da/d7b/user-edit_8php_source.html

 <?php
 /***********************************************************
  Copyright (C) 2014 Hewlett-Packard Development Company, L.P.

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License
  version 2 as published by the Free Software Foundation.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License along
  with this program; if not, write to the Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  ***********************************************************/

 use Fossology\Lib\Auth\Auth;
 use Fossology\Lib\Db\DbManager;
 use Fossology\Lib\Plugin\DefaultPlugin;
 use Symfony\Component\HttpFoundation\Request;
 use Fossology\UI\Api\Helper\RestHelper;
 use Fossology\UI\Api\Helper\AuthHelper;
 use Fossology\UI\Api\Models\Info;
 use Firebase\JWT\JWT;
 use Fossology\Lib\Exceptions\DuplicateTokenKeyException;
 use Fossology\Lib\Exceptions\DuplicateTokenNameException;
 use Fossology\Lib\Dao\UserDao;

 class UserEditPage extends DefaultPlugin
 {
   const NAME = "user_edit";

   private $dbManager;

   private $authHelper;

   private $userDao;

   function __construct()
   {
     parent::__construct(self::NAME, array(
         self::TITLE => _("Edit User Account"),
         self::MENU_LIST => 'Admin::Users::Edit User Account',
         self::REQUIRES_LOGIN => true,
         self::PERMISSION => Auth::PERM_READ
     ));

     $this->dbManager = $this->getObject('db.manager');
     $this->authHelper = $this->getObject('helper.authHelper');
     $this->userDao = $this->getObject('dao.user');
   }

   protected function handle(Request $request)
   {
     /* Is the session owner an admin? */
     $user_pk = Auth::getUserId();
     $SessionUserRec = $this->GetUserRec($user_pk);
     $SessionIsAdmin = $this->IsSessionAdmin($SessionUserRec);
     $newToken = "";

     if (GetParm('new_pat', PARM_STRING)) {
       try {
         $newToken = $this->generateNewToken($request);
       } catch (\Exception $e) {
         $vars['message'] = $e->getMessage();
       }
     }

     $user_pk_to_modify = intval($request->get('user_pk'));
     if (! ($SessionIsAdmin || empty($user_pk_to_modify) ||
       $user_pk == $user_pk_to_modify)) {
       $vars['content'] = _("Your request is not valid.");
       return $this->render('include/base.html.twig', $this->mergeWithDefault($vars));
     }

     $vars = array('refreshUri' => Traceback_uri() . "?mod=" . self::NAME);

       /*
      * If this is a POST (the submit button was clicked), then process the
      * request.
      */
     $BtnText = $request->get('UpdateBtn');
     if (! empty($BtnText)) {
       /* Get the form data to in an associated array */
       $UserRec = $this->CreateUserRec($request, "");

       $rv = $this->UpdateUser($UserRec, $SessionIsAdmin);
       if (empty($rv)) {
         // Successful db update
         $vars['message'] = "User $UserRec[user_name] updated.";

         /* Reread the user record as update verification */
         $UserRec = $this->CreateUserRec($request, $UserRec['user_pk']);
       } else {
         $vars['message'] = $rv;
       }
     } else {
       $NewUserpk = intval($request->get('newuser'));
       $UserRec = empty($NewUserpk) ? $this->CreateUserRec($request, $user_pk) : $this->CreateUserRec($request, $NewUserpk);
     }

     /* display the edit form with the requested user data */
     $vars = array_merge($vars, $this->DisplayForm($UserRec, $SessionIsAdmin));
     $vars['userId'] = $UserRec['user_pk'];
     $vars['newToken'] = $newToken;
     $vars['tokenList'] = $this->getListOfActiveTokens();
     $vars['expiredTokenList'] = $this->getListOfExpiredTokens();
     $vars['maxTokenDate'] = $this->authHelper->getMaxTokenValidity();
     $vars['writeAccess'] = ($_SESSION[Auth::USER_LEVEL] >= 3);

     return $this->render('user_edit.html.twig', $this->mergeWithDefault($vars));
   }

   private function DisplayForm($UserRec, $SessionIsAdmin)
   {
     $vars = array('isSessionAdmin' => $SessionIsAdmin,
                   'userId' => $UserRec['user_pk']);

     /* For Admins, get the list of all users
      * For non-admins, only show themself
      */
     if ($SessionIsAdmin) {
       $stmt = __METHOD__ . '.asSessionAdmin';
       $sql = "SELECT * FROM users ORDER BY user_name";
       $this->dbManager->prepare($stmt, $sql);
       $res = $this->dbManager->execute($stmt);
       $allUsers = array();
       while ($row = $this->dbManager->fetchArray($res)) {
         $allUsers[$row['user_pk']] = htmlentities($row['user_name']);
       }
       $this->dbManager->freeResult($res);
       $vars['allUsers'] = $allUsers;
     }

     $vars['userName'] = $UserRec['user_name'];
     $vars['userDescription'] = $UserRec['user_desc'];
     $vars['userEMail'] = $UserRec["user_email"];
     $vars['eMailNotification'] = ($UserRec['email_notify'] == 'y');

     if ($SessionIsAdmin) {
       $vars['allAccessLevels'] = array(
           PLUGIN_DB_NONE => _("None (very basic, no database access)"),
           PLUGIN_DB_READ => _("Read-only (read, but no writes or downloads)"),
           PLUGIN_DB_WRITE => _("Read-Write (read, download, or edit information)"),
           PLUGIN_DB_CADMIN => _("Clearing Administrator (read, download, edit information and edit decisions)"),
           PLUGIN_DB_ADMIN => _("Full Administrator (all access including adding and deleting users)")
         );
       $vars['accessLevel'] = $UserRec['user_perm'];

       $SelectedFolderPk = $UserRec['root_folder_fk'];
       $vars['folderListOption'] = FolderListOption($ParentFolder = -1, $Depth = 0, $IncludeTop = 1, $SelectedFolderPk);
     }

     $vars['isBlankPassword'] = ($UserRec['_blank_pass'] == 'on');
     $vars['agentSelector'] = AgentCheckBoxMake(-1, array("agent_unpack",
       "agent_adj2nest", "wget_agent"), $UserRec['user_name']);
     $vars['bucketPool'] = SelectBucketPool($UserRec["default_bucketpool_fk"]);
     $vars['defaultGroupOption'] = $this->getUserGroupSelect($UserRec);

     return $vars;
   }

   function UpdateUser($UserRec, $SessionIsAdmin)
   {
     global $PG_CONN;

     $Errors = "";

     /**** Validations ****/
     /* Make sure we have a user_pk */
     if (empty($UserRec['user_pk'])) {
       $Errors .= "<li>" . _("Consistency error (User_pk missing).  Please start over.") . "</li>";
     }

     /* Make sure username looks valid */
     if (empty($UserRec['user_name'])) {
       $Errors .= "<li>" . _("Username must be specified.") . "</li>";
     }

     /* Verify the user_name is not a duplicate  */
     $CheckUserRec = GetSingleRec("users", "WHERE user_name='$UserRec[user_name]'");
     if ((!empty($CheckUserRec)) and ( $CheckUserRec['user_pk'] != $UserRec['user_pk'])) {
       $Errors .= "<li>" . _("Username is not unique.") . "</li>";
     }

     /* Make sure password matches */
     if ($UserRec['_pass1'] != $UserRec['_pass2']) {
       $Errors .= "<li>" . _("Passwords do not match.") . "</li>";
     }

     /* Make sure email looks valid */
     $Check = preg_replace("/[^a-zA-Z0-9@_.+-]/", "", $UserRec['user_email']);
     if ($Check != $UserRec['user_email']) {
       $Errors .= "<li>" . _("Invalid email address.") . "</li>";
     }

     /* Did they specify a password and also request a blank password?  */
     if (!empty($UserRec['_blank_pass']) and ( !empty($UserRec['_pass1']) or ! empty($UserRec['_pass2']))) {
       $Errors .= "<li>" . _("You cannot specify both a password and a blank password.") . "</li>";
     }

     /* Check if the user is member of the group */
     if (!empty($UserRec['group_fk'])) {
       $group_map = $this->userDao->getUserGroupMap($UserRec['user_pk']);
       if (array_search($UserRec['group_fk'], array_keys($group_map)) === false) {
         $Errors .= "<li>" . _("User is not member of provided group.") .
           "</li>";
       }
     }

     /* If we have any errors, return them */
     if (!empty($Errors)) {
       return _("Errors") . ":<ol>$Errors </ol>";
     }

     /**** Update the users database record ****/
     /* First remove user_pass and user_seed if the password wasn't changed. */
     if (!empty($UserRec['_blank_pass']) ) {
       $UserRec['user_seed'] = rand() . rand();
       $UserRec['user_pass'] = sha1($UserRec['user_seed'] . "");
     } else if (empty($UserRec['_pass1'])) { // password wasn't changed
       unset( $UserRec['user_pass']);
       unset( $UserRec['user_seed']);
     }

     /* Build the sql update */
     $sql = "UPDATE users SET ";
     $first = true;
     foreach ($UserRec as $key=>$val) {
       if ($key[0] == '_' || $key == "user_pk") {
         continue;
       }
       if (!$SessionIsAdmin && ($key == "user_perm" || $key == "root_folder_fk")) {
         continue;
       }

       if (!$first) {
         $sql .= ",";
       }
       $sql .= "$key='" . pg_escape_string($val) . "'";
       $first = false;
     }
     $sql .= " WHERE user_pk=$UserRec[user_pk]";
     $result = pg_query($PG_CONN, $sql);
     DBCheckResult($result, $sql, __FILE__, __LINE__);
     pg_free_result($result);

     return (null);
   } // UpdateUser()

   function GetUserRec($user_pk)
   {
     if (empty($user_pk)) {
       throw new Exception("Invalid access.  Your session has expired.",1);
     }

     $UserRec = GetSingleRec("users", "WHERE user_pk=$user_pk");
     if (empty($UserRec)) {
       throw new Exception("Invalid user. ",1);
     }
     return $UserRec;
   }

   private function IsSessionAdmin($UserRec)
   {
     return ($UserRec['user_perm'] == PLUGIN_DB_ADMIN);
   }

   function CreateUserRec(Request $request, $user_pk="")
   {
     /* If a $user_pk was given, use it to read the user db record.
      * Otherwise, use the form data.
      */
     if (!empty($user_pk)) {
       $UserRec = $this->GetUserRec($user_pk);
       $UserRec['_pass1'] = "";
       $UserRec['_pass2'] = "";
       $UserRec['_blank_pass'] = ($UserRec['user_pass'] == sha1($UserRec['user_seed'] . "")) ? "on" : "";
     } else {
       $UserRec = array();
       $UserRec['user_pk'] = intval($request->get('user_pk'));
       $UserRec['user_name'] = stripslashes($request->get('user_name'));
       $UserRec['root_folder_fk'] = intval($request->get('root_folder_fk'));
       $UserRec['user_desc'] = stripslashes($request->get('user_desc'));
       $UserRec['group_fk'] = intval($request->get('default_group_fk'));

       $UserRec['_pass1'] = stripslashes($request->get('_pass1'));
       $UserRec['_pass2'] = stripslashes($request->get('_pass2'));
       if (!empty($UserRec['_pass1'])) {
         $UserRec['user_seed'] = rand() . rand();
         $UserRec['user_pass'] = sha1($UserRec['user_seed'] . $UserRec['_pass1']);
         $UserRec['_blank_pass'] = "";
       } else {
         $UserRec['user_pass'] = "";
         $UserRec['_blank_pass'] = stripslashes($request->get("_blank_pass"));
         if (empty($UserRec['_blank_pass'])) { // check for blank password
           // get the stored seed
           $StoredUserRec = $this->GetUserRec($UserRec['user_pk']);
           $UserRec['_blank_pass'] = ($UserRec['user_pass'] == sha1($StoredUserRec['user_seed'] . "")) ? "on" : "";
         }
       }

       $UserRec['user_perm'] = intval($request->get('user_perm'));
       $UserRec['user_email'] = stripslashes($request->get('user_email'));
       $UserRec['email_notify'] = stripslashes($request->get('email_notify'));
       if (!empty($UserRec['email_notify'])) {
         $UserRec['email_notify'] = 'y';
       }
       $UserRec['user_agent_list'] = userAgents();
       $UserRec['default_bucketpool_fk'] = intval($request->get("default_bucketpool_fk"));
     }
     return $UserRec;
   }

   private function generateNewToken(Request $request)
   {
     global $container;

     $user_pk = Auth::getUserId();
     $tokenName = GetParm('pat_name', PARM_STRING);
     $tokenExpiry = GetParm('pat_expiry', PARM_STRING);
     if ($_SESSION[Auth::USER_LEVEL] < 3) {
       $tokenScope = 'r';
     } else {
       $tokenScope = GetParm('pat_scope', PARM_STRING);
     }
     $tokenScope = array_search($tokenScope, RestHelper::SCOPE_DB_MAP);
     $restHelper = $container->get('helper.restHelper');
     $isTokenRequestValid = $restHelper->validateTokenRequest($tokenExpiry,
       $tokenName, $tokenScope);

     if ($isTokenRequestValid !== true) {
       throw new \UnexpectedValueException($isTokenRequestValid->getMessage());
     } else {
       $restDbHelper = $container->get('helper.dbHelper');
       $key = bin2hex(
         openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
       try {
         $jti = $restDbHelper->insertNewTokenKey($user_pk, $tokenExpiry,
           RestHelper::SCOPE_DB_MAP[$tokenScope], $tokenName, $key);
       } catch (DuplicateTokenKeyException $e) {
         // Key already exists, try again.
         $key = bin2hex(
           openssl_random_pseudo_bytes(RestHelper::TOKEN_KEY_LENGTH / 2));
         try {
           $jti = $restDbHelper->insertNewTokenKey($user_pk, $tokenExpiry,
             RestHelper::SCOPE_DB_MAP[$tokenScope], $tokenName, $key);
         } catch (DuplicateTokenKeyException $e) {
           // New key also failed, give up!
           throw new DuplicateTokenKeyException("Please try again later.");
         }
       } catch (DuplicateTokenNameException $e) {
         throw new \UnexpectedValueException($e->getMessage());
       }
       return $this->authHelper->generateJwtToken($tokenExpiry,
         $jti['created_on'], $jti['jti'], $tokenScope, $key);
     }
   }

   private function getListOfActiveTokens()
   {
     global $container;

     $user_pk = Auth::getUserId();
     $sql = "SELECT pat_pk, user_fk, expire_on, token_scope, token_name, created_on, active " .
            "FROM personal_access_tokens " .
            "WHERE user_fk = $1 AND active = true;";
     $rows = $this->dbManager->getRows($sql, [$user_pk],
       __METHOD__ . ".getActiveTokens");
     $response = [];
     foreach ($rows as $row) {
       if ($this->authHelper->isTokenActive($row, $row["pat_pk"]) === true) {
         $entry = [
           "id" => $row["pat_pk"] . "." . $user_pk,
           "name" => $row["token_name"],
           "created" => $row["created_on"],
           "expire" => $row["expire_on"],
           "scope" => $row["token_scope"]
         ];
         $response[] = $entry;
       }
     }
     array_multisort(array_column($response, "created"), SORT_ASC, $response);
     return $response;
   }

   private function getListOfExpiredTokens()
   {
     global $container;

     $user_pk = Auth::getUserId();
     $sql = "SELECT pat_pk, user_fk, expire_on, token_scope, token_name, created_on " .
       "FROM personal_access_tokens " .
       "WHERE user_fk = $1 AND active = false;";
     $rows = $this->dbManager->getRows($sql, [$user_pk],
       __METHOD__ . ".getActiveTokens");
     $response = [];
     foreach ($rows as $row) {
       $entry = [
         "id" => $row["pat_pk"] . "." . $user_pk,
         "name" => $row["token_name"],
         "created" => $row["created_on"],
         "expire" => $row["expire_on"],
         "scope" => $row["token_scope"]
       ];
       $response[] = $entry;
     }
     array_multisort(array_column($response, "created"), SORT_ASC, $response);
     return $response;
   }

   private function getUserGroupSelect($userRec)
   {
     $groups = $this->userDao->getUserGroupMap($userRec['user_pk']);
     $userDefaults = $this->userDao->getUserAndDefaultGroupByUserName($userRec['user_name']);
     $options = "";
     foreach ($groups as $groupId => $groupName) {
       $options .= "<option value='$groupId' ";
       if ($groupId == $userDefaults['group_fk']) {
         $options .= "selected='selected'";
       }
       $options .= ">$groupName</option>";
     }
     return $options;
   }
 }

 register_plugin(new UserEditPage());
Fossology\Lib\Exceptions\DuplicateTokenNameException
Exception when a token has duplicate name for same user.
Definition: DuplicateTokenNameException.php:25

SelectBucketPool
SelectBucketPool($selected, $active='Y')
Return a select list containing all the active bucketpool&#39;s.
Definition: common-buckets.php:132

Request

DuplicateTokenKeyException

Traceback_uri
Traceback_uri()
Get the URI without query to this location.
Definition: common-parm.php:108

userAgents
userAgents()
Read the UI form and format the user selected agents into a comma separated list. ...
Definition: common-agents.php:372

UserEditPage\generateNewToken
generateNewToken(Request $request)
Definition: user-edit.php:376

RestHelper

PLUGIN_DB_ADMIN
#define PLUGIN_DB_ADMIN
Plugin requires admin level permission on DB.
Definition: libfossology.h:51

DuplicateTokenNameException

UserEditPage\IsSessionAdmin
IsSessionAdmin($UserRec)
Determine if the session user is an admin.
Definition: user-edit.php:306

FolderListOption
FolderListOption($ParentFolder, $Depth, $IncludeTop=1, $SelectId=-1, $linkParent=false, $OldParent=0)
Create the folder tree, using OPTION tags.
Definition: common-folders.php:189

AuthHelper

UserEditPage\UpdateUser
UpdateUser($UserRec, $SessionIsAdmin)
Validate and update the user data.
Definition: user-edit.php:194

Fossology\Lib\Plugin\DefaultPlugin\render
render($templateName, $vars=null, $headers=null)
Definition: DefaultPlugin.php:290

AgentCheckBoxMake
AgentCheckBoxMake($upload_pk, $SkipAgents=array(), $specified_username="")
Generate a checkbox list of available agents.
Definition: common-agents.php:51

GetSingleRec
GetSingleRec($Table, $Where="")
Retrieve a single database record.
Definition: common-db.php:102

Fossology\Lib\Plugin\DefaultPlugin
Definition: DefaultPlugin.php:32

UserEditPage\getListOfActiveTokens
getListOfActiveTokens()
Get a list of active tokens for current user.
Definition: user-edit.php:428

Fossology\Lib\Plugin\DefaultPlugin\getObject
getObject($name)
Definition: DefaultPlugin.php:249

Info

UserEditPage\GetUserRec
GetUserRec($user_pk)
Get a user record.
Definition: user-edit.php:288

PLUGIN_DB_READ
#define PLUGIN_DB_READ
Plugin requires read permission on DB.
Definition: libfossology.h:49

Fossology\Lib\Exceptions\DuplicateTokenKeyException
Exception when a token has duplicate key for same user.
Definition: DuplicateTokenKeyException.php:25

UserEditPage\getUserGroupSelect
getUserGroupSelect($userRec)
Definition: user-edit.php:489

JWT

GetParm
GetParm($parameterName, $parameterType)
This function will retrieve the variables and check data types.
Definition: common-parm.php:57

UserEditPage\handle
handle(Request $request)
Allow user to change their account settings (users db table).
Definition: user-edit.php:71

Auth

PARM_STRING
const PARM_STRING
Definition: common-parm.php:29

UserEditPage\CreateUserRec
CreateUserRec(Request $request, $user_pk="")
Create a user record.
Definition: user-edit.php:320

PLUGIN_DB_NONE
#define PLUGIN_DB_NONE
Plugin requires no DB permission.
Definition: libfossology.h:48

UserEditPage\DisplayForm
DisplayForm($UserRec, $SessionIsAdmin)
Display the user record edit form.
Definition: user-edit.php:139

PLUGIN_DB_WRITE
#define PLUGIN_DB_WRITE
Plugin requires write permission on DB.
Definition: libfossology.h:50

dbManager
fo_dbManager * dbManager
fo_dbManager object
Definition: process.c:28

PERM_READ
#define PERM_READ
Read-only permission.
Definition: libfossology.h:44

$PG_CONN
foreach($Options as $Option=> $OptVal) if(0==$reference_flag &&0==$nomos_flag) $PG_CONN
Definition: list_license.php:62

DBCheckResult
DBCheckResult($result, $sql, $filenm, $lineno)
Check the postgres result for unexpected errors. If found, treat them as fatal.
Definition: common-db.php:198

UserEditPage
Definition: user-edit.php:31

DbManager

UserDao

DefaultPlugin

UserEditPage\getListOfExpiredTokens
getListOfExpiredTokens()
Definition: user-edit.php:459