Commit e1037903 authored by Thomas Löffler's avatar Thomas Löffler

Add fields for LDAP passwords when user creation

* Add check for validationSetting in LDAP validation
* Use createActionBeforePersist to save away the password in hashes
* Deactivate hashing for new users in TypoScript
parent b434cc6d
Pipeline #5230 passed with stages
in 5 minutes and 56 seconds
......@@ -11,22 +11,37 @@ class MyProfile extends \In2code\Femanager\Domain\Model\User
/**
* @var string
*/
public $github = '';
protected $github = '';
/**
* @var string
*/
public $twitter = '';
protected $twitter = '';
/**
* @var string
*/
public $facebook = '';
protected $facebook = '';
/**
* @var string
*/
public $termsVersion = '';
protected $termsVersion = '';
/**
* @var string
*/
protected $hashMd5 = '';
/**
* @var string
*/
protected $hashSha1 = '';
/**
* @var string
*/
protected $hashCrypt = '';
/**
* @return string
......@@ -91,4 +106,34 @@ class MyProfile extends \In2code\Femanager\Domain\Model\User
{
$this->termsVersion = $termsVersion;
}
public function getHashMd5(): string
{
return $this->hashMd5;
}
public function setHashMd5(string $hashMd5)
{
$this->hashMd5 = $hashMd5;
}
public function getHashSha1(): string
{
return $this->hashSha1;
}
public function setHashSha1(string $hashSha1)
{
$this->hashSha1 = $hashSha1;
}
public function getHashCrypt(): string
{
return $this->hashCrypt;
}
public function setHashCrypt(string $hashCrypt)
{
$this->hashCrypt = $hashCrypt;
}
}
......@@ -119,6 +119,10 @@ class ServersideValidator extends \In2code\Femanager\Domain\Validator\Serverside
*/
protected function checkUniqueInLdapValidation($user, $value, $validationSetting, $fieldName)
{
// Do not check if validationSetting is "0"
if (!$validationSetting) {
return;
}
$ldap = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\T3o\T3oLdap\Connectors\Ldap::class);
if ($ldap->userExists($value)) {
$this->addError(ucfirst($fieldName) . ' is not available.', $fieldName);
......
......@@ -187,10 +187,9 @@ class FeManagerHooks
public function createUser(User $user)
{
$this->persistenceManager->persistAll();
$result = $this->ldapUserCreateUpdateDelete->updateUser($user, true, $user->getPassword());
// TODO: Create log entry if user has been successfully added or throw an exception otherwise
return $result;
return $this->ldapUserCreateUpdateDelete->updateUser($user, true);
}
/**
......@@ -208,6 +207,29 @@ class FeManagerHooks
return $result;
}
public function preApprovementUserCreation(User $user)
{
if ($user->_isNew() && $user->getPassword() !== '') {
// get clear text password in variable and hash the password in the DB
$objectManager = GeneralUtility::makeInstance(ObjectManager::class);
$userRepository = $objectManager->get(\In2code\Femanager\Domain\Repository\UserRepository::class);
$plainTextPassword = $user->getPassword();
\In2code\Femanager\Utility\UserUtility::convertPassword($user, '');
$userRepository->add($user);
$this->persistenceManager->persistAll();
// hash passwords for LDAP and store it into separate DB fields
$passwordUpdate = GeneralUtility::makeInstance(\T3o\T3oLdap\Utility\PasswordUpdate::class);
$passwords = $passwordUpdate->getHashedPasswords($plainTextPassword);
foreach ($passwords as $algorithm => $password) {
$updateArray['hash_' . $algorithm] = $password;
}
GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\ConnectionPool::class)
->getConnectionForTable('fe_users')
->update('fe_users', $updateArray, ['username' => $user->getUsername()]);
}
}
/**
* @param array $_funcRef
* @param array $_params
......
......@@ -32,15 +32,42 @@ $feUsersColumns = [
'type' => 'input'
],
],
'hash_md5' => [
'exclude' => 0,
'label' => 'MD5 Hash of password',
'config' => [
'type' => 'none'
],
],
'hash_sha1' => [
'exclude' => 0,
'label' => 'SHA1 Hash of password',
'config' => [
'type' => 'none'
],
],
'hash_crypt' => [
'exclude' => 0,
'label' => 'Crypt Hash of password',
'config' => [
'type' => 'none'
],
],
];
$fields = 'github, twitter, facebook, terms_version';
$passwordHashFields = 'hash_md5, hash_sha1, hash_crypt';
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes(
'fe_users',
'github, twitter, facebook, terms_version',
$fields,
'',
'after:name'
);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes(
'fe_users',
$passwordHashFields
);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('fe_users', $feUsersColumns);
......@@ -47,6 +47,10 @@ plugin.tx_femanager {
returnLast = url
}
}
misc {
# No password conversion, we need plain text for LDAP
passwordSave = none
}
confirmByAdmin = 1
email.createUserNotify._enable.value = 1
......
......@@ -53,6 +53,13 @@ $dispatcher->connect(
'selfUpdateOfUser'
);
$dispatcher->connect(
\In2code\Femanager\Controller\NewController::class,
'createActionBeforePersist',
\T3o\T3omy\Hooks\FeManagerHooks::class,
'preApprovementUserCreation'
);
/**
* Register hooks
*/
......
......@@ -5,7 +5,11 @@ CREATE TABLE fe_users (
github VARCHAR (255),
twitter VARCHAR (255),
facebook VARCHAR (255),
terms_version VARCHAR (255)
terms_version VARCHAR (255),
hash_md5 VARCHAR(255) DEFAULT '' NOT NULL,
hash_sha1 VARCHAR(255) DEFAULT '' NOT NULL,
hash_crypt VARCHAR(255) DEFAULT '' NOT NULL
);
CREATE TABLE old_users (
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment