display password change dialogue for SQL backend
authorLars Kneschke <l.kneschke@metaways.de>
Mon, 2 Mar 2015 09:41:29 +0000 (10:41 +0100)
committerPhilipp Schüle <p.schuele@metaways.de>
Mon, 2 Mar 2015 16:30:31 +0000 (17:30 +0100)
- display password change dialogue when last_password_change is null
- allow to set empty password during initial install of Tine 2.0

Change-Id: I027b1d14925d4522e71b591f44d1dc2f8c6bfaa0
Reviewed-on: http://gerrit.tine20.com/customers/1700
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tine20/Tinebase/Model/FullUser.php
tine20/Tinebase/User.php
tine20/Tinebase/js/PasswordChangeDialog.js

index dddb50a..38b54fc 100644 (file)
@@ -80,6 +80,59 @@ class Tinebase_Model_FullUser extends Tinebase_Model_User
     );
     
     /**
+     * @see Tinebase_Record_Abstract
+     */
+    public function __construct($_data = NULL, $_bypassFilters = false, $_convertDates = true)
+    {
+        $this->_validators = array(
+            'accountId'             => array('allowEmpty' => true),
+            'accountLoginName'      => array('presence' => 'required'),
+            'accountLastLogin'      => array('allowEmpty' => true),
+            'accountLastLoginfrom'  => array('allowEmpty' => true),
+            'accountLastPasswordChange' => array('allowEmpty' => true),
+            'accountStatus'         => array(new Zend_Validate_InArray(array(
+                Tinebase_Model_User::ACCOUNT_STATUS_ENABLED,
+                Tinebase_Model_User::ACCOUNT_STATUS_DISABLED,
+                Tinebase_Model_User::ACCOUNT_STATUS_BLOCKED,
+                Tinebase_Model_User::ACCOUNT_STATUS_EXPIRED)
+            ), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::ACCOUNT_STATUS_ENABLED),
+            'accountExpires'        => array('allowEmpty' => true),
+            'accountPrimaryGroup'   => array('presence' => 'required'),
+            'accountDisplayName'    => array('presence' => 'required'),
+            'accountLastName'       => array('presence' => 'required'),
+            'accountFirstName'      => array('allowEmpty' => true),
+            'accountFullName'       => array('presence' => 'required'),
+            'accountEmailAddress'   => array('allowEmpty' => true),
+            'accountHomeDirectory'  => array('allowEmpty' => true),
+            'accountLoginShell'     => array('allowEmpty' => true),
+            'lastLoginFailure'      => array('allowEmpty' => true),
+            'loginFailures'         => array('allowEmpty' => true),
+            'sambaSAM'              => array('allowEmpty' => true),
+            'openid'                => array('allowEmpty' => true),
+            'contact_id'            => array('allowEmpty' => true),
+            'container_id'          => array('allowEmpty' => true),
+            'emailUser'             => array('allowEmpty' => true),
+            'groups'                => array('allowEmpty' => true),
+            'imapUser'              => array('allowEmpty' => true),
+            'smtpUser'              => array('allowEmpty' => true),
+            'visibility'            => array(new Zend_Validate_InArray(array(
+                Tinebase_Model_User::VISIBILITY_HIDDEN, 
+                Tinebase_Model_User::VISIBILITY_DISPLAYED)
+            ), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::VISIBILITY_DISPLAYED),
+            'created_by'            => array('allowEmpty' => true),
+            'creation_time'         => array('allowEmpty' => true),
+            'last_modified_by'      => array('allowEmpty' => true),
+            'last_modified_time'    => array('allowEmpty' => true),
+            'is_deleted'            => array('allowEmpty' => true),
+            'deleted_time'          => array('allowEmpty' => true),
+            'deleted_by'            => array('allowEmpty' => true),
+            'seq'                   => array('allowEmpty' => true),
+        );
+        
+        parent::__construct($_data, $_bypassFilters, $_convertDates);
+    }
+    
+    /**
      * adds email and samba users, generates username + user password and 
      *   applies multiple options (like accountLoginNamePrefix, accountHomeDirectoryPrefix, ...)
      * 
@@ -149,10 +202,10 @@ class Tinebase_Model_FullUser extends Tinebase_Model_User
     }
     
     /**
-    * add samba settings to user
-    *
-    * @param array $options
-    */
+     * add samba settings to user
+     *
+     * @param array $options
+     */
     protected function _addSambaSettings($options)
     {
         $samUser = new Tinebase_Model_SAMUser(array(
@@ -195,58 +248,52 @@ class Tinebase_Model_FullUser extends Tinebase_Model_User
     }
     
     /**
-     * @see Tinebase_Record_Abstract
+     * check if windows password needs to b changed
+     *  
+     * @return boolean
      */
-    public function __construct($_data = NULL, $_bypassFilters = false, $_convertDates = true)
+    protected function _sambaSamPasswordChangeNeeded()
     {
-        $this->_validators = array(
-            'accountId'             => array('allowEmpty' => true),
-            'accountLoginName'      => array('presence' => 'required'),
-            'accountLastLogin'      => array('allowEmpty' => true),
-            'accountLastLoginfrom'  => array('allowEmpty' => true),
-            'accountLastPasswordChange' => array('allowEmpty' => true),
-            'accountStatus'         => array(new Zend_Validate_InArray(array(
-                Tinebase_Model_User::ACCOUNT_STATUS_ENABLED,
-                Tinebase_Model_User::ACCOUNT_STATUS_DISABLED,
-                Tinebase_Model_User::ACCOUNT_STATUS_BLOCKED,
-                Tinebase_Model_User::ACCOUNT_STATUS_EXPIRED)
-            ), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::ACCOUNT_STATUS_ENABLED),
-            'accountExpires'        => array('allowEmpty' => true),
-            'accountPrimaryGroup'   => array('presence' => 'required'),
-            'accountDisplayName'    => array('presence' => 'required'),
-            'accountLastName'       => array('presence' => 'required'),
-            'accountFirstName'      => array('allowEmpty' => true),
-            'accountFullName'       => array('presence' => 'required'),
-            'accountEmailAddress'   => array('allowEmpty' => true),
-            'accountHomeDirectory'  => array('allowEmpty' => true),
-            'accountLoginShell'     => array('allowEmpty' => true),
-            'lastLoginFailure'      => array('allowEmpty' => true),
-            'loginFailures'         => array('allowEmpty' => true),
-            'sambaSAM'              => array('allowEmpty' => true),
-            'openid'                => array('allowEmpty' => true),
-            'contact_id'            => array('allowEmpty' => true),
-            'container_id'          => array('allowEmpty' => true),
-            'emailUser'             => array('allowEmpty' => true),
-            'groups'                => array('allowEmpty' => true),
-            'imapUser'              => array('allowEmpty' => true),
-            'smtpUser'              => array('allowEmpty' => true),
-            'visibility'            => array(new Zend_Validate_InArray(array(
-                Tinebase_Model_User::VISIBILITY_HIDDEN, 
-                Tinebase_Model_User::VISIBILITY_DISPLAYED)
-            ), Zend_Filter_Input::DEFAULT_VALUE => Tinebase_Model_User::VISIBILITY_DISPLAYED),
-            'created_by'            => array('allowEmpty' => true),
-            'creation_time'         => array('allowEmpty' => true),
-            'last_modified_by'      => array('allowEmpty' => true),
-            'last_modified_time'    => array('allowEmpty' => true),
-            'is_deleted'            => array('allowEmpty' => true),
-            'deleted_time'          => array('allowEmpty' => true),
-            'deleted_by'            => array('allowEmpty' => true),
-            'seq'                   => array('allowEmpty' => true),
-        );
+        if ($this->sambaSAM instanceof Tinebase_Model_SAMUser 
+            && isset($this->sambaSAM->pwdMustChange) 
+            && $this->sambaSAM->pwdMustChange instanceof DateTime) 
+        {
+            if ($this->sambaSAM->pwdMustChange->compare(Tinebase_DateTime::now()) < 0) {
+                if (!isset($this->sambaSAM->pwdLastSet)) {
+                    if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ 
+                        . ' User ' . $this->accountLoginName . ' has to change his pw: it got never set by user');
+                        
+                    return true;;
+                    
+                } else if (isset($this->sambaSAM->pwdLastSet) && $this->sambaSAM->pwdLastSet instanceof DateTime) {
+                    $dateToCompare = $this->sambaSAM->pwdLastSet;
+                    
+                    if ($this->sambaSAM->pwdMustChange->compare($dateToCompare) > 0) {
+                        if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ 
+                            . ' User ' . $this->accountLoginName . ' has to change his pw: ' . $this->sambaSAM->pwdMustChange . ' > ' . $dateToCompare);
+                            
+                        return true;
+                    }
+                } else {
+                    if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Password is up to date.');
+                }
+            }
+        }
         
-        parent::__construct($_data, $_bypassFilters, $_convertDates);
+        return false;
+    }
+    
+    /**
+     * check if sql password needs to be changed
+     * 
+     * @return boolean
+     */
+    protected function _sqlPasswordChangeNeeded()
+    {
+        return empty($this->accountLastPasswordChange);
     }
     
+    
     /**
      * return the public informations of this user only
      *
@@ -271,44 +318,29 @@ class Tinebase_Model_FullUser extends Tinebase_Model_User
     
     /**
      * returns TRUE if user has to change his/her password (compare sambaSAM->pwdMustChange with Tinebase_DateTime::now())
-     * NOTE: this only applies for user with samba settings atm
      * 
      * @return boolean
      */
     public function mustChangePassword()
     {
-        $result = FALSE;
-        
-        if ($this->sambaSAM instanceof Tinebase_Model_SAMUser 
-            && isset($this->sambaSAM->pwdMustChange) 
-            && $this->sambaSAM->pwdMustChange instanceof DateTime) 
-        {
-            if ($this->sambaSAM->pwdMustChange->compare(Tinebase_DateTime::now()) < 0) {
-                if (!isset($this->sambaSAM->pwdLastSet)) {
-                    if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ 
-                        . ' User ' . $this->accountLoginName . ' has to change his pw: it got never set by user');
-                        
-                    $result = TRUE;
-                    
-                } else if (isset($this->sambaSAM->pwdLastSet) && $this->sambaSAM->pwdLastSet instanceof DateTime) {
-                    $dateToCompare = $this->sambaSAM->pwdLastSet;
-                    
-                    if ($this->sambaSAM->pwdMustChange->compare($dateToCompare) > 0) {
-                        if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ 
-                            . ' User ' . $this->accountLoginName . ' has to change his pw: ' . $this->sambaSAM->pwdMustChange . ' > ' . $dateToCompare);
-                            
-                        $result = TRUE;
-                    }
-                } else {
-                    if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Password is up to date.');
-                }
-            }
+        switch (Tinebase_User::getConfiguredBackend()) {
+            case Tinebase_User::ACTIVEDIRECTORY:
+                return $this->_sambaSamPasswordChangeNeeded();
+                
+                break;
+                
+            case Tinebase_User::LDAP:
+                return $this->_sambaSamPasswordChangeNeeded();
+                
+                break;
+                
+            default:
+                return $this->_sqlPasswordChangeNeeded();
+                
+                break;
         }
-        
-        return $result;
     }
     
-    
     /**
      * Short username to a configured length
      */
index b895072..410ff5d 100644 (file)
@@ -828,7 +828,10 @@ class Tinebase_User
         }
         
         // set the password for the account
-        Tinebase_User::getInstance()->setPassword($user, $adminPassword);
+        // empty password triggers password change dialogue during first login
+        if (!empty($adminPassword)) {
+            Tinebase_User::getInstance()->setPassword($user, $adminPassword);
+        }
 
         // add the admin account to all groups
         Tinebase_Group::getInstance()->addGroupMember($adminGroup, $user);
index efd6877..6a110c8 100644 (file)
@@ -40,8 +40,7 @@ Tine.Tinebase.PasswordChangeDialog = Ext.extend(Ext.Window, {
             defaults: {
                 xtype: 'textfield',
                 inputType: 'password',
-                anchor: '100%',
-                allowBlank: false
+                anchor: '100%'
             },
             items: [{
                 id: 'oldPassword',
@@ -114,7 +113,7 @@ Tine.Tinebase.PasswordChangeDialog = Ext.extend(Ext.Window, {
                             });
                         }
                     }
-                }                    
+                }
             }]
         });