mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
move app password code into Login
This commit is contained in:
parent
97328e304b
commit
6e1cba7802
@ -38,12 +38,15 @@ $pUser = '';
|
|||||||
if (authentication_has_role('global-admin')) {
|
if (authentication_has_role('global-admin')) {
|
||||||
$login = new Login('admin');
|
$login = new Login('admin');
|
||||||
$admin = 2;
|
$admin = 2;
|
||||||
|
$passwords = getAllAppPasswords();
|
||||||
} elseif (authentication_has_role('admin')) {
|
} elseif (authentication_has_role('admin')) {
|
||||||
$login = new Login('admin');
|
$login = new Login('admin');
|
||||||
$admin = 1;
|
$admin = 1;
|
||||||
|
$passwords = getAppPasswordsFor($username);
|
||||||
} else {
|
} else {
|
||||||
$login = new Login('mailbox');
|
$login = new Login('mailbox');
|
||||||
$admin = 0;
|
$admin = 0;
|
||||||
|
$passwords = getAppPasswordsFor($username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -61,19 +64,35 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
|||||||
$fPass = $_POST['fPassword_current'];
|
$fPass = $_POST['fPassword_current'];
|
||||||
$fAppDesc = $_POST['fAppDesc'];
|
$fAppDesc = $_POST['fAppDesc'];
|
||||||
$fAppPass = $_POST['fAppPass'];
|
$fAppPass = $_POST['fAppPass'];
|
||||||
addAppPassword($username, $fPass, $fAppPass, $fAppDesc, $login, $PALANG);
|
|
||||||
|
try {
|
||||||
|
if ($login->addAppPassword($username, $fPass, $fAppDesc, $fAppPass)) {
|
||||||
|
flash_info($PALANG['pAppPassAdd_result_success']);
|
||||||
|
header("Location: app-passwords.php");
|
||||||
|
exit(0);
|
||||||
|
} else {
|
||||||
|
flash_error(Config::Lang_f('pAppPassAdd_result_error', $username));
|
||||||
|
}
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
flash_error($e->getMessage());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST['fAppId']) && is_numeric($_POST['fAppId'])) {
|
if (isset($_POST['fAppId']) && is_numeric($_POST['fAppId'])) {
|
||||||
$fAppId = (int)$_POST['fAppId'];
|
$fAppId = (int)$_POST['fAppId'];
|
||||||
revokeAppPassword($username, $fAppId, $PALANG);
|
// $username should be from $_SESSION and not modifiable by the end user
|
||||||
|
// we don't want someone to be able to delete someone else's app password by guessing an id...
|
||||||
|
$row = db_query_one('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
|
||||||
|
if (!empty($row)) {
|
||||||
|
$result = db_delete('mailbox_app_password', 'id', $row['id']);
|
||||||
|
if ($result == 1) {
|
||||||
|
flash_info($PALANG['pTotp_exceptions_revoked']);
|
||||||
|
header("Location: app-passwords.php");
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
flash_error($PALANG['pPassword_result_error']);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if ($admin == 2) {
|
|
||||||
$passwords = getAllAppPasswords();
|
|
||||||
} else {
|
|
||||||
$passwords = getAppPasswordsFor($username);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($passwords as $n => $pass) {
|
foreach ($passwords as $n => $pass) {
|
||||||
@ -95,47 +114,6 @@ $smarty->assign('smarty_template', 'app-passwords');
|
|||||||
$smarty->display('index.tpl');
|
$smarty->display('index.tpl');
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param string $username - postfixadmin username
|
|
||||||
* @param string $fPass - postfixadmin password for username
|
|
||||||
* @param string $fAppPass - application password
|
|
||||||
* @param string $fAppDesc - application description
|
|
||||||
* @param Login $login
|
|
||||||
* @param array $PALANG
|
|
||||||
* @return void
|
|
||||||
*/
|
|
||||||
function addAppPassword(string $username, string $fPass, string $fAppPass, string $fAppDesc, Login $login, array $PALANG)
|
|
||||||
{
|
|
||||||
try {
|
|
||||||
if ($login->addAppPassword($username, $fPass, $fAppDesc, $fAppPass)) {
|
|
||||||
flash_info($PALANG['pAppPassAdd_result_success']);
|
|
||||||
header("Location: app-passwords.php");
|
|
||||||
exit(0);
|
|
||||||
} else {
|
|
||||||
flash_error(Config::Lang_f('pAppPassAdd_result_error', $username));
|
|
||||||
}
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
flash_error($e->getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @todo Why pass Login here? it's not used?
|
|
||||||
*/
|
|
||||||
function revokeAppPassword(string $username, int $fAppId, array $PALANG)
|
|
||||||
{
|
|
||||||
// $username should be from $_SESSION and not modifiable by the end user
|
|
||||||
// we don't want someone to be able to delete someone else's app password by guessing an id...
|
|
||||||
$row = db_query_one('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
|
|
||||||
if (is_array($row) && isset($row['id'])) {
|
|
||||||
$result = db_delete('mailbox_app_password', 'id', $row['id']);
|
|
||||||
if ($result == 1) {
|
|
||||||
flash_info($PALANG['pTotp_exceptions_revoked']);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
flash_error($PALANG['pPassword_result_error']);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return array
|
* @return array
|
||||||
@ -148,8 +126,9 @@ function getAllAppPasswords()
|
|||||||
/**
|
/**
|
||||||
* @param string $username
|
* @param string $username
|
||||||
* @return array
|
* @return array
|
||||||
|
* @todo if $username is a domain admin, we should return all app passwords for that domain.
|
||||||
*/
|
*/
|
||||||
function getAppPasswordsFor($username)
|
function getAppPasswordsFor(string $username): array
|
||||||
{
|
{
|
||||||
return db_query_all("SELECT * FROM mailbox_app_password WHERE username = :username", ['username' => $username]);
|
return db_query_all("SELECT * FROM mailbox_app_password WHERE username = :username", ['username' => $username]);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user