/**
* This action delete an existing user.
*
* Request parameter is:
* - username
*
* @todo clean up this method. Idea: create a User->clean() method.
*/
public function deleteAction()
{
$username = Minz_Request::param('username');
$redirect_url = urldecode(Minz_Request::param('r', false, true));
if (!$redirect_url) {
$redirect_url = array('c' => 'user', 'a' => 'manage');
}
$self_deletion = Minz_Session::param('currentUser', '_') === $username;
if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) {
$db = FreshRSS_Context::$system_conf->db;
require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php';
$ok = ctype_alnum($username);
$user_data = join_path(DATA_PATH, 'users', $username);
if ($ok) {
$default_user = FreshRSS_Context::$system_conf->default_user;
$ok &= strcasecmp($username, $default_user) !== 0;
//It is forbidden to delete the default user
}
if ($ok && $self_deletion) {
// We check the password if it's a self-destruction
$nonce = Minz_Session::param('nonce');
$challenge = Minz_Request::param('challenge', '');
$ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge);
}
if ($ok) {
$ok &= is_dir($user_data);
}
if ($ok) {
$userDAO = new FreshRSS_UserDAO();
$ok &= $userDAO->deleteUser($username);
$ok &= recursive_unlink($user_data);
//TODO: delete Persona file
}
if ($ok && $self_deletion) {
FreshRSS_Auth::removeAccess();
$redirect_url = array('c' => 'index', 'a' => 'index');
}
invalidateHttpCache();
$notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username));
Minz_Session::_param('notification', $notif);
}
Minz_Request::forward($redirect_url, true);
}
/**
* This action resets the authentication system.
*
* After reseting, form auth is set by default.
*/
public function resetAction()
{
Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · ');
Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js')));
$this->view->no_form = false;
// Enable changement of auth only if Persona!
if (FreshRSS_Context::$system_conf->auth_type != 'persona') {
$this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.not_persona'));
$this->view->no_form = true;
return;
}
$conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user);
if (is_null($conf)) {
return;
}
// Admin user must have set its master password.
if (!$conf->passwordHash) {
$this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.no_password_set'));
$this->view->no_form = true;
return;
}
invalidateHttpCache();
if (Minz_Request::isPost()) {
$nonce = Minz_Session::param('nonce');
$username = Minz_Request::param('username', '');
$challenge = Minz_Request::param('challenge', '');
$ok = FreshRSS_FormAuth::checkCredentials($username, $conf->passwordHash, $nonce, $challenge);
if ($ok) {
FreshRSS_Context::$system_conf->auth_type = 'form';
$ok = FreshRSS_Context::$system_conf->save();
if ($ok) {
Minz_Request::good(_t('feedback.auth.form.set'));
} else {
Minz_Request::bad(_t('feedback.auth.form.not_set'), array('c' => 'auth', 'a' => 'reset'));
}
} else {
Minz_Log::warning('Password mismatch for' . ' user='******', nonce=' . $nonce . ', c=' . $challenge);
Minz_Request::bad(_t('feedback.auth.login.invalid'), array('c' => 'auth', 'a' => 'reset'));
}
}
}
/**
* Removes all accesses for the current user.
*/
public static function removeAccess()
{
Minz_Session::_param('loginOk');
self::$login_ok = false;
$conf = Minz_Configuration::get('system');
Minz_Session::_param('currentUser', $conf->default_user);
switch ($conf->auth_type) {
case 'form':
Minz_Session::_param('passwordHash');
FreshRSS_FormAuth::deleteCookie();
break;
case 'persona':
Minz_Session::_param('mail');
break;
case 'http_auth':
case 'none':
// Nothing to do...
break;
default:
// TODO: extensions
}
}