From ce628399a942015a09156ab3956d83eafeb1ac9e Mon Sep 17 00:00:00 2001 From: SourceDoctor Date: Fri, 8 Nov 2019 07:32:57 +0100 Subject: [PATCH] Allow user activation/deactivation (MySQL auth) (#10511) * user deactivation feature * update db_schema.yaml * travis fix * readd sqlfile with alter statement * .. * revert force push * combine all queries * fix query * user enable/disable only visible on mysql authorization * Update form.blade.php * Update index.blade.php * disable 'enabled' on own profile * bootstraping checkboxes --- LibreNMS/Authentication/MysqlAuthorizer.php | 8 ++++- app/Models/User.php | 7 +++- ...2019_08_10_223200_add_enabled_to_users.php | 32 +++++++++++++++++++ misc/db_schema.yaml | 1 + resources/views/user/form.blade.php | 31 ++++++++++++------ resources/views/user/index.blade.php | 6 ++++ 6 files changed, 73 insertions(+), 12 deletions(-) create mode 100644 database/migrations/2019_08_10_223200_add_enabled_to_users.php diff --git a/LibreNMS/Authentication/MysqlAuthorizer.php b/LibreNMS/Authentication/MysqlAuthorizer.php index c66d104443..34e5f0e689 100644 --- a/LibreNMS/Authentication/MysqlAuthorizer.php +++ b/LibreNMS/Authentication/MysqlAuthorizer.php @@ -20,7 +20,13 @@ class MysqlAuthorizer extends AuthorizerBase $username = $credentials['username'] ?? null; $password = $credentials['password'] ?? null; - $hash = User::thisAuth()->where(['username' => $username])->value('password'); + $user_data = User::thisAuth()->where(['username' => $username])->select('password', 'enabled')->first(); + $hash = $user_data->password; + $enabled = $user_data->enabled; + + if (! $enabled) { + throw new AuthenticationException($message = 'login denied'); + } // check for old passwords if (strlen($hash) == 32) { diff --git a/app/Models/User.php b/app/Models/User.php index d08bb88bf7..94c2352c55 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -13,7 +13,7 @@ class User extends Authenticatable use Notifiable; protected $primaryKey = 'user_id'; - protected $fillable = ['realname', 'username', 'email', 'level', 'descr', 'can_modify_passwd', 'auth_type', 'auth_id']; + protected $fillable = ['realname', 'username', 'email', 'level', 'descr', 'can_modify_passwd', 'auth_type', 'auth_id', 'enabled']; protected $hidden = ['password', 'remember_token', 'pivot']; protected $attributes = [ // default values 'descr' => '', @@ -158,6 +158,11 @@ class User extends Authenticatable $this->attributes['can_modify_passwd'] = $modify ? 1 : 0; } + public function setEnabledAttribute($enable) + { + $this->attributes['enabled'] = $enable ? 1 : 0; + } + // ---- Define Relationships ---- public function apiToken() diff --git a/database/migrations/2019_08_10_223200_add_enabled_to_users.php b/database/migrations/2019_08_10_223200_add_enabled_to_users.php new file mode 100644 index 0000000000..f12ecc94a5 --- /dev/null +++ b/database/migrations/2019_08_10_223200_add_enabled_to_users.php @@ -0,0 +1,32 @@ +boolean('enabled')->default(1); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('users', function (Blueprint $table) { + $table->dropColumn('enabled'); + }); + } +} diff --git a/misc/db_schema.yaml b/misc/db_schema.yaml index 2deec7f54f..c6d44d8c1e 100644 --- a/misc/db_schema.yaml +++ b/misc/db_schema.yaml @@ -1788,6 +1788,7 @@ users: - { Field: created_at, Type: timestamp, 'Null': false, Extra: '', Default: '1970-01-02 00:00:01' } - { Field: updated_at, Type: timestamp, 'Null': false, Extra: '', Default: CURRENT_TIMESTAMP } - { Field: remember_token, Type: varchar(100), 'Null': true, Extra: '' } + - { Field: enabled, Type: tinyint(1), 'Null': false, Extra: '', Default: '1' } Indexes: PRIMARY: { Name: PRIMARY, Columns: [user_id], Unique: true, Type: BTREE } username: { Name: username, Columns: [auth_type, username], Unique: true, Type: BTREE } diff --git a/resources/views/user/form.blade.php b/resources/views/user/form.blade.php index 9ff193f0fe..8c42e7b325 100644 --- a/resources/views/user/form.blade.php +++ b/resources/views/user/form.blade.php @@ -6,6 +6,16 @@ +@if(\LibreNMS\Config::get('auth_mechanism') == 'mysql') +
+ +
+ + enabled)) checked @endif @if(Auth::id() == $user->user_id) disabled @endif> +
+
+@endif +
@@ -68,15 +78,16 @@ @endif @if(\LibreNMS\Authentication\LegacyAuth::get()->canUpdatePasswords()) -
-
-
- -
- {{ $errors->first('can_modify_passwd') }} -
+
+ +
+ + can_modify_passwd)) checked @endif> + {{ $errors->first('can_modify_passwd') }}
+
@endif + + diff --git a/resources/views/user/index.blade.php b/resources/views/user/index.blade.php index 36ee7aa6d0..c358f81564 100644 --- a/resources/views/user/index.blade.php +++ b/resources/views/user/index.blade.php @@ -17,6 +17,9 @@ @lang('Access') @lang('Auth') @lang('Email') + @if(\LibreNMS\Authentication\LegacyAuth::getType() == 'mysql') + @lang('Enabled') + @endif @lang('Description') @lang('Actions') @@ -30,6 +33,9 @@ {{ $user->level }} {{ $user->auth_type }} {{ $user->email }} + @if(\LibreNMS\Authentication\LegacyAuth::getType() == 'mysql') + {{ $user->enabled }} + @endif {{ $user->descr }}