Allow user activation/deactivation (MySQL auth) (#10511)

* user deactivation feature

* update db_schema.yaml

* travis fix

* readd sqlfile with alter statement

* ..

* revert force push

* combine all queries

* fix query

* user enable/disable only visible on mysql authorization

* Update form.blade.php

* Update index.blade.php

* disable 'enabled' on own profile

* bootstraping checkboxes
This commit is contained in:
SourceDoctor 2019-11-08 07:32:57 +01:00 committed by Tony Murray
parent 552d487ae1
commit ce628399a9
6 changed files with 73 additions and 12 deletions

View File

@ -20,7 +20,13 @@ class MysqlAuthorizer extends AuthorizerBase
$username = $credentials['username'] ?? null;
$password = $credentials['password'] ?? null;
$hash = User::thisAuth()->where(['username' => $username])->value('password');
$user_data = User::thisAuth()->where(['username' => $username])->select('password', 'enabled')->first();
$hash = $user_data->password;
$enabled = $user_data->enabled;
if (! $enabled) {
throw new AuthenticationException($message = 'login denied');
}
// check for old passwords
if (strlen($hash) == 32) {

View File

@ -13,7 +13,7 @@ class User extends Authenticatable
use Notifiable;
protected $primaryKey = 'user_id';
protected $fillable = ['realname', 'username', 'email', 'level', 'descr', 'can_modify_passwd', 'auth_type', 'auth_id'];
protected $fillable = ['realname', 'username', 'email', 'level', 'descr', 'can_modify_passwd', 'auth_type', 'auth_id', 'enabled'];
protected $hidden = ['password', 'remember_token', 'pivot'];
protected $attributes = [ // default values
'descr' => '',
@ -158,6 +158,11 @@ class User extends Authenticatable
$this->attributes['can_modify_passwd'] = $modify ? 1 : 0;
}
public function setEnabledAttribute($enable)
{
$this->attributes['enabled'] = $enable ? 1 : 0;
}
// ---- Define Relationships ----
public function apiToken()

View File

@ -0,0 +1,32 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
class AddEnabledToUsers extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('users', function (Blueprint $table) {
$table->boolean('enabled')->default(1);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('enabled');
});
}
}

View File

@ -1788,6 +1788,7 @@ users:
- { Field: created_at, Type: timestamp, 'Null': false, Extra: '', Default: '1970-01-02 00:00:01' }
- { Field: updated_at, Type: timestamp, 'Null': false, Extra: '', Default: CURRENT_TIMESTAMP }
- { Field: remember_token, Type: varchar(100), 'Null': true, Extra: '' }
- { Field: enabled, Type: tinyint(1), 'Null': false, Extra: '', Default: '1' }
Indexes:
PRIMARY: { Name: PRIMARY, Columns: [user_id], Unique: true, Type: BTREE }
username: { Name: username, Columns: [auth_type, username], Unique: true, Type: BTREE }

View File

@ -6,6 +6,16 @@
</div>
</div>
@if(\LibreNMS\Config::get('auth_mechanism') == 'mysql')
<div class="form-group @if($errors->has('enabled')) has-error @endif">
<label for="enabled" class="control-label col-sm-3">@lang('Enabled')</label>
<div class="col-sm-9">
<input type="hidden" value="@if(Auth::id() == $user->user_id) 1 else 0 @endif" name="enabled">
<input type="checkbox" id="enabled" name="enabled" data-size="small" @if(old('enabled', $user->enabled)) checked @endif @if(Auth::id() == $user->user_id) disabled @endif>
</div>
</div>
@endif
<div class="form-group @if($errors->has('email')) has-error @endif">
<label for="email" class="control-label col-sm-3">@lang('Email')</label>
<div class="col-sm-9">
@ -68,15 +78,16 @@
@endif
@if(\LibreNMS\Authentication\LegacyAuth::get()->canUpdatePasswords())
<div class="form-group @if($errors->has('can_modify_passwd')) has-error @endif">
<div class="col-sm-9 col-sm-offset-3">
<div class="checkbox">
<label class="checkbox-inline">
<input type="hidden" value="0" name="can_modify_passwd">
<input type="checkbox" id="can_modify_passwd" name="can_modify_passwd" @if(old('can_modify_passwd', $user->can_modify_passwd)) checked @endif> @lang('Can Modify Password')
</label>
</div>
<span class="help-block">{{ $errors->first('can_modify_passwd') }}</span>
</div>
<div class="form-group @if($errors->has('can_modify_passwd')) has-error @endif">
<label for="can_modify_passwd" class="control-label col-sm-3">@lang('Can Modify Password')</label>
<div class="col-sm-9">
<input type="hidden" value="0" name="can_modify_passwd">
<input type="checkbox" id="can_modify_passwd" name="can_modify_passwd" data-size="small" @if(old('can_modify_passwd', $user->can_modify_passwd)) checked @endif>
<span class="help-block">{{ $errors->first('can_modify_passwd') }}</span>
</div>
</div>
@endif
<script>
$("[type='checkbox']").bootstrapSwitch();
</script>

View File

@ -17,6 +17,9 @@
<th data-column-id="level" data-formatter="level" data-type="numeric">@lang('Access')</th>
<th data-column-id="auth_type" data-visible="{{ $multiauth ? 'true' : 'false' }}">@lang('Auth')</th>
<th data-column-id="email">@lang('Email')</th>
@if(\LibreNMS\Authentication\LegacyAuth::getType() == 'mysql')
<th data-column-id="enabled">@lang('Enabled')</th>
@endif
<th data-column-id="descr">@lang('Description')</th>
<th data-column-id="action" data-formatter="actions" data-sortable="false" data-searchable="false">@lang('Actions')</th>
</tr>
@ -30,6 +33,9 @@
<td>{{ $user->level }}</td>
<td>{{ $user->auth_type }}</td>
<td>{{ $user->email }}</td>
@if(\LibreNMS\Authentication\LegacyAuth::getType() == 'mysql')
<td>{{ $user->enabled }}</td>
@endif
<td>{{ $user->descr }}</td>
<td></td>
</tr>