Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code review fixes #4379

Merged
merged 6 commits into from
Sep 30, 2024
Merged

Code review fixes #4379

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
58a254a
3.1.2
nilsteampassnet Sep 28, 2024
4bf81a6
3.1.2
nilsteampassnet Sep 28, 2024
c573f17
Merge branch 'master' into review
nilsteampassnet Sep 28, 2024
d77ff06
3.1.2
nilsteampassnet Sep 28, 2024
90f0a1e
3.1.2
nilsteampassnet Sep 29, 2024
ed4f43e
3.1.2
nilsteampassnet Sep 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1727110744");
define('TP_VERSION_MINOR', '126');
define('TP_VERSION_MINOR', '129');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
25 changes: 25 additions & 0 deletions includes/manifest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?php
header('Content-Type: application/json');
$manifest = array(
"name" => "Teampass",
"short_name" => "Teampass",
"description" => "Teampass",
"start_url" => "/",
"display" => "fullscreen",
"display_override" => [
"window-controls-overlay"
],
"launch_handler" => [
"client_mode" => "focus-existing"
],
"background_color" => "#FFFFFF",
"theme_color" => " #FFFFFF",
"icons" => [
[
"src" => "/includes/images/teampass-pwa.png",
"type" => "image/png",
"sizes" => "512x512"
]
]
);
echo json_encode($manifest);
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved
8 changes: 4 additions & 4 deletions includes/tables_integrity.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
},
{
"table_name": "background_tasks",
"structure_hash": "019216c55451e2995810d42c1dfd236a3bd57993a963e6d93468ac65fa802529"
"structure_hash": "c3b96e3d6b07ca079266f59370af356e84848c6863aaa3662f06ffaf42b65b55"
},
{
"table_name": "background_tasks_logs",
"structure_hash": "8f780290562b44d9d4f369afedfbfb15321a14ffe2203a76309751d80c6bfb4c"
"structure_hash": "b11b61bbb51c1d59bd71b4f436b27caf8b6f6b65127f9e40261eb2ce5afae816"
},
{
"table_name": "cache",
Expand Down Expand Up @@ -101,15 +101,15 @@
},
{
"table_name": "log_system",
"structure_hash": "1e6bc407e3d9084514392f7aee11af12344d6c86c735ec613319cbbf0444bd52"
"structure_hash": "0495909d3975e4a801010849068ce29bcefcd5a6ac0de46de8f5c2d1d7361b12"
},
{
"table_name": "misc",
"structure_hash": "3cc8939148fb17fabdabcea7eeef550f261c1b62bcbf863e5f9cb5984ad448d1"
},
{
"table_name": "nested_tree",
"structure_hash": "43c41856e67406da11202578e7275cb7927d8a8cad833999e5588128ebba6ea6"
"structure_hash": "bd4056f24f5dc53535872c6b6821c03ab3191ea9ce0680c6050ae01fa2cd751d"
},
{
"table_name": "notification",
Expand Down
3 changes: 3 additions & 0 deletions pages/users.js.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1599,6 +1599,9 @@ function(teampassApplication) {
timeOut: 1000
}
);

// Rrefresh list of users in Teampass
oTable.ajax.reload();
}
}
);
Expand Down
26 changes: 19 additions & 7 deletions sources/identify.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -392,10 +392,10 @@ function identifyUser(string $sentData, array $SETTINGS): bool
);
return false;
}

// Check user and password
if ($userLdap['userPasswordVerified'] === false && $userOauth2['userPasswordVerified'] === false
&& (int) checkCredentials($passwordClear, $userInfo) !== 1
&& checkCredentials($passwordClear, $userInfo) !== true
) {
echo prepareExchangedData(
[
Expand Down Expand Up @@ -476,7 +476,7 @@ function identifyUser(string $sentData, array $SETTINGS): bool
return false;
}
}

// Can connect if
// 1- no LDAP mode + user enabled + pw ok
// 2- LDAP mode + user enabled + ldap connection ok + user is not admin
Expand Down Expand Up @@ -1983,7 +1983,7 @@ function duoMFAPerform(
*
* @return bool
*/
function checkCredentials($passwordClear, $userInfo)
function checkCredentials($passwordClear, $userInfo): bool
{
$passwordManager = new PasswordManager();
// Migrate password if needed
Expand All @@ -1992,7 +1992,9 @@ function checkCredentials($passwordClear, $userInfo)
$passwordClear,
(int) $userInfo['id']
);
if (WIP === true) error_log("checkCredentials - User ".$userInfo['id']." | verify pwd: ".$passwordManager->verifyPassword($userInfo['pw'], $passwordClear));
/*if (WIP === true) {
error_log("checkCredentials - User ".$userInfo['id']." | verify pwd: ".$passwordManager->verifyPassword($userInfo['pw'], $passwordClear));
}*/
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved

if ($passwordManager->verifyPassword($userInfo['pw'], $passwordClear) === false) {
// password is not correct
Expand Down Expand Up @@ -2359,6 +2361,8 @@ function shouldUserAuthWithOauth2(
return [
'error' => true,
'message' => 'user_not_allowed_to_auth_to_teampass_app',
'oauth2Connection' => false,
'userPasswordVerified' => false,
];
}

Expand All @@ -2385,12 +2389,16 @@ function shouldUserAuthWithOauth2(
return [
'error' => false,
'message' => '',
'oauth2Connection' => true,
'userPasswordVerified' => true,
];
} elseif ((string) $userInfo['auth_type'] !== 'oauth2') {
// Case where auth_type is not managed
return [
'error' => true,
'message' => 'user_not_allowed_to_auth_to_teampass_app',
'oauth2Connection' => false,
'userPasswordVerified' => false,
];
}
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved
} else {
Expand All @@ -2400,6 +2408,8 @@ function shouldUserAuthWithOauth2(
return [
'error' => true,
'message' => 'user_exists_but_not_oauth2',
'oauth2Connection' => false,
'userPasswordVerified' => false,
];
}
}
Expand All @@ -2409,6 +2419,8 @@ function shouldUserAuthWithOauth2(
return [
'error' => false,
'message' => '',
'oauth2Connection' => false,
'userPasswordVerified' => false,
];
}

Expand Down Expand Up @@ -2488,8 +2500,8 @@ function createOauth2User(
return [
'error' => false,
'retExternalAD' => $userInfo,
'oauth2Connection' => true,
'userPasswordVerified' => true,
'oauth2Connection' => $ret['oauth2Connection'],
'userPasswordVerified' => $ret['userPasswordVerified'],
];
}

Expand Down
1 change: 1 addition & 0 deletions sources/upload.attachments.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
use TeampassClasses\SessionManager\SessionManager;
use TeampassClasses\Language\Language;
use TeampassClasses\PerformChecks\PerformChecks;
use TeampassClasses\ConfigManager\ConfigManager;


// Load functions
Expand Down
93 changes: 64 additions & 29 deletions sources/users.queries.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2078,33 +2078,60 @@
'decode'
);

$post_source_id = filter_var(htmlspecialchars_decode($dataReceived['source_id']), FILTER_SANITIZE_NUMBER_INT);
$post_destination_ids = filter_var_array($dataReceived['destination_ids'], FILTER_SANITIZE_NUMBER_INT);
$post_user_functions = filter_var(htmlspecialchars_decode($dataReceived['user_functions']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_user_managedby = filter_var(htmlspecialchars_decode($dataReceived['user_managedby']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_user_fldallowed = filter_var(htmlspecialchars_decode($dataReceived['user_fldallowed']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_user_fldforbid = filter_var(htmlspecialchars_decode($dataReceived['user_fldforbid']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$post_user_admin = filter_var(htmlspecialchars_decode($dataReceived['user_admin']), FILTER_SANITIZE_NUMBER_INT);
$post_user_manager = filter_var(htmlspecialchars_decode($dataReceived['user_manager']), FILTER_SANITIZE_NUMBER_INT);
$post_user_hr = filter_var(htmlspecialchars_decode($dataReceived['user_hr']), FILTER_SANITIZE_NUMBER_INT);
$post_user_readonly = filter_var(htmlspecialchars_decode($dataReceived['user_readonly']), FILTER_SANITIZE_NUMBER_INT);
$post_user_personalfolder = filter_var(htmlspecialchars_decode($dataReceived['user_personalfolder']), FILTER_SANITIZE_NUMBER_INT);
$post_user_rootfolder = filter_var(htmlspecialchars_decode($dataReceived['user_rootfolder']), FILTER_SANITIZE_NUMBER_INT);
// Prepare variables
$data = [
'source_id' => isset($dataReceived['source_id']) === true ? $dataReceived['source_id'] : 0,
'destination_ids' => isset($dataReceived['destination_ids']) === true ? $dataReceived['destination_ids'] : 0,
'user_functions' => isset($dataReceived['user_functions']) === true ? $dataReceived['user_functions'] : '',
'user_managedby' => isset($dataReceived['user_managedby']) === true ? $dataReceived['user_managedby'] : '',
'user_fldallowed' => isset($dataReceived['user_fldallowed']) === true ? $dataReceived['user_fldallowed'] : '',
'user_fldforbid' => isset($dataReceived['user_fldforbid']) === true ? $dataReceived['user_fldforbid'] : '',
'user_admin' => isset($dataReceived['user_admin']) === true ? $dataReceived['user_admin'] : 0,
'user_manager' => isset($dataReceived['user_manager']) === true ? $dataReceived['user_manager'] : 0,
'user_hr' => isset($dataReceived['user_hr']) === true ? $dataReceived['user_hr'] : 0,
'user_readonly' => isset($dataReceived['user_readonly']) === true ? $dataReceived['user_readonly'] : 1,
'user_personalfolder' => isset($dataReceived['user_personalfolder']) === true ? $dataReceived['user_personalfolder'] : 0,
'user_rootfolder' => isset($dataReceived['user_rootfolder']) === true ? $dataReceived['user_rootfolder'] : 0,
];

$filters = [
'source_id' => 'cast:integer',
'destination_ids' => 'trim|escape',
'user_functions' => 'trim|escape',
'user_managedby' => 'trim|escape',
'user_fldallowed' => 'trim|escape',
'user_fldforbid' => 'trim|escape',
'user_admin' => 'cast:integer',
'user_manager' => 'cast:integer',
'user_hr' => 'cast:integer',
'user_readonly' => 'cast:integer',
'user_personalfolder' => 'cast:integer',
'user_rootfolder' => 'cast:integer',
];

$inputData = dataSanitizer(
$data,
$filters,
$SETTINGS['cpassman_dir']
);

// Check send values
if (
empty($post_source_id) === true
|| $post_destination_ids === 0
) {
if ($inputData['source_id'] === 0 || $inputData['destination_ids'] === 0) {
// error
exit();
echo prepareExchangedData(
array(
'error' => true,
'message' => $lang->get('error_not_allowed_to'),
),
'encode'
);
}

// Get info about user
$data_user = DB::queryfirstrow(
'SELECT admin, isAdministratedByRole FROM ' . prefixTable('users') . '
WHERE id = %i',
$post_source_id
$inputData['source_id']
);

// Is this user allowed to do this?
Expand All @@ -2113,7 +2140,7 @@
|| (in_array($data_user['isAdministratedByRole'], $session->get('user-roles_array')))
|| ((int) $session->get('user-can_manage_all_users') === 1 && (int) $data_user['admin'] !== 1)
) {
foreach ($post_destination_ids as $dest_user_id) {
foreach ($inputData['destination_ids'] as $dest_user_id) {
// Is this user allowed to do this?
if (
(int) $session->get('user-admin') === 1
Expand All @@ -2124,23 +2151,31 @@
DB::update(
prefixTable('users'),
array(
'fonction_id' => $post_user_functions,
'isAdministratedByRole' => $post_user_managedby,
'groupes_visibles' => $post_user_fldallowed,
'groupes_interdits' => $post_user_fldforbid,
'gestionnaire' => $post_user_manager,
'read_only' => $post_user_readonly,
'can_create_root_folder' => $post_user_rootfolder,
'personal_folder' => $post_user_personalfolder,
'can_manage_all_users' => $post_user_hr,
'admin' => $post_user_admin,
'fonction_id' => str_replace(",", ";", (string) $inputData['user_functions']),
'isAdministratedByRole' => $inputData['user_managedby'],
'groupes_visibles' => $inputData['user_fldallowed'],
'groupes_interdits' => $inputData['user_fldforbid'],
'gestionnaire' => $inputData['user_manager'],
'read_only' => $inputData['user_readonly'],
'can_create_root_folder' => $inputData['user_rootfolder'],
'personal_folder' => $inputData['user_personalfolder'],
'can_manage_all_users' => $inputData['user_hr'],
'admin' => $inputData['user_admin'],
),
'id = %i',
$dest_user_id
);
}
}
}

echo prepareExchangedData(
array(
'error' => false,
),
'encode'
);

break;

/*
Expand Down
2 changes: 1 addition & 1 deletion vendor/composer/autoload_real.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public static function getLoader()
require __DIR__ . '/autoload_static.php';
call_user_func(\Composer\Autoload\ComposerStaticInite3f3ee27f81ca21f7bd7499d7b935c11::getInitializer($loader));

$loader->setApcuPrefix('b95328986d6b35bd5725');
$loader->setApcuPrefix('10b5b5505b2ef65ba33c');
$loader->register(true);

$filesToLoad = \Composer\Autoload\ComposerStaticInite3f3ee27f81ca21f7bd7499d7b935c11::$files;
Expand Down