mirror of https://github.com/MISP/MISP
Some bugs fixed
- Resetting the auth key for a user that doesn't exist created an empty user - change_pw showed an admin menu on the side - rerouting after an incorrect auth request fixed (users/index doesn't exist) - temporarily disabled the redirect after loginpull/217/head
parent
58f72ab4d1
commit
7fb1e6f70e
|
@ -337,7 +337,9 @@ class UsersController extends AppController {
|
|||
public function login() {
|
||||
if ($this->Auth->login()) {
|
||||
$this->extraLog("login"); // TODO Audit, extraLog, check: customLog i.s.o. extraLog, no auth user?: $this->User->customLog('login', $this->Auth->user('id'), array('title' => '','user_id' => $this->Auth->user('id'),'email' => $this->Auth->user('email'),'org' => 'IN2'));
|
||||
$this->redirect($this->Auth->redirect());
|
||||
// TODO removed the auto redirect for now, due to security concerns - will look more into this
|
||||
// $this->redirect($this->Auth->redirectUrl());
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
} else {
|
||||
// don't display authError before first login attempt
|
||||
if (str_replace("//","/",$this->webroot . $this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
|
||||
|
@ -395,10 +397,14 @@ class UsersController extends AppController {
|
|||
public function resetauthkey($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
||||
$this->redirect(array('action' => 'index'));
|
||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||
}
|
||||
// reset the key
|
||||
$this->User->id = $id;
|
||||
if (!$this->User->exists($id)) {
|
||||
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
|
||||
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
|
||||
}
|
||||
$this->User->read();
|
||||
if ('me' == $id ) $id = $this->Auth->user('id');
|
||||
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org'])) throw new MethodNotAllowedException();
|
||||
|
|
|
@ -14,16 +14,10 @@ echo $this->Form->end();
|
|||
</div>
|
||||
<div class="actions <?php echo $debugMode;?>">
|
||||
<ul class="nav nav-list">
|
||||
<li><?php echo $this->Html->link('New User', array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
|
||||
<li><?php echo $this->Html->link('List Users', array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
|
||||
<li class="divider"></li>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<li><?php echo $this->Html->link('New Role', array('controller' => 'roles', 'action' => 'add', 'admin' => true)); ?> </li>
|
||||
<?php endif; ?>
|
||||
<li><?php echo $this->Html->link('List Roles', array('controller' => 'roles', 'action' => 'index', 'admin' => true)); ?> </li>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<li class="divider"></li>
|
||||
<li><?php echo $this->Html->link('Contact users', array('controller' => 'users', 'action' => 'email', 'admin' => true)); ?> </li>
|
||||
<?php endif; ?>
|
||||
<li><a href="/users/news">News</a></li>
|
||||
<li><a href="/users/view/me">My Profile</a></li>
|
||||
<li><a href="/users/memberslist">Members List</a></li>
|
||||
<li><a href="/pages/display/doc/general">User Guide</a></li>
|
||||
<li><a href="/users/terms">Terms & Conditions</a></li>
|
||||
</ul>
|
||||
</div>
|
Loading…
Reference in New Issue