mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

New User Management (#9348)

Browse Source 
* Rewrite user management.

Error management

Revert edituser legacy page

Connect user permissions button to legacy page for now.

Implement user creation
Refine form

Remove PingCheck.php accidental add :)

Fixes for redirection and deletion

More fixes: realname accidental validation setting, hide can modify for read-only auths

Use a panel to improve style

Add icon to panel-title

Not allowed to delete own user (at least via the click of a button)

Use request validation to reduce complexity of controller.
Improve protection against users doing things they should not.

Switch to horizontal form and not nearly as wide of layout :)

delete without refresh.
Fix for buttons

Include all users (not just from this auth)
Hide the auth column if there is only one auth type

Show username if real name isn't set

Don't allow creation of demo users via the webui

a fix to the lnms user:add command, it didn't set auth_id

update edituser.inc.php to current
just redirect to users page

* Remove TwoFactorTest for now

* Update edituser.inc.php

* Update .env.dusk.testing

* Enable 2fa for 2fa test...
This commit is contained in:
Tony Murray
2019-04-22 19:01:39 -05:00
committed by GitHub
parent 39ff4c7aaf
commit 6e6e54cb98
30 changed files with 1149 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

234
includes/html/pages/edituser.inc.php
View File

@@ -19,7 +19,7 @@ if (! Auth::user()->hasGlobalAdmin()) {
$user = User::find($vars['user_id']);
$user_data = $user->toArray(); // for compatibility with current code
echo '<p><h2>'.$user_data['realname']."</h2><a href='edituser/'>Change...</a></p>";
echo '<p><h2>'.$user_data['realname']."</h2></p>";
// Perform actions if requested
if ($vars['action'] == 'deldevperm') {
if (dbFetchCell('SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?', array($vars['device_id'], $user_data['user_id']))) {
@@ -246,238 +246,8 @@ if (! Auth::user()->hasGlobalAdmin()) {
<button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>
</form>
</div>";
} elseif ($vars['user_id'] && $vars['edit']) {
if (Auth::user()->isDemo()) {
demo_account();
} else {
if (!empty($vars['new_level'])) {
if ($vars['can_modify_passwd'] == 'on') {
$vars['can_modify_passwd'] = '1';
}
LegacyAuth::get()->updateUser($vars['user_id'], $vars['new_realname'], $vars['new_level'], $vars['can_modify_passwd'], $vars['new_email']);
print_message('User has been updated');
if (!empty($vars['new_pass1']) && $vars['new_pass1'] == $vars['new_pass2'] && LegacyAuth::get()->canUpdatePasswords($vars['cur_username'])) {
if (LegacyAuth::get()->changePassword($vars['cur_username'], $vars['new_pass1']) == 1) {
print_message("User password has been updated");
} else {
print_error("Password couldn't be updated");
}
} elseif (!empty($vars['new_pass1']) && $vars['new_pass1'] != $vars['new_pass2']) {
print_error("The supplied passwords didn't match so weren't updated");
}
}
$users_details = User::find($vars['user_id'])->toArray();
if (!empty($users_details)) {
if (!empty($vars['dashboard']) && $vars['dashboard'] != $users_details['dashboard']) {
set_user_pref('dashboard', $vars['dashboard']);
print_message("User default dashboard updated");
}
echo "<form class='form-horizontal' role='form' method='post' action=''>
<input type='hidden' name='user_id' value='".$vars['user_id']."'>
<input type='hidden' name='cur_username' value='" . $users_details['username'] . "'>
<input type='hidden' name='edit' value='yes'>
";
if (LegacyAuth::get()->canUpdateUsers() == '1') {
if (empty($vars['new_realname'])) {
$vars['new_realname'] = $users_details['realname'];
}
if (empty($vars['new_level'])) {
$vars['new_level'] = $users_details['level'];
}
if (empty($vars['can_modify_passwd'])) {
$vars['can_modify_passwd'] = $users_details['can_modify_passwd'];
} elseif ($vars['can_modify_passwd'] == 'on') {
$vars['can_modify_passwd'] = '1';
}
if (empty($vars['new_email'])) {
$vars['new_email'] = $users_details['email'];
}
echo "
<div class='form-group'>
<label for='new_realname' class='col-sm-2 control-label'>Realname</label>
<div class='col-sm-4'>
<input name='new_realname' class='form-control input-sm' value='".$vars['new_realname']."'>
</div>
<div class='col-sm-6'>
</div>
</div>
<div class='form-group'>
<label for='new_email' class='col-sm-2 control-label'>Email</label>
<div class='col-sm-4'>
<input name='new_email' class='form-control input-sm' value='".$vars['new_email']."'>
</div>
<div class='col-sm-6'>
</div>
</div>
<div class='form-group'>
<label for='new_level' class='col-sm-2 control-label'>Level</label>
<div class='col-sm-4'>
<select name='new_level' class='form-control input-sm'>
<option value='1'";
if ($vars['new_level'] == '1') {
echo 'selected';
} echo ">Normal User</option>
<option value='5'";
if ($vars['new_level'] == '5') {
echo 'selected';
} echo ">Global Read</option>
<option value='10'";
if ($vars['new_level'] == '10') {
echo 'selected';
} echo ">Administrator</option>
<option value='11'";
if ($vars['new_level'] == '11') {
echo 'selected';
} echo ">Demo account</option>
</select>
</div>
<div class='col-sm-6'>
</div>
</div>";
if (LegacyAuth::get()->canUpdatePasswords($users_details['username'])) {
echo "
<div class='form-group'>
<label for='new_pass1' class='col-sm-2 control-label'>Password</label>
<div class='col-sm-4'>
<input type='password' name='new_pass1' class='form-control input-sm' value='". $vars['new_pass1'] ."'>
</div>
</div>
<div class='form-group'>
<label for='new_pass2' class='col-sm-2 control-label'>Confirm Password</label>
<div class='col-sm-4'>
<input type='password' name='new_pass2' class='form-control input-sm' value='". $vars['new_pass2'] ."'>
</div>
</div>
";
}
echo "<div class='form-group'>
<div class='col-sm-6'>
<div class='checkbox'>
<label>
<input type='checkbox' ";
if ($vars['can_modify_passwd'] == '1') {
echo "checked='checked'";
} echo " name='can_modify_passwd'> Allow the user to change their password.
</label>
</div>
</div>
<div class='col-sm-6'>
</div>
</div>
";
}
echo "
<div class='form-group'>
<label for='dashboard' class='col-sm-2 control-label'>Dashboard</label>
<div class='col-sm-4'><select class='form-control' name='dashboard'>";
foreach (get_dashboards($vars['user_id']) as $dash) {
echo "<option value='".$dash['dashboard_id']."'".($dash['default'] ? ' selected' : '').">".$dash['username'].':'.$dash['dashboard_name']."</option>";
}
echo "</select>
</div>
</div>
<button type='submit' class='btn btn-default'>Update User</button>
</form>";
if ($config['twofactor']) {
if ($vars['twofactorremove']) {
if (set_user_pref('twofactor', array(), $vars['user_id'])) {
echo "<div class='alert alert-success'>TwoFactor credentials removed.</div>";
} else {
echo "<div class='alert alert-danger'>Couldnt remove user's TwoFactor credentials.</div>";
}
}
if ($vars['twofactorunlock']) {
$twofactor = get_user_pref('twofactor', array(), $vars['user_id']);
$twofactor['fails'] = 0;
if (set_user_pref('twofactor', $twofactor, $vars['user_id'])) {
echo "<div class='alert alert-success'>User unlocked.</div>";
} else {
echo "<div class='alert alert-danger'>Couldnt reset user's TwoFactor failures.</div>";
}
}
echo "<br/><div class='well'><h3>Two-Factor Authentication</h3>";
$twofactor = get_user_pref('twofactor', array(), $vars['user_id']);
if ($twofactor['fails'] >= 3 && (!$config['twofactor_lock'] || (time() - $twofactor['last']) < $config['twofactor_lock'])) {
echo "<form class='form-horizontal' role='form' method='post' action=''>
<input type='hidden' name='user_id' value='".$vars['user_id']."'>
<input type='hidden' name='edit' value='yes'>
<div class='form-group'>
<label for='twofactorunlock' class='col-sm-2 control-label'>User exceeded failures</label>
<input type='hidden' name='twofactorunlock' value='1'>
<button type='submit' class='btn btn-default'>Unlock</button>
</div>
</form>";
}
if ($twofactor['key']) {
echo "<form class='form-horizontal' role='form' method='post' action=''>
<input type='hidden' name='user_id' value='".$vars['user_id']."'>
<input type='hidden' name='edit' value='yes'>
<input type='hidden' name='twofactorremove' value='1'>
<button type='submit' class='btn btn-danger'>Disable TwoFactor</button>
</form>
</div>";
} else {
echo '<p>No TwoFactor key generated for this user, Nothing to do.</p>';
}
}//end if
} else {
print_error('Error getting user details');
}//end if !empty($users_details)
}//end if
} else {
$userlist = User::thisAuth()->get();
echo '<h3>Select a user to edit</h3>';
echo "<form method='post' action='' class='form-horizontal' role='form'>
<input type='hidden' value='edituser' name='page'>
<div class='form-group'>
<label for='user_id' class='col-sm-2 control-label'>User</label>
<div class='col-sm-4'>
<select name='user_id' class='form-control input-sm'>";
foreach ($userlist as $userentry) {
switch ($userentry->level) {
case "10":
$userlevel = 'admin';
break;
case "11":
$userlevel = 'demo';
break;
default:
$userlevel = '';
}
if (empty($userlevel)) {
$userlevel=$userentry->auth_type;
} elseif (!empty($userentry->auth_type)) {
$userlevel.= ", ".$userentry->auth_type;
}
if (!empty($userlevel)) {
$userlevel=" ($userlevel)";
}
echo "<option value='".$userentry->user_id."'>".$userentry->username.$userlevel.'</option>';
}
echo "</select>
</div>
</div>
<div class='form-group'>
<div class='col-sm-offset-2 col-sm-3'>
<button type='submit' name='Submit' class='btn btn-default'>Edit Permissions</button> / <button type='submit' name='edit' value='user' class='btn btn-default'>Edit User</button>
</div>
</div>
</form>";
echo '<script>window.location.replace("' . url('users') . '");</script>';
}//end if
}//end if