mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-20 17:15:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added an setting to disable password reset mechanism.

Browse source 
By default the pw reset is disabled, when no email server is configured.
This commit is contained in:
Jan Böhmer 2019-12-01 12:48:59 +01:00
parent 4f70d8b1da
commit 12b3107188
6 changed files with 105 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.env
View file

@ -42,7 +42,18 @@ BANNER=""
# In demo mode things it is not possible for a user to change his password and his settings.
DEMO_MODE=0
### End custom vars
###> symfony/mailer ###
# MAILER_DSN=smtp://localhost
###< symfony/mailer ###
###################################################################################
# Email related settings
###################################################################################
# The DSN of the email server that should be used for sending emails (disabled by default)
# See Transport section of https://symfony.com/doc/current/components/mailer.html for available providers and syntax
MAILER_DSN=null://null
#MAILER_DSN=smtp://user:password@smtp.mailserver.invalid:587
# The email address from which all Part-DB emails should be sent. Change this when you configure email!
EMAIL_SENDER_EMAIL=noreply@partdb.changeme
# Set this to 1 to allow reset of a password per email
ALLOW_EMAIL_PW_RESET=0

1
config/packages/twig.yaml
View file

@ -12,3 +12,4 @@ twig:
partdb_title: '%partdb_title%'
default_currency: '%default_currency%'
global_theme: '%global_theme%'
allow_email_pw_reset: '%allow_email_pw_reset%'

9
config/services.yaml
View file

@ -17,8 +17,9 @@ parameters:
# Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
allow_attachments_downloads: false
demo_mode: '%env(bool:DEMO_MODE)%' # If set to true, all potentially dangerous things are disabled (like changing passwords of the own user)
sender_email: 'noreply@partdb.changeme'
sender_name: 'Part-DB Mailer'
sender_email: 'noreply@partdb.changeme' # The email address from which all emails are sent from
sender_name: 'Part-DB Mailer' # The name that will be used for all mails sent by Part-DB
allow_email_pw_reset: '%env(validMailDSN:MAILER_DSN)%' # Config if users are able, to reset their password by email. By default this enabled, when a mail server is configured.
services:
# default configuration for services in *this* file
@ -103,6 +104,10 @@ services:
arguments:
$timezone: '%timezone%'
App\Controller\SecurityController:
arguments:
$allow_email_pw_reset: '%allow_email_pw_reset%'
App\Services\Attachments\AttachmentPathResolver:
arguments:
$project_dir: '%kernel.project_dir%'

24
src/Controller/SecurityController.php
View file

@ -30,8 +30,10 @@ use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
@ -40,10 +42,12 @@ use Symfony\Contracts\Translation\TranslatorInterface;
class SecurityController extends AbstractController
{
protected $translator;
protected $allow_email_pw_reset;
public function __construct(TranslatorInterface $translator)
public function __construct(TranslatorInterface $translator, bool $allow_email_pw_reset)
{
$this->translator = $translator;
$this->allow_email_pw_reset = $allow_email_pw_reset;
}
/**
@ -68,6 +72,14 @@ class SecurityController extends AbstractController
*/
public function requestPwReset(PasswordResetManager $passwordReset, Request $request)
{
if (!$this->allow_email_pw_reset) {
throw new AccessDeniedHttpException("The password reset via email is disabled!");
}
if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
throw new AccessDeniedHttpException("You are already logged in, so you can not reset your password!");
}
$builder = $this->createFormBuilder();
$builder->add('user', TextType::class, [
'label' => $this->translator->trans('pw_reset.user_or_password'),
@ -88,7 +100,7 @@ class SecurityController extends AbstractController
if ($form->isSubmitted() && $form->isValid()) {
$passwordReset->request($form->getData()['user']);
$this->addFlash('success', $this->translator->trans('pw_reset.request.success'));
//return $this->redirectToRoute('login');
return $this->redirectToRoute('login');
}
return $this->render('security/pw_reset_request.html.twig', [
@ -101,6 +113,14 @@ class SecurityController extends AbstractController
*/
public function pwResetNewPw(PasswordResetManager $passwordReset, Request $request, string $user = null, string $token = null)
{
if (!$this->allow_email_pw_reset) {
throw new AccessDeniedHttpException("The password reset via email is disabled!");
}
if ($this->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
throw new AccessDeniedHttpException("You are already logged in, so you can not reset your password!");
}
$data = ['username' => $user, 'token' => $token];
$builder = $this->createFormBuilder($data);
$builder->add('username', TextType::class, [

55
src/Services/CustomEnvVarProcessor.php Normal file
View file

@ -0,0 +1,55 @@
<?php
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
* Copyright (C) 2019 Jan Böhmer (https://github.com/jbtronics)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
namespace App\Services;
use Symfony\Component\DependencyInjection\EnvVarProcessorInterface;
use Symfony\Component\DependencyInjection\Exception\EnvNotFoundException;
class CustomEnvVarProcessor implements EnvVarProcessorInterface
{
/**
* @inheritDoc
*/
public function getEnv($prefix, $name, \Closure $getEnv)
{
if ('validMailDSN' === $prefix) {
try {
$env = $getEnv($name);
return !empty($env) && $env !== 'null://null';
} catch (EnvNotFoundException $exception) {
return false;
}
}
}
/**
* @inheritDoc
*/
public static function getProvidedTypes()
{
return [
'validMailDSN' => 'bool',
];
}
}

8
templates/security/login.html.twig
View file

@ -5,7 +5,7 @@
{% block card_title %}<h5>
<i class="fa fa-sign-in-alt fa-fw" aria-hidden="true"></i>
{% trans %}login.card_title{% endtrans %}
</h5>
</h5>
{% endblock %}
{% block content %}
@ -20,7 +20,7 @@
{% endblock %}
{% block card_content %}
<form action="{{ path('login') }}" method="post" class="form-hor">
<form action="{{ path('login') }}" method="post" class="form-horizontal">
<input type="hidden" name="_csrf_token"
value="{{ csrf_token('authenticate') }}">
@ -60,5 +60,7 @@
</div>
</form>
<a class="offset-2" href="{{ url('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
{% if allow_email_pw_reset %}
<a class="offset-2" href="{{ url('pw_reset_request') }}">{% trans %}pw_reset.password_forget{% endtrans %}</a>
{% endif %}
{% endblock %}