support forced password changes in self service (bug 3483907)

This commit is contained in:
Roland Gruber 2012-02-08 17:55:00 +00:00
parent 252e8682bf
commit 3b2760c6ff
8 changed files with 49 additions and 18 deletions

View File

@ -1231,11 +1231,12 @@ abstract class baseModule {
*
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return htmlElement meta HTML object
*
* @see htmlElement
*/
public function getSelfServiceOptions($fields, $attributes) {
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
// this function must be overwritten by subclasses.
return array();
}
@ -1253,9 +1254,10 @@ abstract class baseModule {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
public function checkSelfServiceOptions($fields, $attributes) {
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
return $return;
}

View File

@ -1577,11 +1577,12 @@ class asteriskAccount extends baseModule implements passwordService {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
return $return;
}
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {

View File

@ -587,11 +587,12 @@ class asteriskVoicemail extends baseModule implements passwordService {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
return $return;
}
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {

View File

@ -2478,10 +2478,14 @@ class inetOrgPerson extends baseModule implements passwordService {
*
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array meta HTML
*/
function getSelfServiceOptions($fields, $attributes) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no fields as long no LDAP content can be read
}
if (in_array('firstName', $fields)) {
$firstName = '';
if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0];
@ -2677,10 +2681,14 @@ class inetOrgPerson extends baseModule implements passwordService {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
}
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// first name

View File

@ -818,9 +818,13 @@ class kolabUser extends baseModule {
*
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array meta HTML
*/
function getSelfServiceOptions($fields, $attributes) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
if ($passwordChangeOnly) {
return array(); // no Kolab fields as long no LDAP content can be read
}
if (!in_array('kolabInetOrgPerson', $attributes['objectClass'])) {
return array();
}
@ -926,10 +930,14 @@ class kolabUser extends baseModule {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
}
if (!in_array_ignore_case('kolabInetOrgPerson', $attributes['objectClass'])) {
return $return;
}

View File

@ -2067,9 +2067,10 @@ class posixAccount extends baseModule implements passwordService {
*
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array meta HTML
*/
function getSelfServiceOptions($fields, $attributes) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array();
if (in_array('password', $fields)) {
$pwdTable = new htmlTable();
@ -2084,6 +2085,9 @@ class posixAccount extends baseModule implements passwordService {
$pwdTable
));
}
if ($passwordChangeOnly) {
return $return; // only password fields as long no LDAP content can be read
}
if (in_array('cn', $fields)) {
$cn = '';
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
@ -2115,9 +2119,10 @@ class posixAccount extends baseModule implements passwordService {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
@ -2145,6 +2150,9 @@ class posixAccount extends baseModule implements passwordService {
}
}
}
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
}
if (in_array('cn', $fields)) {
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) {

View File

@ -2090,11 +2090,12 @@ class sambaSamAccount extends baseModule implements passwordService {
*
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return;
}
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {

View File

@ -90,15 +90,16 @@ function getSelfServiceFieldSettings($scope) {
* @param string $scope account type
* @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes (attribute names in lower case)
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array meta HTML code (array(<moduleName> => htmlTableRow))
*/
function getSelfServiceOptions($scope, $fields, $attributes) {
function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
$return = array();
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes);
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
if (sizeof($code) > 0) $return[$modules[$i]] = $code;
}
return $return;
@ -111,15 +112,16 @@ function getSelfServiceOptions($scope, $fields, $attributes) {
* @param string $scope account type
* @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
*/
function checkSelfServiceOptions($scope, $fields, $attributes) {
function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes);
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']);
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);