mirror of https://github.com/MISP/MISP
new: [API] exposed change_pw function to the API, fixes #4256
parent
c0216fcdde
commit
66ad17a1ee
|
@ -243,6 +243,10 @@ class RestResponseComponent extends Component
|
|||
'description' => "POST a body and a subject in a JSON to send an e-mail through MISP to the user ID given in the URL",
|
||||
'mandatory' => array('subject', 'body')
|
||||
),
|
||||
'change_pw' => array(
|
||||
'description' => "POST a password via a JSON object containing the password key to reset the given user\'s password.",
|
||||
'mandatory' => array('password')
|
||||
),
|
||||
'statistics' => array(
|
||||
'description' => 'Simply GET the url endpoint to view the API output of the statistics API. Additional statistics are available via the following tab-options similar to the UI: data, orgs, users, tags, attributehistogram, sightings, attackMatrix',
|
||||
'params' => array('tab'),
|
||||
|
|
|
@ -173,37 +173,63 @@ class UsersController extends AppController
|
|||
'recursive' => -1
|
||||
));
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
if (!isset($this->request->data['User'])) {
|
||||
$this->request->data = array('User' => $this->request->data);
|
||||
}
|
||||
$abortPost = false;
|
||||
if (Configure::read('Security.require_password_confirmation')) {
|
||||
if (!empty($this->request->data['User']['current_password'])) {
|
||||
$hashed = $this->User->verifyPassword($this->Auth->user('id'), $this->request->data['User']['current_password']);
|
||||
if (!$hashed) {
|
||||
$message = __('Invalid password. Please enter your current password to continue.');
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type());
|
||||
}
|
||||
$abortPost = true;
|
||||
$this->Flash->error('Invalid password. Please enter your current password to continue.');
|
||||
$this->Flash->error($message);
|
||||
}
|
||||
unset($this->request->data['User']['current_password']);
|
||||
} else {
|
||||
} else if (!$this->_isRest()) {
|
||||
$message = __('Please enter your current password to continue.');
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type());
|
||||
}
|
||||
$abortPost = true;
|
||||
$this->Flash->info('Please enter your current password to continue.');
|
||||
$this->Flash->info($message);
|
||||
}
|
||||
}
|
||||
if (!$abortPost) {
|
||||
// What fields should be saved (allowed to be saved)
|
||||
$user['User']['change_pw'] = 0;
|
||||
$user['User']['password'] = $this->request->data['User']['password'];
|
||||
$user['User']['confirm_password'] = $this->request->data['User']['confirm_password'];
|
||||
if ($this->_isRest()) {
|
||||
$user['User']['confirm_password'] = $this->request->data['User']['password'];
|
||||
} else {
|
||||
$user['User']['confirm_password'] = $this->request->data['User']['confirm_password'];
|
||||
}
|
||||
$temp = $user['User']['password'];
|
||||
// Save the data
|
||||
if ($this->User->save($user)) {
|
||||
$this->Flash->success(__('Password Changed.'));
|
||||
$this->_refreshAuth();
|
||||
$message = __('Password Changed.');
|
||||
$this->__extralog("change_pw");
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveSuccessResponse('User', 'change_pw', false, $this->response->type(), $message);
|
||||
}
|
||||
$this->Flash->success($message);
|
||||
$this->_refreshAuth();
|
||||
$this->redirect(array('action' => 'view', $id));
|
||||
} else {
|
||||
$this->Flash->error(__('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.'));
|
||||
$message = __('The password could not be updated. Make sure you meet the minimum password length / complexity requirements.');
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Users', 'change_pw', false, $message, $this->response->type());
|
||||
}
|
||||
$this->Flash->error($message);
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->describe('Users', 'change_pw', false, $this->response->type());
|
||||
}
|
||||
$this->loadModel('Server');
|
||||
$this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']);
|
||||
$this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']);
|
||||
|
@ -1256,7 +1282,7 @@ class UsersController extends AppController
|
|||
} elseif ($action == 'edit') {
|
||||
$description = "User (" . $this->User->id . "): " . $this->data['User']['email'];
|
||||
} elseif ($action == 'change_pw') {
|
||||
$description = "User (" . $this->User->id . "): " . $this->data['User']['email'];
|
||||
$description = "User (" . $this->User->id . "): " . $this->Auth->user('email');
|
||||
$fieldsResult = "Password changed.";
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue