diff --git a/lam/help/help.inc b/lam/help/help.inc index 5f15f8b5..43ef6a13 100644 --- a/lam/help/help.inc +++ b/lam/help/help.inc @@ -203,6 +203,14 @@ $helpArray = array ( "Text" => _('Please enter the user name and password to connect to the database.')), "276" => array ("Headline" => _('Database name'), "Text" => _('This is the database name on the server.')), + '280' => array ("Headline" => _('Allow setting specific passwords'), + "Text" => _('Allows to set a specific password via input field.')), + '281' => array ("Headline" => _('Allow to display password on screen'), + "Text" => _('Allows to display a randomly generated password on screen.')), + '282' => array ("Headline" => _('Default password output'), + "Text" => _('Default method to output a random password.')), + '283' => array ("Headline" => _('Force password reset by default'), + "Text" => _('Enforce password reset on next login by default.')), // 300 - 399 // profile editor, file upload "301" => array ("Headline" => _("RDN identifier"), diff --git a/lam/lib/config.inc b/lam/lib/config.inc index 9b98b3a2..43137f86 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -409,6 +409,13 @@ class LAMConfig { /** line separator */ const LINE_SEPARATOR = '+::+'; + /** show password on screen by default */ + const PWDRESET_DEFAULT_SCREEN = 1; + /** send password via email by default */ + const PWDRESET_DEFAULT_MAIL = 2; + /** show password on screen and send via email by default */ + const PWDRESET_DEFAULT_BOTH = 3; + /** Server address (e.g. ldap://127.0.0.1:389) */ private $ServerURL; @@ -503,22 +510,27 @@ class LAMConfig { /** email address for sender of password reset mails */ private $lamProMailFrom = ''; - /** reply-to email address for password reset mails */ private $lamProMailReplyTo = ''; - /** subject for password reset mails */ private $lamProMailSubject = ''; - /** treat password reset mail body as HTML */ private $lamProMailIsHTML = 'false'; - /** allow sending mails to an alternative address */ private $lamProMailAllowAlternateAddress = 'true'; - /** mail body for password reset mails */ private $lamProMailText = ''; + /** password reset page: allow to set a specific password */ + private $pwdResetAllowSpecificPassword = 'true'; + /** password reset page: allow to show password on screen */ + private $pwdResetAllowScreenPassword = 'true'; + /** password reset page: force password change by default */ + private $pwdResetForcePasswordChange = 'true'; + /** password reset page: default selection for password output + * PWDRESET_DEFAULT_SCREEN, PWDRESET_DEFAULT_MAIL, PWDRESET_DEFAULT_BOTH */ + private $pwdResetDefaultPasswordOutput = LAMconfig::PWDRESET_DEFAULT_MAIL; + /** LDAP user for jobs */ private $jobsBindUser = null; /** LDAP password for jobs */ @@ -547,7 +559,8 @@ class LAMConfig { 'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject', 'lamProMailText', 'lamProMailIsHTML', 'lamProMailAllowAlternateAddress', 'httpAuthentication', 'loginSearchDN', 'loginSearchPassword', 'timeZone', 'jobsBindUser', 'jobsBindPassword', 'jobsDatabase', 'jobToken', 'jobs', - 'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName' + 'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName', 'pwdResetAllowSpecificPassword', + 'pwdResetAllowScreenPassword', 'pwdResetForcePasswordChange', 'pwdResetDefaultPasswordOutput' ); @@ -765,6 +778,10 @@ class LAMConfig { if (!in_array("jobsDBPassword", $saved)) array_push($file_array, "\n" . "jobsDBPassword: " . $this->jobsDBPassword . "\n"); if (!in_array("jobsDBName", $saved)) array_push($file_array, "\n" . "jobsDBName: " . $this->jobsDBName . "\n"); if (!in_array("jobToken", $saved)) array_push($file_array, "\n" . "jobToken: " . $this->getJobToken() . "\n"); + if (!in_array("pwdResetAllowSpecificPassword", $saved)) array_push($file_array, "\n" . "pwdResetAllowSpecificPassword: " . $this->pwdResetAllowSpecificPassword . "\n"); + if (!in_array("pwdResetAllowScreenPassword", $saved)) array_push($file_array, "\n" . "pwdResetAllowScreenPassword: " . $this->pwdResetAllowScreenPassword . "\n"); + if (!in_array("pwdResetForcePasswordChange", $saved)) array_push($file_array, "\n" . "pwdResetForcePasswordChange: " . $this->pwdResetForcePasswordChange . "\n"); + if (!in_array("pwdResetDefaultPasswordOutput", $saved)) array_push($file_array, "\n" . "pwdResetDefaultPasswordOutput: " . $this->pwdResetDefaultPasswordOutput . "\n"); // check if all module settings were added $m_settings = array_keys($this->moduleSettings); for ($i = 0; $i < sizeof($m_settings); $i++) { @@ -1868,6 +1885,78 @@ class LAMConfig { return $this->jobToken; } + /** + * Returns if setting a specific password is allowed on password reset page. + * + * @return String 'true' or 'false' + */ + public function getPwdResetAllowSpecificPassword() { + return $this->pwdResetAllowSpecificPassword; + } + + /** + * Sets if setting a specific password is allowed on password reset page. + * + * @param String $pwdResetAllowSpecificPassword 'true' or 'false' + */ + public function setPwdResetAllowSpecificPassword($pwdResetAllowSpecificPassword) { + $this->pwdResetAllowSpecificPassword = $pwdResetAllowSpecificPassword; + } + + /** + * Returns if displaying password on screen is allowed on password reset page. + * + * @return String 'true' or 'false' + */ + public function getPwdResetAllowScreenPassword() { + return $this->pwdResetAllowScreenPassword; + } + + /** + * Sets if displaying password on screen is allowed on password reset page. + * + * @param String $pwdResetAllowScreenPassword 'true' or 'false' + */ + public function setPwdResetAllowScreenPassword($pwdResetAllowScreenPassword) { + $this->pwdResetAllowScreenPassword = $pwdResetAllowScreenPassword; + } + + /** + * Returns if force password change is set by default on password reset page. + * + * @return String 'true' or 'false' + */ + public function getPwdResetForcePasswordChange() { + return $this->pwdResetForcePasswordChange; + } + + /** + * Sets if force password change is set by default on password reset page. + * + * @param String $pwdResetForcePasswordChange 'true' or 'false' + */ + public function setPwdResetForcePasswordChange($pwdResetForcePasswordChange) { + $this->pwdResetForcePasswordChange = $pwdResetForcePasswordChange; + } + + /** + * Returns default password output method on password reset page. + * + * @return integer LAMConfig::PWDRESET_DEFAULT_SCREEN/PWDRESET_DEFAULT_MAIL/PWDRESET_DEFAULT_BOTH + */ + public function getPwdResetDefaultPasswordOutput() { + return $this->pwdResetDefaultPasswordOutput; + } + + /** + * Sets default password output method on password reset page. + * + * @param integer $pwdResetDefaultPasswordOutput LAMConfig::PWDRESET_DEFAULT_SCREEN/PWDRESET_DEFAULT_MAIL/PWDRESET_DEFAULT_BOTH + */ + public function setPwdResetDefaultPasswordOutput($pwdResetDefaultPasswordOutput) { + $this->pwdResetDefaultPasswordOutput = $pwdResetDefaultPasswordOutput; + } + } diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index bbcba1ea..085be01e 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -369,6 +369,45 @@ $container->addElement(new htmlSpacer(null, '10px'), true); // LAM Pro settings if (isLAMProVersion()) { + // password reset page + $pwdResetContent = new htmlTable(); + + $pwdResetAllowSpecific = true; + if ($conf->getPwdResetAllowSpecificPassword() == 'false') { + $pwdResetAllowSpecific = false; + } + $pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetAllowSpecificPassword', $pwdResetAllowSpecific , _('Allow setting specific passwords'), '280')); + + $pwdResetContent->addSpace('10px'); + + $pwdResetAllowScreenPassword = true; + if ($conf->getPwdResetAllowScreenPassword() == 'false') { + $pwdResetAllowScreenPassword = false; + } + $pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetAllowScreenPassword', $pwdResetAllowScreenPassword , _('Allow to display password on screen'), '281'), true); + + $pwdResetDefaultPasswordOutputOptions = array( + _('Display on screen') => LAMConfig::PWDRESET_DEFAULT_SCREEN, + _('Send via mail') => LAMConfig::PWDRESET_DEFAULT_MAIL, + _('Both') => LAMConfig::PWDRESET_DEFAULT_BOTH + ); + $pwdResetDefaultPasswordOutputSelect = new htmlTableExtendedSelect('pwdResetDefaultPasswordOutput', $pwdResetDefaultPasswordOutputOptions, array($conf->getPwdResetDefaultPasswordOutput()), _("Default password output"), '282'); + $pwdResetDefaultPasswordOutputSelect->setHasDescriptiveElements(true); + $pwdResetContent->addElement($pwdResetDefaultPasswordOutputSelect); + + $pwdResetContent->addSpace('10px'); + + $pwdResetForcePasswordChange = true; + if ($conf->getPwdResetForcePasswordChange() == 'false') { + $pwdResetForcePasswordChange = false; + } + $pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetForcePasswordChange', $pwdResetForcePasswordChange , _('Force password reset by default'), '283'), true); + + $pwdResetFieldset = new htmlFieldset($pwdResetContent, _("Password reset page settings"), '../../graphics/keyBig.png'); + $container->addElement($pwdResetFieldset, true); + $container->addElement(new htmlSpacer(null, '10px'), true); + + // mail settings $pwdMailContent = new htmlTable(); $pwdMailFrom = new htmlTableExtendedInputField(_('From address'), 'pwdResetMail_from', $conf->getLamProMailFrom(), '550'); @@ -554,6 +593,25 @@ function checkInput() { $conf->set_searchLimit($_POST['searchLimit']); if (isLAMProVersion()) { $conf->setAccessLevel($_POST['accessLevel']); + if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) { + $conf->setPwdResetAllowSpecificPassword('true'); + } + else { + $conf->setPwdResetAllowSpecificPassword('false'); + } + if (isset($_POST['pwdResetAllowScreenPassword']) && ($_POST['pwdResetAllowScreenPassword'] == 'on')) { + $conf->setPwdResetAllowScreenPassword('true'); + } + else { + $conf->setPwdResetAllowScreenPassword('false'); + } + if (isset($_POST['pwdResetForcePasswordChange']) && ($_POST['pwdResetForcePasswordChange'] == 'on')) { + $conf->setPwdResetForcePasswordChange('true'); + } + else { + $conf->setPwdResetForcePasswordChange('false'); + } + $conf->setPwdResetDefaultPasswordOutput($_POST['pwdResetDefaultPasswordOutput']); if (!$conf->setLamProMailFrom($_POST['pwdResetMail_from'])) { $errors[] = array("ERROR", _("From address for password mails is invalid."), htmlspecialchars($_POST['pwdResetMail_from'])); } diff --git a/lam/tests/lib/LAMConfigTest.php b/lam/tests/lib/LAMConfigTest.php index b763662a..486837f1 100644 --- a/lam/tests/lib/LAMConfigTest.php +++ b/lam/tests/lib/LAMConfigTest.php @@ -612,6 +612,35 @@ class LAMConfigTest extends PHPUnit_Framework_TestCase { $this->assertEquals($val, $this->lAMConfig->getJobSettings()); } + /** + * Tests settings of password reset page. + */ + public function testPwdResetPageSettings() { + $val = 'true'; + $this->lAMConfig->setPwdResetAllowScreenPassword($val); + $this->assertEquals($val, $this->lAMConfig->getPwdResetAllowScreenPassword()); + $this->doSave(); + $this->assertEquals($val, $this->lAMConfig->getPwdResetAllowScreenPassword()); + + $val = 'true'; + $this->lAMConfig->setPwdResetAllowSpecificPassword($val); + $this->assertEquals($val, $this->lAMConfig->getPwdResetAllowSpecificPassword()); + $this->doSave(); + $this->assertEquals($val, $this->lAMConfig->getPwdResetAllowSpecificPassword()); + + $val = 'true'; + $this->lAMConfig->setPwdResetForcePasswordChange($val); + $this->assertEquals($val, $this->lAMConfig->getPwdResetForcePasswordChange()); + $this->doSave(); + $this->assertEquals($val, $this->lAMConfig->getPwdResetForcePasswordChange()); + + $val = LAMConfig::PWDRESET_DEFAULT_MAIL; + $this->lAMConfig->setPwdResetDefaultPasswordOutput($val); + $this->assertEquals($val, $this->lAMConfig->getPwdResetDefaultPasswordOutput()); + $this->doSave(); + $this->assertEquals($val, $this->lAMConfig->getPwdResetDefaultPasswordOutput()); + } + /** * Tests LAMConfig->getJobToken() */