fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 9477 Problem notifying the next user

Browse Source 
We've detected 2 problems:

1.- The new algorithm to detect if the password is encrypted don't support passwords with a ":" character

2.- When recover the email configuration the system don't decrypt correctly the password of a previous version (without encryption, backwards compatibility)
This commit is contained in:
Julio Cesar Laura
2012-07-25 18:47:13 -04:00
parent 16ce328397
commit f6d90d7ac6
12 changed files with 309 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
gulliver/system/class.g.php
View File

@@ -3387,10 +3387,16 @@ $output = $outputHeader.$output;
$passwd = $setup['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$setup['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$setup['MESS_PASSWORD'] = $passwd;
$mail = new PHPMailer(true);
$mail->From = $from != '' && $from ? $from : $setup['MESS_ACCOUNT'];
$mail->FromName = $fromName;

11
workflow/engine/classes/class.case.php
View File

@@ -4452,9 +4452,14 @@ class Cases
$aConfiguration = unserialize($aConfiguration["CFG_VALUE"]);
$passwd = $aConfiguration["MESS_PASSWORD"];
$passwdDec = G::decrypt($passwd, "EMAILENCRYPT");
if (strpos($passwdDec, "hash:") !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$passwd = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aConfiguration["MESS_PASSWORD"] = $passwd;
} else {

51
workflow/engine/classes/class.spool.php
View File

@@ -52,7 +52,7 @@ require_once ('classes/model/AppMessage.php');
class spoolRun {
private $config;
public $config;
private $fileData;
private $spool_id;
public $status;
@@ -332,10 +332,16 @@ class spoolRun {
$oPHPMailer->Username = $this->config['MESS_ACCOUNT'];
$passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$this->config['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$this->config['MESS_PASSWORD'] = $passwd;
$oPHPMailer->Password = $this->config['MESS_PASSWORD'];
$oPHPMailer->From = $this->fileData['from_email'];
$oPHPMailer->FromName = utf8_decode($this->fileData['from_name']);
@@ -386,10 +392,16 @@ class spoolRun {
$oPHPMailer->Username = $this->config['MESS_ACCOUNT'];
$passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$this->config['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$this->config['MESS_PASSWORD'] = $passwd;
$oPHPMailer->Password = $this->config['MESS_PASSWORD'];
$oPHPMailer->From = $this->fileData['from_email'];
$oPHPMailer->FromName = utf8_decode($this->fileData['from_name']);
@@ -472,10 +484,16 @@ class spoolRun {
$passwd = $this->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$this->config['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$this->config['MESS_PASSWORD'] = $passwd;
$send->setPassword($this->config['MESS_PASSWORD']);
$send->setReturnPath($this->fileData['from_email']);
$send->setHeaders($header);
@@ -508,11 +526,16 @@ class spoolRun {
$aConfiguration = unserialize($aConfiguration["CFG_VALUE"]);
$passwd = $aConfiguration["MESS_PASSWORD"];
$passwdDec = G::decrypt($passwd,"EMAILENCRYPT");
if (strpos($passwdDec, "hash:") !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$aConfiguration["MESS_PASSWORD"] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aConfiguration["MESS_PASSWORD"] = $passwd;
if ($aConfiguration["MESS_ENABLED"] == "1") {
$this->setConfig(array(

13
workflow/engine/classes/class.wsBase.php
View File

@@ -710,11 +710,16 @@ class wsBase
$passwd =$aSetup['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos($passwdDec, 'hash:') !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$arrayFrom['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aSetup['MESS_PASSWORD'] = $passwd;
$oSpool = new spoolRun();
$oSpool->setConfig(array(

12
workflow/engine/classes/model/AppNotes.php
View File

@@ -149,10 +149,16 @@ class AppNotes extends BaseAppNotes {
$aConfiguration = unserialize($aConfiguration['CFG_VALUE']);
$passwd = $aConfiguration['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$aConfiguration['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aConfiguration['MESS_PASSWORD'] = $passwd;
} else {
$aConfiguration = array();
}

40
workflow/engine/controllers/adminProxy.php
View File

@@ -392,11 +392,16 @@ class adminProxy extends HttpProxyController
}
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$_POST['passwd'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$_POST['passwd'] = $passwd;
$port = $_POST['port'];
$auth_required = $_POST['req_auth'];
@@ -654,9 +659,20 @@ class adminProxy extends HttpProxyController
}
$aFields['MESS_PASSWORD_HIDDEN'] = '';
$aPasswd = G::decrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
$passwd = $aFields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aFields['MESS_PASSWORD'] = $passwd;
if ((strpos( $aPasswd, 'hash:') !== true) && ($aFields['MESS_PASSWORD'] != '')) { // for plain text
if ($aFields['MESS_PASSWORD'] != '') { // for plain text
$aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD'];
$aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
}
@@ -733,11 +749,17 @@ class adminProxy extends HttpProxyController
$this->success = (count($fields) > 0);
$passwd = $fields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$fields['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$fields['MESS_PASSWORD'] = $passwd;
}
$this->data = $fields;
}

12
workflow/engine/methods/cases/caseMessageHistory_Ajax.php
View File

@@ -152,10 +152,16 @@
}
$passwd = $aConfiguration['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$aConfiguration['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aConfiguration['MESS_PASSWORD'] = $passwd;
$oSpool = new spoolRun();

14
workflow/engine/methods/cases/cases_Ajax.php
View File

@@ -849,12 +849,18 @@ switch (($_POST['action'])?$_POST['action']:$_REQUEST['action']) {
'MESS_PASSWORD' => $aConfiguration['MESS_PASSWORD'],
'SMTPAuth' => $aConfiguration['MESS_RAUTH']
));
$passwd = $oSpool['MESS_PASSWORD'];
$passwd = $oSpool->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$oSpool['MESS_PASSWORD'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$oSpool->config['MESS_PASSWORD'] = $passwd;
$oSpool->create(array(
'msg_uid' => $data['MSG_UID'],
'app_uid' => $data['APP_UID'],

13
workflow/engine/methods/login/retrivePassword.php
View File

@@ -66,6 +66,19 @@ if($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL']
'SMTPSecure' => $aSetup['SMTPSecure']
));
$passwd = $oSpool->config['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$oSpool->config['MESS_PASSWORD'] = $passwd;
$oSpool->create(array(
'msg_uid' => '',
'app_uid' => '',

24
workflow/engine/methods/setup/emails_Ajax.php
View File

@@ -74,10 +74,16 @@ switch ($request) {
$user = $_POST['account'];
$passwd = $_POST['passwd'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
if (strpos( $passwdDec, 'hash:' ) !== false) {
list($hash, $pass) = explode(":", $passwdDec);
$_POST['passwd'] = $pass;
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$_POST['passwd'] = $passwd;
$step = $_POST['step'];
$auth_required = $_POST['auth_required'];
$send_test_mail = $_POST['send_test_mail'];
@@ -251,6 +257,18 @@ function sendTestMail() {
G::LoadClass('spool');
$oSpool = new spoolRun();
$passwd = $_POST['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$_POST['MESS_PASSWORD'] = $passwd;
$oSpool->setConfig( array(
'MESS_ENGINE' => $_POST['MESS_ENGINE'],

14
workflow/engine/methods/setup/emails_Save.php
View File

@@ -38,7 +38,19 @@ if ($aFields['MESS_PASSWORD_HIDDEN'] !='') {
}
$aFields['MESS_PASSWORD_HIDDEN'] = '';
$aPasswd = G::decrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
if ((strpos( $aPasswd, 'hash:') !== true) && ($aFields['MESS_PASSWORD'] != '')) { // for plain text
$passwd = $aFields['MESS_PASSWORD'];
$passwdDec = G::decrypt($passwd,'EMAILENCRYPT');
$auxPass = explode('hash:', $passwdDec);
if (count($auxPass) > 1) {
if (count($auxPass) == 2) {
$passwd = $auxPass[1];
} else {
array_shift($auxPass);
$passwd = implode('', $auxPass);
}
}
$aFields['MESS_PASSWORD'] = $passwd;
if ($aFields['MESS_PASSWORD'] != '') { // for plain text
$aFields['MESS_PASSWORD'] = 'hash:'.$aFields['MESS_PASSWORD'];
$aFields['MESS_PASSWORD'] = G::encrypt($aFields['MESS_PASSWORD'],'EMAILENCRYPT');
}

7
workflow/engine/methods/users/usersAjax.php
View File

@@ -269,9 +269,10 @@ switch($_POST['action'])
$sDescription = G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
$sDescription .= ' - ' . G::LoadTranslation('PASSWORD_HISTORY').': ' . PPP_PASSWORD_HISTORY . '<br />';
$sDescription .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY').'';
G::SendMessageText($sDescription, 'warning');
G::header('Location: ' . $_SERVER['HTTP_REFERER']);
die;
$result->success = false;
$result->msg = $sDescription;
print(G::json_encode($result));
die();
}
if (count($aHistory) >= PPP_PASSWORD_HISTORY) {