summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--plugins/password/config.inc.php.dist3
-rw-r--r--plugins/password/localization/en_US.inc1
-rw-r--r--plugins/password/password.php78
4 files changed, 65 insertions, 18 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 995f1f4e5..821d0ef70 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Password: Add option to force new users to change their password (#1486884)
- Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
- Enable basic keyboard navigation throughout the UI (#1487845)
- Select/scroll to previously selected message when returning from message page (#1489023)
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 8f7a57f9a..16b7f9317 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -35,6 +35,9 @@ $config['password_hosts'] = null;
// for upgrading the stored passwords after the encryption scheme has changed.
$config['password_force_save'] = false;
+// Enables forcing new users to change their password at their first login.
+$config['password_force_new_user'] = false;
+
// SQL Driver options
// ------------------
diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc
index a4c077fe5..94475ce36 100644
--- a/plugins/password/localization/en_US.inc
+++ b/plugins/password/localization/en_US.inc
@@ -33,5 +33,6 @@ $messages['internalerror'] = 'Could not save new password.';
$messages['passwordshort'] = 'Password must be at least $length characters long.';
$messages['passwordweak'] = 'Password must include at least one number and one punctuation character.';
$messages['passwordforbidden'] = 'Password contains forbidden characters.';
+$messages['firstloginchange'] = 'This is your first login. Please change your password.';
?>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 83f951b98..7b6b80dc7 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -40,9 +40,10 @@ define('PASSWORD_SUCCESS', 0);
*/
class password extends rcube_plugin
{
- public $task = 'settings';
+ public $task = 'settings|login';
public $noframe = true;
public $noajax = true;
+ private $newuser = false;
function init()
{
@@ -50,26 +51,15 @@ class password extends rcube_plugin
$this->load_config();
- // Host exceptions
- $hosts = $rcmail->config->get('password_hosts');
- if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
+ if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) {
return;
}
-
- // Login exceptions
- if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
- $exceptions = array_map('trim', (array) $exceptions);
- $exceptions = array_filter($exceptions);
- $username = $_SESSION['username'];
-
- foreach ($exceptions as $ec) {
- if ($username === $ec) {
- return;
- }
- }
- }
-
+
$this->add_hook('settings_actions', array($this, 'settings_actions'));
+ if($rcmail->config->get('password_force_new_user')) {
+ $this->add_hook('user_create', array($this, 'user_create'));
+ $this->add_hook('login_after', array($this, 'login_after'));
+ }
$this->register_action('plugin.password', array($this, 'password_init'));
$this->register_action('plugin.password-save', array($this, 'password_save'));
@@ -94,6 +84,10 @@ class password extends rcube_plugin
$rcmail = rcmail::get_instance();
$rcmail->output->set_pagetitle($this->gettext('changepasswd'));
+ $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET);
+ if(isset($first) && $first == 'true') {
+ $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
+ }
$rcmail->output->send('plugin');
}
@@ -300,4 +294,52 @@ class password extends rcube_plugin
return $reason;
}
+
+ function user_create($args)
+ {
+ $this->newuser = true;
+ return $args;
+ }
+
+ function login_after($args)
+ {
+ if(!$this->check_host_login_exceptions()) {
+ return $args;
+ }
+ if($this->newuser)
+ {
+ $args['_task'] = 'settings';
+ $args['_action'] = 'plugin.password';
+ $args['_first'] = 'true';
+ }
+ return $args;
+ }
+
+ // Check if host and login is allowed to change the password, false = not allowed, true = not allowed
+ private function check_host_login_exceptions()
+ {
+ $rcmail = rcmail::get_instance();
+ // Host exceptions
+ $hosts = $rcmail->config->get('password_hosts');
+ $this->allowed_hosts = $hosts;
+ if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
+ return false;
+ }
+
+
+ // Login exceptions
+ if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
+ $exceptions = array_map('trim', (array) $exceptions);
+ $exceptions = array_filter($exceptions);
+ $this->login_exceptions = $exceptions;
+ $username = $_SESSION['username'];
+
+ foreach ($exceptions as $ec) {
+ if ($username === $ec) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
}