MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Some bugs fixed 

- Resetting the auth key for a user that doesn't exist created an empty
user 

- change_pw showed an admin menu on the side

- rerouting after an incorrect auth request fixed (users/index doesn't
exist)

- temporarily disabled the redirect after login
pull/217/head
iglocska 2013-07-18 11:32:26 +02:00
parent 58f72ab4d1
commit 7fb1e6f70e
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/Controller/UsersController.php
View File

@ -337,7 +337,9 @@ class UsersController extends AppController {
public function login() {
if ($this->Auth->login()) {
$this->extraLog("login"); // TODO Audit, extraLog, check: customLog i.s.o. extraLog, no auth user?: $this->User->customLog('login', $this->Auth->user('id'), array('title' => '','user_id' => $this->Auth->user('id'),'email' => $this->Auth->user('email'),'org' => 'IN2'));
$this->redirect($this->Auth->redirect());
// TODO removed the auto redirect for now, due to security concerns - will look more into this
// $this->redirect($this->Auth->redirectUrl());
$this->redirect(array('controller' => 'events', 'action' => 'index'));
} else {
// don't display authError before first login attempt
if (str_replace("//","/",$this->webroot . $this->Session->read('Auth.redirect')) == $this->webroot && $this->Session->read('Message.auth.message') == $this->Auth->authError) {
@ -395,10 +397,14 @@ class UsersController extends AppController {
public function resetauthkey($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'index'));
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
}
// reset the key
$this->User->id = $id;
if (!$this->User->exists($id)) {
$this->Session->setFlash(__('Invalid id for user', true), 'default', array(), 'error');
$this->redirect(array('action' => 'view', $this->Auth->user('id')));
}
$this->User->read();
if ('me' == $id ) $id = $this->Auth->user('id');
else if (!$this->_isSiteAdmin() && !($this->_isAdmin() && $this->Auth->user('org') == $this->User->data['User']['org'])) throw new MethodNotAllowedException();

16
app/View/Users/change_pw.ctp
View File

@ -14,16 +14,10 @@ echo $this->Form->end();
</div>
<div class="actions <?php echo $debugMode;?>">
<ul class="nav nav-list">
<li><?php echo $this->Html->link('New User', array('controller' => 'users', 'action' => 'add', 'admin' => true)); ?> </li>
<li><?php echo $this->Html->link('List Users', array('controller' => 'users', 'action' => 'index', 'admin' => true)); ?> </li>
<li class="divider"></li>
<?php if ($isSiteAdmin): ?>
<li><?php echo $this->Html->link('New Role', array('controller' => 'roles', 'action' => 'add', 'admin' => true)); ?> </li>
<?php endif; ?>
<li><?php echo $this->Html->link('List Roles', array('controller' => 'roles', 'action' => 'index', 'admin' => true)); ?> </li>
<?php if ($isSiteAdmin): ?>
<li class="divider"></li>
<li><?php echo $this->Html->link('Contact users', array('controller' => 'users', 'action' => 'email', 'admin' => true)); ?> </li>
<?php endif; ?>
<li><a href="/users/news">News</a></li>
<li><a href="/users/view/me">My Profile</a></li>
<li><a href="/users/memberslist">Members List</a></li>
<li><a href="/pages/display/doc/general">User Guide</a></li>
<li><a href="/users/terms">Terms & Conditions</a></li>
</ul>
</div>