mirror/postfixadmin
0
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2024-09-19 19:22:14 +02:00
Code

rejig Login::__construct() as only one arg is really needed

Browse Source
This commit is contained in:
David Goodwin 2020-09-26 09:58:05 +01:00
parent 6ad44679a7
commit ce8c636eb5
8 changed files with 21 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
model/AdminpasswordHandler.php
View File

@ -80,7 +80,7 @@ class AdminpasswordHandler extends PFAHandler {
* check if old password is correct
*/
protected function _validate_oldpass($field, $val) {
$l = new Login('admin', 'username');
$l = new Login('admin');
if ($l->login($this->id, $val)) {
return true;
}

19
model/Login.php
View File

@ -3,11 +3,14 @@
class Login {
private $table;
private $id_field;
public function __construct(string $tableName, string $idField) {
public function __construct(string $tableName) {
$ok = ['mailbox', 'admin'];
if(!in_array($tableName, $ok)) {
throw new \InvalidArgumentException("Unsupported tableName for login: " . $tableName);
}
$this->table = table_by_key($tableName);
$this->id_field = $idField;
}
/**
@ -19,7 +22,7 @@ class Login {
*/
public function login($username, $password): bool {
$active = db_get_boolean(true);
$query = "SELECT password FROM {$this->table} WHERE {$this->id_field} = :username AND active = :active";
$query = "SELECT password FROM {$this->table} WHERE username = :username AND active = :active";
$values = array('username' => $username, 'active' => $active);
@ -45,7 +48,7 @@ class Login {
* @throws Exception
*/
public function generatePasswordRecoveryCode(string $username) {
$sql = "SELECT count(1) FROM {$this->table} WHERE {$this->id_field} = :username AND active = :active";
$sql = "SELECT count(1) FROM {$this->table} WHERE username = :username AND active = :active";
$active = db_get_boolean(true);
@ -58,7 +61,7 @@ class Login {
if ($result) {
$token = generate_password();
$updatedRows = db_update($this->table, $this->id_field, $username, array(
$updatedRows = db_update($this->table, 'username', $username, array(
'token' => pacrypt($token),
'token_validity' => date("Y-m-d H:i:s", strtotime('+ 1 hour')),
));
@ -85,9 +88,7 @@ class Login {
public function changePassword($username, $new_password, $old_password): bool {
list(/*NULL*/, $domain) = explode('@', $username);
$login = new Login($this->table, $this->id_field);
if (!$login->login($username, $old_password)) {
if (!$this->login($username, $old_password)) {
throw new \Exception(Config::Lang('pPassword_password_current_text_error'));
}

2
public/login.php
View File

@ -56,7 +56,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$h = new AdminHandler();
$login = new Login('admin', $h->getId_field());
$login = new Login('admin');
if ($login->login($fUsername, $fPassword)) {
init_session($fUsername, true);

4
public/users/login.php
View File

@ -46,9 +46,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
# (language preference cookie is processed even if username and/or password are invalid)
}
$h = new MailboxHandler();
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
;
if ($login->login($fUsername, $fPassword)) {
init_session($fUsername, false);

4
public/users/password-recover.php
View File

@ -70,12 +70,10 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") {
$tUsername = escape_string($username);
$table = $context === 'admin' ? 'admin' : 'mailbox';
$login = new Login($table, 'username');
$login = new Login($table);
$token = $login->generatePasswordRecoveryCode($tUsername);
$handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
if ($token !== false) {
$table = table_by_key($context === 'users' ? 'mailbox' : 'admin');
$row = db_query_one("SELECT * FROM $table WHERE username= :username", array('username' => $username));

4
public/users/password.php
View File

@ -57,9 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$error += 1;
}
$mh = new MailboxHandler();
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
if (!$login->login($username, $fPassword_current)) {
$error += 1;

7
public/xmlrpc.php
View File

@ -45,8 +45,7 @@ $server = new Zend_XmlRpc_Server();
* @return boolean true on success, else false.
*/
function login($username, $password) {
$h = new MailboxHandler();
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
if ($login->login($username, $password)) {
session_regenerate_id();
$_SESSION['authenticated'] = true;
@ -86,7 +85,7 @@ class UserProxy {
return false; // user doesn't exist.
}
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
try {
return $login->changePassword($username, $new_password, $old_password);
@ -101,7 +100,7 @@ class UserProxy {
* @return boolean true if successful.
*/
public function login($username, $password) {
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
return $login->login($username, $password);
}
}

6
tests/LoginTest.php
View File

@ -32,7 +32,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
}
public function testInvalidUsers() {
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
$this->assertFalse($login->login('test', 'password'));
$this->assertFalse($login->login('test', ''));
@ -41,7 +41,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
public function testValidLogin() {
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
$this->assertFalse($login->login('test', 'password'));
$this->assertFalse($login->login('test', 'foobar'));
@ -49,7 +49,7 @@ VALUES(:username, :password, :name, :maildir, :local_part, :domain)",
}
public function testPasswordRecovery() {
$login = new Login('mailbox', 'username');
$login = new Login('mailbox');
$this->assertFalse($login->generatePasswordRecoveryCode(''));
$this->assertFalse($login->generatePasswordRecoveryCode('doesnotexist'));
$this->assertNotEmpty($login->generatePasswordRecoveryCode('test@example.com'));