Skip to content

Commit

Permalink
feat(core): Add in user settings to force password change for a user …
Browse files Browse the repository at this point in the history 
…when logging
  • Loading branch information
@WoodySlum
WoodySlum committed Jul 11, 2023
1 parent 7600e9e commit 9918f75
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 35 deletions.
3 changes: 3 additions & 0 deletions SoObjects/SOGo/SOGoUserSettings.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
@class NSArray;
@class NSMutableDictionary;
@class NSString;
@class NSNumber;

@interface SOGoUserSettings : SOGoDefaultsSource

Expand All @@ -35,6 +36,8 @@
- (NSArray *) subscribedAddressBooks;
- (NSString *) userPrivateSalt;
- (NSString *) userPublicSalt;
- (void)enableForceResetPassword;
- (void)disableForceResetPassword;

@end

Expand Down
15 changes: 15 additions & 0 deletions SoObjects/SOGo/SOGoUserSettings.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,4 +116,19 @@ - (NSString *) userPrivateSalt
return salt;
}

- (void) enableForceResetPassword
{
[self setObject: [NSNumber numberWithInt:1] forKey: @"ForceResetPassword"];
[self synchronize];
}

- (void) disableForceResetPassword
{
if ([self objectForKey: @"ForceResetPassword"]) {
[self removeObjectForKey: @"ForceResetPassword"];
[self synchronize];
}
}


@end
83 changes: 49 additions & 34 deletions UI/MainUI/SOGoRootPage.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,7 @@ - (WOResponse *) connectAction

loggedInUser = [SOGoUser userWithLogin: username];
ud = [loggedInUser userDefaults];
us = [loggedInUser userSettings];

#if defined(MFA_CONFIG)
if ([ud totpEnabled])
Expand Down Expand Up @@ -309,7 +310,6 @@ - (WOResponse *) connectAction
} // if ([verificationCode length] == 6 && [verificationCode unsignedIntValue] > 0)
else
{
us = [loggedInUser userSettings];
if ([us dictionaryForKey: @"General"] && ![[us dictionaryForKey: @"General"] objectForKey: @"PrivateSalt"])
{
// Since v5.3.0, a new salt is used for TOTP. If it's missing, disable TOTP and alert the user.
Expand All @@ -331,39 +331,43 @@ - (WOResponse *) connectAction
}
}
#endif

[self _checkAutoReloadWebCalendars: loggedInUser];

[json setObject: [loggedInUser cn]
forKey: @"cn"];
[json setObject: [NSNumber numberWithInt: expire]
forKey: @"expire"];
[json setObject: [NSNumber numberWithInt: grace]
forKey: @"grace"];

response = [self responseWithStatus: 200
andJSONRepresentation: json];

authCookie = [auth cookieWithUsername: username
andPassword: password
inContext: context];
[response addCookie: authCookie];

// We prepare the XSRF protection cookie
creds = [auth parseCredentials: [authCookie value]];
xsrfCookie = [WOCookie cookieWithName: @"XSRF-TOKEN"
value: [[SOGoSession valueForSessionKey: [creds lastObject]] asSHA1String]];
[xsrfCookie setPath: [NSString stringWithFormat: @"/%@/", [[context request] applicationName]]];
[response addCookie: xsrfCookie];

supportedLanguages = [[SOGoSystemDefaults sharedSystemDefaults]
supportedLanguages];
[context setActiveUser: loggedInUser];
if (language && [supportedLanguages containsObject: language])
{
[ud setLanguage: language];
[ud synchronize];
}

if ([us objectForKey: @"ForceResetPassword"]) {
response = [self _responseWithLDAPPolicyError: PolicyPasswordExpired];
} else {
[self _checkAutoReloadWebCalendars: loggedInUser];

[json setObject: [loggedInUser cn]
forKey: @"cn"];
[json setObject: [NSNumber numberWithInt: expire]
forKey: @"expire"];
[json setObject: [NSNumber numberWithInt: grace]
forKey: @"grace"];

response = [self responseWithStatus: 200
andJSONRepresentation: json];

authCookie = [auth cookieWithUsername: username
andPassword: password
inContext: context];
[response addCookie: authCookie];

// We prepare the XSRF protection cookie
creds = [auth parseCredentials: [authCookie value]];
xsrfCookie = [WOCookie cookieWithName: @"XSRF-TOKEN"
value: [[SOGoSession valueForSessionKey: [creds lastObject]] asSHA1String]];
[xsrfCookie setPath: [NSString stringWithFormat: @"/%@/", [[context request] applicationName]]];
[response addCookie: xsrfCookie];

supportedLanguages = [[SOGoSystemDefaults sharedSystemDefaults]
supportedLanguages];
[context setActiveUser: loggedInUser];
if (language && [supportedLanguages containsObject: language])
{
[ud setLanguage: language];
[ud synchronize];
}
}
}
else
{
Expand Down Expand Up @@ -691,6 +695,8 @@ - (WOResponse *) changePasswordAction
WOResponse *response;
WORequest *request;
BOOL passwordRecovery;
SOGoUserSettings *us;
SOGoUser *loggedInUser;

request = [context request];
message = [[request contentAsString] objectFromJSONString];
Expand Down Expand Up @@ -772,6 +778,15 @@ - (WOResponse *) changePasswordAction
username = [NSString stringWithFormat: @"%@@%@", username, domain];
}

loggedInUser = [SOGoUser userWithLogin: username];

if (loggedInUser) {
us = [loggedInUser userSettings];
if (us && [us objectForKey: @"ForceResetPassword"]) {
[us disableForceResetPassword];
}
}

response = [self responseWith204];
if (!passwordRecovery) {
authCookie = [auth cookieWithUsername: username
Expand Down
4 changes: 3 additions & 1 deletion UI/WebServerResources/js/Main/Main.app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,9 @@
this.passwords.newPasswordConfirmation && this.passwords.newPasswordConfirmation.length &&
this.passwords.newPassword == this.passwords.newPasswordConfirmation &&
((this.isInPasswordRecoveryMode()) ||
(!this.loginState && this.passwords.oldPassword && this.passwords.oldPassword.length > 0)))
(!this.loginState && this.passwords.oldPassword && this.passwords.oldPassword.length > 0) ||
('passwordchange' == this.loginState && this.passwords.oldPassword && this.passwords.oldPassword.length > 0)
))
return true;

return false;
Expand Down

0 comments on commit 9918f75

Please sign in to comment.