1 |
michel |
1.1 |
diff -urN smeserver-manager-0.1.4.old/createlinks smeserver-manager-0.1.4/createlinks |
2 |
|
|
--- smeserver-manager-0.1.4.old/createlinks 2021-06-21 13:25:10.000000000 +0400 |
3 |
|
|
+++ smeserver-manager-0.1.4/createlinks 2022-07-18 14:14:26.458000000 +0400 |
4 |
|
|
@@ -47,3 +47,8 @@ |
5 |
|
|
|
6 |
|
|
event_link('systemd-default', "smeserver-manager-update", '88'); |
7 |
|
|
event_link('systemd-reload', "smeserver-manager-update", '89'); |
8 |
|
|
+ |
9 |
|
|
+use esmith::Build::Backup qw(:all); |
10 |
|
|
+backup_includes("smeserver-manager", qw( |
11 |
|
|
+/usr/share/smanager/data |
12 |
|
|
+)); |
13 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass smeserver-manager-0.1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass |
14 |
|
|
--- smeserver-manager-0.1.4.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass 2022-07-17 20:31:12.000000000 +0400 |
15 |
|
|
+++ smeserver-manager-0.1.4/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass 2022-07-17 21:08:53.332000000 +0400 |
16 |
|
|
@@ -27,19 +27,17 @@ |
17 |
|
|
$OUT .= " RequestHeader set X-Forwarded-Proto 'http'\n"; |
18 |
|
|
|
19 |
|
|
$OUT .= " <Location '/$place'>\n"; |
20 |
|
|
- $OUT .= " order deny,allow\n"; |
21 |
|
|
- $OUT .= " deny from all\n"; |
22 |
|
|
if ($port eq $plainPort) |
23 |
|
|
{ |
24 |
|
|
- $OUT .= ' allow from 127.0.0.1' . "\n"; |
25 |
|
|
+ $OUT .= ' Require ip 127.0.0.1' . "\n"; |
26 |
|
|
} |
27 |
|
|
elsif (($haveSSL eq 'yes') && ($port eq $sslPort) && ($adminAccess eq 'public')) |
28 |
|
|
{ |
29 |
|
|
$OUT .= "# public access requested in conf db\n"; |
30 |
|
|
- $OUT .= " allow from all\n"; |
31 |
|
|
+ $OUT .= " Require all granted\n"; |
32 |
|
|
} else { |
33 |
|
|
$OUT .= "# private access by default\n"; |
34 |
|
|
- $OUT .= " allow from $localAccess $externalSSLAccess\n"; |
35 |
|
|
+ $OUT .= " Require ip $localAccess $externalSSLAccess\n"; |
36 |
|
|
} |
37 |
|
|
$OUT .= " </Location>\n"; |
38 |
|
|
} |
39 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/conf/srvmngr.conf/25Pwdrst smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/conf/srvmngr.conf/25Pwdrst |
40 |
|
|
--- smeserver-manager-0.1.4.old/root/etc/e-smith/templates/usr/share/smanager/conf/srvmngr.conf/25Pwdrst 1970-01-01 04:00:00.000000000 +0400 |
41 |
|
|
+++ smeserver-manager-0.1.4/root/etc/e-smith/templates/usr/share/smanager/conf/srvmngr.conf/25Pwdrst 2022-01-24 20:32:49.549000000 +0400 |
42 |
|
|
@@ -0,0 +1,4 @@ |
43 |
|
|
+ # password reset disabled by default |
44 |
|
|
+ pwdreset => { ($smanager{'PwdReset'} eq 'enabled' ? '1' : '0') || '0' }, |
45 |
|
|
+ # reset delay in hours |
46 |
|
|
+ pwdreset_delay => 2, |
47 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/conf/admin_muttrc smeserver-manager-0.1.4/root/usr/share/smanager/conf/admin_muttrc |
48 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/conf/admin_muttrc 1970-01-01 04:00:00.000000000 +0400 |
49 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/conf/admin_muttrc 2022-01-24 20:32:49.549000000 +0400 |
50 |
|
|
@@ -0,0 +1,5 @@ |
51 |
|
|
+set from = "admin" |
52 |
|
|
+set realname = "Administrator" |
53 |
|
|
+set record = "/usr/share/smanager/log/mail_sent" |
54 |
|
|
+##set content_type = "text/html" |
55 |
|
|
+ |
56 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Login.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Login.pm |
57 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Login.pm 2021-06-21 13:25:10.000000000 +0400 |
58 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Login.pm 2022-01-24 20:32:49.550000000 +0400 |
59 |
|
|
@@ -7,6 +7,8 @@ |
60 |
|
|
# for information |
61 |
|
|
# $r->get('/login')->to('login#main')->name('login'); |
62 |
|
|
# $r->post('/login')->to('login#login')->name('signin'); |
63 |
|
|
+# $r->get('/login2')->to('login#pwdrescue')->name('pwdresc'); |
64 |
|
|
+# $r->get('/loginc')->to('login#confpwd')->name('resetpwdconf'); |
65 |
|
|
# for information |
66 |
|
|
|
67 |
|
|
use strict; |
68 |
|
|
@@ -47,6 +49,18 @@ |
69 |
|
|
|
70 |
|
|
my $trt = $c->param('Trt'); |
71 |
|
|
|
72 |
|
|
+ # password reset request |
73 |
|
|
+ if ( $trt eq 'RESET' ) { |
74 |
|
|
+ my $res = $c->mail_rescue(); |
75 |
|
|
+ if ( $res ne 'OK' ) { |
76 |
|
|
+ $c->stash( error => $res, trt => $trt ); |
77 |
|
|
+ return $c->render('login'); |
78 |
|
|
+ } |
79 |
|
|
+ $c->flash( success => $c->l('use_RESET_REGISTERED') ); |
80 |
|
|
+ record_login_attempt($c, 'RESET'); |
81 |
|
|
+ return $c->redirect_to( $c->home_page ); |
82 |
|
|
+ } |
83 |
|
|
+ |
84 |
|
|
# normal loggin |
85 |
|
|
my $name = $c->param('Username'); |
86 |
|
|
my $pass = $c->param('Password'); |
87 |
|
|
@@ -64,7 +78,6 @@ |
88 |
|
|
return $c->render('login'); |
89 |
|
|
} |
90 |
|
|
|
91 |
|
|
- |
92 |
|
|
my $alias = SrvMngr::Model::Main->check_adminalias( $c ); |
93 |
|
|
if ( $alias ) { |
94 |
|
|
if ( $name eq $alias ) { |
95 |
|
|
@@ -79,13 +92,14 @@ |
96 |
|
|
if (SrvMngr::Model::Main->check_credentials($name, $pass)) { |
97 |
|
|
$c->session(logged_in => 1); # set the logged_in flag |
98 |
|
|
$c->session(username => $name); # keep a copy of the username |
99 |
|
|
-# if ( $name eq 'admin' || $adb->is_user_in_group($name, 'AdmiN') ) { # for futur use |
100 |
|
|
+# if ( $name eq 'admin' || $adb->is_user_in_group($name, 'AdmiN') ) # for futur use |
101 |
|
|
if ( $name eq 'admin' ) { |
102 |
|
|
$c->session(is_admin => 1); |
103 |
|
|
} else { |
104 |
|
|
$c->session(is_admin => 0); |
105 |
|
|
} |
106 |
|
|
$c->session(expiration => 600); # expire this session in 10 minutes |
107 |
|
|
+ |
108 |
|
|
$c->flash( success => $c->l('use_WELCOME') ); |
109 |
|
|
record_login_attempt($c, 'SUCCESS'); |
110 |
|
|
} else { |
111 |
|
|
@@ -102,6 +116,68 @@ |
112 |
|
|
} |
113 |
|
|
|
114 |
|
|
|
115 |
|
|
+sub pwdrescue { |
116 |
|
|
+ |
117 |
|
|
+ my $c = shift; |
118 |
|
|
+ |
119 |
|
|
+ $c->stash( trt => 'RESET' ); |
120 |
|
|
+ |
121 |
|
|
+ $c->render('login'); |
122 |
|
|
+ |
123 |
|
|
+} |
124 |
|
|
+ |
125 |
|
|
+ |
126 |
|
|
+sub mail_rescue { |
127 |
|
|
+ |
128 |
|
|
+ my $c = shift; |
129 |
|
|
+ my $name = $c->param('Username'); |
130 |
|
|
+ my $from = $c->param('From'); |
131 |
|
|
+ |
132 |
|
|
+ my $res; |
133 |
|
|
+ |
134 |
|
|
+ $res .= $c->l('use_TOO_MANY_LOGIN') if ( is_denied($c) ); |
135 |
|
|
+ |
136 |
|
|
+# untaint |
137 |
|
|
+ if ( ! $res && $name !~ /^([a-z][\-\_\.a-z0-9]*)$/ ) { |
138 |
|
|
+ record_login_attempt($c, 'FAILED'); |
139 |
|
|
+ $res .= $c->l('use_ERR_NAME'); |
140 |
|
|
+ } |
141 |
|
|
+ |
142 |
|
|
+ if ( ! $res && $name eq 'admin' ) { |
143 |
|
|
+ $res .= $c->l('use_NOT_THAT_OPER'); |
144 |
|
|
+ } |
145 |
|
|
+ |
146 |
|
|
+# user exists ? |
147 |
|
|
+ if ( ! $res ) { |
148 |
|
|
+ my $acct = $adb->get($name); |
149 |
|
|
+ if ( ! $acct || $acct->prop('type') ne "user" || $acct->prop('PasswordSet') ne 'yes' ) { |
150 |
|
|
+ $res .= $c->l('use_NOT_THAT_OPER'); |
151 |
|
|
+ } |
152 |
|
|
+ } |
153 |
|
|
+ |
154 |
|
|
+ return $res if $res; |
155 |
|
|
+ |
156 |
|
|
+# send email |
157 |
|
|
+ my $email = $name .'@'. $c->session->{DomainName}; |
158 |
|
|
+ my $until = time() + $RESET_DURATION; |
159 |
|
|
+ |
160 |
|
|
+ $c->pwdrst->{$name} = { |
161 |
|
|
+ email => $email, |
162 |
|
|
+ date => $until, |
163 |
|
|
+ confirmed => 0, |
164 |
|
|
+ }; |
165 |
|
|
+ my $jwt = $c->jwt->claims({username => $name})->encode; |
166 |
|
|
+ my $url = $c->url_for('loginc')->to_abs->query(jwt => $jwt); |
167 |
|
|
+ |
168 |
|
|
+# $c->email( $email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url) ) ); |
169 |
|
|
+# directly (without minion) |
170 |
|
|
+ $c->send_email( $email, $c->l('use_CONFIRM_RESET'), $c->render_to_string(inline => $c->l('use_GO_TO_URL', $url) ) ); |
171 |
|
|
+ |
172 |
|
|
+ return 'OK'; |
173 |
|
|
+ |
174 |
|
|
+} |
175 |
|
|
+ |
176 |
|
|
+ |
177 |
|
|
sub logout { |
178 |
|
|
|
179 |
|
|
my $c = shift; |
180 |
|
|
@@ -109,19 +185,52 @@ |
181 |
|
|
|
182 |
|
|
$c->session( expires => 1 ); |
183 |
|
|
$c->flash( success => $c->l('use_BYE') ); |
184 |
|
|
+ $c->flash( error => 'Byegood' ); |
185 |
|
|
|
186 |
|
|
$c->redirect_to( $c->home_page ); |
187 |
|
|
|
188 |
|
|
} |
189 |
|
|
|
190 |
|
|
|
191 |
|
|
+sub confpwd { |
192 |
|
|
+ |
193 |
|
|
+ my $c = shift; |
194 |
|
|
+ |
195 |
|
|
+ my $jwt = $c->param('jwt'); |
196 |
|
|
+ my $name = $c->jwt->decode($jwt)->{username}; |
197 |
|
|
+ |
198 |
|
|
+ # request already treated or outdated |
199 |
|
|
+ if ( $c->pwdrst->{$name}{confirmed} != 0 or $c->pwdrst->{$name}{date} < time() ) { |
200 |
|
|
+ $c->flash( error => $c->l('use_INVALID_REQUEST')); |
201 |
|
|
+ return $c->redirect_to( $c->home_page ); |
202 |
|
|
+ } |
203 |
|
|
+ |
204 |
|
|
+ # reset password for this account |
205 |
|
|
+ $c->pwdrst->{$name}{confirmed} = 1; |
206 |
|
|
+ |
207 |
|
|
+ $c->flash( success => $c->l('use_OK_FOR_RESET') ); |
208 |
|
|
+ |
209 |
|
|
+ # call userpassword with encoded name |
210 |
|
|
+ my $url = $c->url_for('userpasswordr')->to_abs->query(jwt => $jwt); |
211 |
|
|
+ # warn "confpwd: " . $url . "\n"; |
212 |
|
|
+ |
213 |
|
|
+ return $c->redirect_to( $url ); |
214 |
|
|
+ |
215 |
|
|
+} |
216 |
|
|
+ |
217 |
|
|
+ |
218 |
|
|
sub record_login_attempt { |
219 |
|
|
+ |
220 |
|
|
my ($c, $result) = @_; |
221 |
|
|
|
222 |
|
|
my $user = $c->param('Username'); |
223 |
|
|
my $ip_address = $c->tx->remote_address; |
224 |
|
|
|
225 |
|
|
- if ($result eq 'SUCCESS') { |
226 |
|
|
+ if ($result eq 'RESET') { |
227 |
|
|
+ |
228 |
|
|
+ $c->app->log->info(join "\t", "Password reset requested for : $user at ", $ip_address); |
229 |
|
|
+ |
230 |
|
|
+ } elsif ($result eq 'SUCCESS') { |
231 |
|
|
|
232 |
|
|
$c->app->log->info(join "\t", "Login succeeded: $user", $ip_address); |
233 |
|
|
$Login_Attempts{$ip_address}->{tries} = 0; # reset the number of login attempts |
234 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Userpassword.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Userpassword.pm |
235 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Userpassword.pm 2020-11-19 11:53:26.000000000 +0400 |
236 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Userpassword.pm 2022-07-11 23:14:53.574000000 +0400 |
237 |
|
|
@@ -33,8 +33,29 @@ |
238 |
|
|
$pwd_datas{Account} = $c->session->{username}; |
239 |
|
|
$pwd_datas{trt} = 'NORM'; |
240 |
|
|
} else { |
241 |
|
|
- $c->stash( error => 'Invalid state' ); |
242 |
|
|
- return $c->redirect_to ( $c->home_page ); |
243 |
|
|
+ my $rt = $c->current_route; |
244 |
|
|
+ my $mess = ''; |
245 |
|
|
+ my $jwt = $c->param('jwt') || ''; |
246 |
|
|
+ my $name = $c->jwt->decode($jwt)->{username} || ''; |
247 |
|
|
+ |
248 |
|
|
+ $mess = 'Invalid state' unless ($jwt and $name and $rt eq 'upwdreset'); |
249 |
|
|
+ |
250 |
|
|
+ # request already treated or outdated |
251 |
|
|
+ if ( $c->pwdrst->{$name}{confirmed} != 1 or $c->pwdrst->{$name}{date} < time() ) { |
252 |
|
|
+ $mess = $c->l('use_INVALID_REQUEST').' -step 1-'; |
253 |
|
|
+ } |
254 |
|
|
+ |
255 |
|
|
+ if ( $mess ) { |
256 |
|
|
+ $c->stash( error => $mess ); |
257 |
|
|
+ return $c->redirect_to ( $c->home_page ); |
258 |
|
|
+ } |
259 |
|
|
+ |
260 |
|
|
+ # ok for reset password for this account - step 2 |
261 |
|
|
+ $c->pwdrst->{$name}{confirmed} = 2; |
262 |
|
|
+ $pwd_datas{Account} = $name; |
263 |
|
|
+ $pwd_datas{trt} = 'RESET'; |
264 |
|
|
+ $pwd_datas{jwt} = $jwt; |
265 |
|
|
+ $c->flash( success => $c->l('use_OK_FOR_RESET') ); |
266 |
|
|
} |
267 |
|
|
|
268 |
|
|
$c->stash( pwd_datas => \%pwd_datas ); |
269 |
|
|
@@ -55,6 +76,31 @@ |
270 |
|
|
my $pass = $c->param('Pass'); |
271 |
|
|
my $passVerify = $c->param('Passverify'); |
272 |
|
|
|
273 |
|
|
+ my $jwt = $c->param('jwt') || ''; |
274 |
|
|
+ my $rt = $c->current_route; |
275 |
|
|
+ my $mess = ''; my $name = ''; |
276 |
|
|
+ $name = $c->jwt->decode($jwt)->{username} if $jwt; |
277 |
|
|
+ |
278 |
|
|
+ if ( $trt eq 'RESET' ) { |
279 |
|
|
+ $mess = 'Invalid state' unless ($jwt and $name and ($rt eq 'upwdreset2')); |
280 |
|
|
+ # request already treated or outdated |
281 |
|
|
+ if ( $c->pwdrst->{$name}{confirmed} != 2 or $c->pwdrst->{$name}{date} < time() ) { |
282 |
|
|
+ $mess = $c->l('use_INVALID_REQUEST').' -step 2-'; |
283 |
|
|
+ } |
284 |
|
|
+ if ( ! $name or $c->is_logged_in or $name ne $acctName ) { |
285 |
|
|
+ $mess = 'Invalid reset state'; |
286 |
|
|
+ } |
287 |
|
|
+ } else { |
288 |
|
|
+ if ( $name or $jwt or ! $c->is_logged_in ) { |
289 |
|
|
+ $mess = 'Invalid update state'; |
290 |
|
|
+ } |
291 |
|
|
+ } |
292 |
|
|
+ |
293 |
|
|
+ if ( $mess ) { |
294 |
|
|
+ $c->stash( error => $mess ); |
295 |
|
|
+ return $c->redirect_to ( $c->home_page ); |
296 |
|
|
+ } |
297 |
|
|
+ |
298 |
|
|
$pwd_datas{Account} = $acctName; |
299 |
|
|
$pwd_datas{trt} = $trt; |
300 |
|
|
|
301 |
|
|
@@ -79,8 +125,10 @@ |
302 |
|
|
$res = $c->check_password( $pass ); |
303 |
|
|
$result .= $res . "<br>" unless ( $res eq 'OK' ); |
304 |
|
|
|
305 |
|
|
+ # controls old password |
306 |
|
|
+ if ( $trt ne 'RESET' ) { |
307 |
|
|
unless ( $oldPass ) { |
308 |
|
|
- $result .= $c->l('pwd_FIELDS_REQUIRED') . "<br>"; |
309 |
|
|
+ $result .= $c->l('pwd_FIELDS_REQUIRED') . "<br>" unless $trt eq 'RESET'; |
310 |
|
|
} else { |
311 |
|
|
$result .= $c->l('pwd_PASSWORD_OLD_INVALID_CHARS') . "<br>" unless (($oldPass) = ($oldPass =~ /^(\S+)$/ )); |
312 |
|
|
} |
313 |
|
|
@@ -91,8 +139,11 @@ |
314 |
|
|
} |
315 |
|
|
|
316 |
|
|
# verify old password |
317 |
|
|
- $result .= $c->l('pwd_ERROR_PASSWORD_CHANGE') . "<br>" |
318 |
|
|
- unless (SrvMngr::Model::Main->check_credentials($acctName, $oldPass)); |
319 |
|
|
+ if ( $trt ne 'RESET') { |
320 |
|
|
+ $result .= $c->l('pwd_ERROR_PASSWORD_CHANGE') . "<br>" |
321 |
|
|
+ unless (SrvMngr::Model::Main->check_credentials($acctName, $oldPass)); |
322 |
|
|
+ } |
323 |
|
|
+ } |
324 |
|
|
|
325 |
|
|
# $result .= 'Blocked for test (prevents updates)<br>'; |
326 |
|
|
|
327 |
|
|
@@ -107,6 +158,7 @@ |
328 |
|
|
return $c->render( 'userpassword' ); |
329 |
|
|
} |
330 |
|
|
|
331 |
|
|
+ $c->pwdrst->{$name}{confirmed} = 9 if $trt eq 'RESET'; |
332 |
|
|
record_password_change_attempt($c, 'SUCCESS'); |
333 |
|
|
$result .= $c->l('pwd_PASSWORD_CHANGE_SUCCESS'); |
334 |
|
|
$c->flash( success => $result ); |
335 |
|
|
@@ -127,7 +179,8 @@ |
336 |
|
|
my $acct = $adb->get($user); |
337 |
|
|
return $c->l('NO_SUCH_USER', $user) unless ( $acct->prop('type') eq 'user' ); |
338 |
|
|
|
339 |
|
|
- $ret = esmith::util::setUserPasswordRequirePrevious( $user, $oldpassword, $password ); |
340 |
|
|
+ $ret = esmith::util::setUserPasswordRequirePrevious( $user, $oldpassword, $password ) if $trt ne 'RESET'; |
341 |
|
|
+ $ret = esmith::util::setUserPassword( $user, $password ) if $trt eq 'RESET'; |
342 |
|
|
|
343 |
|
|
return $c->l('pwd_ERROR_PASSWORD_CHANGE') .' '. $trt unless $ret; |
344 |
|
|
|
345 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Login/login_en.lex smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Login/login_en.lex |
346 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Login/login_en.lex 2020-11-19 11:53:26.000000000 +0400 |
347 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Login/login_en.lex 2022-01-24 20:32:49.551000000 +0400 |
348 |
|
|
@@ -20,3 +20,4 @@ |
349 |
|
|
use_DESC_RESET => 'Please enter an account name for a password reset !', |
350 |
|
|
use_RESET => 'Reset Password', |
351 |
|
|
use_OK_FOR_RESET => 'You are about to reset your user account password', |
352 |
|
|
+use_INVALID_REQUEST => 'Error: your request is invalid or outdated', |
353 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr.pm |
354 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr.pm 2022-07-17 20:31:12.000000000 +0400 |
355 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr.pm 2022-07-18 13:53:55.920000000 +0400 |
356 |
|
|
@@ -15,6 +15,9 @@ |
357 |
|
|
use Mojo::File qw( path ); |
358 |
|
|
use Mojo::Home; |
359 |
|
|
|
360 |
|
|
+use DBM::Deep; |
361 |
|
|
+use Mojo::JWT; |
362 |
|
|
+ |
363 |
|
|
use Mojolicious::Plugin::Config; |
364 |
|
|
#use Mojolicious::Plugin::I18N; |
365 |
|
|
|
366 |
|
|
@@ -23,7 +26,7 @@ |
367 |
|
|
use SrvMngr::Model::Main; |
368 |
|
|
|
369 |
|
|
|
370 |
|
|
-our $VERSION = '1.411'; |
371 |
|
|
+our $VERSION = '1.417'; |
372 |
|
|
$VERSION = eval $VERSION; |
373 |
|
|
|
374 |
|
|
use Exporter 'import'; |
375 |
|
|
@@ -168,6 +171,30 @@ |
376 |
|
|
|
377 |
|
|
$self->plugin( Config => { file => $self->config_file()} ); |
378 |
|
|
|
379 |
|
|
+ $self->helper( send_email => sub { |
380 |
|
|
+ my ($c, $address, $subject, $body) = @_; |
381 |
|
|
+ |
382 |
|
|
+ if (not defined $body) { |
383 |
|
|
+ warn "send_email: Need 3 parameters (Address, Subject, Body)\n"; |
384 |
|
|
+ return; |
385 |
|
|
+ } |
386 |
|
|
+ |
387 |
|
|
+ my $rcfile = $c->app->conf_dir().'/admin_muttrc'; |
388 |
|
|
+ |
389 |
|
|
+ #warn "send_email: $rcfile * $address\n"; #$rcfile $subject $address\n"; |
390 |
|
|
+ system( "/bin/echo \"$body\" | /usr/bin/mutt -F $rcfile -s \"$subject\" \"$address\"" ) == 0 |
391 |
|
|
+ or warn "error sendmail: $address \n"; # $subject"; |
392 |
|
|
+ }); |
393 |
|
|
+ |
394 |
|
|
+ $self->helper( pwdrst => sub { |
395 |
|
|
+ my $c = shift; |
396 |
|
|
+ my $file = $c->app->data_dir().'/pwdrst.db'; |
397 |
|
|
+ state $db = DBM::Deep->new($file); |
398 |
|
|
+ }); |
399 |
|
|
+ |
400 |
|
|
+ $self->helper( jwt => sub { |
401 |
|
|
+ Mojo::JWT->new(secret => shift->app->secrets->[0] || die) |
402 |
|
|
+ }); |
403 |
|
|
|
404 |
|
|
} |
405 |
|
|
|
406 |
|
|
@@ -222,6 +249,14 @@ |
407 |
|
|
$r->get('/manual')->to('manual#main')->name('manual'); |
408 |
|
|
$r->get('/support')->to('support#main')->name('support'); |
409 |
|
|
|
410 |
|
|
+ # Password reset allowed for this server |
411 |
|
|
+ if ( ( $self->config->{pwdreset} || '0') == 1 ) { |
412 |
|
|
+ $r->get('/login2')->to('login#pwdrescue')->name('pwdresc'); |
413 |
|
|
+ $r->get('/loginc')->to('login#confpwd')->name('resetpwdconf'); |
414 |
|
|
+ $r->get('/userpasswordr')->to('userpassword#main')->name('upwdreset'); |
415 |
|
|
+ $r->post('/userpasswordr')->to('userpassword#change_password')->name('upwdreset2'); |
416 |
|
|
+ } |
417 |
|
|
+ |
418 |
|
|
my $if_logged_in = $r->under( sub { |
419 |
|
|
my $c =shift; |
420 |
|
|
return $c->is_logged_in || $c->auth_fail($c->l("acs_LOGIN")); |
421 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/t/001_load.t smeserver-manager-0.1.4/root/usr/share/smanager/t/001_load.t |
422 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/t/001_load.t 2021-06-21 13:25:11.000000000 +0400 |
423 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/t/001_load.t 2022-01-24 20:32:49.551000000 +0400 |
424 |
|
|
@@ -2,7 +2,7 @@ |
425 |
|
|
|
426 |
|
|
plan skip_all => 'unset QUICK_TEST to enable this test' if $ENV{QUICK_TEST}; |
427 |
|
|
|
428 |
|
|
-plan tests => 6; |
429 |
|
|
+plan tests => 8; |
430 |
|
|
|
431 |
|
|
use FindBin; |
432 |
|
|
use lib "$FindBin::Bin/../lib"; |
433 |
|
|
@@ -15,3 +15,5 @@ |
434 |
|
|
use_ok('Mojolicious::Plugin::RenderFile'); |
435 |
|
|
use_ok('Mojolicious::Plugin::CSRFDefender'); |
436 |
|
|
use_ok('Net::Netmask'); |
437 |
|
|
+use_ok('DBM::Deep'); |
438 |
|
|
+use_ok('Mojo::JWT'); |
439 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/login.html.ep smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/login.html.ep |
440 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/login.html.ep 2022-07-17 20:31:12.000000000 +0400 |
441 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/login.html.ep 2022-01-24 20:32:49.552000000 +0400 |
442 |
|
|
@@ -4,7 +4,7 @@ |
443 |
|
|
|
444 |
|
|
<div id='module' class='module login-panel'> |
445 |
|
|
|
446 |
|
|
- %if ($config->{debug} == 1) { |
447 |
|
|
+ %if ( config 'debug' ) { |
448 |
|
|
<p> |
449 |
|
|
%= dumper $c->current_route |
450 |
|
|
%if ( stash 'trt' ) { |
451 |
|
|
@@ -19,7 +19,13 @@ |
452 |
|
|
</div> |
453 |
|
|
%} |
454 |
|
|
|
455 |
|
|
- % my $btn = l('use_SIGNIN'); |
456 |
|
|
+% my $btn = l('use_SIGNIN'); |
457 |
|
|
+% if ( $trt eq 'RESET' ) { |
458 |
|
|
+ <br><div class=sme-error><h2> |
459 |
|
|
+ %= $c->render_to_string(inline => l 'use_DESC_RESET') |
460 |
|
|
+ </h2></div> |
461 |
|
|
+ % $btn = l('use_RESET'); |
462 |
|
|
+%} |
463 |
|
|
|
464 |
|
|
<h1> |
465 |
|
|
%=l 'use_TITLE' |
466 |
|
|
@@ -33,6 +39,7 @@ |
467 |
|
|
%= text_field 'Username' |
468 |
|
|
</span></p> |
469 |
|
|
|
470 |
|
|
+% if ( $trt ne 'RESET' ) { |
471 |
|
|
<p><span class=label> |
472 |
|
|
%=l 'PASSWORD' |
473 |
|
|
</span><span class=input> |
474 |
|
|
@@ -41,17 +48,22 @@ |
475 |
|
|
<a href='#' id='togglePassword' class='toggle-password tg-icon'> <img src="images/visible.png" height="16" alt="Visible"></a> |
476 |
|
|
% } |
477 |
|
|
</span></p> |
478 |
|
|
+%} |
479 |
|
|
|
480 |
|
|
%= hidden_field 'From' => $c->tx->req->url |
481 |
|
|
- %= hidden_field 'Trt' => stash 'trt' |
482 |
|
|
+ %= hidden_field 'Trt' => $trt |
483 |
|
|
|
484 |
|
|
<br> |
485 |
|
|
<div class='center'> |
486 |
|
|
%= submit_button "$btn", class => 'action' |
487 |
|
|
</div> |
488 |
|
|
+ %if ( config 'pwdreset' ) { |
489 |
|
|
+ <div class='center'><a href='login2'> |
490 |
|
|
+ %=l 'use_FORGOT' |
491 |
|
|
+ </a></div> |
492 |
|
|
+ %} |
493 |
|
|
|
494 |
|
|
% end |
495 |
|
|
|
496 |
|
|
</div> |
497 |
|
|
%end |
498 |
|
|
- |
499 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/partials/_header.html.ep smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/partials/_header.html.ep |
500 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/partials/_header.html.ep 2022-07-17 20:31:12.000000000 +0400 |
501 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/partials/_header.html.ep 2022-07-18 18:16:57.639000000 +0400 |
502 |
|
|
@@ -3,8 +3,8 @@ |
503 |
|
|
<div id="h2e11"> |
504 |
|
|
<a target='_blank' href="http://www.koozali.org"><img src="images/smeserver_logo.jpg" height="40" alt="SME Server"></a> |
505 |
|
|
</div> |
506 |
|
|
- <div id="h2e12"><h5><a href="initial">Server Manager II</a> |
507 |
|
|
- <a href="/server-manager" target='main'>    (Previous)</a></h5> |
508 |
|
|
+ <div id="h2e12"><h5><a href="initial">Server Manager</a> |
509 |
|
|
+ <a href="/server-manager" target='_blank'>    (Prev SM)</a></h5> |
510 |
|
|
</div> |
511 |
|
|
</div> |
512 |
|
|
|
513 |
|
|
diff -urN smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/userpassword.html.ep smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/userpassword.html.ep |
514 |
|
|
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/themes/default/templates/userpassword.html.ep 2022-07-17 20:31:12.000000000 +0400 |
515 |
|
|
+++ smeserver-manager-0.1.4/root/usr/share/smanager/themes/default/templates/userpassword.html.ep 2022-01-24 20:32:49.552000000 +0400 |
516 |
|
|
@@ -21,52 +21,50 @@ |
517 |
|
|
</div> |
518 |
|
|
%} |
519 |
|
|
|
520 |
|
|
- % my $btn = l('pwd_PASSWORD_CHANGE'); |
521 |
|
|
- |
522 |
|
|
<p> |
523 |
|
|
-% my $url = '/userpassword'; |
524 |
|
|
+ % my $btn = l('pwd_PASSWORD_CHANGE'); |
525 |
|
|
+ % my $url = '/userpassword'; |
526 |
|
|
%= $c->render_to_string( inline => l('pwd_DESCRIPTION')); |
527 |
|
|
+ % if ( $pwd_datas->{trt} eq 'RESET' ) { |
528 |
|
|
+ % $btn = l('pwd_PASSWORD_RESET'); |
529 |
|
|
+ % $url = '/userpasswordr'; |
530 |
|
|
+ %= $c->render_to_string( inline => l('pwd_DESCRIPTION_RESET')); |
531 |
|
|
+ % } |
532 |
|
|
</p> |
533 |
|
|
|
534 |
|
|
%= form_for $url => (method => 'POST') => begin |
535 |
|
|
- |
536 |
|
|
- <p> |
537 |
|
|
- <span class=label> |
538 |
|
|
+ <p><span class=label> |
539 |
|
|
%= l 'pwd_YOUR_ACCOUNT' |
540 |
|
|
</span><span class=data> |
541 |
|
|
%= $pwd_datas->{Account} |
542 |
|
|
</span> |
543 |
|
|
%= hidden_field 'User' => $pwd_datas->{Account} |
544 |
|
|
%= hidden_field 'Trt' => $pwd_datas->{trt} |
545 |
|
|
- <br><br> |
546 |
|
|
- </p> |
547 |
|
|
+ %= hidden_field 'jwt' => $pwd_datas->{jwt} |
548 |
|
|
+ <br><br></p> |
549 |
|
|
|
550 |
|
|
- <p> |
551 |
|
|
- <span class=label> |
552 |
|
|
+ % if ( $pwd_datas->{trt} ne 'RESET' ) { |
553 |
|
|
+ <p><span class=label> |
554 |
|
|
%= l 'pwd_PASSWORD_OLD' |
555 |
|
|
</span><span class=data> |
556 |
|
|
%= password_field 'Oldpass', class => 'input' |
557 |
|
|
</span> |
558 |
|
|
- <br><br> |
559 |
|
|
- </p> |
560 |
|
|
- |
561 |
|
|
- <p> |
562 |
|
|
- <span class=label> |
563 |
|
|
+ <br><br></p> |
564 |
|
|
+ % } |
565 |
|
|
+ |
566 |
|
|
+ <p><span class=label> |
567 |
|
|
%=l 'pwd_PASSWORD_NEW' |
568 |
|
|
</span><span class=data> |
569 |
|
|
%= password_field 'Pass', class => 'input' |
570 |
|
|
</span> |
571 |
|
|
- <br><br> |
572 |
|
|
- </p> |
573 |
|
|
- |
574 |
|
|
- <p> |
575 |
|
|
- <span class=label> |
576 |
|
|
+ <br><br></p> |
577 |
|
|
+ |
578 |
|
|
+ <p><span class=label> |
579 |
|
|
%=l 'pwd_PASSWORD_VERIFY_NEW' |
580 |
|
|
</span><span class=data> |
581 |
|
|
%= password_field 'Passverify', class => 'input' |
582 |
|
|
</span> |
583 |
|
|
- <br><br> |
584 |
|
|
- </p> |
585 |
|
|
+ <br><br></p> |
586 |
|
|
|
587 |
|
|
<div class='center'> |
588 |
|
|
%= submit_button "$btn", class => 'action' |