Resurrect the ticket access link

This is the mode of the system if account registration is disabled

Resurrect the ticket access link
00276456 · Jared Hancock · f32bd57e · 00276456 · 00276456 · 00276456
Commit 00276456 authored 11 years ago by Jared Hancock
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -800,6 +800,41 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
 }
 UserAuthenticationBackend::register('AuthTokenAuthentication');
+//Simple ticket lookup backend used to recover ticket access link.
+// We're using authentication backend so we can guard aganist brute force
+// attempts (which doesn't buy much since the link is emailed)
+class AccessLinkAuthentication extends UserAuthenticationBackend {
+    static $name = "Ticket Access Link Authentication";
+    static $id = "authlink";
+    function authenticate($email, $number) {
+        if (!($ticket = Ticket::lookupByNumber($number))
+                || !($user=User::lookup(array('emails__address' =>
+                            $email))))
+            return false;
+        //Ticket owner?
+        if ($ticket->getUserId() == $user->getId())
+            $user = $ticket->getOwner();
+        //Collaborator?
+        elseif (!($user = Collaborator::lookup(array('userId' =>
+                            $user->getId(), 'ticketId' =>
+                            $ticket->getId()))))
+            return false; //Bro, we don't know you!
+        return new ClientSession($user);
+    }
+    //We are not actually logging in the user....
+    function login($user, $bk) {
+        return true;
+    }
+}
+UserAuthenticationBackend::register('AccessLinkAuthentication');
 class osTicketClientAuthentication extends UserAuthenticationBackend {
    static $name = "Local Client Authentication";
    static $id = "client";

--- a/include/class.client.php
+++ b/include/class.client.php
@@ -51,9 +51,8 @@ abstract class TicketUser {
        global $ost;
        if (!($ticket = $this->getTicket())
-                || !($dept = $ticket->getDept())
+                || !($email = $ost->getConfig()->getDefaultEmail())
-                || !($email = $dept->getAutoRespEmail())
+                || !($content = Page::lookup(Page::getIdByType('access-link'))))
-                || !($tpl = $dept->getTemplate()->getMsgTemplate('user.accesslink')))
            return;
        $vars = array(
@@ -61,8 +60,13 @@ abstract class TicketUser {
            'ticket' => $this->getTicket(),
            'recipient' => $this);
-        $msg = $ost->replaceTemplateVariables($tpl->asArray(), $vars);
+        $msg = $ost->replaceTemplateVariables(array(
-        $email->send($this->getEmail(), $msg['subj'], $msg['body']);
+            'subj' => $content->getName(),
+            'body' => $content->getBody(),
+        ), $vars);
+        $email->send($this->getEmail(), Format::striptags($msg['subj']),
+            $msg['body']);
    }
    protected function getAuthToken($algo=1) {

--- a/include/client/accesslink.inc.php
+++ b/include/client/accesslink.inc.php
+<?php
+if(!defined('OSTCLIENTINC')) die('Access Denied');
+$email=Format::input($_POST['lemail']?$_POST['lemail']:$_GET['e']);
+$ticketid=Format::input($_POST['lticket']?$_POST['lticket']:$_GET['t']);
+?>
+<h1>Check Ticket Status</h1>
+<p>Please provide us with your email address and a ticket number, and an access
+link will be emailed to you.</p>
+<form action="login.php" method="post" id="clientLogin">
+    <?php csrf_token(); ?>
+<div style="display:table-row">
+    <div style="display:table-cell;width:40%">
+    <strong><?php echo Format::htmlchars($errors['login']); ?></strong>
+    <br>
+    <div>
+        <label for="email">E-Mail Address:</label><br/>
+        <input id="email" type="text" name="lemail" size="30" value="<?php echo $email; ?>">
+    </div>
+    <div>
+        <label for="ticketno">Ticket Number:</label><br/>
+        <input id="ticketno" type="text" name="lticket" size="16" value="<?php echo $ticketid; ?>"></td>
+    </div>
+    <p>
+        <input class="btn" type="submit" value="Email Access Link">
+    </p>
+    </div>
+    <div style="display:table-cell"></div>
+</div>
+</form>
+<br>
+<p>
+If this is your first time contacting us or you've lost the ticket number, please <a href="open.php">open a new ticket</a>.
+</p>
--- a/include/staff/settings-access.inc.php
+++ b/include/staff/settings-access.inc.php
@@ -141,7 +141,8 @@ if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin() || !$config)
    ?><a href="#ajax.php/content/<?php echo $content; ?>/manage"
    onclick="javascript:
        $.dialog($(this).attr('href').substr(1), 200);
-        return false;"><?php echo Format::htmlchars($title); ?></a><?php
+        return false;"><i class="icon-file-text"></i> <?php
+        echo Format::htmlchars($title); ?></a><?php
 }; ?>
        <tr><td>Password Reset Emails</td>
            <td><?php $manage_content('Staff Members', 'pwreset-staff'); ?>

--- a/login.php
+++ b/login.php
@@ -24,8 +24,12 @@ define('OSTCLIENTINC',TRUE); //make includes happy
 require_once(INCLUDE_DIR.'class.client.php');
 require_once(INCLUDE_DIR.'class.ticket.php');
-$inc = 'login.inc.php';
+if ($cfg->getClientRegistrationMode() == 'disabled')
-if ($_POST) {
+    $inc = 'accesslink.inc.php';
+else
+    $inc = 'login.inc.php';
+if ($_POST && isset($_POST['luser'])) {
    if (!$_POST['luser'])
        $errors['err'] = 'Valid username or email address is required';
    elseif (($user = UserAuthenticationBackend::process($_POST['luser'],
@@ -35,6 +39,21 @@ if ($_POST) {
        $errors['err'] = 'Invalid email or ticket number - try again!';
    }
 }
+elseif ($_POST && isset($_POST['lticket'])) {
+    if (!Validator::is_email($_POST['lemail']))
+        $errors['err'] = 'Valid email address and ticket number required';
+    elseif (($user = UserAuthenticationBackend::process($_POST['lemail'],
+            $_POST['lticket'], $errors))) {
+        // We're using authentication backend so we can guard aganist brute
+        // force attempts (which doesn't buy much since the link is emailed)
+        $user->sendAccessLink();
+        $msg = sprintf("%s - access link sent to your email!",
+            $user->getName()->getFirst());
+        $_POST = null;
+    } elseif(!$errors['err']) {
+        $errors['err'] = 'Invalid email or ticket number - try again!';
+    }
+}
 if (!$nav) {
    $nav = new UserNav();

--- a/scp/css/scp.css
+++ b/scp/css/scp.css
@@ -12,6 +12,10 @@ a {
    text-decoration:none;
 }
+.form_table a:hover {
+    text-decoration: underline;
+}
 .centered {
    text-align:center;
 }
@@ -544,6 +548,7 @@ a.print {
 .form_table td {
    border-bottom:1px solid #ddd;
+    height: 20px;
 }
 table.fixed {