Skip to content
Snippets Groups Projects
Commit 8fcd6a56 authored by Jared Hancock's avatar Jared Hancock
Browse files

Enforce LOCKED and !CONFIRMED flags on clients

parent b8c3e5e7
Branches
Tags
No related merge requests found
......@@ -37,9 +37,9 @@ elseif ($thisclient) {
// Existing client (with an account) updating profile
else {
$user = User::lookup($thisclient->getId());
$content = Page::lookup(Page::lookupByType('registration-thanks'));
$content = Page::lookup(Page::getIdByType('registration-thanks'));
$inc = isset($_GET['confirmed'])
? 'registration.confirmed.inc.php' : 'profile.inc.php';
? 'register.confirmed.inc.php' : 'profile.inc.php';
}
}
......@@ -81,7 +81,7 @@ elseif ($_POST) {
if (!$errors) {
switch ($_POST['do']) {
case 'create':
$content = Page::lookup(Page::lookupByType('registration-confirm'));
$content = Page::lookup(Page::getIdByType('registration-confirm'));
$inc = 'register.confirm.inc.php';
$acct->sendResetEmail('registration-client');
}
......
......@@ -128,17 +128,23 @@ abstract class AuthenticationBackend {
// All backends are queried here, even if they don't support
// authentication so that extensions like lockouts and audits
// can be supported.
$result = $bk->authenticate($username, $password);
if ($result instanceof AuthenticatedUser
&& ($bk->login($result, $bk)))
return $result;
elseif ($result instanceof AccessDenied) {
try {
$result = $bk->authenticate($username, $password);
if ($result instanceof AuthenticatedUser
&& ($bk->login($result, $bk)))
return $result;
elseif ($result instanceof AccessDenied) {
break;
}
}
catch (AccessDenied $e) {
$result = $e;
break;
}
}
if (!$result)
$result = new AccessDenied('Access denied');
$result = new AccessDenied('Access denied');
if ($result && $result instanceof AccessDenied)
$errors['err'] = $result->reason;
......@@ -413,6 +419,15 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
|| !($authkey = $bk->getAuthKey($user)))
return false;
$acct = $user->getAccount();
if ($acct) {
if (!$acct->isConfirmed())
throw new AccessDenied('Account confirmation required');
elseif ($acct->isLocked())
throw new AccessDenied('Account is administratively locked');
}
//Tag the authkey.
$authkey = $bk::$id.':'.$authkey;
......@@ -482,9 +497,10 @@ abstract class UserAuthenticationBackend extends AuthenticationBackend {
/**
* This will be an exception in later versions of PHP
*/
class AccessDenied {
class AccessDenied extends Exception {
function __construct($reason) {
$this->reason = $reason;
parent::__construct($reason);
}
}
......
......@@ -59,6 +59,7 @@ abstract class TicketUser {
$vars = array(
'url' => $ost->getConfig()->getBaseUrl(),
'ticket' => $this->getTicket(),
'user' => $this,
'recipient' => $this);
$msg = $ost->replaceTemplateVariables(array(
......@@ -348,6 +349,7 @@ class ClientAccount extends ClientAccountModel {
$vars = array(
'url' => $ost->getConfig()->getBaseUrl(),
'token' => $token,
'user' => $this->getUser(),
'recipient' => $this->getUser(),
'link' => sprintf(
"%s/pwreset.php?token=%s",
......
......@@ -12,13 +12,13 @@ notes: >
verification. Please use %{link} somewhere in the body.
name: "Welcome to %{company.name}"
body: >
<h3><strong>Hi %{user.name.first},</strong></h3> We've created an
<h3><strong>Hi %{recipient.name.first},</strong></h3> We've created an
account for you at our help desk at %{url}.<br />
<br />
Please follow the link below to confirm your account and gain access to
your tickets.<br />
<br />
<a href="%{reset_link}">%{confirmation_link}</a><br />
<a href="%{link}">%{link}</a><br />
<br />
<em style="font-size: small">Your friendly Customer Support System<br
/>%{company.name}</em>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment