From 842706532d5214d69a31086d78de90fff35d8153 Mon Sep 17 00:00:00 2001 From: Vincent Zanotti Date: Mon, 10 Mar 2008 21:14:31 +0100 Subject: [PATCH] Integrates Google Apps account updates in plat/al' account updates. * Updates GApps passwords on password change (for synchronized accounts). * Disables GApps accounts on user deletion/death/deactivation. Signed-off-by: Vincent Zanotti --- ChangeLog | 1 + include/user.func.inc.php | 7 +++++++ modules/admin.php | 20 ++++++++++++++++++++ modules/googleapps.php | 4 ++-- modules/platal.php | 28 +++++++++++++++++++++++++++- modules/register.php | 12 ++++++++++++ 6 files changed, 69 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 038a1d2..250fab7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ New: - New PlProfiler tool -FRU - Integration of goodies/external tools with local rss/iCal -VZA - iGoogle gadgets for latest events and directory search -VZA + - Integration of Google Apps accounts -VZA * Emails: - Imap mail storage can be activated/deactivated from interface -VZA diff --git a/include/user.func.inc.php b/include/user.func.inc.php index 1080c26..05da262 100644 --- a/include/user.func.inc.php +++ b/include/user.func.inc.php @@ -70,6 +70,13 @@ function user_clear_all_subs($user_id, $really_del=true) $mmlist = new MMList(S::v('uid'), S::v('password')); $mmlist->kill($alias, $really_del); + + // Deactivates, when available, the Google Apps account of the user. + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount($uid, $alias); + $account->suspend(); + } } // }}} diff --git a/modules/admin.php b/modules/admin.php index c2eceb7..9eb2a64 100644 --- a/modules/admin.php +++ b/modules/admin.php @@ -351,6 +351,7 @@ class AdminModule extends PLModule function handler_user(&$page, $login = false) { + global $globals; $page->changeTpl('admin/utilisateurs.tpl'); $page->assign('xorg_title','Polytechnique.org - Administration - Edit/Su/Log'); require_once("emails.inc.php"); @@ -579,6 +580,25 @@ class AdminModule extends PLModule LEFT JOIN aliases AS a ON (a.id = u.user_id AND type= 'a_vie') WHERE u.user_id = {?}", $mr['user_id']); $mr = $r->fetchOneAssoc(); + + // If GoogleApps is enabled, the user did choose to use synchronized passwords, + // and the password was changed, updates the Google Apps password as well. + if ($globals->mailstorage->googleapps_domain && Env::v('newpass_clair') != "********") { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount($mr['user_id'], $mr['forlife']); + if ($account->g_status == 'active' && $account->sync_password) { + $account->set_password($pass_encrypted); + } + } + + // If GoogleApps is enabled, and the user is now disabled, disables the Google Apps account as well. + if ($globals->mailstorage->googleapps_domain && + $new_fields['perms'] == 'disabled' && + $new_fields['perms'] != $old_fields['perms']) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount($mr['user_id'], $mr['forlife']); + $account->suspend(); + } break; // DELETE FROM auth_user_md5 diff --git a/modules/googleapps.php b/modules/googleapps.php index 84c9a4f..3da22f5 100644 --- a/modules/googleapps.php +++ b/modules/googleapps.php @@ -60,7 +60,7 @@ class GoogleAppsModule extends PLModule if ($action == 'password') { if ($subaction == 'sync') { $account->set_password_sync(true); - $account->set_password($_SESSION['password']); + $account->set_password(S::v('password')); $page->trig("Ton mot de passe Google Apps sera dorénavant synchronisé avec ton mot de passe Polytechnique.org."); } else if ($subaction == 'nosync') { $account->set_password_sync(false); @@ -94,7 +94,7 @@ class GoogleAppsModule extends PLModule $password_sync = Post::b('password_sync'); $redirect_mails = Post::b('redirect_mails'); if ($password_sync) { - $password = $_SESSION['password']; + $password = S::v('password'); } else { $password = Post::v('response2'); } diff --git a/modules/platal.php b/modules/platal.php index 0507494..1585214 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -185,6 +185,8 @@ class PlatalModule extends PLModule function handler_password(&$page) { + global $globals; + if (Post::has('response2')) { require_once 'secure_hash.inc.php'; @@ -195,6 +197,16 @@ class PlatalModule extends PLModule WHERE user_id={?}', $password, S::v('uid')); + // If GoogleApps is enabled, and the user did choose to use synchronized passwords, + // updates the Google Apps password as well. + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife')); + if ($account->g_status == 'active' && $account->sync_password) { + $account->set_password($password); + } + } + $log =& S::v('log'); $log->log('passwd', ''); @@ -331,6 +343,7 @@ Adresse de secours : " . Post::v('email') : "")); function handler_tmpPWD(&$page, $certif = null) { + global $globals; XDB::execute('DELETE FROM perte_pass WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); @@ -344,11 +357,24 @@ Adresse de secours : " . Post::v('email') : "")); $uid = $ligne["uid"]; if (Post::has('response2')) { $password = Post::v('response2'); - $logger = new CoreLogger($uid); XDB::query('UPDATE auth_user_md5 SET password={?} WHERE user_id={?} AND perms IN("admin","user")', $password, $uid); XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif); + + // If GoogleApps is enabled, and the user did choose to use synchronized passwords, + // updates the Google Apps password as well. + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + require_once 'user.func.inc.php'; + $forlife = get_user_forlife($uid, '_silent_user_callback'); + $account = new GoogleAppsAccount($uid, $forlife); + if ($account->g_status == 'active' && $account->sync_password) { + $account->set_password($password); + } + } + + $logger = new CoreLogger($uid); $logger->log("passwd",""); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { diff --git a/modules/register.php b/modules/register.php index 6d1da67..98f1daf 100644 --- a/modules/register.php +++ b/modules/register.php @@ -386,6 +386,7 @@ class RegisterModule extends PLModule function handler_success(&$page) { + global $globals; $page->changeTpl('register/success.tpl'); $_SESSION['sub_state'] = array('step' => 5); @@ -396,6 +397,17 @@ class RegisterModule extends PLModule WHERE user_id={?}', $password, S::v('uid')); + // If GoogleApps is enabled, and the user did choose to use synchronized passwords, + // and if the (stupid) user has decided to user /register/success another time, + // updates the Google Apps password as well. + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife')); + if ($account->g_status == 'active' && $account->sync_password) { + $account->set_password($password); + } + } + $log = S::v('log'); $log->log('passwd', ''); -- 2.1.4