fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMC-359

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2019-04-15 14:02:16 -04:00
parent c1616f5ad9
commit 3a137027ee
5 changed files with 149 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
workflow/engine/methods/login/authentication.php
View File

@@ -1,5 +1,7 @@
<?php <?php
use Illuminate\Support\Facades\Cache;
use ProcessMaker\BusinessModel\User;
use ProcessMaker\Core\System; use ProcessMaker\Core\System;
use ProcessMaker\Plugins\PluginRegistry; use ProcessMaker\Plugins\PluginRegistry;
@@ -23,6 +25,18 @@ try {
$frm = $_POST['form']; $frm = $_POST['form'];
$changePassword = false;
if (isset($_POST['form']['__USR_PASSWORD_CHANGE__'])) {
$value = Cache::pull($_POST['form']['__USR_PASSWORD_CHANGE__']);
$changePassword = !empty($value);
if ($changePassword === true) {
$_POST['form']['USER_ENV'] = $value['userEnvironment'];
$_POST['form']['BROWSER_TIME_ZONE_OFFSET'] = $value['browserTimeZoneOffset'];
$frm['USR_USERNAME'] = $value['usrUsername'];
$frm['USR_PASSWORD'] = $value['usrPassword'];
}
}
if (isset($frm['USR_USERNAME'])) { if (isset($frm['USR_USERNAME'])) {
$usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8'); $usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8');
$pwd = trim($frm['USR_PASSWORD']); $pwd = trim($frm['USR_PASSWORD']);
@@ -317,6 +331,15 @@ try {
} }
$userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd))))); $userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd)))));
//change password
if ($changePassword === true) {
$user = new User();
$currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD']);
G::header('Location: ' . $currentUser["__REDIRECT_PATH__"]);
return;
}
//Get the errors in the password //Get the errors in the password
$errorInPassword = $userProperty->validatePassword( $errorInPassword = $userProperty->validatePassword(
$_POST['form']['USR_PASSWORD'], $_POST['form']['USR_PASSWORD'],
@@ -345,13 +368,23 @@ try {
$G_PUBLISH = new Publisher; $G_PUBLISH = new Publisher;
$version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION'))); $version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION')));
$version = isset($version[0]) ? intval($version[0]) : 0; $version = isset($version[0]) ? intval($version[0]) : 0;
if ($version >= 3) { if ($version >= 3) {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword, $values = [
'changePassword'); "usrUsername" => $usr,
"usrPassword" => $pwd,
"userEnvironment" => config("system.workspace"),
"browserTimeZoneOffset" => $_POST['form']['BROWSER_TIME_ZONE_OFFSET']
];
$messPassword['__USR_PASSWORD_CHANGE__'] = G::generateUniqueID();
Cache::put($messPassword['__USR_PASSWORD_CHANGE__'], $values, 2);
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword, 'sysLoginVerify');
G::RenderPage('publish');
session_destroy();
} else { } else {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $messPassword, 'changePassword'); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $messPassword, 'changePassword');
G::RenderPage('publish');
} }
G::RenderPage('publish');
die; die;
} }

93
workflow/engine/methods/login/changePassword.php
View File

@@ -1,92 +1,7 @@
<?php <?php
use ProcessMaker\Plugins\PluginRegistry; use ProcessMaker\BusinessModel\User;
require_once 'classes/model/Users.php';
$oUser = new Users();
$aUser = $oUser->load($_SESSION['USER_LOGGED']);
global $RBAC;
$aData['USR_UID'] = $aUser['USR_UID'];
$aData['USR_USERNAME'] = $aUser['USR_USERNAME'];
$aData['USR_PASSWORD'] = Bootstrap::hashPassword($_POST['form']['USR_PASSWORD']);
$aData['USR_FIRSTNAME'] = $aUser['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = $aUser['USR_LASTNAME'];
$aData['USR_EMAIL'] = $aUser['USR_EMAIL'];
$aData['USR_DUE_DATE'] = $aUser['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
$RBAC->updateUser($aData, $aUser['USR_ROLE']);
$aData['USR_COUNTRY'] = $aUser['USR_COUNTRY'];
$aData['USR_CITY'] = $aUser['USR_CITY'];
$aData['USR_LOCATION'] = $aUser['USR_LOCATION'];
$aData['USR_ADDRESS'] = $aUser['USR_ADDRESS'];
$aData['USR_PHONE'] = $aUser['USR_PHONE'];
$aData['USR_ZIP_CODE'] = $aUser['USR_ZIP_CODE'];
$aData['USR_POSITION'] = $aUser['USR_POSITION'];
$oUser->update($aData);
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->load($_SESSION['USER_LOGGED']);
$aHistory = unserialize($aUserProperty['USR_PASSWORD_HISTORY']);
if (!is_array($aHistory)) {
$aHistory = array();
}
if (!defined('PPP_PASSWORD_HISTORY')) {
define('PPP_PASSWORD_HISTORY', 0);
}
if (PPP_PASSWORD_HISTORY > 0) {
if (count($aHistory) >= PPP_PASSWORD_HISTORY) {
array_shift($aHistory);
}
$aHistory[] = $_POST['form']['USR_PASSWORD'];
}
$aUserProperty['USR_LAST_UPDATE_DATE'] = date('Y-m-d H:i:s');
$aUserProperty['USR_LOGGED_NEXT_TIME'] = 0;
$aUserProperty['USR_PASSWORD_HISTORY'] = serialize($aHistory);
$oUserProperty->update($aUserProperty);
if (class_exists('redirectDetail')) {
//falta validar...
if (isset($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'])) {
$userRole = $RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'];
}
$oPluginRegistry = PluginRegistry::loadSingleton();
//$oPluginRegistry->showArrays();
$aRedirectLogin = $oPluginRegistry->getRedirectLogins();
if (isset($aRedirectLogin)) {
if (is_array($aRedirectLogin)) {
/** @var \ProcessMaker\Plugins\Interfaces\RedirectDetail $detail */
foreach ($aRedirectLogin as $detail) {
if (isset($detail->sPathMethod)) {
if ($detail->equalRoleCodeTo($userRole)) {
G::header(
'location: /sys' . SYS_TEMP . '/' . SYS_LANG .
'/' . SYS_SKIN . '/' . $detail->getPathMethod()
);
die;
}
}
}
}
}
}
//end plugin
if (isset($frm['USER_LANG'])) {
if ($frm['USER_LANG'] != '') {
$lang = $frm['USER_LANG'];
}
} else {
if (defined('SYS_LANG')) {
$lang = SYS_LANG;
} else {
$lang = 'en';
}
}
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
G::header('Location: ' . $sLocation);
die;
$user = new User();
$currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD'], isset($_POST['form']['USER_LANG']) ? $_POST['form']['USER_LANG'] : "");
G::header('Location: ' . $currentUser["__REDIRECT_PATH__"]);

107
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

@@ -2005,4 +2005,111 @@ class User
return $isSupervisor; return $isSupervisor;
} }
} }
/**
* It changes the password of the user specified by its identifier, optionally
* the value of $userLang can be sent, otherwise the system value is taken.
* In case of success, the updated user returns.
*
* @global object $RBAC
* @param string $usrUid
* @param string $usrPassword
* @param string $userLang
*
* @return string
*
* @see workflow/engine/methods/login/authentication.php
* @see workflow/engine/methods/login/changePassword.php
* @link https://wiki.processmaker.com/3.0/Managing_Users#Creating_New_Users
*/
public function changePassword($usrUid, $usrPassword, $userLang = "")
{
global $RBAC;
$users = new Users();
$user = $users->load($usrUid);
$data = [];
$data['USR_UID'] = $user['USR_UID'];
$data['USR_USERNAME'] = $user['USR_USERNAME'];
$data['USR_PASSWORD'] = Bootstrap::hashPassword($usrPassword);
$data['USR_FIRSTNAME'] = $user['USR_FIRSTNAME'];
$data['USR_LASTNAME'] = $user['USR_LASTNAME'];
$data['USR_EMAIL'] = $user['USR_EMAIL'];
$data['USR_DUE_DATE'] = $user['USR_DUE_DATE'];
$data['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
$RBAC->updateUser($data, $user['USR_ROLE']);
$data['USR_COUNTRY'] = $user['USR_COUNTRY'];
$data['USR_CITY'] = $user['USR_CITY'];
$data['USR_LOCATION'] = $user['USR_LOCATION'];
$data['USR_ADDRESS'] = $user['USR_ADDRESS'];
$data['USR_PHONE'] = $user['USR_PHONE'];
$data['USR_ZIP_CODE'] = $user['USR_ZIP_CODE'];
$data['USR_POSITION'] = $user['USR_POSITION'];
$users->update($data);
$usersProperties = new UsersProperties();
$userProperty = $usersProperties->load($usrUid);
$history = unserialize($userProperty['USR_PASSWORD_HISTORY']);
if (!is_array($history)) {
$history = [];
}
if (!defined('PPP_PASSWORD_HISTORY')) {
define('PPP_PASSWORD_HISTORY', 0);
}
if (PPP_PASSWORD_HISTORY > 0) {
if (count($history) >= PPP_PASSWORD_HISTORY) {
array_shift($history);
}
$history[] = $usrPassword;
}
$userProperty['USR_LAST_UPDATE_DATE'] = date('Y-m-d H:i:s');
$userProperty['USR_LOGGED_NEXT_TIME'] = 0;
$userProperty['USR_PASSWORD_HISTORY'] = serialize($history);
$usersProperties->update($userProperty);
if (class_exists('redirectDetail')) {
if (isset($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'])) {
$userRole = $RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'];
}
$pluginRegistry = PluginRegistry::loadSingleton();
$redirectLogin = $pluginRegistry->getRedirectLogins();
if (isset($redirectLogin)) {
if (is_array($redirectLogin)) {
foreach ($redirectLogin as $detail) {
if (isset($detail->sPathMethod)) {
if ($detail->equalRoleCodeTo($userRole)) {
$user['__REDIRECT_PATH__'] = '/sys' . config('system.workspace') . '/' . SYS_LANG . '/' . SYS_SKIN . '/' . $detail->getPathMethod();
return $user;
}
}
}
}
}
}
$lang = "";
if ($userLang !== "") {
$lang = $userLang;
} else {
if (defined('SYS_LANG')) {
$lang = SYS_LANG;
} else {
$lang = 'en';
}
}
$location = $usersProperties->redirectTo($usrUid, $lang);
$user['__REDIRECT_PATH__'] = $location;
return $user;
}
} }

1
workflow/engine/xmlform/login/changePasswordpm3.html
View File

@@ -14,6 +14,7 @@
</label> </label>
{$form.USR_PASSWORD} {$form.USR_PASSWORD}
{$form.USR_PASSWORD_CONFIRM} {$form.USR_PASSWORD_CONFIRM}
{$form.__USR_PASSWORD_CHANGE__}
</fieldset> </fieldset>
<fieldset> <fieldset>
<label class="panel-login"> <label class="panel-login">

1
workflow/engine/xmlform/login/changePasswordpm3.xml
View File

@@ -13,6 +13,7 @@
<USR_PASSWORD_CONFIRM type="password" size="30" maxlength="32"> <USR_PASSWORD_CONFIRM type="password" size="30" maxlength="32">
<en><![CDATA[Re-Type Password]]></en> <en><![CDATA[Re-Type Password]]></en>
</USR_PASSWORD_CONFIRM> </USR_PASSWORD_CONFIRM>
<__USR_PASSWORD_CHANGE__ type="hidden"/>
<btnSave type="button" onclick="verifyPassword();"> <btnSave type="button" onclick="verifyPassword();">
<en><![CDATA[Save]]></en> <en><![CDATA[Save]]></en>
</btnSave> </btnSave>