Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
Browse Source

Require password confirmation for user management 

Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/1447/head
Joas Schilling 9 years ago
committed by Lukas Reschke
parent
410e0fc28f
commit
2fd2e45e42
No known key found for this signature in database GPG Key ID: B9F6980CF6E759B1
6 changed files with 74 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      settings/Controller/ChangePasswordController.php
  2. 2
      settings/Controller/GroupsController.php
  3. 3
      settings/Controller/UsersController.php
  4. 7
      settings/ajax/togglegroups.php
  5. 7
      settings/ajax/togglesubadmins.php
  6. 68
      settings/js/users/users.js

1
settings/Controller/ChangePasswordController.php
View File

@ -131,6 +131,7 @@ class ChangePasswordController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $password

2
settings/Controller/GroupsController.php
View File

@ -95,6 +95,7 @@ class GroupsController extends Controller {
}
/**
* @PasswordConfirmationRequired
* @param string $id
* @return DataResponse
*/
@ -128,6 +129,7 @@ class GroupsController extends Controller {
}
/**
* @PasswordConfirmationRequired
* @param string $id
* @return DataResponse
*/

3
settings/Controller/UsersController.php
View File

@ -301,6 +301,7 @@ class UsersController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $password
@ -433,6 +434,7 @@ class UsersController extends Controller {
/**
* @NoAdminRequired
* @PasswordConfirmationRequired
*
* @param string $id
* @return DataResponse
@ -616,6 +618,7 @@ class UsersController extends Controller {
*
* @NoAdminRequired
* @NoSubadminRequired
* @PasswordConfirmationRequired
*
* @param string $username
* @param string $displayName

7
settings/ajax/togglegroups.php
View File

@ -28,6 +28,13 @@
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
exit();
}
$success = true;
$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

7
settings/ajax/togglesubadmins.php
View File

@ -24,6 +24,13 @@
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
$l = \OC::$server->getL10N('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
exit();
}
$username = (string)$_POST['username'];
$group = (string)$_POST['group'];

68
settings/js/users/users.js
View File

@ -353,6 +353,14 @@ var UserList = {
$userListBody.on('click', '.delete', function () {
// Call function for handling delete/undo
var uid = UserList.getUID(this);
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
UserDeleteHandler.mark(uid);
});
return;
}
UserDeleteHandler.mark(uid);
});
@ -405,6 +413,11 @@ var UserList = {
},
applyGroupSelect: function (element, user, checked) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.applySubadminSelect, this, arguments));
return;
}
var $element = $(element);
var checkHandler = null;
@ -467,6 +480,11 @@ var UserList = {
},
applySubadminSelect: function (element, user, checked) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.applySubadminSelect, this, arguments));
return;
}
var $element = $(element);
var checkHandler = function (group) {
if (group === 'admin') {
@ -478,7 +496,10 @@ var UserList = {
username: user,
group: group
},
function () {
function (response) {
if (response.data.message) {
OC.Notification.show(response.data.message);
}
}
);
};
@ -635,6 +656,27 @@ $(document).ready(function () {
// TODO: move other init calls inside of initialize
UserList.initialize($('#userlist'));
var _submitPasswordChange = function(uid, password, recoveryPasswordVal) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
_submitPasswordChange(uid, password, recoveryPasswordVal);
});
return;
}
$.post(
OC.generateUrl('/settings/users/changepassword'),
{username: uid, password: password, recoveryPassword: recoveryPasswordVal},
function (result) {
if (result.status === 'success') {
OC.Notification.showTemporary(t('admin', 'Password successfully changed'));
} else {
OC.Notification.showTemporary(t('admin', result.data.message));
}
}
);
};
$userListBody.on('click', '.password', function (event) {
event.stopPropagation();
@ -657,17 +699,7 @@ $(document).ready(function () {
if (event.keyCode === 13) {
if ($(this).val().length > 0) {
var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
$.post(
OC.generateUrl('/settings/users/changepassword'),
{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
function (result) {
if (result.status === 'success') {
OC.Notification.showTemporary(t('admin', 'Password successfully changed'));
} else {
OC.Notification.showTemporary(t('admin', result.data.message));
}
}
);
_submitPasswordChange(uid, $(this).val(), recoveryPasswordVal);
$input.blur();
} else {
$input.blur();
@ -796,7 +828,14 @@ $(document).ready(function () {
});
UserList._updateGroupListLabel($('#newuser .groups'), []);
$('#newuser').submit(function (event) {
var _submitNewUserForm = function (event) {
if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
OC.PasswordConfirmation.requirePasswordConfirmation(function() {
_submitNewUserForm(event);
});
return;
}
event.preventDefault();
var username = $('#newusername').val();
var password = $('#newuserpassword').val();
@ -866,7 +905,8 @@ $(document).ready(function () {
$('#newuser').get(0).reset();
});
});
});
}
$('#newuser').submit(_submitNewUserForm);
if ($('#CheckboxStorageLocation').is(':checked')) {
$("#userlist .storageLocation").show();

Write Preview
Loading…
Cancel
Save