From a88f005d4257a040a397d4958c3beb059a9e00ec Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rapha=C3=ABl=20Barrois?= Date: Tue, 30 Aug 2011 00:45:28 +0200 Subject: [PATCH] Remove all password-related pages from X.net MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Includes: - login - register - password recovery - preferencies Signed-off-by: Raphaël Barrois --- classes/xnetpage.php | 2 +- classes/xnetsession.php | 30 ++----- configs/platal.ini | 4 + include/xnet.inc.php | 1 - modules/platal.php | 90 +++++++++++++++++++- modules/profile.php | 2 +- modules/survey/survey.inc.php | 3 + modules/xnet.php | 165 ------------------------------------ templates/core/password_prompt.tpl | 9 +- templates/platal/password.tpl | 2 +- templates/platal/preferences.tpl | 2 + templates/skin/common.menu.tpl | 2 + templates/survey/index.tpl | 2 + templates/xnet/login.tpl | 66 --------------- templates/xnet/register.success.tpl | 2 +- templates/xnet/skin.tpl | 14 +-- 16 files changed, 119 insertions(+), 277 deletions(-) delete mode 100644 templates/xnet/login.tpl diff --git a/classes/xnetpage.php b/classes/xnetpage.php index d32374d..69c121b 100644 --- a/classes/xnetpage.php +++ b/classes/xnetpage.php @@ -86,7 +86,7 @@ class XnetPage extends PlPage $sub['documentation'] = 'Xnet'; if (S::user()->type == 'xnet') { $sub['mon compte'] = 'edit'; - $sub['mon mot de passe'] = 'password'; + $sub['mes préférences'] = $globals->xnet->xorg_baseurl . 'prefs'; } $sub['signaler un bug'] = array('href' => 'send_bug/'.$_SERVER['REQUEST_URI'], 'class' => 'popup_840x600'); $menu["no_title"] = $sub; diff --git a/classes/xnetsession.php b/classes/xnetsession.php index 0612032..b6fe1f7 100644 --- a/classes/xnetsession.php +++ b/classes/xnetsession.php @@ -34,26 +34,6 @@ class XnetSession extends XorgSession } } - if (!S::logged() && Post::has('auth_type') && Post::v('auth_type') == 'xnet' && !Post::has('wait')) { - $email = Post::v('username'); - $type = XDB::fetchOneCell('SELECT type - FROM accounts - WHERE email = {?}', - $email); - if ((!is_null($type) && $type != 'xnet') || !User::isForeignEmailAddress($email)) { - Platal::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', ''); - } - - $user = parent::doAuth(AUTH_MDP); - if (is_null($user)) { - return false; - } - if (!parent::checkAuth(AUTH_MDP) || !parent::startSessionAs($user, AUTH_MDP)) { - $this->destroy(); - return false; - } - } - global $globals; if (!S::logged() && $globals->xnet->auth_baseurl) { // prevent connection to be linked to disconnection @@ -97,7 +77,7 @@ class XnetSession extends XorgSession protected function doAuth($level) { - if (S::identified()) { // ok, c'est bon, on n'a rien à faire + if (S::identified()) { // Nothing to do there return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { @@ -118,7 +98,7 @@ class XnetSession extends XorgSession if (!$user->checkPerms('groups')) { return false; } - S::v('perms')->addFlag(PERMS_USER); + if ($level == AUTH_SUID) { S::set('auth', AUTH_MDP); } @@ -135,8 +115,8 @@ class XnetSession extends XorgSession S::set('perms', $user->perms); S::set('is_admin', $user->is_admin); - - $this->makePerms($user->perms, $user->is_admin); + // Add the 'user' perms to the user. + $this->makePerms($user->perms . ',' . PERMS_USER, $user->is_admin); S::kill('challenge'); S::kill('loginX'); S::kill('may_update'); @@ -157,7 +137,7 @@ class XnetSession extends XorgSession if (!$this->startSUID($user)) { return false; } - S::set('perms', User::makePerms(PERMS_USER)); + S::set('perms', User::makePerms(PERMS_USER . ",groups")); return true; } diff --git a/configs/platal.ini b/configs/platal.ini index 5b85fc3..6c4eb46 100644 --- a/configs/platal.ini +++ b/configs/platal.ini @@ -445,6 +445,10 @@ secret = "" ; Baseurl of the site used to perform authentication auth_baseurl = "" +; $globals->xnet->xorg_baseurl +; Baseurl of the 'X.org' website +xorg_baseurl = "https://www.polytechnique.org/" + ; $globals->xnet->evts_domain ; Domain address where the aliases containing the list of (non-)subscribers ; of an event are created. diff --git a/include/xnet.inc.php b/include/xnet.inc.php index a2d1c22..a57e421 100644 --- a/include/xnet.inc.php +++ b/include/xnet.inc.php @@ -26,7 +26,6 @@ define('PL_SESSION_CLASS', 'XnetSession'); define('PL_PAGE_CLASS', 'XnetPage'); require_once dirname(dirname(__FILE__)) . '/core/include/platal.inc.php'; -require_once 'security.inc.php'; require_once 'common.inc.php'; // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/modules/platal.php b/modules/platal.php index f57f270..99b6d7c 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -43,16 +43,18 @@ class PlatalModule extends PLModule 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), // Preferences thingies - 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user'), + 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'), 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'), 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'), // password related thingies - 'password' => $this->make_hook('password', AUTH_MDP, 'user'), + 'password' => $this->make_hook('password', AUTH_MDP, 'user,groups'), 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), + 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC), + 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC), 'exit' => $this->make_hook('exit', AUTH_PUBLIC), 'review' => $this->make_hook('review', AUTH_PUBLIC), 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC), @@ -347,10 +349,53 @@ Adresse de secours : ' . $to)); S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to); } + function handler_recovery_ext($page) + { + $page->changeTpl('xnet/recovery.tpl'); + + if (!Post::has('login')) { + return; + } + + $user = User::getSilent(Post::t('login')); + if (is_null($user)) { + $page->trigError('Le compte n\'existe pas.'); + return; + } + if ($user->state != 'active') { + $page->trigError('Ton compte n\'est pas activé.'); + return; + } + + $page->assign('ok', true); + + $hash = rand_url_id(); + XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat) + VALUES ({?}, NOW(), {?})', + $user->id(), $hash); + + $mymail = new PlMailer(); + $mymail->setFrom('"Gestion des mots de passe" mail->domain . '>'); + $mymail->addTo($user); + $mymail->setSubject("Votre certificat d'authentification"); + $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures : +https://www.polytechnique.org/tmpPWD/$hash + +Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure. + +-- +Polytechnique.org +\"Le portail des élèves & anciens élèves de l'École polytechnique\" + +Email envoyé à " . Post::t('login')); + $mymail->send(); + + S::logger($user->id())->log('recovery', $user->bestEmail()); + } + function handler_tmpPWD($page, $certif = null) { global $globals; - // XXX: recovery requires data from the profile XDB::execute('DELETE FROM account_lost_passwords WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); @@ -400,6 +445,45 @@ Adresse de secours : ' . $to)); } } + function handler_register_ext($page, $hash = null) + { + XDB::execute('DELETE FROM register_pending_xnet + WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date'); + $res = XDB::fetchOneAssoc('SELECT uid, hruid + FROM register_pending_xnet + WHERE hash = {?}', + $hash); + + if (is_null($hash) || is_null($res)) { + $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', ''); + } + + if (Post::has('pwhash') && Post::t('pwhash')) { + XDB::query('UPDATE accounts + SET password = {?}, state = \'active\', registration_date = NOW() + WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'', + Post::t('pwhash'), $res['uid']); + XDB::query('DELETE FROM register_pending_xnet + WHERE uid = {?}', + $res['uid']); + + S::logger($res['uid'])->log('passwd', ''); + + // Try to start a session (so the user don't have to log in); we will use + // the password available in Post:: to authenticate the user. + Post::kill('wait'); + Platal::session()->startAvailableAuth(); + + $page->changeTpl('xnet/register.success.tpl'); + $page->assign('email', $res['email']); + } else { + $page->changeTpl('platal/password.tpl'); + $page->assign('xnet', true); + $page->assign('hruid', $res['hruid']); + $page->assign('do_auth', 1); + } + } + function handler_skin($page) { global $globals; diff --git a/modules/profile.php b/modules/profile.php index 6e606af..c780786 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -53,7 +53,7 @@ class ProfileModule extends PLModule 'referent/country' => $this->make_hook('ref_country', AUTH_COOKIE, 'user', NO_AUTH), 'referent/autocomplete' => $this->make_hook('ref_autocomplete', AUTH_COOKIE, 'user', NO_AUTH), - 'groupes-x' => $this->make_hook('xnet', AUTH_COOKIE, 'user'), + 'groupes-x' => $this->make_hook('xnet', AUTH_COOKIE, 'groups'), 'groupes-x/logo' => $this->make_hook('xnetlogo', AUTH_PUBLIC), 'vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS), diff --git a/modules/survey/survey.inc.php b/modules/survey/survey.inc.php index 497a7f8..852c5e8 100644 --- a/modules/survey/survey.inc.php +++ b/modules/survey/survey.inc.php @@ -348,6 +348,9 @@ class Survey default: return null; } + if (!S::user()->checkPerms(PERMS_USER)) { + $where .= XDB::format(' AND mode = {?}', self::MODE_ALL); + } $sql = 'SELECT id, title, end, mode FROM surveys WHERE '.$where.' diff --git a/modules/xnet.php b/modules/xnet.php index 27cd626..e57d63d 100644 --- a/modules/xnet.php +++ b/modules/xnet.php @@ -33,13 +33,8 @@ class XnetModule extends PLModule 'plan' => $this->make_hook('plan', AUTH_PUBLIC), 'photo' => $this->make_hook('photo', AUTH_MDP, 'groups'), 'autologin' => $this->make_hook('autologin', AUTH_MDP, 'groups'), - 'login/ext' => $this->make_hook('login_ext', AUTH_PUBLIC), 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC), - 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC), - 'tmpPWD/ext' => $this->make_hook('tmpPWD_ext', AUTH_PUBLIC), 'edit' => $this->make_hook('edit', AUTH_MDP, 'groups'), - 'password' => $this->make_hook('password', AUTH_MDP, 'groups'), - 'Xnet' => $this->make_wiki_hook(), ); } @@ -230,146 +225,6 @@ class XnetModule extends PLModule exit; } - function handler_login_ext($page) - { - if (!S::logged()) { - $page->changeTpl('xnet/login.tpl'); - } else { - pl_redirect(''); - } - } - - function handler_register_ext($page, $hash = null) - { - XDB::execute('DELETE FROM register_pending_xnet - WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date'); - $res = XDB::fetchOneAssoc('SELECT uid, hruid - FROM register_pending_xnet - WHERE hash = {?}', - $hash); - - if (is_null($hash) || is_null($res)) { - $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', ''); - } - - if (Post::has('pwhash') && Post::t('pwhash')) { - XDB::query('UPDATE accounts - SET password = {?}, state = \'active\', registration_date = NOW() - WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'', - Post::t('pwhash'), $res['uid']); - XDB::query('DELETE FROM register_pending_xnet - WHERE uid = {?}', - $res['uid']); - - S::logger($res['uid'])->log('passwd', ''); - - // Try to start a session (so the user don't have to log in); we will use - // the password available in Post:: to authenticate the user. - Post::kill('wait'); - Platal::session()->startAvailableAuth(); - - $page->changeTpl('xnet/register.success.tpl'); - $page->assign('email', $res['email']); - } else { - $page->changeTpl('platal/password.tpl'); - $page->assign('xnet', true); - $page->assign('hruid', $res['hruid']); - $page->assign('do_auth', 1); - } - } - - function handler_recovery_ext($page) - { - $page->changeTpl('xnet/recovery.tpl'); - - if (!Post::has('login')) { - return; - } - - $user = User::getSilent(Post::t('login')); - if (is_null($user)) { - $page->trigError('Le compte n\'existe pas.'); - return; - } - if ($user->state != 'active') { - $page->trigError('Ton compte n\'est pas activé.'); - return; - } - - $page->assign('ok', true); - - $hash = rand_url_id(); - XDB::execute('INSERT INTO account_xnet_lost_passwords (uid, date, hash) - VALUES ({?}, NOW(), {?})', - $user->id(), $hash); - - $mymail = new PlMailer(); - $mymail->setFrom('"Gestion des mots de passe" mail->domain . '>'); - $mymail->addTo($user); - $mymail->setSubject("Votre certificat d'authentification"); - $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures : -http://polytechnique.net/tmpPWD/ext/$hash - -Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure. - --- -Polytechnique.org -\"Le portail des élèves & anciens élèves de l'École polytechnique\" - -Email envoyé à " . Post::t('login')); - $mymail->send(); - - S::logger($user->id())->log('recovery', $user->bestEmail()); - } - - function handler_tmpPWD_ext($page, $hash = null) - { - global $globals; - XDB::execute('DELETE FROM account_xnet_lost_passwords - WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > date'); - - $uid = XDB::fetchOneCell('SELECT uid - FROM account_xnet_lost_passwords - WHERE hash = {?}', - $hash); - if (is_null($uid)) { - $page->trigErrorRedirect("Cette adresse n'existe pas ou n'existe plus sur le serveur.", ''); - } - - $email = XDB::fetchOneCell('SELECT email - FROM accounts - WHERE uid = {?}', - $uid); - - if (Post::has('pwhash') && Post::t('pwhash')) { - $password = Post::t('pwhash'); - XDB::query('UPDATE accounts - SET password = {?} - WHERE uid = {?} AND state = \'active\'', - $password, $uid); - XDB::query('DELETE FROM account_xnet_lost_passwords - WHERE hash = {?}', - $hash); - - S::logger($uid)->log('passwd', ''); - - // Try to start a session (so the user don't have to log in); we will use - // the password available in Post:: to authenticate the user. - Post::kill('wait'); - Platal::session()->startAvailableAuth(); - - $page->changeTpl('xnet/register.success.tpl'); - $page->assign('email', $email); - } else { - $page->changeTpl('platal/password.tpl'); - $page->assign('xnet_reset', true); - $page->assign('email', $email); - $page->assign('do_auth', 1); - } - } - - - function handler_edit($page) { global $globals; @@ -421,26 +276,6 @@ Email envoyé à " . Post::t('login')); $page->assign('user', $user); } - function handler_password ($page) - { - if (Post::has('pwhash') && Post::t('pwhash')) { - S::assert_xsrf_token(); - - S::set('password', $password = Post::t('pwhash')); - XDB::execute('UPDATE accounts - SET password = {?} - WHERE uid={?}', $password, - S::i('uid')); - S::logger()->log('passwd'); - Platal::session()->setAccessCookie(true); - $page->changeTpl('platal/password.success.tpl'); - $page->run(); - } - - $page->changeTpl('platal/password.tpl'); - $page->assign('xnet_reset', true); - $page->assign('do_auth', 0); - } } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/templates/core/password_prompt.tpl b/templates/core/password_prompt.tpl index 0834ff5..9bab8e9 100644 --- a/templates/core/password_prompt.tpl +++ b/templates/core/password_prompt.tpl @@ -31,7 +31,7 @@ {else} la page que vous avez demandée {/if} - ({if t($referer)}{$smarty.server.HTTP_REFERER}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}) + ({if t($referer)}{$smarty.server.HTTP_REFERER|truncate:120:"...":false}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}) nécessite une authentification.

{else} @@ -83,7 +83,12 @@ - Mot de passe perdu ? + + Mot de passe perdu : + Étudiants et diplômés de l'X | + Extérieurs + + diff --git a/templates/platal/password.tpl b/templates/platal/password.tpl index db20550..1a0a225 100644 --- a/templates/platal/password.tpl +++ b/templates/platal/password.tpl @@ -67,7 +67,7 @@ - + diff --git a/templates/platal/preferences.tpl b/templates/platal/preferences.tpl index 284ea62..0628af4 100644 --- a/templates/platal/preferences.tpl +++ b/templates/platal/preferences.tpl @@ -43,11 +43,13 @@ $(function() {
{xsrf_token_field}
+ {if hasPerm('user')}
Apparence du site
Tu peux changer l'apparence du site en choisissant une autre skin.
Changer de skin
+ {/if}
Format des emails envoyés par le site
Lorsque le site t'envoie des emails (lettre mensuelle, carnet, ...) ceux-ci peuvent diff --git a/templates/skin/common.menu.tpl b/templates/skin/common.menu.tpl index 605526e..a07bb56 100644 --- a/templates/skin/common.menu.tpl +++ b/templates/skin/common.menu.tpl @@ -68,7 +68,9 @@ {if $smarty.session.user->googleapps}
Emails Google Apps
{/if} +{if hasPerm('user')}
Listes de diffusion
+{/if} {if hasPerm('payment')}
Télépaiements
{/if} diff --git a/templates/survey/index.tpl b/templates/survey/index.tpl index 294a558..81c3b73 100644 --- a/templates/survey/index.tpl +++ b/templates/survey/index.tpl @@ -50,11 +50,13 @@ {assign var="has_cs" value="true"} {/if} {/iterate} + {if hasPerm('user')} {if $smarty.session.auth}{icon name=page_edit} Proposer un sondage{/if} + {/if} {/if} diff --git a/templates/xnet/login.tpl b/templates/xnet/login.tpl deleted file mode 100644 index 9356cb3..0000000 --- a/templates/xnet/login.tpl +++ /dev/null @@ -1,66 +0,0 @@ -{**************************************************************************} -{* *} -{* Copyright (C) 2003-2011 Polytechnique.org *} -{* http://opensource.polytechnique.org/ *} -{* *} -{* This program is free software; you can redistribute it and/or modify *} -{* it under the terms of the GNU General Public License as published by *} -{* the Free Software Foundation; either version 2 of the License, or *} -{* (at your option) any later version. *} -{* *} -{* This program is distributed in the hope that it will be useful, *} -{* but WITHOUT ANY WARRANTY; without even the implied warranty of *} -{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *} -{* GNU General Public License for more details. *} -{* *} -{* You should have received a copy of the GNU General Public License *} -{* along with this program; if not, write to the Free Software *} -{* Foundation, Inc., *} -{* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *} -{* *} -{**************************************************************************} - -

Identification

- - - - - - - - - - - - - - - - - -
Identifiant (adresse email) : - - -
Mot de passe :
strictement personnelle'} colspan="2"> - -
- Mot de passe perdu ? -
-
- -
-
- - - - - - - -
-
- -{* vim:set et sw=2 sts=2 sws=2 enc=utf-8: *} diff --git a/templates/xnet/register.success.tpl b/templates/xnet/register.success.tpl index b5ce382..523f9f6 100644 --- a/templates/xnet/register.success.tpl +++ b/templates/xnet/register.success.tpl @@ -27,7 +27,7 @@

Votre compte est maintenant activé et votre passe créé. Vous pouvez donc - profiter dès à présent des multiples fonctionnalités de Polytechnique.net. + profiter dès à présent des multiples fonctionnalités de Polytechnique.net.

Pour rappel, votre identifiant est : {$email} diff --git a/templates/xnet/skin.tpl b/templates/xnet/skin.tpl index b395e5e..e0ce81c 100644 --- a/templates/xnet/skin.tpl +++ b/templates/xnet/skin.tpl @@ -168,17 +168,9 @@ {list_all_my_groups} {if !$smarty.session.auth} -

Me connecter :
- - - - - - - -
- X, masters, doctorants… -
Extérieurs
+
+ Connexion +
{/if} -- 2.1.4