Skip to content

Commit

Permalink
Merge branch 'development'
Browse files Browse the repository at this point in the history
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Jun 15, 2016
2 parents b29bab8 + e96d838 commit 0a81bd2
Show file tree
Hide file tree
Showing 13 changed files with 215 additions and 32 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
FROM ubuntu:14.04
MAINTAINER [email protected]
RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysqlnd php5-ldap
RUN apt-get update && apt-get install -y git apache2 php5 libapache2-mod-php5 php5-mcrypt php5-mysqlnd php5-ldap php5-gd
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
Expand Down
6 changes: 3 additions & 3 deletions api/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,12 +515,12 @@ function rest_get () {
/*
* Case where a new user has to be added
*
* Expected call format: .../api/index.php/add/user/<LOGIN>;<NAME>;<LASTNAME>;<PASSWORD>;<EMAIL>;<ADMINISTRATEDBY>;<READ_ONLY>;<ROLE1|ROLE2|...>;<IS_ADMIN>;<ISMANAGER>;<PERSONAL_FOLDER>?apikey=<VALID API KEY>
* Expected call format: .../api/index.php/add/user/<LOGIN>;<NAME>;<LASTNAME>;<PASSWORD>;<EMAIL>;<ADMINISTRATEDBY>;<READ_ONLY>;<ROLE1,ROLE2,...>;<IS_ADMIN>;<ISMANAGER>;<PERSONAL_FOLDER>?apikey=<VALID API KEY>
* with:
* for READ_ONLY, IS_ADMIN, IS_MANAGER, PERSONAL_FOLDER, accepted value is 1 for TRUE and 0 for FALSE
* for ADMINISTRATEDBY and ROLE1, accepted value is the real label (not the IDs)
*
* Example: /api/index.php/add/user/U4;Nils;Laumaille;test;[email protected];Users;0;Managers|Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi
* Example: /api/index.php/add/user/U4;Nils;Laumaille;test;[email protected];Users;0;Managers,Users;0;1;1?apikey=sae6iekahxiseL3viShoo0chahc1ievei8aequi
*
*/
elseif($GLOBALS['request'][1] == "user") {
Expand Down Expand Up @@ -573,7 +573,7 @@ function rest_get () {

// prepare roles list
$rolesList = "";
foreach (explode('|', $roles) as $role) {//echo $role."-";
foreach (explode(',', $roles) as $role) {//echo $role."-";
$tmp = DB::queryFirstRow(
"SELECT `id` FROM ".prefix_table("roles_title")." WHERE title = %s",
$role
Expand Down
6 changes: 6 additions & 0 deletions changelog.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
Last changes
2.1.26
#1332 API not allowing roles separation of pipe '|'
#1325 updated Dockerfile
#1310 Addes Estonian language
#1308 Teampass hangs when a folder is create with option "New sub-folder inherits rights from parent folder" enabled
#1301 add ldap_search_base record for db init
#1300 After 3 bad login attempts, user needs to wait 10s before new try
#1299 Export to pdf or csv shows htmlencoded
#1298 Backup-filename on 2.1.26 contains /
#1284 fix for can_manage_all_users update during upgrade
#1279 SyntaxError: Unexpected token î in JSON at position 0
#1276 MySQL 5.7 query error
#1269 Typo error
#1263 Error at line 75 in suggestion page
#1251 Improving CSRFP configuration
#1240 Security fixes on some missed queries and on non-protected text fields
Expand Down Expand Up @@ -43,6 +47,8 @@ Last changes
FIX: Display inconsistancies in User log results
Fix: Inconsistency in Delete & Restore process
Fix: Errors in CSV import process
Fix: Impossible to proceed with 'password lost' process
Fix: OTV item not reachable

2.1.25
#1169 sending Google Authenticator code through index page
Expand Down
17 changes: 17 additions & 0 deletions includes/language/datatables.estonian.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"sProcessing": "Processing...",
"sLengthMenu": "Show _MENU_ entries",
"sZeroRecords": "No matching records found",
"sInfo": "Showing _START_ to _END_ of _TOTAL_ entries",
"sInfoEmpty": "Showing 0 to 0 of 0 entries",
"sInfoFiltered": "(filtered from _MAX_ total entries)",
"sInfoPostFix": "",
"sSearch": "Search:",
"sUrl": "",
"oPaginate": {
"sFirst": "First",
"sPrevious": "Previous",
"sNext": "Next",
"sLast": "Last"
}
}
162 changes: 162 additions & 0 deletions includes/language/estonian_admin_help.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
<?php
$LANG['help_on_folders'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
This page is used in order to create and manage FOLDERS.<br />
A folder is needed to organize your items. It is similare to windows file directories.<br />
<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>Lowest level of folder is called ROOT.<br />
<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>All folders and subfolders create the tree structure.<br />
<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>Each folder is associated to a depth level in the tree structure.
</div>
<div id='accordion'>
<h3><a href='#'>Add a new FOLDER</a></h3>
<div>
Just click on icon <img src='includes/images/folder--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter:<br />
- the folder's label or title<br />
- its parent's folder (each folder is the subfolder of an other one)<br />
- a complexity level (complexity level is used for password complexity. When creating a new item, associated password cannot be less complexe than the level required)<br />
- a renewal period expressed in months (is needed in order to force password renewal after a specific period).
</div>
<h3><a href='#'>Edit an existing folder</a></h3>
<div>
In order to change the label, the complexity, the parent folder or the renewal period, you just have to click in the cell.<br />
This will make the cell editable. Change the value and click on icon <img src='includes/images/disk_black.png' alt='' /> to save, or on icon <img src='includes/images/cross.png' alt='' /> to cancel.<br />
<p style='text-align:center;'>
<img src='includes/images/help/folders_1.png' alt='' />
</p>
<div style='margin:10px Opx 0px 20px;'>
Notice that if you change the parent folder, then all subfolders of the changed folder will be moved.
</div>
</div>
<h3><a href='#'>Delete a Folder</a></h3>
<div>
You can decide to give to delete a folder. To do so, just click on icon <img src='includes/images/folder--minus.png' alt='' />.<br />
This will delete all items inside the folder as all subfolders ... be carefull!!!!
<p style='text-align:center;'>
<img src='includes/images/help/folders_2.png' alt='' />
</p>
</div>
<h3><a href='#'>Special tweaks</a></h3>
<div>
Two tweaks exist on folder.<br />
The 1st allows item creation without respecting the required complexity level for the password.<br />
The 2d allows item modification without respecting the required complexity level for the password.<br />
You can also combine both of them.<br />
You can also use them temporarly.
<p style='text-align:center;'>
<img src='includes/images/help/folders_3.png' alt='' />
</p>
</div>
</div>";
$LANG['help_on_roles'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
This page is used in order to create and manage ROLES.<br />
A role is associated to a set of allowed and forbidden folders.<br />
Once several roles are defined, you can associate USERS to them.
</div>
<div id='accordion'>
<h3><a href='#'>Add a new ROLE</a></h3>
<div>
Just click on icon <img src='includes/images/users--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter a title for this new ROLE.
</div>
<h3><a href='#'>Allow or Forbid a folder</a></h3>
<div>
You can use the matrix 'Roles vs Folders' to define the access rights. If a cell is red, then the role can't access to the folder, and if the cell is gree, then the role can access to the folder.<br />
In order to change the access, just click on the cell you want.<br/>
<p style='text-align:center;'>
<span style='text-align:center;'><img src='includes/images/help/roles_1.png' alt='' /></span>
</p>
In previous screen capture, you can see that folder 'Cleaner' is allowed to role 'Dev' but not for role 'Commercial'.
</div>
<h3><a href='#'>Refresh manually the matrix</a></h3>
<div>
Just click on icon <img src='includes/images/arrow_refresh.png' alt='' />.
</div>
<h3><a href='#'>Edit a role</a></h3>
<div>
You can change the title of a role with no impact on the parameters already done.<br />
Select the role you want to change, and click on icon <img src='includes/images/ui-tab--pencil.png' alt='' />.<br />
This will popup a dialogbox in which you will be asked to enter a new title.
</div>
<h3><a href='#'>Delete a role</a></h3>
<div>
You can decide to delete an existing role.<br />
Select the role you want to delete, and click on icon <img src='includes/images/ui-tab--minus.png' alt='' />.<br />
This will popup a dialogbox in which you will be asked to confirm the deletion.
</div>
</div>";
$LANG['help_on_users'] = "<div class='ui-state-highlight ui-corner-all' style='padding:5px;font-weight:bold;'>
This page is used in order to create and manage USERS.<br />
A user account is needed for each physical person that will have to use TeamPass.<br />
<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>1st step is to set what ROLES the user has.<br />
<span class='ui-icon ui-icon-lightbulb' style='float: left;'>&nbsp;</span>2d step is to customize specific folders access or not.
</div>
<div id='accordion'>
<h3><a href='#'>Add a new USER</a></h3>
<div>
Just click on icon <img src='includes/images/user--plus.png' alt='' />. A dedicated dialogbox will appear in which you will have to enter:<br />
- the user's login<br />
- a password (can be generated and will be changed by user at 1st connection)<br />
- a valid email<br />
- if the user will be an Admin (full access to all functionnalities)<br />
- if the user will be a Manager (full rights on Items)<br />
- if the user could have Personal Folders
</div>
<h3><a href='#'>Add a ROLE to a USER</a></h3>
<div>
You can associate a USER to as many ROLES you want. For that, just click on icon <img src='includes/images/cog_edit.png' alt='' />.<br />
A specific dialogbox will appear in which you will have to tick or not the wanted roles.<br /><br />
When a ROLE is added to a USER, then the USER will access to the allowed folders of that ROLE and will have no access to the forbidden ones.<br /><br />
Now you can be more precise in the rights given to a USER by using the fields 'Allowed folders' and 'Forbidden folders'. Indeed, you can allowed or not some others folders even them specified in the ROLE.
<div style='margin:2px Opx 0px 20px;'>
For example:
<p style='margin-left:20px;margin-top: 2px;'>
- USER1 is associated to ROLE1 and ROLE2. <br />
- ROLE1 is set to allow access to folder F1 and F2. <br />
- F1 has 4 subfolders S1, S2, S3 and S4.<br />
- This means that USER1 has access to F1, F2, S1, S2, S3 and S4.<br />
- Now you can customize USER1 by forbidding the access to S4 using this page.
</p>
</div>
</div>
<h3><a href='#'>Is Administrator (GOD)</a></h3>
<div>
You can decide to give the GOD right to a user. To do so, just tick the box.<br />
GOD is allowed to anything in TeamPass with absolutely no restriction ... so be carefull!!!!
<p style='text-align:center;'>
<img src='includes/images/help/users_1.png' alt='' />
</p>
</div>
<h3><a href='#'>Is Manager</a></h3>
<div>
You can decide to give the MANAGER right to a user. To do so, just tick the box.<br />
A Manager can modify and delete items and folders, even them that he has not created.<br />
A manager has only access to the folders he/she is allowed to. So you can create several managers for dedicated departements.
<p style='text-align:center;'>
<img src='includes/images/help/users_2.png' alt='' />
</p>
</div>
<h3><a href='#'>Delete a USER</a></h3>
<div>
You can decide to give to delete a user. To do so, just click on icon <img src='includes/images/user--minus.png' alt='' />.
<p style='text-align:center;'>
<img src='includes/images/help/users_3.png' alt='' />
</p>
</div>
<h3><a href='#'>Change the User's password</a></h3>
<div>
You can decide to give to change the password of a user. To do so, just click on icon <img src='includes/images/lock__pencil.png' alt='' />.<br />
At 1st connection, the user will have to change it.
<p style='text-align:center;'>
<img src='includes/images/help/users_4.png' alt='' />
</p>
</div>
<h3><a href='#'>Change the User's email</a></h3>
<div>
You can decide to give to change the password of a user. To do so, just click on icon <img src='includes/images/mail--pencil.png' alt='' />.<br />
<p style='text-align:center;'>
<img src='includes/images/help/users_5.png' alt='' />
</p>
</div>
</div>";
6 changes: 6 additions & 0 deletions includes/language/estonian_kb.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<?php
$LANG['category'] = "Category";
$LANG['kb'] = "Knowledge Base";
$LANG['kb_anyone_can_modify'] = "Anyone can modify it";
$LANG['kb_form'] = "Manage entries in KB";
$LANG['new_kb'] = "Add a new KB";
7 changes: 2 additions & 5 deletions index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,9 +125,9 @@
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>Teampass</title>
<script type="text/javascript">
if (window.location.href.indexOf("page=") == -1 && window.location.href.indexOf("otv=") == -1) {
if (window.location.href.indexOf("page=") == -1 && (window.location.href.indexOf("otv=") == -1 || window.location.href.indexOf("action=") == -1)) {
if (window.location.href.indexOf("session_over=true") == -1) {
location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/index.php?page=items");
//location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/index.php?page=items");
} else {
location.replace("<?php echo $_SESSION['settings']['cpassman_url'];?>/logout.php");
}
Expand Down Expand Up @@ -305,9 +305,6 @@
<input type="hidden" name="action_on_going" id="action_on_going" value="" />
<input type="hidden" id="duo_sig_response" value="'.@$_POST['sig_response'].'">';

echo '
';

echo '
<div id="', (isset($_GET['page']) && $_GET['page'] == "items" && isset($_SESSION['user_id'])) ? "main_simple" : "main", '">';
// MESSAGE BOX
Expand Down
1 change: 1 addition & 0 deletions install/install.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ function chmod_r($dir, $dirPermissions, $filePermissions) {
array('admin','ldap_ssl','0'),
array('admin','ldap_tls','0'),
array('admin','ldap_elusers','0'),
array('admin','ldap_search_base','0'),
array('admin','richtext','0'),
array('admin','allow_print','0'),
array('admin','roles_allowed_to_print','0'),
Expand Down
3 changes: 1 addition & 2 deletions load.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ function GenerateNewPassword(key, login)
\'"key":"\'+sanitizeString(key)+\'"}\';
//send query
$.post("sources/main.queries.php", {
type : "generate_new_password",
type : "generate_new_password",
data : prepareExchangedData(data, "encode", "'.$_SESSION["key"].'")
},
function(data) {
Expand Down Expand Up @@ -987,7 +987,6 @@ function LoadCPMInfo()
type : "cpm_status"
},
function(data) {
console.log(">> "+data[0].output);
if (data[0].error == "connection") {
$("#CPM_infos").html("Server connection is impossible ... check your Internet/firewall configuration");
} else if (data[0].error == "conf_block") {
Expand Down
4 changes: 2 additions & 2 deletions otv.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
$data['timestamp'] == $_GET['stamp']
) {
// otv is too old
if ($data['timestamp'] < ( time() - ($_SESSION['settings']['otv_expiration_period'] * 86400) ) {
if ($data['timestamp'] < ( time() - ($_SESSION['settings']['otv_expiration_period'] * 86400))) {
$html = "Link is too old!";
} else {
$dataItem = DB::queryfirstrow(
Expand Down Expand Up @@ -87,7 +87,7 @@
"</div>";

// delete entry
DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id']));
DB::delete(prefix_table("otv"), "id = %i", $data['id']);

// display
echo $html;
Expand Down
2 changes: 1 addition & 1 deletion readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ Two ways to provide Docker install
In both cases, the Teampass will be persistent IF you keep the data volume intact between runs and the database content (of course)

#### Docker Compose
* using the provided docker compose file, that you will edit to match your setup (ports/volumes/mysql passwords etc), then build the Taempass image :
* using the provided docker compose file, that you will edit to match your setup (ports/volumes/mysql passwords etc), then build the Teampass image :
```docker-compose build```
* and run the compose app
```docker-compose up -d```
Expand Down
20 changes: 10 additions & 10 deletions sources/core.php
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
<?php
/**
* @file core.php
* @file core.php
* @author Nils Laumaillé
* @version 2.1.26
* @copyright (c) 2009-2015 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
Expand Down Expand Up @@ -39,8 +39,8 @@ function redirect($url)
isset($_SESSION['settings']['enable_sts']) &&
$_SESSION['settings']['enable_sts'] == 1
) {
$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
redirect($url);
$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
redirect($url);
}

/* LOAD CPASSMAN SETTINGS */
Expand Down Expand Up @@ -118,8 +118,8 @@ function redirect($url)

/* CHECK IF LOGOUT IS ASKED OR IF SESSION IS EXPIRED */
if (
(isset($_GET['session']) && $_GET['session'] == "expired")
|| (isset($_POST['session']) && $_POST['session'] == "expired")
(isset($_GET['session']) && $_GET['session'] == "expired")
|| (isset($_POST['session']) && $_POST['session'] == "expired")
) {
// REDIRECTION PAGE ERREUR
echo '
Expand All @@ -135,7 +135,7 @@ function redirect($url)
/* CHECK IF SESSION EXISTS AND IF SESSION IS VALID */
if (!empty($_SESSION['fin_session'])) {
$dataSession = DB::queryFirstRow(
"SELECT key_tempo FROM ".prefix_table("users")." WHERE id=%i",
"SELECT key_tempo FROM ".prefix_table("users")." WHERE id=%i",
$_SESSION['user_id']
);
} else {
Expand Down Expand Up @@ -285,8 +285,8 @@ function redirect($url)
if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
// query on user
$data = DB::queryfirstrow(
"SELECT admin, gestionnaire, can_manage_all_users, groupes_visibles, groupes_interdits, fonction_id FROM ".prefix_table("users")." WHERE id=%i",
$_SESSION['user_id']
"SELECT admin, gestionnaire, can_manage_all_users, groupes_visibles, groupes_interdits, fonction_id FROM ".prefix_table("users")." WHERE id=%i",
$_SESSION['user_id']
);

//Check if user has been deleted or unlogged
Expand All @@ -308,7 +308,7 @@ function redirect($url)
// update user's rights
$_SESSION['user_admin'] = $data['admin'];
$_SESSION['user_manager'] = $data['gestionnaire'];
$_SESSION['user_can_manage_all_users'] = $data['can_manage_all_users'];
$_SESSION['user_can_manage_all_users'] = $data['can_manage_all_users'];
$_SESSION['groupes_visibles'] = array();
$_SESSION['groupes_interdits'] = array();
if (!empty($data['groupes_visibles'])) {
Expand Down
Loading

0 comments on commit 0a81bd2

Please sign in to comment.