allow to force password change in password dialog

This commit is contained in:
Roland Gruber 2012-01-15 19:34:14 +00:00
parent 86efa99ec8
commit c340daef87
11 changed files with 136 additions and 22 deletions

View File

@ -167,6 +167,8 @@ $helpArray = array (
"Text" => _("Please enter the password which you want to set for this account. You may also generate a random password (12 characters) which will be displayed on your screen.")), "Text" => _("Please enter the password which you want to set for this account. You may also generate a random password (12 characters) which will be displayed on your screen.")),
"405" => array ("Headline" => _("PDF structure"), "405" => array ("Headline" => _("PDF structure"),
"Text" => _("The PDF structure defines what information is exported as PDF file and how the pages are structured. You can manage the PDF structures in the PDF editor (under \"Tools\").")), "Text" => _("The PDF structure defines what information is exported as PDF file and how the pages are structured. You can manage the PDF structures in the PDF editor (under \"Tools\").")),
"406" => array ("Headline" => _("Force password change"),
"Text" => _("If you set this option then the user has to change his password at the next login.")),
// 500 - 599 // 500 - 599
// LAM Pro // LAM Pro
"501" => array ("Headline" => _("LDAP suffix"), "501" => array ("Headline" => _("LDAP suffix"),

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber Copyright (C) 2003 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -983,6 +983,18 @@ class accountContainer {
$pwdInput2 = new htmlInputField('newPassword2'); $pwdInput2 = new htmlInputField('newPassword2');
$pwdInput2->setIsPassword(true); $pwdInput2->setIsPassword(true);
$container->addElement($pwdInput2, true); $container->addElement($pwdInput2, true);
// print force password change option
$forceChangeSupported = false;
foreach ($this->module as $name => $module) {
if (($module instanceof passwordService) && $module->supportsForcePasswordChange()) {
$forceChangeSupported = true;
break;
}
}
if ($forceChangeSupported) {
$container->addElement(new htmlTableExtendedInputCheckbox('lamForcePasswordChange', false, _('Force password change')));
$container->addElement(new htmlHelpLink('406'), true);
}
$container->addElement(new htmlSpacer(null, '10px'), true); $container->addElement(new htmlSpacer(null, '10px'), true);
// password modules // password modules
$moduleContainer = new htmlTable(); $moduleContainer = new htmlTable();
@ -1000,7 +1012,6 @@ class accountContainer {
} }
$moduleContainer->colspan = 5; $moduleContainer->colspan = 5;
$container->addElement($moduleContainer, true); $container->addElement($moduleContainer, true);
$container->addElement(new htmlSpacer(null, '10px'), true);
// generate HTML // generate HTML
$tabindex = 2000; $tabindex = 2000;
if ($printContainer) { if ($printContainer) {
@ -1043,11 +1054,13 @@ class accountContainer {
$return['errorsOccured'] = 'true'; $return['errorsOccured'] = 'true';
} }
} }
$forcePasswordChange = ($input['forcePasswordChange'] == 'true');
$return['forcePasswordChange'] = $forcePasswordChange;
if ($return['errorsOccured'] == 'false') { if ($return['errorsOccured'] == 'false') {
// set new password // set new password
foreach ($this->module as $name => $module) { foreach ($this->module as $name => $module) {
if ($module instanceof passwordService) { if ($module instanceof passwordService) {
$messages = $module->passwordChangeRequested($password1, $modules); $messages = $module->passwordChangeRequested($password1, $modules, $forcePasswordChange);
for ($m = 0; $m < sizeof($messages); $m++) { for ($m = 0; $m < sizeof($messages); $m++) {
if ($messages[$m][0] == 'ERROR') { if ($messages[$m][0] == 'ERROR') {
$return['errorsOccured'] = 'true'; $return['errorsOccured'] = 'true';
@ -1921,16 +1934,24 @@ interface passwordService {
*/ */
public function managesPasswordAttributes(); public function managesPasswordAttributes();
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange();
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param array $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
*/ */
public function passwordChangeRequested($password, $modules); public function passwordChangeRequested($password, $modules, $forcePasswordChange);
} }

View File

@ -1509,17 +1509,27 @@ class asteriskAccount extends baseModule implements passwordService {
return true; return true;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam) This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2010 Pavel Pozdnyak Copyright (C) 2010 Pavel Pozdnyak
2010 - 2011 Roland Gruber 2010 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -546,17 +546,27 @@ class asteriskVoicemail extends baseModule implements passwordService {
return true; return true;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }

View File

@ -2940,17 +2940,27 @@ class inetOrgPerson extends baseModule implements passwordService {
return false; return false;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2008 - 2011 Roland Gruber Copyright (C) 2008 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -429,17 +429,27 @@ class phpGroupwareUser extends baseModule implements passwordService {
return false; return false;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
// update password timestamp when Unix password was updated // update password timestamp when Unix password was updated
if (!in_array('posixAccount', $modules)) { if (!in_array('posixAccount', $modules)) {
return array(); return array();

View File

@ -2174,17 +2174,27 @@ class posixAccount extends baseModule implements passwordService {
return true; return true;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2007 - 2010 Roland Gruber 2007 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -777,17 +777,27 @@ class posixGroup extends baseModule implements passwordService {
return true; return true;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return false;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }

View File

@ -860,7 +860,7 @@ class sambaSamAccount extends baseModule implements passwordService {
$this->attributes['sambaSID'][0] = $SID."-". (($attrs['uidNumber'][0]*2)+$RIDbase); $this->attributes['sambaSID'][0] = $SID."-". (($attrs['uidNumber'][0]*2)+$RIDbase);
} }
} }
if (isset($_POST['passwordIsExpired'])) { if (isset($_POST['forcePasswordChangeOption'])) {
$this->expirePassword = true; $this->expirePassword = true;
} }
else { else {
@ -1099,7 +1099,7 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
$return->addElement(new htmlTableExtendedInputCheckbox('sambaAcctFlagsL', $locked, _('Account is locked'), 'locked'), true); $return->addElement(new htmlTableExtendedInputCheckbox('sambaAcctFlagsL', $locked, _('Account is locked'), 'locked'), true);
// password change at next login // password change at next login
$return->addElement(new htmlTableExtendedInputCheckbox('passwordIsExpired', $this->expirePassword, _('Password change at next login'), 'passwordIsExpired'), true); $return->addElement(new htmlTableExtendedInputCheckbox('forcePasswordChangeOption', $this->expirePassword, _('Password change at next login'), 'passwordIsExpired'), true);
// password can be changed // password can be changed
$return->addElement(new htmlOutputText(_('User can change password'))); $return->addElement(new htmlOutputText(_('User can change password')));
$tempTable = new htmlTable(); $tempTable = new htmlTable();
@ -2139,17 +2139,27 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return true;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
if (!in_array(get_class($this), $modules)) { if (!in_array(get_class($this), $modules)) {
return array(); return array();
} }
@ -2158,6 +2168,9 @@ class sambaSamAccount extends baseModule implements passwordService {
} }
$this->attributes['sambaNTPassword'][0] = ntPassword($password); $this->attributes['sambaNTPassword'][0] = ntPassword($password);
$this->attributes['sambaPwdLastSet'][0] = time(); $this->attributes['sambaPwdLastSet'][0] = time();
if ($forcePasswordChange) {
$this->attributes['sambaPwdLastSet'][0] = '0';
}
return array(); return array();
} }

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
Copyright (C) 2007 - 2011 Roland Gruber Copyright (C) 2007 - 2012 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -592,23 +592,36 @@ class shadowAccount extends baseModule implements passwordService {
return false; return false;
} }
/**
* Specifies if this module supports to force that a user must change his password on next login.
*
* @return boolean force password change supported
*/
public function supportsForcePasswordChange() {
return true;
}
/** /**
* This function is called whenever the password should be changed. Account modules * This function is called whenever the password should be changed. Account modules
* must change their password attributes only if the modules list contains their module name. * must change their password attributes only if the modules list contains their module name.
* *
* @param String $password new password * @param String $password new password
* @param $modules list of modules for which the password should be changed * @param $modules list of modules for which the password should be changed
* @param boolean $forcePasswordChange force the user to change his password at next login
* @return array list of error messages if any as parameter array for StatusMessage * @return array list of error messages if any as parameter array for StatusMessage
* e.g. return arrray(array('ERROR', 'Password change failed.')) * e.g. return arrray(array('ERROR', 'Password change failed.'))
* @see passwordService::passwordChangeRequested * @see passwordService::passwordChangeRequested
*/ */
public function passwordChangeRequested($password, $modules) { public function passwordChangeRequested($password, $modules, $forcePasswordChange) {
// update password timestamp when Unix password was updated // update password timestamp when Unix password was updated
if (!in_array('posixAccount', $modules)) { if (!in_array('posixAccount', $modules)) {
return array(); return array();
} }
if (in_array_ignore_case('shadowAccount', $this->attributes['objectClass'])) { if (in_array_ignore_case('shadowAccount', $this->attributes['objectClass'])) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24); $this->attributes['shadowLastChange'][0] = intval(time()/3600/24);
if ($forcePasswordChange && isset($this->attributes['shadowMax'][0]) && ($this->attributes['shadowMax'][0] != 0)) {
$this->attributes['shadowLastChange'][0] = intval(time()/3600/24) - $this->attributes['shadowMax'][0] - 1;
}
} }
return array(); return array();
} }

View File

@ -263,11 +263,13 @@ function passwordHandleInput(random, ajaxURL) {
}); });
var pwd1 = jQuery('#passwordDialog').find('[name=newPassword1]').val(); var pwd1 = jQuery('#passwordDialog').find('[name=newPassword1]').val();
var pwd2 = jQuery('#passwordDialog').find('[name=newPassword2]').val(); var pwd2 = jQuery('#passwordDialog').find('[name=newPassword2]').val();
var forcePasswordChange = jQuery('input[name=lamForcePasswordChange]').attr('checked');
var pwdJSON = { var pwdJSON = {
"modules": modules, "modules": modules,
"password1": pwd1, "password1": pwd1,
"password2": pwd2, "password2": pwd2,
"random": random "random": random,
"forcePasswordChange": forcePasswordChange
}; };
// make AJAX call // make AJAX call
jQuery.post(ajaxURL, {jsonInput: pwdJSON}, function(data) {passwordHandleReply(data);}, 'json'); jQuery.post(ajaxURL, {jsonInput: pwdJSON}, function(data) {passwordHandleReply(data);}, 'json');
@ -283,6 +285,9 @@ function passwordHandleReply(data) {
jQuery('#passwordDialogMessageArea').html(""); jQuery('#passwordDialogMessageArea').html("");
jQuery('#passwordDialog').dialog("close"); jQuery('#passwordDialog').dialog("close");
jQuery('#passwordMessageArea').html(data.messages); jQuery('#passwordMessageArea').html(data.messages);
if (data.forcePasswordChange) {
jQuery('#forcePasswordChangeOption').attr('checked', 'checked');
}
} }
else { else {
jQuery('#passwordDialogMessageArea').html(data.messages); jQuery('#passwordDialogMessageArea').html(data.messages);