/**
* @param $actionId int El id de la acción
* @param $authToken string El token de seguridad
* @param null $userPass string La clave del usuario
* @throws SPException
*/
public function __construct($actionId, $authToken, $userPass = null)
{
if (!Auth::checkAuthToken($actionId, $authToken)) {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
$this->_userId = ApiTokens::getUserIdForToken($authToken);
$this->_actionId = $actionId;
$this->_auth = true;
if (!is_null($userPass)) {
$userLogin = UserUtil::getUserLoginById($this->_userId);
$User = new User();
$User->setUserId($this->_userId);
$User->setUserLogin($userLogin);
$User->setUserPass($userPass);
if (Auth::authUserMySQL($userLogin, $userPass) && !UserUtil::checkUserIsDisabled($userLogin) && UserPass::checkUserMPass($User) && UserPass::checkUserUpdateMPass($userLogin) && !$User->isUserChangePass()) {
$this->_mPass = $User->getUserMPass(true);
} else {
throw new SPException(SPException::SP_CRITICAL, _('Acceso no permitido'));
}
}
Session::setUserId($this->_userId);
}
$Log->writeLog();
SP\Response::printJSON(_('Clave maestra incorrecta'), 4);
}
}
// Comprobar si se ha forzado un cambio de clave
if ($User->isUserChangePass()) {
$hash = SP\Util::generate_random_bytes();
if (UserPassRecover::addPassRecover($userLogin, $hash)) {
$url = SP\Init::$WEBURI . '/index.php?a=passreset&h=' . $hash . '&t=' . time() . '&f=1';
SP\Response::printJSON($url, 0);
}
}
// Obtenemos la clave maestra del usuario
if ($User->getUserMPass()) {
// Actualizar el último login del usuario
UserUtil::setUserLastLogin($User->getUserId());
// Cargar las variables de sesión del usuario
SessionUtil::loadUserSession($User);
$Log->addDescription(sprintf('%s: %s', _('Usuario'), $userLogin));
$Log->addDescription(sprintf('%s: %s', _('Perfil'), SP\Profile::getProfileNameById($User->getUserProfileId())));
$Log->addDescription(sprintf('%s: %s', _('Grupo'), SP\Groups::getGroupNameById($User->getUserGroupId())));
$Log->writeLog();
} else {
SP\Response::printJSON(_('Error interno'));
}
$UserPrefs = \SP\UserPreferences::getPreferences($User->getUserId());
if ($UserPrefs->isUse2Fa()) {
SP\Session::set2FApassed(false);
$url = SP\Init::$WEBURI . '/index.php?a=2fa&i=' . $User->getUserId() . '&t=' . time() . '&f=1';
SP\Response::printJSON($url, 0);
} else {
/**
* Obtener los datos para la ficha de usuario
*/
public function getUser()
{
$this->_module = self::ACTION_USR_USERS;
$this->view->addTemplate('users');
$this->view->assign('user', UserUtil::getUserData($this->view->itemId));
$this->view->assign('isDisabled', $this->view->user['user_login'] === 'demo' && $this->view->isDemo || $this->view->actionId === self::ACTION_USR_USERS_VIEW ? 'disabled' : '');
$this->view->assign('groups', DB::getValuesForSelect('usrGroups', 'usergroup_id', 'usergroup_name'));
$this->view->assign('profiles', DB::getValuesForSelect('usrProfiles', 'userprofile_id', 'userprofile_name'));
$this->view->assign('ro', $this->view->user['checks']['user_isLdap'] ? 'READONLY' : '');
$this->getCustomFieldsForItem();
}
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDITPASS) {
if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
} elseif (!$User->getUserPass() || !$userPassR) {
SP\Response::printJSON(_('La clave no puede estar en blanco'), 2);
} elseif ($User->getUserPass() != $userPassR) {
SP\Response::printJSON(_('Las claves no coinciden'), 2);
}
if ($User->updateUserPass()) {
SP\Response::printJSON(_('Clave actualizada'), 0);
}
SP\Response::printJSON(_('Error al modificar la clave'));
// Eliminar usuario
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_DELETE) {
if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
} elseif ($User->getUserId() == SP\Session::getUserId()) {
SP\Response::printJSON(_('No es posible eliminar, usuario en uso'));
}
if ($User->deleteUser() && SP\CustomFields::deleteCustomFieldForItem($User->getUserId(), \SP\Controller\ActionsInterface::ACTION_USR_USERS)) {
SP\Response::printJSON(_('Usuario eliminado'), 0, $doActionOnClose);
}
SP\Response::printJSON(_('Error al eliminar el usuario'));
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_DELETE) {
// Variables POST del formulario
$frmGrpName = SP\Request::analyze('name');
$frmGrpDesc = SP\Request::analyze('description');
$frmGrpUsers = SP\Request::analyze('users');
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT) {
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$frmAccountId = SP\Request::analyze('accountid', 0);
$frmDescription = SP\Request::analyze('description');
if (!$frmDescription) {
SP\Response::printJSON(_('Es necesaria una descripción'));
}
$accountRequestData = SP\Account::getAccountRequestData($frmAccountId);
$recipients = array(UserUtil::getUserEmail($accountRequestData->account_userId), UserUtil::getUserEmail($accountRequestData->account_userEditId));
$requestUsername = SP\Session::getUserName();
$requestLogin = SP\Session::getUserLogin();
$log = new \SP\Log(_('Solicitud de Modificación de Cuenta'));
$log->addDescription(SP\Html::strongText(_('Solicitante') . ': ') . $requestUsername . ' (' . $requestLogin . ')');
$log->addDescription(SP\Html::strongText(_('Cuenta') . ': ') . $accountRequestData->account_name);
$log->addDescription(SP\Html::strongText(_('Cliente') . ': ') . $accountRequestData->customer_name);
$log->addDescription(SP\Html::strongText(_('Descripción') . ': ') . $frmDescription);
$mailto = implode(',', $recipients);
if (strlen($mailto) > 1 && SP\Util::mailrequestIsEnabled() && SP\Email::sendEmail($log, $mailto)) {
$log->writeLog();
SP\Response::printJSON(_('Solicitud enviada'), 0, "doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');");
}
SP\Response::printJSON(_('Error al enviar la solicitud'));
/**
* Actualizar un token
*
* @throws SPException
*/
public function updateToken()
{
$this->checkTokenExist();
if ($this->_refreshToken) {
$this->refreshToken();
}
$query = 'UPDATE authTokens ' . 'SET authtoken_userId = :userid,' . 'authtoken_actionId = :actionid,' . 'authtoken_createdBy = :createdby,' . 'authtoken_token = :token,' . 'authtoken_startDate = UNIX_TIMESTAMP() ' . 'WHERE authtoken_id = :id LIMIT 1';
$data['id'] = $this->_tokenId;
$data['userid'] = $this->_userId;
$data['actionid'] = $this->_actionId;
$data['createdby'] = Session::getUserId();
$data['token'] = $this->getUserToken() ? $this->_token : sha1(uniqid() . time());
try {
DB::getQuery($query, __FUNCTION__, $data);
} catch (SPException $e) {
throw new SPException(SPException::SP_CRITICAL, _('Error interno'));
}
$Log = new Log(_('Actualizar Autorización'));
$Log->addDescription(sprintf('%s : %s', Html::strongText(_('Usuario')), UserUtil::getUserLoginById($this->_userId)));
$Log->writeLog();
Email::sendEmail($Log);
}
$userLogin = SP\Request::analyze('login');
$userEmail = SP\Request::analyze('email');
$userPass = SP\Request::analyzeEncrypted('pass');
$userPassR = SP\Request::analyzeEncrypted('passR');
$hash = SP\Request::analyze('hash');
$time = SP\Request::analyze('time');
$message['action'] = _('Recuperación de Clave');
if ($userLogin && $userEmail) {
$log = new \SP\Log(_('Recuperación de Clave'));
if (SP\Auth::mailPassRecover($userLogin, $userEmail)) {
$log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')');
SP\Response::printJSON(_('Solicitud enviada') . ';;' . _('En breve recibirá un correo para completar la solicitud.'), 0, 'goLogin();');
} else {
$log->addDescription('ERROR');
$log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')');
SP\Response::printJSON(_('No se ha podido realizar la solicitud. Consulte con el administrador.'));
}
$log->writeLog();
SP\Email::sendEmail($log);
} elseif ($userPass && $userPassR && $userPass === $userPassR) {
$userId = UserPassRecover::checkHashPassRecover($hash);
if ($userId) {
if (UserPass::updateUserPass($userId, $userPass) && UserPassRecover::updateHashPassRecover($hash)) {
\SP\Log::writeNewLogAndEmail(_('Modificar Clave Usuario'), SP\Html::strongText(_('Login') . ': ') . UserUtil::getUserLoginById($userId));
SP\Response::printJSON(_('Clave actualizada'), 0, 'goLogin();');
}
}
SP\Response::printJSON(_('Error al modificar la clave'));
} else {
SP\Response::printJSON(_('La clave es incorrecta o no coincide'));
}
// Forzar la detección del lenguaje tras actualizar
SP\Language::setLanguage(true);
SP\Themes::setTheme(true);
// Actualizar las preferencias en la sesión y recargar la página
SP\Session::setUserPreferences($UserPrefs);
SP\Util::reload();
SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) {
if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
// Variables POST del formulario
$twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1);
$pin = SP\Request::analyze('security_pin', 0);
$userLogin = UserUtil::getUserLoginById($itemId);
$twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin);
if (!$twoFa->verifyKey($pin)) {
SP\Response::printJSON(_('Código incorrecto'));
}
// No se instancia la clase ya que es necesario guardar los atributos ya guardados
$UserPrefs = \SP\UserPreferences::getPreferences($itemId);
$UserPrefs->setId($itemId);
$UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled));
if (!$UserPrefs->updatePreferences()) {
SP\Response::printJSON(_('Error al actualizar preferencias'));
}
SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
SP\Response::printJSON(_('Acción Inválida'));
}
