new options for password reset page

lam/help/help.inc

@@ -203,6 +203,14 @@ $helpArray = array (
 					"Text" => _('Please enter the user name and password to connect to the database.')),
 				"276" => array ("Headline" => _('Database name'),
 					"Text" => _('This is the database name on the server.')),
+				'280' => array ("Headline" => _('Allow setting specific passwords'),
+					"Text" => _('Allows to set a specific password via input field.')),
+				'281' => array ("Headline" => _('Allow to display password on screen'),
+					"Text" => _('Allows to display a randomly generated password on screen.')),
+				'282' => array ("Headline" => _('Default password output'),
+					"Text" => _('Default method to output a random password.')),
+				'283' => array ("Headline" => _('Force password reset by default'),
+					"Text" => _('Enforce password reset on next login by default.')),
 				// 300 - 399
 				// profile editor, file upload
 				"301" => array ("Headline" => _("RDN identifier"),

lam/lib/config.inc

@@ -409,6 +409,13 @@ class LAMConfig {
 	/** line separator */
 	const LINE_SEPARATOR = '+::+';
 
+	/** show password on screen by default */
+	const PWDRESET_DEFAULT_SCREEN = 1;
+	/** send password via email by default */
+	const PWDRESET_DEFAULT_MAIL = 2;
+	/** show password on screen and send via email by default */
+	const PWDRESET_DEFAULT_BOTH = 3;
+
 	/** Server address (e.g. ldap://127.0.0.1:389) */
 	private $ServerURL;
 
@@ -503,22 +510,27 @@ class LAMConfig {
 
 	/** email address for sender of password reset mails */
 	private $lamProMailFrom = '';
-
 	/** reply-to email address for password reset mails */
 	private $lamProMailReplyTo = '';
-
 	/** subject for password reset mails */
 	private $lamProMailSubject = '';
-
 	/** treat password reset mail body as HTML */
 	private $lamProMailIsHTML = 'false';
-
 	/** allow sending mails to an alternative address */
 	private $lamProMailAllowAlternateAddress = 'true';
-
 	/** mail body for password reset mails */
 	private $lamProMailText = '';
 
+	/** password reset page: allow to set a specific password */
+	private $pwdResetAllowSpecificPassword = 'true';
+	/** password reset page: allow to show password on screen */
+	private $pwdResetAllowScreenPassword = 'true';
+	/** password reset page: force password change by default */
+	private $pwdResetForcePasswordChange = 'true';
+	/** password reset page: default selection for password output
+	 * PWDRESET_DEFAULT_SCREEN, PWDRESET_DEFAULT_MAIL, PWDRESET_DEFAULT_BOTH */
+	private $pwdResetDefaultPasswordOutput = LAMconfig::PWDRESET_DEFAULT_MAIL;
+
 	/** LDAP user for jobs */
 	private $jobsBindUser = null;
 	/** LDAP password for jobs */
@@ -547,7 +559,8 @@ class LAMConfig {
 		'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject',
 		'lamProMailText', 'lamProMailIsHTML', 'lamProMailAllowAlternateAddress', 'httpAuthentication', 'loginSearchDN',
 		'loginSearchPassword', 'timeZone', 'jobsBindUser', 'jobsBindPassword', 'jobsDatabase', 'jobToken', 'jobs',
-		'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName'
+		'jobsDBHost', 'jobsDBPort', 'jobsDBUser', 'jobsDBPassword', 'jobsDBName', 'pwdResetAllowSpecificPassword',
+		'pwdResetAllowScreenPassword', 'pwdResetForcePasswordChange', 'pwdResetDefaultPasswordOutput'
 	);
 
 
@@ -765,6 +778,10 @@ class LAMConfig {
 			if (!in_array("jobsDBPassword", $saved)) array_push($file_array, "\n" . "jobsDBPassword: " . $this->jobsDBPassword . "\n");
 			if (!in_array("jobsDBName", $saved)) array_push($file_array, "\n" . "jobsDBName: " . $this->jobsDBName . "\n");
 			if (!in_array("jobToken", $saved)) array_push($file_array, "\n" . "jobToken: " . $this->getJobToken() . "\n");
+			if (!in_array("pwdResetAllowSpecificPassword", $saved)) array_push($file_array, "\n" . "pwdResetAllowSpecificPassword: " . $this->pwdResetAllowSpecificPassword . "\n");
+			if (!in_array("pwdResetAllowScreenPassword", $saved)) array_push($file_array, "\n" . "pwdResetAllowScreenPassword: " . $this->pwdResetAllowScreenPassword . "\n");
+			if (!in_array("pwdResetForcePasswordChange", $saved)) array_push($file_array, "\n" . "pwdResetForcePasswordChange: " . $this->pwdResetForcePasswordChange . "\n");
+			if (!in_array("pwdResetDefaultPasswordOutput", $saved)) array_push($file_array, "\n" . "pwdResetDefaultPasswordOutput: " . $this->pwdResetDefaultPasswordOutput . "\n");
 			// check if all module settings were added
 			$m_settings = array_keys($this->moduleSettings);
 			for ($i = 0; $i < sizeof($m_settings); $i++) {
@@ -1868,6 +1885,78 @@ class LAMConfig {
 		return $this->jobToken;
 	}
 
+	/**
+	 * Returns if setting a specific password is allowed on password reset page.
+	 *
+	 * @return String 'true' or 'false'
+	 */
+	public function getPwdResetAllowSpecificPassword() {
+		return $this->pwdResetAllowSpecificPassword;
+	}
+
+	/**
+	 * Sets if setting a specific password is allowed on password reset page.
+	 *
+	 * @param String $pwdResetAllowSpecificPassword 'true' or 'false'
+	 */
+	public function setPwdResetAllowSpecificPassword($pwdResetAllowSpecificPassword) {
+		$this->pwdResetAllowSpecificPassword = $pwdResetAllowSpecificPassword;
+	}
+
+	/**
+	 * Returns if displaying password on screen is allowed on password reset page.
+	 *
+	 * @return String 'true' or 'false'
+	 */
+	public function getPwdResetAllowScreenPassword() {
+		return $this->pwdResetAllowScreenPassword;
+	}
+
+	/**
+	 * Sets if displaying password on screen is allowed on password reset page.
+	 *
+	 * @param String $pwdResetAllowScreenPassword 'true' or 'false'
+	 */
+	public function setPwdResetAllowScreenPassword($pwdResetAllowScreenPassword) {
+		$this->pwdResetAllowScreenPassword = $pwdResetAllowScreenPassword;
+	}
+
+	/**
+	 * Returns if force password change is set by default on password reset page.
+	 *
+	 * @return String 'true' or 'false'
+	 */
+	public function getPwdResetForcePasswordChange() {
+		return $this->pwdResetForcePasswordChange;
+	}
+
+	/**
+	 * Sets if force password change is set by default on password reset page.
+	 *
+	 * @param String $pwdResetForcePasswordChange 'true' or 'false'
+	 */
+	public function setPwdResetForcePasswordChange($pwdResetForcePasswordChange) {
+		$this->pwdResetForcePasswordChange = $pwdResetForcePasswordChange;
+	}
+
+	/**
+	 * Returns default password output method on password reset page.
+	 *
+	 * @return integer LAMConfig::PWDRESET_DEFAULT_SCREEN/PWDRESET_DEFAULT_MAIL/PWDRESET_DEFAULT_BOTH
+	 */
+	public function getPwdResetDefaultPasswordOutput() {
+		return $this->pwdResetDefaultPasswordOutput;
+	}
+
+	/**
+	 * Sets default password output method on password reset page.
+	 *
+	 * @param integer $pwdResetDefaultPasswordOutput LAMConfig::PWDRESET_DEFAULT_SCREEN/PWDRESET_DEFAULT_MAIL/PWDRESET_DEFAULT_BOTH
+	 */
+	public function setPwdResetDefaultPasswordOutput($pwdResetDefaultPasswordOutput) {
+		$this->pwdResetDefaultPasswordOutput = $pwdResetDefaultPasswordOutput;
+	}
+
 }
 
 

lam/templates/config/confmain.php

@@ -369,6 +369,45 @@ $container->addElement(new htmlSpacer(null, '10px'), true);
 
 // LAM Pro settings
 if (isLAMProVersion()) {
+	// password reset page
+	$pwdResetContent = new htmlTable();
+
+	$pwdResetAllowSpecific = true;
+	if ($conf->getPwdResetAllowSpecificPassword() == 'false') {
+		$pwdResetAllowSpecific = false;
+	}
+	$pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetAllowSpecificPassword', $pwdResetAllowSpecific , _('Allow setting specific passwords'), '280'));
+
+	$pwdResetContent->addSpace('10px');
+
+	$pwdResetAllowScreenPassword = true;
+	if ($conf->getPwdResetAllowScreenPassword() == 'false') {
+		$pwdResetAllowScreenPassword = false;
+	}
+	$pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetAllowScreenPassword', $pwdResetAllowScreenPassword , _('Allow to display password on screen'), '281'), true);
+
+	$pwdResetDefaultPasswordOutputOptions = array(
+		_('Display on screen') => LAMConfig::PWDRESET_DEFAULT_SCREEN,
+		_('Send via mail') => LAMConfig::PWDRESET_DEFAULT_MAIL,
+		_('Both') => LAMConfig::PWDRESET_DEFAULT_BOTH
+	);
+	$pwdResetDefaultPasswordOutputSelect = new htmlTableExtendedSelect('pwdResetDefaultPasswordOutput', $pwdResetDefaultPasswordOutputOptions, array($conf->getPwdResetDefaultPasswordOutput()), _("Default password output"), '282');
+	$pwdResetDefaultPasswordOutputSelect->setHasDescriptiveElements(true);
+	$pwdResetContent->addElement($pwdResetDefaultPasswordOutputSelect);
+
+	$pwdResetContent->addSpace('10px');
+
+	$pwdResetForcePasswordChange = true;
+	if ($conf->getPwdResetForcePasswordChange() == 'false') {
+		$pwdResetForcePasswordChange = false;
+	}
+	$pwdResetContent->addElement(new htmlTableExtendedInputCheckbox('pwdResetForcePasswordChange', $pwdResetForcePasswordChange , _('Force password reset by default'), '283'), true);
+
+	$pwdResetFieldset = new htmlFieldset($pwdResetContent, _("Password reset page settings"), '../../graphics/keyBig.png');
+	$container->addElement($pwdResetFieldset, true);
+	$container->addElement(new htmlSpacer(null, '10px'), true);
+
+	// mail settings
 	$pwdMailContent = new htmlTable();
 
 	$pwdMailFrom = new htmlTableExtendedInputField(_('From address'), 'pwdResetMail_from', $conf->getLamProMailFrom(), '550');
@@ -554,6 +593,25 @@ function checkInput() {
 	$conf->set_searchLimit($_POST['searchLimit']);
 	if (isLAMProVersion()) {
 		$conf->setAccessLevel($_POST['accessLevel']);
+		if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) {
+			$conf->setPwdResetAllowSpecificPassword('true');
+		}
+		else {
+			$conf->setPwdResetAllowSpecificPassword('false');
+		}
+		if (isset($_POST['pwdResetAllowScreenPassword']) && ($_POST['pwdResetAllowScreenPassword'] == 'on')) {
+			$conf->setPwdResetAllowScreenPassword('true');
+		}
+		else {
+			$conf->setPwdResetAllowScreenPassword('false');
+		}
+		if (isset($_POST['pwdResetForcePasswordChange']) && ($_POST['pwdResetForcePasswordChange'] == 'on')) {
+			$conf->setPwdResetForcePasswordChange('true');
+		}
+		else {
+			$conf->setPwdResetForcePasswordChange('false');
+		}
+		$conf->setPwdResetDefaultPasswordOutput($_POST['pwdResetDefaultPasswordOutput']);
 		if (!$conf->setLamProMailFrom($_POST['pwdResetMail_from'])) {
 			$errors[] = array("ERROR", _("From address for password mails is invalid."), htmlspecialchars($_POST['pwdResetMail_from']));
 		}

lam/tests/lib/LAMConfigTest.php

@@ -612,6 +612,35 @@ class LAMConfigTest extends PHPUnit_Framework_TestCase {
 		$this->assertEquals($val, $this->lAMConfig->getJobSettings());
 	}
 
+	/**
+	 * Tests settings of password reset page.
+	 */
+	public function testPwdResetPageSettings() {
+		$val = 'true';
+		$this->lAMConfig->setPwdResetAllowScreenPassword($val);
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetAllowScreenPassword());
+		$this->doSave();
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetAllowScreenPassword());
+
+		$val = 'true';
+		$this->lAMConfig->setPwdResetAllowSpecificPassword($val);
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetAllowSpecificPassword());
+		$this->doSave();
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetAllowSpecificPassword());
+
+		$val = 'true';
+		$this->lAMConfig->setPwdResetForcePasswordChange($val);
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetForcePasswordChange());
+		$this->doSave();
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetForcePasswordChange());
+
+		$val = LAMConfig::PWDRESET_DEFAULT_MAIL;
+		$this->lAMConfig->setPwdResetDefaultPasswordOutput($val);
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetDefaultPasswordOutput());
+		$this->doSave();
+		$this->assertEquals($val, $this->lAMConfig->getPwdResetDefaultPasswordOutput());
+	}
+
 	/**
 	 * Tests LAMConfig->getJobToken()
 	 */