From e7ee70541fe60800480d7b3a830a80f715e60ce2 Mon Sep 17 00:00:00 2001 From: simonp Date: Tue, 27 May 2014 21:09:24 +0200 Subject: Add option to force new users to change their password (#1486884) --- CHANGELOG | 1 + plugins/password/config.inc.php.dist | 3 +++ plugins/password/localization/en_US.inc | 1 + plugins/password/password.php | 36 ++++++++++++++++++++++++++++++++- 4 files changed, 40 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 112ef28ac..695ccc65b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -31,6 +31,7 @@ CHANGELOG Roundcube Webmail - Fix so responses menu hides on click in classic skin (#1489915) - Fix unintentional line-height style modification in HTML messages (#1489917) - Fix broken normalize_string(), add support for ISO-8859-2 (#1489918) +- Add option to force new users to change their password (#1486884) RELEASE 1.0.1 ------------- diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 8f7a57f9a..16b7f9317 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -35,6 +35,9 @@ $config['password_hosts'] = null; // for upgrading the stored passwords after the encryption scheme has changed. $config['password_force_save'] = false; +// Enables forcing new users to change their password at their first login. +$config['password_force_new_user'] = false; + // SQL Driver options // ------------------ diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc index a4c077fe5..94475ce36 100644 --- a/plugins/password/localization/en_US.inc +++ b/plugins/password/localization/en_US.inc @@ -33,5 +33,6 @@ $messages['internalerror'] = 'Could not save new password.'; $messages['passwordshort'] = 'Password must be at least $length characters long.'; $messages['passwordweak'] = 'Password must include at least one number and one punctuation character.'; $messages['passwordforbidden'] = 'Password contains forbidden characters.'; +$messages['firstloginchange'] = 'This is your first login. Please change your password.'; ?> diff --git a/plugins/password/password.php b/plugins/password/password.php index 83f951b98..a9e6f4e04 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -40,9 +40,10 @@ define('PASSWORD_SUCCESS', 0); */ class password extends rcube_plugin { - public $task = 'settings'; + public $task = 'settings|login'; public $noframe = true; public $noajax = true; + private $newuser = false; function init() { @@ -70,9 +71,15 @@ class password extends rcube_plugin } $this->add_hook('settings_actions', array($this, 'settings_actions')); + if($rcmail->config->get('password_force_new_user')) + { + $this->add_hook('user_create', array($this, 'user_create')); + $this->add_hook('login_after', array($this, 'login_after')); + } $this->register_action('plugin.password', array($this, 'password_init')); $this->register_action('plugin.password-save', array($this, 'password_save')); + $this->register_action('plugin.password-first', array($this, 'password_first')); if (strpos($rcmail->action, 'plugin.password') === 0) { @@ -300,4 +307,31 @@ class password extends rcube_plugin return $reason; } + + function user_create($args) + { + $this->newuser = true; + return $args; + } + + function login_after($args) + { + if($this->newuser) + { + $args['_task'] = 'settings'; + $args['_action'] = 'plugin.password-first'; + } + return $args; + } + + function password_first() + { + $rcmail = rcmail::get_instance(); + $this->add_texts('localization/'); + $this->register_handler('plugin.body', array($this, 'password_form')); + $rcmail->output->set_pagetitle($this->gettext('changepasswd')); + $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice'); + $rcmail->overwrite_action('plugin.password'); + $rcmail->output->send('plugin'); + } } -- cgit v1.2.3 From 9e9c03cb9078b9d9a89979e8cace8d9370cf972c Mon Sep 17 00:00:00 2001 From: simonp Date: Fri, 6 Jun 2014 20:24:24 +0200 Subject: Moved functionality from password_first to password_init --- plugins/password/password.php | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/plugins/password/password.php b/plugins/password/password.php index a9e6f4e04..2448b4563 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -71,8 +71,7 @@ class password extends rcube_plugin } $this->add_hook('settings_actions', array($this, 'settings_actions')); - if($rcmail->config->get('password_force_new_user')) - { + if($rcmail->config->get('password_force_new_user')) { $this->add_hook('user_create', array($this, 'user_create')); $this->add_hook('login_after', array($this, 'login_after')); } @@ -101,6 +100,10 @@ class password extends rcube_plugin $rcmail = rcmail::get_instance(); $rcmail->output->set_pagetitle($this->gettext('changepasswd')); + $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET); + if(isset($first) && $first == 'true') { + $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice'); + } $rcmail->output->send('plugin'); } @@ -319,19 +322,9 @@ class password extends rcube_plugin if($this->newuser) { $args['_task'] = 'settings'; - $args['_action'] = 'plugin.password-first'; + $args['_action'] = 'plugin.password'; + $args['_first'] = 'true'; } return $args; } - - function password_first() - { - $rcmail = rcmail::get_instance(); - $this->add_texts('localization/'); - $this->register_handler('plugin.body', array($this, 'password_form')); - $rcmail->output->set_pagetitle($this->gettext('changepasswd')); - $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice'); - $rcmail->overwrite_action('plugin.password'); - $rcmail->output->send('plugin'); - } } -- cgit v1.2.3 From 6f7042e5820997464fa2198487d37e90cbf054f9 Mon Sep 17 00:00:00 2001 From: simonp Date: Sat, 7 Jun 2014 13:03:41 +0200 Subject: Fix for login/hosts exceptions --- plugins/password/password.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/plugins/password/password.php b/plugins/password/password.php index 2448b4563..74c53c9d9 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -44,6 +44,8 @@ class password extends rcube_plugin public $noframe = true; public $noajax = true; private $newuser = false; + private $login_exceptions; + private $allowed_hosts; function init() { @@ -53,6 +55,7 @@ class password extends rcube_plugin // Host exceptions $hosts = $rcmail->config->get('password_hosts'); + $this->allowed_hosts = $hosts; if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) { return; } @@ -61,6 +64,7 @@ class password extends rcube_plugin if ($exceptions = $rcmail->config->get('password_login_exceptions')) { $exceptions = array_map('trim', (array) $exceptions); $exceptions = array_filter($exceptions); + $this->login_exceptions = $exceptions; $username = $_SESSION['username']; foreach ($exceptions as $ec) { @@ -78,7 +82,6 @@ class password extends rcube_plugin $this->register_action('plugin.password', array($this, 'password_init')); $this->register_action('plugin.password-save', array($this, 'password_save')); - $this->register_action('plugin.password-first', array($this, 'password_first')); if (strpos($rcmail->action, 'plugin.password') === 0) { @@ -319,6 +322,18 @@ class password extends rcube_plugin function login_after($args) { + $rcmail = rcmail::get_instance(); + $userstruct = $rcmail->user; + $username = $userstruct->get_username(); + foreach ($this->login_exceptions as $ec) { + if ($username === $ec) { + return $args; + } + } + $domain = $userstruct->get_username('domain'); + if (!empty($this->allowed_hosts) && !in_array($domain, $this->allowed_hosts)) { + return; + } if($this->newuser) { $args['_task'] = 'settings'; -- cgit v1.2.3 From 12514266b94269eebf399cb6052687762f370e9d Mon Sep 17 00:00:00 2001 From: simonp Date: Tue, 10 Jun 2014 13:06:10 +0200 Subject: Move login/hosts to seperate function --- plugins/password/password.php | 64 +++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/plugins/password/password.php b/plugins/password/password.php index 74c53c9d9..7b6b80dc7 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -44,8 +44,6 @@ class password extends rcube_plugin public $noframe = true; public $noajax = true; private $newuser = false; - private $login_exceptions; - private $allowed_hosts; function init() { @@ -53,27 +51,10 @@ class password extends rcube_plugin $this->load_config(); - // Host exceptions - $hosts = $rcmail->config->get('password_hosts'); - $this->allowed_hosts = $hosts; - if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) { + if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) { return; } - - // Login exceptions - if ($exceptions = $rcmail->config->get('password_login_exceptions')) { - $exceptions = array_map('trim', (array) $exceptions); - $exceptions = array_filter($exceptions); - $this->login_exceptions = $exceptions; - $username = $_SESSION['username']; - - foreach ($exceptions as $ec) { - if ($username === $ec) { - return; - } - } - } - + $this->add_hook('settings_actions', array($this, 'settings_actions')); if($rcmail->config->get('password_force_new_user')) { $this->add_hook('user_create', array($this, 'user_create')); @@ -322,17 +303,8 @@ class password extends rcube_plugin function login_after($args) { - $rcmail = rcmail::get_instance(); - $userstruct = $rcmail->user; - $username = $userstruct->get_username(); - foreach ($this->login_exceptions as $ec) { - if ($username === $ec) { - return $args; - } - } - $domain = $userstruct->get_username('domain'); - if (!empty($this->allowed_hosts) && !in_array($domain, $this->allowed_hosts)) { - return; + if(!$this->check_host_login_exceptions()) { + return $args; } if($this->newuser) { @@ -342,4 +314,32 @@ class password extends rcube_plugin } return $args; } + + // Check if host and login is allowed to change the password, false = not allowed, true = not allowed + private function check_host_login_exceptions() + { + $rcmail = rcmail::get_instance(); + // Host exceptions + $hosts = $rcmail->config->get('password_hosts'); + $this->allowed_hosts = $hosts; + if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) { + return false; + } + + + // Login exceptions + if ($exceptions = $rcmail->config->get('password_login_exceptions')) { + $exceptions = array_map('trim', (array) $exceptions); + $exceptions = array_filter($exceptions); + $this->login_exceptions = $exceptions; + $username = $_SESSION['username']; + + foreach ($exceptions as $ec) { + if ($username === $ec) { + return false; + } + } + } + return true; + } } -- cgit v1.2.3