/**
* Action to allow a user to change their password
*
*/
public function changePasswordAction()
{
$this->view->passwordForm = $form = $this->_getFormChangePassword();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getUser()->getPassword(), $this->_options['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid current password');
return $this->forward('index');
}
// update the users password
$this->getUser()->setPassword(OSS_Auth_Password::hash($form->getValue('new_password'), $this->_options['resources']['auth']['oss']));
$this->getD2EM()->flush();
if ($this->_rememberMeEnabled()) {
$this->_deleteRememberMeCookie($this->getUser());
}
$this->changePasswordPostFlush();
$form->reset();
$this->getLogger()->info("User {$this->getUser()->getUsername()} changed password");
$this->addMessage(_('Your password has been changed.'), OSS_Message::SUCCESS);
$this->redirect('profile/index');
}
$this->forward('index');
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed
* @return Zend_Auth_Result
*/
public function authenticate()
{
$user = $this->_em->getRepository($this->_model)->findOneBy(array('username' => $this->_username));
$result = array('code' => Zend_Auth_Result::FAILURE, 'identity' => array('username' => $this->_username), 'messages' => array());
if (!$user) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $result['identity'], $result['messages']);
}
$pwcheck = false;
if (!$this->_haveCookie) {
$pwcheck = OSS_Auth_Password::verify($this->_password, $user->getPassword(), $this->_aoptions);
if (!$pwcheck) {
if (method_exists($user, 'setFailedLogins')) {
$user->setFailedLogins($user->getFailedLogins() + 1);
$this->_em->flush();
$result['identity'] = array('count' => $user->getFailedLogins());
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $result['identity'], $result['messages']);
}
}
if ($pwcheck || $this->_haveCookie) {
$result['code'] = Zend_Auth_Result::SUCCESS;
$result['messages'] = array();
$result['identity'] = array('username' => $this->_username, 'user' => $user, 'id' => $user->getId());
} else {
die('Huh? This should not have happened....');
}
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
/**
* Action FOR USERS to change the password of their mailbox.
*/
public function changePasswordAction()
{
$form = new ViMbAdmin_Form_Mailbox_Password();
if (isset($this->_options['defaults']['mailbox']['min_password_length'])) {
$form->setMinPasswordLength($this->_options['defaults']['mailbox']['min_password_length']);
}
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
$mailbox = $this->getD2EM()->getRepository('\\Entities\\Mailbox')->findOneBy(['username' => $form->getValue('username')]);
if (!$mailbox) {
$this->addMessage(_('Invalid username or password.'), OSS_Message::ERROR);
} else {
if (OSS_Auth_Password::verify($form->getValue('current_password'), $mailbox->getPassword(), ['pwhash' => $this->_options['defaults']['mailbox']['password_scheme'], 'pwsalt' => isset($this->_options['defaults']['mailbox']['password_salt']) ? $this->_options['defaults']['mailbox']['password_salt'] : null, 'pwdovecot' => isset($this->_options['defaults']['mailbox']['dovecot_pw_binary']) ? $this->_options['defaults']['mailbox']['dovecot_pw_binary'] : null, 'username' => $form->getValue('username')])) {
$mailbox->setPassword(OSS_Auth_Password::hash($form->getValue('new_password'), ['pwhash' => $this->_options['defaults']['mailbox']['password_scheme'], 'pwsalt' => isset($this->_options['defaults']['mailbox']['password_salt']) ? $this->_options['defaults']['mailbox']['password_salt'] : null, 'pwdovecot' => isset($this->_options['defaults']['mailbox']['dovecot_pw_binary']) ? $this->_options['defaults']['mailbox']['dovecot_pw_binary'] : null, 'username' => $form->getValue('username')]));
$this->getD2EM()->flush();
$this->addMessage(_('You have successfully changed your password.'), OSS_Message::SUCCESS);
$this->_redirect('auth/login');
} else {
$this->addMessage(_('Invalid username or password.'), OSS_Message::ERROR);
}
}
}
$this->view->form = $form;
}
/**
* Set the password for an admin, and optionally send an email to him/her with the new password.
*/
public function passwordAction()
{
$redirectUrl = $this->getAdmin()->isSuper() ? 'admin/list' : 'domain/list';
if (!$this->getTargetAdmin()) {
$this->addMessage('Invalid or non-existent admin.', OSS_Message::ERROR);
$this->redirect($redirectUrl);
}
$this->view->targetAdmin = $this->getTargetAdmin();
$self = false;
if ($this->getTargetAdmin()->getId() == $this->getAdmin()->getId()) {
$self = true;
}
if (!$this->authorise(true, null, false) && !$self) {
$this->getLogger()->alert(sprintf('Admin %s tried to set the password for %s but has no sufficient privileges.', $this->getAdmin()->getUsername(), $this->getTargetAdmin()->getUsername()), OSS_Message::ALERT);
$this->addMessage(_('You have insufficient privileges for this task.'), OSS_Message::ERROR);
$this->redirect($redirectUrl);
}
if ($self) {
$this->view->form = $form = new ViMbAdmin_Form_Admin_ChangePassword();
} else {
$this->view->form = $form = new ViMbAdmin_Form_Admin_Password();
}
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if ($self) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getTargetAdmin()->getPassword(), $this->getOptions()['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid password.');
return;
}
}
$this->getTargetAdmin()->setPassword(OSS_Auth_Password::hash($form->getValue('password'), $this->_options['resources']['auth']['oss']));
if (!$self) {
$this->log(\Entities\Log::ACTION_ADMIN_PW_CHANGE, "{$this->getAdmin()->getFormattedName()} changed password for admin {$this->getTargetAdmin()->getFormattedName()}");
}
$this->getD2EM()->flush();
if ($form->getValue('email')) {
$mailer = $this->getMailer();
$mailer->setSubject(_('ViMbAdmin :: New Password'));
$mailer->setFrom($this->_options['server']['email']['address'], $this->_options['server']['email']['name']);
$mailer->addTo($this->getTargetAdmin()->getUsername());
$this->view->newPassword = $form->getValue('password');
$mailer->setBodyText($this->view->render('admin/email/change_password.phtml'));
try {
$mailer->send();
} catch (Zend_Mail_Exception $e) {
$this->getLogger()->debug($e->getTraceAsString());
$this->addMessage(_('Sending the change password email failed.'), OSS_Message::INFO);
}
}
if (!$self) {
$this->addMessage("You have successfully changed the user's password.", OSS_Message::SUCCESS);
} else {
$this->addMessage("You have successfully changed your password.", OSS_Message::SUCCESS);
}
$this->redirect($redirectUrl);
}
}
/**
* Action to allow a user to change their profile
*
*/
public function changeProfileAction()
{
$this->view->profileForm = $form = $this->_getFormProfile();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getUser()->getPassword(), $this->_options['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid current password');
return $this->forward('index');
}
// update the users profile
$form->assignFormToEntity($this->getUser()->getContact(), $this, true);
$this->getUser()->getContact()->setLastUpdated(new DateTime());
$this->getUser()->getContact()->setLastUpdatedBy($this->getUser()->getId());
if (!in_array($this->getUser()->getPrivs(), [\Entities\User::AUTH_CUSTADMIN, \Entities\User::AUTH_SUPERUSER])) {
$this->getUser()->setEmail($form->getValue('email'));
}
$this->getUser()->setLastUpdated(new DateTime());
$this->getUser()->setLastUpdatedBy($this->getUser()->getId());
$this->getD2EM()->flush();
$this->clearUserFromCache();
$this->getLogger()->info("User {$this->getUser()->getUsername()} updated own profile");
$this->addMessage(_('Your profile has been changed.'), OSS_Message::SUCCESS);
$this->redirect('profile/index');
}
$this->forward('index');
}
