Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User: force password change shouldn't be accessible unless set. #2823

Merged
merged 1 commit into from
Dec 2, 2024
Merged

User: force password change shouldn't be accessible unless set. #2823

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions lib/Controller/User.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@
$this->userGroupFactory->getHomepageByName($user->homePageId)->title
);
} catch (NotFoundException $exception) {
$this->getLog()->error('User has homepage which does not exist. userId: ' . $user->userId . ', homepage: ' . $user->homePageId);

Check warning on line 322 in lib/Controller/User.php

View workflow job for this annotation

GitHub Actions / phpcs 

Line exceeds 120 characters; contains 144 characters
$user->setUnmatchedProperty('homePage', __('Unknown homepage, please edit to update.'));
}

Expand Down Expand Up @@ -359,7 +359,7 @@
'text' => __('Set Home Folder'),
'multi-select' => true,
'dataAttributes' => [
['name' => 'commit-url', 'value' => $this->urlFor($request, 'user.homeFolder', ['id' => $user->userId])],

Check warning on line 362 in lib/Controller/User.php

View workflow job for this annotation

GitHub Actions / phpcs 

Line exceeds 120 characters; contains 129 characters
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'user_button_set_home'],
['name' => 'text', 'value' => __('Set home folder')],
Expand Down Expand Up @@ -1186,7 +1186,7 @@
'user' => $user,
'options' => [
'homepage' => $homepage,
'userTypes' => ($this->getUser()->isSuperAdmin()) ? $this->userTypeFactory->getAllRoles() : $this->userTypeFactory->getNonAdminRoles()

Check warning on line 1189 in lib/Controller/User.php

View workflow job for this annotation

GitHub Actions / phpcs 

Line exceeds 120 characters; contains 150 characters
],
]);

Expand Down Expand Up @@ -1499,17 +1499,16 @@
* Force User Password Change
* @param Request $request
* @param Response $response
* @return \Psr\Http\Message\ResponseInterface|Response
* @throws GeneralException
* @throws \Xibo\Support\Exception\ControllerNotImplemented
* @return \Slim\Http\Response
* @throws \Xibo\Support\Exception\GeneralException
*/
public function forceChangePasswordPage(Request $request, Response $response)
public function forceChangePasswordPage(Request $request, Response $response): Response
{
$user = $this->getUser();

// if the flag to force change password is not set to 1 then redirect to the Homepage
if ($user->isPasswordChangeRequired != 1) {
$response->withRedirect('home');
return $response->withRedirect($this->urlFor($request, 'home'));
}

$this->getState()->template = 'user-force-change-password-page';
Expand All @@ -1521,25 +1520,30 @@
* Force change my Password
* @param Request $request
* @param Response $response
* @return \Psr\Http\Message\ResponseInterface|Response
* @throws GeneralException
* @throws InvalidArgumentException
* @throws \Xibo\Support\Exception\ControllerNotImplemented
* @throws \Xibo\Support\Exception\DuplicateEntityException
* @return \Slim\Http\Response
* @throws \Xibo\Support\Exception\GeneralException
*/
public function forceChangePassword(Request $request, Response $response)
public function forceChangePassword(Request $request, Response $response): Response
{
// Save the user
$user = $this->getUser();

// This is only valid if the user has that option set on their account
if ($user->isPasswordChangeRequired != 1) {
throw new AccessDeniedException();
}

// Save the user
$sanitizedParams = $this->getSanitizer($request->getParams());
$newPassword = $sanitizedParams->getString('newPassword');
$retypeNewPassword = $sanitizedParams->getString('retypeNewPassword');

if ($newPassword == null || $retypeNewPassword == '')
if ($newPassword == null || $retypeNewPassword == '') {
throw new InvalidArgumentException(__('Please enter the password'), 'password');
}

if ($newPassword != $retypeNewPassword)
if ($newPassword != $retypeNewPassword) {
throw new InvalidArgumentException(__('Passwords do not match'), 'password');
}

// Make sure that the new password doesn't verify against the existing hash
try {
Expand Down Expand Up @@ -2443,7 +2447,7 @@
$this->getUser()->setOptionValue('navigationMenuPosition', $parsedParams->getString('navigationMenuPosition', ['defaultOnEmptyString' => true]));
$this->getUser()->setOptionValue('useLibraryDuration', $parsedParams->getCheckbox('useLibraryDuration'));
$this->getUser()->setOptionValue('showThumbnailColumn', $parsedParams->getCheckbox('showThumbnailColumn'));
$this->getUser()->setOptionValue('isAlwaysUseManualAddUserForm', $parsedParams->getCheckbox('isAlwaysUseManualAddUserForm'));

Check warning on line 2450 in lib/Controller/User.php

View workflow job for this annotation

GitHub Actions / phpcs 

Line exceeds 120 characters; contains 133 characters
$this->getUser()->setOptionValue('rememberFolderTreeStateGlobally', $parsedParams->getCheckbox('rememberFolderTreeStateGlobally'));

// Clear auto submits?
Expand Down
Loading