !empty($value)) {
tx_nG6_db::update_field('fe_users', $user_id, $key, $value);
$updated[$key] = $value;
}
}
if (count($updated) > 0){
tx_nG6_db::update_field('fe_users', $user_id, 'tstamp', time());
}
return $updated;
}
/**
......
......@@ -28,6 +28,7 @@
*/
require_once(PATH_t3lib.'class.t3lib_div.php');
require_once(t3lib_extMgm::extPath('saltedpasswords').'/classes/salts/class.tx_saltedpasswords_salts_factory.php');
class tx_nG6_utils {
......@@ -124,6 +125,15 @@ class tx_nG6_utils {
$value = $value." ".$octets_link[$p];
return $value;
}
/**
* hash password (using default encryption method)
* @param string $password
* @return hashed password
*/
function hash_password($password){
return tx_saltedpasswords_salts_factory::getSaltingInstance()->getHashedPassword($password);
}
}
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/nG6/class.tx_nG6_utils.php']) {
......
......@@ -77,7 +77,6 @@ class tx_nG6_pi1 extends tslib_pibase {
<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/jquery.tmpl.min.js"></script>
<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/tx_nG6_pi1.js"></script>
<script type="text/javascript" src="'.t3lib_extMgm::siteRelPath($this->extKey).'res/js/tx_nG6_utils.js"></script>
<script type="text/javascript" src="typo3/md5.js"></script>
<link type="text/css" rel="stylesheet" media="screen" href="'.t3lib_extMgm::siteRelPath($this->extKey).'res/css/jflow.css"/>
<link type="text/css" rel="stylesheet" media="screen" href="'.t3lib_extMgm::siteRelPath($this->extKey).'res/css/bootstrap.min.css"/>
......
......@@ -466,6 +466,15 @@ $(function () {
update_user_html += ' </div>';
update_user_html += ' </div>';
update_user_html += ' <div class="control-group">';
update_user_html += ' <div class="controls">';
update_user_html += ' <label class="checkbox">';
update_user_html += ' <input type="checkbox" checked="checked" name="send_email_chk" id="send_email_chk"/> Send an email to the user';
update_user_html += ' </label>';
update_user_html += ' </div>';
update_user_html += ' </div>';
update_user_html += '</form>';
update_user_html += '</div>';
......@@ -555,15 +564,16 @@ $(function () {
val_url += "&location=" + $("#location_val").val();
val_url += "&creator=" + $("#user_id").val();
if($("#user_password_pwd_val").val()) {
val_url += "&password=" + MD5($("#user_password_pwd_val").val());
val_url += "&clearpassword=" + $("#user_password_pwd_val").val();
val_url += "&password=" + $("#user_password_pwd_val").val();
}
val_url += "&id=" + user_id ;
val_url += "&send_an_email=" + ($("#send_email_chk").attr("checked") == "checked");
val_url += "&from_email=" + $("#from_email").val();
$.ajax({
url: val_url,
success: function(val, status, xhr) {
if(val == '1') {
if(parseInt(val) >= 0 ) {
$("#ng6modal").modal('hide');
if (!endsWith(window.location.href, "active_tab=users")) {
window.location.assign(window.location.href+"&active_tab=users");
......@@ -571,10 +581,6 @@ $(function () {
window.location.assign(window.location.href);
}
}
else {
//something went wrong
$("#error_message").html("Can't update this user informations , " + val + " , " +status ).show();
}
}
});
}
......@@ -846,13 +852,12 @@ $(function () {
user_password_pwd_val: null
},
submitHandler: function(form) {
var val_url = "index.php?eID=tx_nG6&type=add_user";
val_url += "&username=" + $("#username_val").val();
val_url += "&first_name=" + $("#first_name_val").val();
val_url += "&last_name=" + $("#last_name_val").val();
val_url += "&password=" + MD5($("#user_password_pwd_val").val());
val_url += "&clearpassword=" + $("#user_password_pwd_val").val();
val_url += "&last_name=" + $("#last_name_val").val();
val_url += "&password=" + $("#user_password_pwd_val").val();
val_url += "&email=" + $("#email_val").val();
val_url += "&creator=" + $("#user_id").val();
val_url += "&title=" + $("#title_val").val();
......@@ -929,7 +934,7 @@ $(function () {
val_url += "&username=" + $("#username_val").val();
val_url += "&first_name=" + $("#first_name_val").val();
val_url += "&last_name=" + $("#last_name_val").val();
val_url += "&password=" + MD5($("#user_password_pwd_val").val());
val_url += "&password=" + $("#user_password_pwd_val").val();
val_url += "&email=" + $("#email_val").val();
val_url += "&project_name=" + $("#project_name_val").val();
val_url += "&description=" + $("#description_val").val();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment