fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 9477 Problem notifying the next user

Browse Source 
We've detected 2 problems:

1.- The new algorithm to detect if the password is encrypted don't support passwords with a ":" character

2.- When recover the email configuration the system don't decrypt correctly the password of a previous version (without encryption, backwards compatibility)
This commit is contained in:
Julio Cesar Laura
2012-07-25 18:47:13 -04:00
parent 16ce328397
commit f6d90d7ac6
12 changed files with 309 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gulliver/system/class.g.php
View File

@@ -3387,10 +3387,16 @@ $output = $outputHeader.$output;
$passwd = $setup['MESS_PASSWORD']; $passwd = $setup['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$setup['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$setup['MESS_PASSWORD'] = $passwd;
$mail = new PHPMailer(true); $mail = new PHPMailer(true);
$mail->From = $from != '' && $from ? $from : $setup['MESS_ACCOUNT']; $mail->From = $from != '' && $from ? $from : $setup['MESS_ACCOUNT'];
$mail->FromName = $fromName; $mail->FromName = $fromName;

11
workflow/engine/classes/class.case.php
View File

@@ -4452,9 +4452,14 @@ class Cases
$aConfiguration = unserialize($aConfiguration["CFG_VALUE"]); $aConfiguration = unserialize($aConfiguration["CFG_VALUE"]);
$passwd = $aConfiguration["MESS_PASSWORD"]; $passwd = $aConfiguration["MESS_PASSWORD"];
$passwdDec = G::decrypt($passwd, "EMAILENCRYPT"); $passwdDec = G::decrypt($passwd, "EMAILENCRYPT");
if (strpos($passwdDec, "hash:") !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$passwd = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
} }
$aConfiguration["MESS_PASSWORD"] = $passwd; $aConfiguration["MESS_PASSWORD"] = $passwd;
} else { } else {

51
workflow/engine/classes/class.spool.php
View File

@@ -52,7 +52,7 @@ require_once ('classes/model/AppMessage.php');
class spoolRun { class spoolRun {
private $config; public $config;
private $fileData; private $fileData;
private $spool_id; private $spool_id;
public $status; public $status;
@@ -332,10 +332,16 @@ class spoolRun {
$oPHPMailer->Username = $this->config['MESS_ACCOUNT']; $oPHPMailer->Username = $this->config['MESS_ACCOUNT'];
$passwd = $this->config['MESS_PASSWORD']; $passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$this->config['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$this->config['MESS_PASSWORD'] = $passwd;
$oPHPMailer->Password = $this->config['MESS_PASSWORD']; $oPHPMailer->Password = $this->config['MESS_PASSWORD'];
$oPHPMailer->From = $this->fileData['from_email']; $oPHPMailer->From = $this->fileData['from_email'];
$oPHPMailer->FromName = utf8_decode($this->fileData['from_name']); $oPHPMailer->FromName = utf8_decode($this->fileData['from_name']);
@@ -386,10 +392,16 @@ class spoolRun {
$oPHPMailer->Username = $this->config['MESS_ACCOUNT']; $oPHPMailer->Username = $this->config['MESS_ACCOUNT'];
$passwd = $this->config['MESS_PASSWORD']; $passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$this->config['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$this->config['MESS_PASSWORD'] = $passwd;
$oPHPMailer->Password = $this->config['MESS_PASSWORD']; $oPHPMailer->Password = $this->config['MESS_PASSWORD'];
$oPHPMailer->From = $this->fileData['from_email']; $oPHPMailer->From = $this->fileData['from_email'];
$oPHPMailer->FromName = utf8_decode($this->fileData['from_name']); $oPHPMailer->FromName = utf8_decode($this->fileData['from_name']);
@@ -472,10 +484,16 @@ class spoolRun {
$passwd = $this->config['MESS_PASSWORD']; $passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$this->config['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$this->config['MESS_PASSWORD'] = $passwd;
$send->setPassword($this->config['MESS_PASSWORD']); $send->setPassword($this->config['MESS_PASSWORD']);
$send->setReturnPath($this->fileData['from_email']); $send->setReturnPath($this->fileData['from_email']);
$send->setHeaders($header); $send->setHeaders($header);
@@ -508,11 +526,16 @@ class spoolRun {
$aConfiguration = unserialize($aConfiguration["CFG_VALUE"]); $aConfiguration = unserialize($aConfiguration["CFG_VALUE"]);
$passwd = $aConfiguration["MESS_PASSWORD"]; $passwd = $aConfiguration["MESS_PASSWORD"];
$passwdDec = G::decrypt($passwd,"EMAILENCRYPT"); $passwdDec = G::decrypt($passwd,"EMAILENCRYPT");
$auxPass = explode('hash:', $passwdDec);
if (strpos($passwdDec, "hash:") !== false) { if (count($auxPass) > 1) {
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) == 2) {
$aConfiguration["MESS_PASSWORD"] = $pass; $passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$aConfiguration["MESS_PASSWORD"] = $passwd;
if ($aConfiguration["MESS_ENABLED"] == "1") { if ($aConfiguration["MESS_ENABLED"] == "1") {
$this->setConfig(array( $this->setConfig(array(

13
workflow/engine/classes/class.wsBase.php
View File

@@ -710,11 +710,16 @@ class wsBase
$passwd =$aSetup['MESS_PASSWORD']; $passwd =$aSetup['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (strpos($passwdDec, 'hash:') !== false) { if (count($auxPass) > 1) {
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) == 2) {
$arrayFrom['MESS_PASSWORD'] = $pass; $passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$aSetup['MESS_PASSWORD'] = $passwd;
$oSpool = new spoolRun(); $oSpool = new spoolRun();
$oSpool->setConfig(array( $oSpool->setConfig(array(

12
workflow/engine/classes/model/AppNotes.php
View File

@@ -149,10 +149,16 @@ class AppNotes extends BaseAppNotes {
$aConfiguration = unserialize($aConfiguration['CFG_VALUE']); $aConfiguration = unserialize($aConfiguration['CFG_VALUE']);
$passwd = $aConfiguration['MESS_PASSWORD']; $passwd = $aConfiguration['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$aConfiguration['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$aConfiguration['MESS_PASSWORD'] = $passwd;
} else { } else {
$aConfiguration = array(); $aConfiguration = array();
} }

40
workflow/engine/controllers/adminProxy.php
View File

@@ -392,11 +392,16 @@ class adminProxy extends HttpProxyController
} }
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (strpos( $passwdDec, 'hash:' ) !== false) { if (count($auxPass) > 1) {
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) == 2) {
$_POST['passwd'] = $pass; $passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$_POST['passwd'] = $passwd;
$port = $_POST['port']; $port = $_POST['port'];
$auth_required = $_POST['req_auth']; $auth_required = $_POST['req_auth'];
@@ -654,9 +659,20 @@ class adminProxy extends HttpProxyController
} }
$aFields['MESS_PASSWORD_HIDDEN'] = ''; $aFields['MESS_PASSWORD_HIDDEN'] = '';
$aPasswd = G::decrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT'); $passwd = $aFields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aFields['MESS_PASSWORD'] = $passwd;
if ((strpos( $aPasswd, 'hash:') !== true) && ($aFields['MESS_PASSWORD'] != '')) { // for plain text if ($aFields['MESS_PASSWORD'] != '') { // for plain text
$aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD']; $aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD'];
$aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT'); $aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
} }
@@ -733,11 +749,17 @@ class adminProxy extends HttpProxyController
$this->success = (count($fields) > 0); $this->success = (count($fields) > 0);
$passwd = $fields['MESS_PASSWORD']; $passwd = $fields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$fields['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
} }
$fields['MESS_PASSWORD'] = $passwd;
}
$this->data = $fields; $this->data = $fields;
} }

12
workflow/engine/methods/cases/caseMessageHistory_Ajax.php
View File

@@ -152,10 +152,16 @@
} }
$passwd = $aConfiguration['MESS_PASSWORD']; $passwd = $aConfiguration['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$aConfiguration['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$aConfiguration['MESS_PASSWORD'] = $passwd;
$oSpool = new spoolRun(); $oSpool = new spoolRun();

14
workflow/engine/methods/cases/cases_Ajax.php
View File

@@ -849,12 +849,18 @@ switch (($_POST['action'])?$_POST['action']:$_REQUEST['action']) {
'MESS_PASSWORD' => $aConfiguration['MESS_PASSWORD'], 'MESS_PASSWORD' => $aConfiguration['MESS_PASSWORD'],
'SMTPAuth' => $aConfiguration['MESS_RAUTH'] 'SMTPAuth' => $aConfiguration['MESS_RAUTH']
)); ));
$passwd = $oSpool['MESS_PASSWORD']; $passwd = $oSpool->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$oSpool['MESS_PASSWORD'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$oSpool->config['MESS_PASSWORD'] = $passwd;
$oSpool->create(array( $oSpool->create(array(
'msg_uid' => $data['MSG_UID'], 'msg_uid' => $data['MSG_UID'],
'app_uid' => $data['APP_UID'], 'app_uid' => $data['APP_UID'],

13
workflow/engine/methods/login/retrivePassword.php
View File

@@ -66,6 +66,19 @@ if($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL']
'SMTPSecure' => $aSetup['SMTPSecure'] 'SMTPSecure' => $aSetup['SMTPSecure']
)); ));
$passwd = $oSpool->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$oSpool->config['MESS_PASSWORD'] = $passwd;
$oSpool->create(array( $oSpool->create(array(
'msg_uid' => '', 'msg_uid' => '',
'app_uid' => '', 'app_uid' => '',

24
workflow/engine/methods/setup/emails_Ajax.php
View File

@@ -74,10 +74,16 @@ switch ($request) {
$user = $_POST['account']; $user = $_POST['account'];
$passwd = $_POST['passwd']; $passwd = $_POST['passwd'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT'); $passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) { $auxPass = explode('hash:', $passwdDec);
list($hash, $pass) = explode(":", $passwdDec); if (count($auxPass) > 1) {
$_POST['passwd'] = $pass; if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
} }
}
$_POST['passwd'] = $passwd;
$step = $_POST['step']; $step = $_POST['step'];
$auth_required = $_POST['auth_required']; $auth_required = $_POST['auth_required'];
$send_test_mail = $_POST['send_test_mail']; $send_test_mail = $_POST['send_test_mail'];
@@ -251,6 +257,18 @@ function sendTestMail() {
G::LoadClass('spool'); G::LoadClass('spool');
$oSpool = new spoolRun(); $oSpool = new spoolRun();
$passwd = $_POST['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$_POST['MESS_PASSWORD'] = $passwd;
$oSpool->setConfig( array( $oSpool->setConfig( array(
'MESS_ENGINE' => $_POST['MESS_ENGINE'], 'MESS_ENGINE' => $_POST['MESS_ENGINE'],

14
workflow/engine/methods/setup/emails_Save.php
View File

@@ -38,7 +38,19 @@ if ($aFields['MESS_PASSWORD_HIDDEN'] !='') {
} }
$aFields['MESS_PASSWORD_HIDDEN'] = ''; $aFields['MESS_PASSWORD_HIDDEN'] = '';
$aPasswd = G::decrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT'); $aPasswd = G::decrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
if ((strpos( $aPasswd, 'hash:') !== true) && ($aFields['MESS_PASSWORD'] != '')) { // for plain text $passwd = $aFields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aFields['MESS_PASSWORD'] = $passwd;
if ($aFields['MESS_PASSWORD'] != '') { // for plain text
$aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD']; $aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD'];
$aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT'); $aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
} }

7
workflow/engine/methods/users/usersAjax.php
View File

@@ -269,9 +269,10 @@ switch($_POST['action'])
$sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />'; $sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
$sDescription .= ' - ' . G::LoadTranslation('PASSWORD_HISTORY').': ' . PPP_PASSWORD_HISTORY . '<br />'; $sDescription .= ' - ' . G::LoadTranslation('PASSWORD_HISTORY').': ' . PPP_PASSWORD_HISTORY . '<br />';
$sDescription .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY').''; $sDescription .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY').'';
G::SendMessageText($sDescription, 'warning'); $result->success = false;
G::header('Location: ' . $_SERVER['HTTP_REFERER']); $result->msg = $sDescription;
die; print(G::json_encode($result));
die();
} }
if (count($aHistory) >= PPP_PASSWORD_HISTORY) { if (count($aHistory) >= PPP_PASSWORD_HISTORY) {