/**
* Action to allow a user to change their password
*
*/
public function changePasswordAction()
{
$this->view->passwordForm = $form = $this->_getFormChangePassword();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getUser()->getPassword(), $this->_options['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid current password');
return $this->forward('index');
}
// update the users password
$this->getUser()->setPassword(OSS_Auth_Password::hash($form->getValue('new_password'), $this->_options['resources']['auth']['oss']));
$this->getD2EM()->flush();
if ($this->_rememberMeEnabled()) {
$this->_deleteRememberMeCookie($this->getUser());
}
$this->changePasswordPostFlush();
$form->reset();
$this->getLogger()->info("User {$this->getUser()->getUsername()} changed password");
$this->addMessage(_('Your password has been changed.'), OSS_Message::SUCCESS);
$this->redirect('profile/index');
}
$this->forward('index');
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed
* @return Zend_Auth_Result
*/
public function authenticate()
{
$user = $this->_em->getRepository($this->_model)->findOneBy(array('username' => $this->_username));
$result = array('code' => Zend_Auth_Result::FAILURE, 'identity' => array('username' => $this->_username), 'messages' => array());
if (!$user) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $result['identity'], $result['messages']);
}
$pwcheck = false;
if (!$this->_haveCookie) {
$pwcheck = OSS_Auth_Password::verify($this->_password, $user->getPassword(), $this->_aoptions);
if (!$pwcheck) {
if (method_exists($user, 'setFailedLogins')) {
$user->setFailedLogins($user->getFailedLogins() + 1);
$this->_em->flush();
$result['identity'] = array('count' => $user->getFailedLogins());
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $result['identity'], $result['messages']);
}
}
if ($pwcheck || $this->_haveCookie) {
$result['code'] = Zend_Auth_Result::SUCCESS;
$result['messages'] = array();
$result['identity'] = array('username' => $this->_username, 'user' => $user, 'id' => $user->getId());
} else {
die('Huh? This should not have happened....');
}
return new Zend_Auth_Result($result['code'], $result['identity'], $result['messages']);
}
public function setupAction()
{
if ($this->getD2EM()->getRepository('\\Entities\\Admin')->getCount() != 0) {
$this->addMessage(_("Admins already exist in the system."), OSS_Message::INFO);
$this->_redirect('auth/login');
}
if ($this->getAuth()->getIdentity()) {
$this->addMessage(_('You are already logged in.'), OSS_Message::INFO);
$this->_redirect('domain/list');
}
$this->view->form = $form = new ViMbAdmin_Form_Admin_AddEdit();
$form->removeElement('active');
$form->removeElement('super');
$form->removeElement('welcome_email');
if (!isset($this->_options['securitysalt']) || strlen($this->_options['securitysalt']) != 64) {
$this->view->saltSet = false;
$randomSalt = $this->view->randomSalt = OSS_String::salt(64);
$form->getElement('salt')->setValue($randomSalt);
$this->view->rememberSalt = OSS_String::salt(64);
$this->view->passwordSalt = OSS_String::salt(64);
} else {
$this->view->saltSet = true;
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if ($form->getElement('salt')->getValue() != $this->_options['securitysalt']) {
$this->addMessage(_("Incorrect security salt provided. Please copy and paste it from the <code>application.ini</code> file."), OSS_Message::INFO);
} else {
$admin = new \Entities\Admin();
$admin->setUsername($form->getValue('username'));
$admin->setPassword(OSS_Auth_Password::hash($form->getValue('password'), $this->_options['resources']['auth']['oss']));
$admin->setSuper(true);
$admin->setActive(true);
$admin->setCreated(new \DateTime());
$admin->setModified(new \DateTime());
$this->getD2EM()->persist($admin);
// we need to populate the Doctine migration table
$dbversion = new \Entities\DatabaseVersion();
$dbversion->setVersion(ViMbAdmin_Version::DBVERSION);
$dbversion->setName(ViMbAdmin_Version::DBVERSION_NAME);
$dbversion->setAppliedOn(new \DateTime());
$this->getD2EM()->persist($dbversion);
$this->getD2EM()->flush();
try {
$mailer = $this->getMailer();
$mailer->setSubject(_('ViMbAdmin :: Your New Administrator Account'));
$mailer->addTo($admin->getUsername());
$mailer->setFrom($this->_options['server']['email']['address'], $this->_options['server']['email']['name']);
$this->view->username = $admin->getUsername();
$this->view->password = $form->getValue('password');
$mailer->setBodyText($this->view->render('admin/email/new_admin.phtml'));
$mailer->send();
} catch (Zend_Mail_Exception $e) {
$this->addMessage(_('Could not send welcome email to the new administrator.
Please ensure you have configured a mail relay server in your <code>application.ini</code>.'), OSS_Message::ALERT);
}
$this->addMessage(_('Your administrator account has been added. Please log in below.'), OSS_Message::SUCCESS);
}
if (!(isset($this->_options['skipInstallPingback']) && $this->_options['skipInstallPingback'])) {
try {
// Try and track new installs to see if it is worthwhile continuing development
include_once APPLICATION_PATH . '/../public/PiwikTracker.php';
if (class_exists('PiwikTracker')) {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
PiwikTracker::$URL = 'https://stats.opensolutions.ie/';
} else {
PiwikTracker::$URL = 'http://stats.opensolutions.ie/';
}
$piwikTracker = new PiwikTracker($idSite = 5);
$piwikTracker->doTrackPageView('New V3 Install Completed');
$piwikTracker->doTrackGoal($idGoal = 2, $revenue = 1);
}
} catch (Exception $e) {
}
}
$this->_redirect('auth/login');
}
}
}
/**
* Action FOR ADMINS AND SUPERADMINS to change the password of a mailbox.
*/
public function passwordAction()
{
if (!$this->getMailbox()) {
$this->addMessage(_('No mailbox id passed.'), OSS_Message::ERROR);
$this->redirect('list');
}
$this->view->mailbox = $this->_mailbox;
$this->view->form = $form = new ViMbAdmin_Form_Admin_Password();
if (isset($this->_options['defaults']['mailbox']['min_password_length'])) {
$form->setMinPasswordLength($this->_options['defaults']['mailbox']['min_password_length']);
}
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
$this->notify('mailbox', 'password', 'postValidation', $this);
$this->getMailbox()->setPassword(OSS_Auth_Password::hash($form->getValue('password'), ['pwhash' => $this->_options['defaults']['mailbox']['password_scheme'], 'pwsalt' => isset($this->_options['defaults']['mailbox']['password_salt']) ? $this->_options['defaults']['mailbox']['password_salt'] : null, 'pwdovecot' => isset($this->_options['defaults']['mailbox']['dovecot_pw_binary']) ? $this->_options['defaults']['mailbox']['dovecot_pw_binary'] : null, 'username' => $this->getMailbox()->getUsername()]));
$this->log(\Entities\Log::ACTION_MAILBOX_PW_CHANGE, "{$this->getAdmin()->getFormattedName()} changed password for mailbox {$this->getMailbox()->getUsername()}");
$this->notify('mailbox', 'password', 'preFlush', $this);
$this->getD2EM()->flush();
$this->notify('mailbox', 'password', 'postFlush', $this, ['options' => $this->_options]);
if ($form->getValue('email')) {
$mailer = $this->getMailer();
$mailer->setSubject(_('New Password for ' . $this->getMailbox()->getUsername()));
$mailer->setFrom($this->_options['server']['email']['address'], $this->_options['server']['email']['name']);
$mailer->addTo($this->getMailbox()->getUsername(), $this->getMailbox()->getName());
$this->view->admin = $this->getAdmin();
$this->view->newPassword = $form->getValue('password');
$mailer->setBodyText($this->view->render('mailbox/email/change_password.phtml'));
try {
$mailer->send();
} catch (Zend_Mail_Exception $vException) {
$this->getLogger()->debug($vException->getTraceAsString());
$this->addMessage(_('Could not send email.'), OSS_Message::ALERT);
$this->_redirect('mailbox/list');
}
}
$this->addMessage(_("Password has been sucessfully changed."), OSS_Message::SUCCESS);
$this->_redirect('mailbox/list');
}
}
/**
* Set the password for an admin, and optionally send an email to him/her with the new password.
*/
public function passwordAction()
{
$redirectUrl = $this->getAdmin()->isSuper() ? 'admin/list' : 'domain/list';
if (!$this->getTargetAdmin()) {
$this->addMessage('Invalid or non-existent admin.', OSS_Message::ERROR);
$this->redirect($redirectUrl);
}
$this->view->targetAdmin = $this->getTargetAdmin();
$self = false;
if ($this->getTargetAdmin()->getId() == $this->getAdmin()->getId()) {
$self = true;
}
if (!$this->authorise(true, null, false) && !$self) {
$this->getLogger()->alert(sprintf('Admin %s tried to set the password for %s but has no sufficient privileges.', $this->getAdmin()->getUsername(), $this->getTargetAdmin()->getUsername()), OSS_Message::ALERT);
$this->addMessage(_('You have insufficient privileges for this task.'), OSS_Message::ERROR);
$this->redirect($redirectUrl);
}
if ($self) {
$this->view->form = $form = new ViMbAdmin_Form_Admin_ChangePassword();
} else {
$this->view->form = $form = new ViMbAdmin_Form_Admin_Password();
}
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if ($self) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getTargetAdmin()->getPassword(), $this->getOptions()['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid password.');
return;
}
}
$this->getTargetAdmin()->setPassword(OSS_Auth_Password::hash($form->getValue('password'), $this->_options['resources']['auth']['oss']));
if (!$self) {
$this->log(\Entities\Log::ACTION_ADMIN_PW_CHANGE, "{$this->getAdmin()->getFormattedName()} changed password for admin {$this->getTargetAdmin()->getFormattedName()}");
}
$this->getD2EM()->flush();
if ($form->getValue('email')) {
$mailer = $this->getMailer();
$mailer->setSubject(_('ViMbAdmin :: New Password'));
$mailer->setFrom($this->_options['server']['email']['address'], $this->_options['server']['email']['name']);
$mailer->addTo($this->getTargetAdmin()->getUsername());
$this->view->newPassword = $form->getValue('password');
$mailer->setBodyText($this->view->render('admin/email/change_password.phtml'));
try {
$mailer->send();
} catch (Zend_Mail_Exception $e) {
$this->getLogger()->debug($e->getTraceAsString());
$this->addMessage(_('Sending the change password email failed.'), OSS_Message::INFO);
}
}
if (!$self) {
$this->addMessage("You have successfully changed the user's password.", OSS_Message::SUCCESS);
} else {
$this->addMessage("You have successfully changed your password.", OSS_Message::SUCCESS);
}
$this->redirect($redirectUrl);
}
}
/**
* Action to allow a user to change their profile
*
*/
public function changeProfileAction()
{
$this->view->profileForm = $form = $this->_getFormProfile();
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
if (!OSS_Auth_Password::verify($form->getValue('current_password'), $this->getUser()->getPassword(), $this->_options['resources']['auth']['oss'])) {
$form->getElement('current_password')->addError('Invalid current password');
return $this->forward('index');
}
// update the users profile
$form->assignFormToEntity($this->getUser()->getContact(), $this, true);
$this->getUser()->getContact()->setLastUpdated(new DateTime());
$this->getUser()->getContact()->setLastUpdatedBy($this->getUser()->getId());
if (!in_array($this->getUser()->getPrivs(), [\Entities\User::AUTH_CUSTADMIN, \Entities\User::AUTH_SUPERUSER])) {
$this->getUser()->setEmail($form->getValue('email'));
}
$this->getUser()->setLastUpdated(new DateTime());
$this->getUser()->setLastUpdatedBy($this->getUser()->getId());
$this->getD2EM()->flush();
$this->clearUserFromCache();
$this->getLogger()->info("User {$this->getUser()->getUsername()} updated own profile");
$this->addMessage(_('Your profile has been changed.'), OSS_Message::SUCCESS);
$this->redirect('profile/index');
}
$this->forward('index');
}
public function resetPasswordAction()
{
$this->view->form = $form = $this->_getFormResetPassword();
$form->getElement('username')->setValue($this->_getParam("username", ""));
if ($this->getRequest()->isPost() && $form->isValid($_POST)) {
$user = $this->getD2EM()->getRepository($this->getOptions()['resources']['auth']['oss']['entity'])->findOneByUsername($form->getValue('username'));
if (!$user) {
$this->addMessage('Invalid username / token combination. Please check your details and try again.', OSS_Message::SUCCESS);
} else {
// start by removing expired preferences
if ($user->cleanExpiredPreferences()) {
$this->getD2EM()->flush();
}
if (!in_array($form->getValue('token'), $user->getIndexedPreference('tokens.password_reset'))) {
$this->addMessage('Invalid username / token combination. Please check your details and try again.', OSS_Message::ERROR);
} else {
$user->setPassword(OSS_Auth_Password::hash($form->getValue('password'), $this->_options['resources']['auth']['oss']));
$user->deletePreference('tokens.password_reset');
if (method_exists($user, 'setFailedLogins')) {
$user->setFailedLogins(0);
}
$this->_deleteRememberMeCookie($user);
if ($this->resetPasswordPreFlush($user, $form)) {
$this->getD2EM()->flush();
}
$this->clearUserFromCache($user->getId());
$this->view->user = $user;
$mailer = $this->getMailer();
$mailer->setFrom($this->_options['identity']['mailer']['email'], $this->_options['identity']['mailer']['name']);
$mailer->addTo($user->getEmail(), $user->getFormattedName());
$mailer->setSubject($this->_options['identity']['sitename'] . ' - Your Password Has Been Reset');
$this->resolveTemplate($mailer, 'reset-password');
$mailer->send();
$this->addMessage('Your password has been successfully changed. Please log in below with your new password.', OSS_Message::SUCCESS);
$this->getLogger()->info(sprintf(_("%s has completed a password reset"), $user->getUsername()));
$this->_redirect('auth/login');
}
}
} else {
$form->getElement('username')->setValue($this->_getParam('username', ''));
$form->getElement('token')->setValue($this->_getParam('token', ''));
}
}
/**
* Creates/updates/deletes the user for a contact when adding / editing a contact
*
* @param IXP_Form_Contact $form The form object
* @param \Entities\Contact $contact The Doctrine2 entity (being edited or blank for add)
* @param bool $isEdit True of we are editing an object, false otherwise
*/
private function _processUser($form, $contact, $isEdit)
{
if ($form->getValue("login")) {
// the contact has a user already or one needs to be created
if (!($user = $contact->getUser())) {
$user = new \Entities\User();
$contact->setUser($user);
$user->setCreated(new DateTime());
$user->setCreator($this->getUser()->getUsername());
// these should only be updated by CUSTADMIN on creation of a login account
if ($this->getUser()->getPrivs() <= \Entities\User::AUTH_CUSTADMIN) {
$user->setPrivs(\Entities\User::AUTH_CUSTUSER);
$user->setPassword(OSS_Auth_Password::hash(OSS_String::random(16), $this->_options['resources']['auth']['oss']));
$user->setUsername($form->getValue("username"));
} else {
// if this is an admin user, let them start with no unread notes
if ($form->getValue("privs") == \Entities\User::AUTH_SUPERUSER) {
$user->setPreference('customer-notes.read_upto', time());
}
}
$this->getD2EM()->persist($user);
$this->_feParams->userStatus = "created";
}
$user->setCustomer($contact->getCustomer());
$user->setDisabled($form->getValue("disabled"));
$user->setEmail($form->getValue("email"));
$user->setLastupdated(new DateTime());
$user->setLastupdatedby($this->getUser()->getId());
// SUPERADMIN can update these always
if ($this->getUser()->getPrivs() == \Entities\User::AUTH_SUPERUSER) {
if ($form->getValue("password", '') != '') {
$user->setPassword(OSS_Auth_Password::hash($form->getValue("password"), $this->_options['resources']['auth']['oss']));
}
// ensure the username is not already taken
if ($user->getUsername() != $form->getValue("username") && $this->getD2R('\\Entities\\User')->findOneBy(['username' => $form->getValue("username")])) {
$this->addMessage('That username is already is use by another user', OSS_Message::ERROR);
return false;
}
$user->setUsername($form->getValue("username"));
$user->setPrivs($form->getValue("privs"));
}
$this->getLogger()->info("{$this->getUser()->getUsername()} created user {$user->getUsername()}");
} else {
if ($contact->getUser()) {
$this->_deleteUser($contact);
}
}
return true;
}
