From f3b6f21e419e0d4c217783a82e0fc04de7403d1d Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Wed, 16 Oct 2024 12:27:35 +0200 Subject: [PATCH 1/9] fix account locking name and bug (#125) --- lang/fr.inc.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lang/fr.inc.php b/lang/fr.inc.php index da19091..c96c6f7 100644 --- a/lang/fr.inc.php +++ b/lang/fr.inc.php @@ -8,13 +8,13 @@ $messages['accountdisabled'] = "Le compte est désactivé"; $messages['auditlogs'] = "Audit"; $messages['auditlogtitle'] = "Traces d'audit pour les $audit_log_days derniers jours"; -$messages['accountlocked'] = "Le compte est bloqué"; +$messages['accountlocked'] = "Le compte est verrouillé"; $messages['accountnotdisabled'] = "Échec de la désactivation du compte"; $messages['accountnotenabled'] = "Échec de l'activation du compte"; -$messages['accountnotlocked'] = "Échec de blocage du compte"; -$messages['accountnotunlocked'] = "Échec de déblocage du compte"; +$messages['accountnotlocked'] = "Échec de verrouillage du compte"; +$messages['accountnotunlocked'] = "Échec de déverrouillage du compte"; $messages['accountstatus'] = "Statut du compte"; -$messages['accountunlocked'] = "Le compte n'est pas bloqué"; +$messages['accountunlocked'] = "Le compte n'est pas verrouillé"; $messages['actionforbidden'] = "Action interdite"; $messages['changesubject'] = "Votre mot de passe a été changé"; $messages['changesubjectforadmin'] = "Le mot de passe d'un utilisateur a été changé"; @@ -75,7 +75,7 @@ $messages['label_phone'] = "Téléphone"; $messages['label_postaladdress'] = "Adresse"; $messages['label_postalcode'] = "Code postal"; -$messages['label_pwdaccountlockedtime'] = "Date de blocage"; +$messages['label_pwdaccountlockedtime'] = "Date de verrouillage"; $messages['label_pwdchangedtime'] = "Dernier changement de mot de passe"; $messages['label_pwdfailuretime'] = "Derniers échecs d'authentification"; $messages['label_pwdgraceusetime'] = "Dernières authentifications en grâce"; @@ -89,8 +89,8 @@ $messages['label_title'] = "Titre"; $messages['label_user_dn'] = "Utilisateur"; $messages['ldaperror'] = "Erreur de communication avec l'annuaire LDAP"; -$messages['lockaccount'] = "Bloquer le compte"; -$messages['lockedaccounts'] = "Comptes bloqués"; +$messages['lockaccount'] = "Verrouiller le compte"; +$messages['lockedaccounts'] = "Comptes verrouillés"; $messages['logout'] = "Déconnexion"; $messages['newpassword'] = "Nouveau mot de passe"; $messages['noentriesfound'] = "Aucune entrée trouvée"; @@ -114,7 +114,7 @@ $messages['tooltip_emailto'] = "Envoyer un email"; $messages['tooltip_phoneto'] = "Composer ce numéro"; $messages['true'] = "Oui"; -$messages['unlockaccount'] = "Débloquer le compte"; +$messages['unlockaccount'] = "Déverrouiller le compte"; $messages['unlockdate'] = "Date de déblocage automatique :"; $messages['welcome'] = "Bienvenue sur le guichet de service LDAP Tool Box"; $messages['willexpireaccounts'] = "Mots de passe bientôt expirés"; From 132b2d58801ed56ee7015b57e1a088ca27fa6bb0 Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Wed, 16 Oct 2024 17:53:12 +0200 Subject: [PATCH 2/9] fix missing comment in auditlog() (#125) --- composer.json | 2 +- htdocs/disableaccount.php | 8 +++++++- htdocs/enableaccount.php | 8 +++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/composer.json b/composer.json index d27aa11..b7fa120 100644 --- a/composer.json +++ b/composer.json @@ -4,7 +4,7 @@ "datatables.net/datatables.net-bs5": "2.0.8", "datatables.net/datatables.net-buttons-bs5": "3.0.2", "fortawesome/font-awesome": "v6.5.2", - "ltb-project/ltb-common": "dev-main", + "ltb-project/ltb-common": "dev-44-openldap-account-disabling", "twbs/bootstrap": "v5.3.2" }, "scripts": { diff --git a/htdocs/disableaccount.php b/htdocs/disableaccount.php index f54b424..ce3e1ba 100644 --- a/htdocs/disableaccount.php +++ b/htdocs/disableaccount.php @@ -6,6 +6,7 @@ $result = ""; $dn = ""; $password = ""; +$comment = ""; if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; @@ -13,6 +14,11 @@ $result = "dnrequired"; } +if (isset($_POST["comment"]) and $_POST["comment"]) { + $comment = $_POST["comment"]; +} + + if (!$use_disableaccount) { $result = "actionforbidden"; } @@ -38,7 +44,7 @@ } if ($audit_log_file) { - auditlog($audit_log_file, $dn, $audit_admin, "disableaccount", $result); + auditlog($audit_log_file, $dn, $audit_admin, "disableaccount", $result, $comment); } header('Location: index.php?page=display&dn='.$dn.'&disableaccountresult='.$result); diff --git a/htdocs/enableaccount.php b/htdocs/enableaccount.php index 0756186..f2d23a9 100644 --- a/htdocs/enableaccount.php +++ b/htdocs/enableaccount.php @@ -6,6 +6,7 @@ $result = ""; $dn = ""; $password = ""; +$comment = ""; if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; @@ -13,6 +14,11 @@ $result = "dnrequired"; } +if (isset($_POST["comment"]) and $_POST["comment"]) { + $comment = $_POST["comment"]; +} + + if (!$use_enableaccount) { $result = "actionforbidden"; } @@ -38,7 +44,7 @@ } if ($audit_log_file) { - auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result); + auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result, $comment); } header('Location: index.php?page=display&dn='.$dn.'&enableaccountresult='.$result); From 9fc769ee5813bc59848e268471d851314e94d41d Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Fri, 25 Oct 2024 12:10:16 +0200 Subject: [PATCH 3/9] use block account feature from ltb-common main branch(#125) --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index b7fa120..d27aa11 100644 --- a/composer.json +++ b/composer.json @@ -4,7 +4,7 @@ "datatables.net/datatables.net-bs5": "2.0.8", "datatables.net/datatables.net-buttons-bs5": "3.0.2", "fortawesome/font-awesome": "v6.5.2", - "ltb-project/ltb-common": "dev-44-openldap-account-disabling", + "ltb-project/ltb-common": "dev-main", "twbs/bootstrap": "v5.3.2" }, "scripts": { From 43b49d3157cabadfa285f3ae8709065f44629c3f Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Fri, 25 Oct 2024 18:05:10 +0200 Subject: [PATCH 4/9] add a dedicated menu to list disabled accounts (#125) --- conf/config.inc.php | 2 ++ htdocs/enableaccount.php | 15 ++++++------ htdocs/index.php | 3 +++ htdocs/searchdisabled.php | 45 ++++++++++++++++++++++++++++++++++++ lang/en.inc.php | 1 + lang/fr.inc.php | 1 + templates/display.tpl | 3 +++ templates/listing_table.tpl | 12 ++++++++++ templates/menu.tpl | 5 +++- templates/searchdisabled.tpl | 11 +++++++++ 10 files changed, 90 insertions(+), 8 deletions(-) create mode 100644 htdocs/searchdisabled.php create mode 100644 templates/searchdisabled.tpl diff --git a/conf/config.inc.php b/conf/config.inc.php index 0b511f1..e421168 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -141,6 +141,8 @@ $use_searchlocked = true; +$use_searchdisabled = true; + $use_searchexpired = true; $use_searchwillexpire = true; diff --git a/htdocs/enableaccount.php b/htdocs/enableaccount.php index f2d23a9..95e2616 100644 --- a/htdocs/enableaccount.php +++ b/htdocs/enableaccount.php @@ -5,22 +5,23 @@ $result = ""; $dn = ""; -$password = ""; $comment = ""; +$returnto = "display"; if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; +} else if (isset($_GET["dn"]) and $_GET["dn"]) { + $dn = $_GET["dn"]; } else { $result = "dnrequired"; } -if (isset($_POST["comment"]) and $_POST["comment"]) { - $comment = $_POST["comment"]; +if (isset($_GET["returnto"]) and $_GET["returnto"]) { + $returnto = $_GET["returnto"]; } - -if (!$use_enableaccount) { - $result = "actionforbidden"; +if (isset($_POST["comment"]) and $_POST["comment"]) { + $comment = $_POST["comment"]; } if ($result === "") { @@ -47,4 +48,4 @@ auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result, $comment); } -header('Location: index.php?page=display&dn='.$dn.'&enableaccountresult='.$result); +header('Location: index.php?page='.$returnto.'&dn='.$dn.'&enableaccountresult='.$result); diff --git a/htdocs/index.php b/htdocs/index.php index 61b9363..b017880 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -178,6 +178,7 @@ $smarty->assign('show_expirestatus',$show_expirestatus); $smarty->assign('display_password_expiration_date',$display_password_expiration_date); $smarty->assign('use_searchlocked',$use_searchlocked); +$smarty->assign('use_searchdisabled',$use_searchdisabled); $smarty->assign('use_searchexpired',$use_searchexpired); $smarty->assign('use_searchwillexpire',$use_searchwillexpire); $smarty->assign('use_searchidle',$use_searchidle); @@ -240,7 +241,9 @@ if ( $page === "checkpassword" and !$use_checkpassword ) { $page = "welcome"; } if ( $page === "resetpassword" and !$use_resetpassword ) { $page = "welcome"; } if ( $page === "unlockaccount" and !$use_unlockaccount ) { $page = "welcome"; } +if ( $page === "enableaccount" and !$use_enableaccount ) { $page = "welcome"; } if ( $page === "searchlocked" and !$use_searchlocked ) { $page = "welcome"; } +if ( $page === "searchdisabled" and !$use_searchdisabled ) { $page = "welcome"; } if ( $page === "searchexpired" and !$use_searchexpired ) { $page = "welcome"; } if ( $page === "searchwillexpire" and !$use_searchwillexpire ) { $page = "welcome"; } if ( $page === "searchidle" and !$use_searchidle ) { $page = "welcome"; } diff --git a/htdocs/searchdisabled.php b/htdocs/searchdisabled.php new file mode 100644 index 0000000..cc3d66f --- /dev/null +++ b/htdocs/searchdisabled.php @@ -0,0 +1,45 @@ +search($ldap_user_filter, array(), $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope); + +if ( !empty($entries) ) +{ + + # Check if entry is still locked + foreach($entries as $entry_key => $entry) { + + $isEnabled = $directory->isAccountEnabled($ldap, $entry['dn']); + + if ( $isEnabled === true ) { + unset($entries[$entry_key]); + $nb_entries--; + } + + } + + $smarty->assign("page_title", "disabledaccounts"); + if ($nb_entries === 0) { + $result = "noentriesfound"; + } else { + $smarty->assign("nb_entries", $nb_entries); + $smarty->assign("entries", $entries); + $smarty->assign("size_limit_reached", $size_limit_reached); + + $columns = $search_result_items; + if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title); + $smarty->assign("listing_columns", $columns); + $smarty->assign("listing_linkto", isset($search_result_linkto) ? $search_result_linkto : array($search_result_title)); + $smarty->assign("listing_sortby", array_search($search_result_sortby, $columns)); + $smarty->assign("show_undef", $search_result_show_undefined); + $smarty->assign("truncate_value_after", $search_result_truncate_value_after); + if ($use_enableaccount) { $smarty->assign("display_enable_button", true); } + } +} + +?> diff --git a/lang/en.inc.php b/lang/en.inc.php index 4024a51..2d67990 100644 --- a/lang/en.inc.php +++ b/lang/en.inc.php @@ -26,6 +26,7 @@ $messages['currentpassword'] = "Current password"; $messages['dashboards'] = "Dashboards"; $messages['disableaccount'] = "Disable account"; +$messages['disabledaccounts'] = "Disabled accounts"; $messages['displayentry'] = "Display entry"; $messages['dnrequired'] = "Entry identifier required"; $messages['editentry'] = "Edit entry"; diff --git a/lang/fr.inc.php b/lang/fr.inc.php index c96c6f7..e8f272d 100644 --- a/lang/fr.inc.php +++ b/lang/fr.inc.php @@ -26,6 +26,7 @@ $messages['currentpassword'] = "Mot de passe actuel"; $messages['dashboards'] = "Tableaux de bord"; $messages['disableaccount'] = "Désactiver le compte"; +$messages['disabledaccounts'] = "Comptes désactivés"; $messages['displayentry'] = "Afficher l'entrée"; $messages['dnrequired'] = "L'identifiant de l'entrée est requis"; $messages['editentry'] = "Modifier l'entrée"; diff --git a/templates/display.tpl b/templates/display.tpl index fda7a7e..00b0857 100644 --- a/templates/display.tpl +++ b/templates/display.tpl @@ -241,6 +241,9 @@ {if $unlockaccountresult eq 'ldaperror'}
{$msg_accountnotunlocked}
{/if} + {if $enableaccountresult eq 'ldaperror'} +
{$msg_accountnotenabled}
+ {/if} {if $use_unlockcomment} - +
+ {include 'comment.tpl' method=disable page=disableaccount title=$msg_lockaccount} +
+ {else} +
+ + +
+ {/if} {/if} @@ -347,15 +354,25 @@ {if $use_enableaccount}
-
- {if $enableaccountresult eq 'ldaperror' or $enableaccountresult eq 'actionforbidden'} -
{$msg_accountnotenabled}
- {/if} - - -
+
+ {include 'comment.tpl' method=enable page=enableaccount title=$msg_enableaccount} +
+ {else} +
+ + +
+ {/if}
{/if} diff --git a/templates/listing_table.tpl b/templates/listing_table.tpl index c6654c5..189eba0 100644 --- a/templates/listing_table.tpl +++ b/templates/listing_table.tpl @@ -23,7 +23,7 @@ {if $display_enable_button} - + {/if} From 8d136e6fe404a7718f24f08af9ce4d911b2c4365 Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Thu, 31 Oct 2024 16:42:52 +0100 Subject: [PATCH 6/9] add doc for enabling/disabling comments (#125) --- docs/enableaccount.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/enableaccount.rst b/docs/enableaccount.rst index 8b88451..e7f6dee 100644 --- a/docs/enableaccount.rst +++ b/docs/enableaccount.rst @@ -31,3 +31,25 @@ To enable this feature: .. code-block:: php $use_disableaccount = true; + +Insert comment +-------------- + +This feature displays a comment pop-up when enabling and disabling user accounts. + +To enable this feature: + +.. code-block:: php + + $use_enablecomment = true; + $use_disablecomment = true; + +Comment required +---------------- + +This feature ensures a comment is required before enabling/disabling a user. + +.. code-block:: php + + $use_enablecomment_required = true; + $use_disablecomment_required = true; From c1ffc730e742a7c30042e222231eb7b3cdb088a5 Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Thu, 31 Oct 2024 19:31:25 +0100 Subject: [PATCH 7/9] add comments in all menus (#127) --- htdocs/disableaccount.php | 7 ++++++- htdocs/enableaccount.php | 4 ++++ htdocs/lockaccount.php | 7 ++++++- htdocs/unlockaccount.php | 4 ++++ templates/comment.tpl | 3 ++- templates/display.tpl | 8 ++++---- templates/listing_table.tpl | 38 +++++++++++++++++++++++++++++-------- 7 files changed, 56 insertions(+), 15 deletions(-) diff --git a/htdocs/disableaccount.php b/htdocs/disableaccount.php index ce3e1ba..ea395f8 100644 --- a/htdocs/disableaccount.php +++ b/htdocs/disableaccount.php @@ -7,6 +7,11 @@ $dn = ""; $password = ""; $comment = ""; +$returnto = "display"; + +if (isset($_POST["returnto"]) and $_POST["returnto"]) { + $returnto = $_POST["returnto"]; +} if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; @@ -47,4 +52,4 @@ auditlog($audit_log_file, $dn, $audit_admin, "disableaccount", $result, $comment); } -header('Location: index.php?page=display&dn='.$dn.'&disableaccountresult='.$result); +header('Location: index.php?page='.$returnto.'&dn='.$dn.'&disableaccountresult='.$result); diff --git a/htdocs/enableaccount.php b/htdocs/enableaccount.php index 95e2616..8ad8493 100644 --- a/htdocs/enableaccount.php +++ b/htdocs/enableaccount.php @@ -8,6 +8,10 @@ $comment = ""; $returnto = "display"; +if (isset($_POST["returnto"]) and $_POST["returnto"]) { + $returnto = $_POST["returnto"]; +} + if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; } else if (isset($_GET["dn"]) and $_GET["dn"]) { diff --git a/htdocs/lockaccount.php b/htdocs/lockaccount.php index ad22e95..ea0207a 100644 --- a/htdocs/lockaccount.php +++ b/htdocs/lockaccount.php @@ -6,6 +6,11 @@ $result = ""; $dn = ""; $comment = ""; +$returnto = "display"; + +if (isset($_POST["returnto"]) and $_POST["returnto"]) { + $returnto = $_POST["returnto"]; +} if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; @@ -50,4 +55,4 @@ auditlog($audit_log_file, $dn, $audit_admin, "lockaccount", $result, $comment); } -header('Location: index.php?page=display&dn='.$dn.'&lockaccountresult='.$result); +header('Location: index.php?page='.$returnto.'&dn='.$dn.'&lockaccountresult='.$result); diff --git a/htdocs/unlockaccount.php b/htdocs/unlockaccount.php index 388e6ba..07896e6 100644 --- a/htdocs/unlockaccount.php +++ b/htdocs/unlockaccount.php @@ -8,6 +8,10 @@ $comment = ""; $returnto = "display"; +if (isset($_POST["returnto"]) and $_POST["returnto"]) { + $returnto = $_POST["returnto"]; +} + if (isset($_POST["dn"]) and $_POST["dn"]) { $dn = $_POST["dn"]; } else if (isset($_GET["dn"]) and $_GET["dn"]) { diff --git a/templates/comment.tpl b/templates/comment.tpl index 17172d7..dc8f759 100644 --- a/templates/comment.tpl +++ b/templates/comment.tpl @@ -1,6 +1,7 @@
-