Merge branch 'dev'

MedShake · Jan 13, 2020 · af8b248 · af8b248
2 parents 6cc77e3 + 3c07b06
commit af8b248
Show file tree

Hide file tree

Showing 27 changed files with 753 additions and 72 deletions.
diff --git a/class/msForm.php b/class/msForm.php
@@ -233,6 +233,24 @@ public function removeFieldFromForm(&$form, $name) {
       }
     }
 
+/**
+ * Retirer des attributs d'un champ de formulaire après sa génération
+ * @param array $form    formulaire
+ * @param string $name    nom du champ
+ * @param array $attr array attr
+ */
+    public function removeFieldAttrAfterwards(&$form, $name, $attr) {
+      if(isset($form['structure'][$this->_log[$name][0]][$this->_log[$name][1]]['elements'][$this->_log[$name][2]])) {
+        foreach($attr as $v) {
+          unset($form['structure'][$this->_log[$name][0]][$this->_log[$name][1]]['elements'][$this->_log[$name][2]]['value'][$v]);
+        }
+        return true;
+      } else {
+        return false;
+      }
+    }
+
+
 /**
  * Remplacer les valeurs de remplissage des selects du form par défaut
  * @param array $v Array des valeurs array('typeName1'=>array('value1'=>'label1', 'value2'=>'label2' ...), ...)

diff --git a/class/msModBaseSqlGenerate.php b/class/msModBaseSqlGenerate.php
@@ -129,6 +129,8 @@ class msModBaseSqlGenerate extends msSqlGenerate
     'dicomProtocol'=>'http://',
     'utiliserLapExterne'=>'false',
     'utiliserLapExterneName'=>'',
+    'optionGeLoginPassAttribution'=>'admin',
+    'optionGeLoginPassOnlineRecovery'=>'false',
   ];
 
   protected function _getSpecifSql() {

diff --git a/class/msPeopleDestroy.php b/class/msPeopleDestroy.php
@@ -62,7 +62,7 @@ public function getDestroyAutorisation() {
     $dossier = new msPeopleDroits($this->_toID);
     if($dossier->checkIsUser()) $this->_blockingReasons[]="Le dossier à détruire est celui d'un utilisateur";
     if($dossier->checkIsAdmin()) $this->_blockingReasons[]="Le dossier à détruire est celui d'un administrateur";
-    if($dossier->checkIsDetroye()) $this->_blockingReasons[]="Le dossier est déjà détruit";
+    if($dossier->checkIsDestroyed()) $this->_blockingReasons[]="Le dossier est déjà détruit";
 
     if(empty($this->_blockingReasons)) {
       return $this->_autorisationDestroy=true;

diff --git a/class/msPeopleDroits.php b/class/msPeopleDroits.php
@@ -75,7 +75,7 @@ public function checkIsUser() {
  * Vérifier si le people est de type destroyed
  * @return bool true/false
  */
-  public function checkIsDetroye() {
+  public function checkIsDestroyed() {
     if($this->_basicUserData['type'] == 'destroyed') {
       return true;
     } else {

diff --git a/class/msSend.php b/class/msSend.php
@@ -22,7 +22,7 @@
 
 /**
  *
- * Envoyer : EN TRAVAUX ! NON UTILISÉE POUR LE MOMENT
+ * Envoyer : EN TRAVAUX !
  *
  * @author Bertrand Boutillier <[email protected]>
  */
@@ -102,6 +102,13 @@ public function setBody($body) {
     $this->_body=$body;
   }
 
+  public function setBodyHtml($bodyHtml) {
+    if(!is_bool($bodyHtml)) {
+      throw new Exception('BodyHtml is not bool');
+    }
+    $this->_bodyHtml=$bodyHtml;
+  }
+
   public function setAttachments($attachments) {
     $this->_attachments=array_merge($this->_attachments, (array)$attachments);
   }
@@ -231,8 +238,13 @@ private function _sendSmtp() {
         }
         $mail->addAttachment($attachment, $docName);
     }
-    $mail->Body = nl2br($this->_body);
-    $mail->AltBody = $this->_body;
+
+    if($this->_bodyHtml) {
+      $mail->Body = nl2br($this->_body);
+      $mail->AltBody = $this->_body;
+    } else {
+      $mail->Body = $this->_body;
+    }
 
     return $mail->send();
   }

diff --git a/class/msTools.php b/class/msTools.php
@@ -480,4 +480,20 @@ public static function getPrefixKeyArray($tab, $prefix) {
      return $prefixTab;
    }
 
+/**
+ * Générer une chaine aléatoire de caractères
+ * @param  integer $length longueur de la chaine
+ * @param  string  $chars  caractères éligibles
+ * @return string          chaine aléatoire
+ */
+   public static function getRandomStr($length = 8, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789') {
+     $count = mb_strlen($chars);
+     for ($i = 0, $result = ''; $i < $length; $i++) {
+         $index = rand(0, $count - 1);
+         $result .= mb_substr($chars, $index, 1);
+     }
+     return $result;
+   }
+
+
 }
diff --git a/class/msUser.php b/class/msUser.php
@@ -57,6 +57,20 @@ class msUser
  */
     private $_userSecret2fa=null;
 
+    private $_userPasswordRecoveryStr;
+
+/**
+ * Définir le userID
+ * @param int $userID userID
+ */
+    public function setUserID($userID) {
+      if(msPeople::checkPeopleExist($userID)) {
+        $this->_userID = $userID;
+      } else {
+        throw new Exception('UserID does not exist');
+      }
+    }
+
 /**
  * Indentification de l'utilisateur
  * @return bool|array Si succès renvoie array avec données utilisateur
@@ -317,6 +331,18 @@ public static function getUserIdFromName($name) {
         return msSQL::sqlUniqueChamp("SELECT id FROM people WHERE name='".msSQL::cleanVar($name)."' limit 1");
     }
 
+/**
+ * Obtenir le username à partir de l'id
+ * @param  int $name userID
+ * @return string       username
+ */
+    public static function getUsernameFromId($id) {
+        if (!is_numeric($id)) {
+            throw new Exception('Id is not numeric');
+        }
+        return msSQL::sqlUniqueChamp("SELECT name FROM people WHERE id='".msSQL::cleanVar($id)."' limit 1");
+    }
+
 /**
  * Obtenir le password d'un utilisateur via son ID
  * @param  int $userID userID
@@ -405,4 +431,116 @@ private function _checkPasswordFormatAndUpdate() {
        }
      }
 
+/**
+ * Envoyer un mail de création de compte utilisateur
+ * @param  int $userID ID utilisateur
+ * @return bool         true/false
+ */
+     public static function mailUserNewAccount($userID) {
+       global $p;
+       if (!is_numeric($userID)) {
+           throw new Exception('UserID is not numeric');
+       }
+       $people = new msPeople();
+       $people->setToID($userID);
+       $people->setFromID($p['user']['id']);
+       $peopleData = $people->getSimpleAdminDatasByName();
+
+       $mailTo='';
+       if(isset($peopleData['profesionnalEmail']) and !empty($peopleData['profesionnalEmail'])) {
+         $mailTo = $peopleData['profesionnalEmail'];
+       } elseif(isset($peopleData['personalEmail'])  and !empty($peopleData['personalEmail'])) {
+         $mailTo = $peopleData['personalEmail'];
+       }
+
+       $mail = new msSend();
+       $mail->setSendType('ns');
+       $mail->setSendService($p['config']['smtpTracking']);
+       $mail->setTo($mailTo);
+       $mail->setFrom($p['config']['smtpFrom']);
+       $mail->setFromName($p['config']['smtpFromName']);
+       $mail->setSubject("Votre compte ".$p['config']['designAppName']);
+       $mail->setBody("Bonjour\n\nVoici votre nom d'utilisateur pour ".$p['config']['designAppName']." : ".msUser::getUsernameFromId($userID)."\nLe mot de passe correspondant sera délivré dans un second mail.\n\nBien cordialement,\n\nL'administrateur");
+       return $mail->send();
+     }
+
+/**
+ * Envoyer le mot de passe initial par mail
+ * @param  int $userID   ID user
+ * @param  string $password mot de passe
+ * @return bool           true/false
+ */
+     public static function mailUserNewPassword($userID, $password) {
+       global $p;
+       if (!is_numeric($userID)) {
+           throw new Exception('UserID is not numeric');
+       }
+       $people = new msPeople();
+       $people->setToID($userID);
+       $people->setFromID($p['user']['id']);
+       $peopleData = $people->getSimpleAdminDatasByName();
+
+       $mailTo='';
+       if(isset($peopleData['profesionnalEmail']) and !empty($peopleData['profesionnalEmail'])) {
+         $mailTo = $peopleData['profesionnalEmail'];
+       } elseif(isset($peopleData['personalEmail'])  and !empty($peopleData['personalEmail'])) {
+         $mailTo = $peopleData['personalEmail'];
+       }
+
+       $mail = new msSend();
+       $mail->setSendType('ns');
+       $mail->setSendService($p['config']['smtpTracking']);
+       $mail->setTo($mailTo);
+       $mail->setFrom($p['config']['smtpFrom']);
+       $mail->setFromName($p['config']['smtpFromName']);
+       $mail->setSubject("Votre compte ".$p['config']['designAppName']);
+       $mail->setBody("Bonjour\n\nVoici votre mot de passe pour ".$p['config']['designAppName']." : ".$password."\n\nBien cordialement,\n\nL'administrateur");
+       return $mail->send();
+     }
+
+/**
+ * Initialiser un nouveau processus de recouvrement de password
+ * @return bool           true/false
+ */
+     public function setUserAccountToNewPasswordRecoveryProcess() {
+       if(!isset($this->_userID)) throw new Exception('UserID is not defined');
+
+       $this->_userPasswordRecoveryStr = msTools::getRandomStr(25);
+       return msSQL::sqlQuery("UPDATE people set lastLostPassDate=NOW(), lastLostPassRandStr='".$this->_userPasswordRecoveryStr."'  WHERE id='".$this->_userID."' limit 1");
+     }
+
+/**
+ * Fermer le processus de recouvrement de password
+ * @return bool           true/false
+ */
+     public function setUserAccountPasswordRecoveryProcessClosed() {
+       if(!isset($this->_userID)) throw new Exception('UserID is not defined');
+       return msSQL::sqlQuery("UPDATE people set lastLostPassRandStr=NULL  WHERE id='".$this->_userID."' limit 1");
+     }
+
+/**
+ * Envoyer l'email de modification du mot de passe
+ * @param  string $email email
+ * @return bool        true/false suivant résultat expédition mail
+ */
+     public function mailUserPasswordRecoveryProcess($email) {
+       if(!isset($this->_userID)) throw new Exception('UserID is not defined');
+       if(!isset($this->_userPasswordRecoveryStr)) throw new Exception('UserPasswordRecoveryStr is not defined');
+       global $p;
+
+       $mail = new msSend();
+       $mail->setSendType('ns');
+       $mail->setSendService($p['config']['smtpTracking']);
+       $mail->setTo($email);
+       $mail->setBodyHtml(FALSE);
+       $mail->setFrom($p['config']['smtpFrom']);
+       $mail->setFromName($p['config']['smtpFromName']);
+       $mail->setSubject("Votre compte ".$p['config']['designAppName']);
+
+       $link = $p['config']['protocol'].$p['config']['host'].$p['config']['urlHostSuffixe']."/public/lostPassword/setNew/".$this->_userPasswordRecoveryStr."/";
+
+       $mail->setBody("Bonjour\n\nVoici un lien pour recouvrer l'usage de votre compte  ".$p['config']['designAppName']." :\n".$link."\n\nCe lien est valable 10 minutes\n\nBien cordialement,\n\nL'administrateur");
+       return $mail->send();
+     }
+
 }
diff --git a/config/routes.yml b/config/routes.yml
@@ -215,6 +215,8 @@ userPhoneCaptureAccess: ['GET', '/user/userPhoneCaptureAccess/', 'user/userPhone
 publicAjax: ['POST', '/public/ajax/[a:m]/', 'public/actions/publicAjax']
 publicSigner: ['GET', '/public/signer/[a:signPeriphName]?/', 'public/signer']
 publicSignerMerci: ['GET', '/public/signer-merci/', 'public/signerMerci']
+publicLostPasswordEmailAsk: ['GET', '/public/lostPassword/emailAsk/', 'public/lostPassword/emailAsk']
+publicLostPasswordNewSet: ['GET', '/public/lostPassword/setNew/[a:str]/', 'public/lostPassword/newSet']
 
 #routes pour le module (! on part de controlers/module/ cette fois !)
 moduleAjax: ['POST', '/module/ajax/[a:m]/', 'actions/moduleAjax']

diff --git a/controlers/configuration/actions/inc-ajax-configChangePassword.php b/controlers/configuration/actions/inc-ajax-configChangePassword.php
@@ -29,30 +29,62 @@
 
 if (!msUser::checkUserIsAdmin()) {die("Erreur: vous n'êtes pas administrateur");}
 
-//check & validate datas
-$gump=new GUMP('fr');
-$_POST = $gump->sanitize($_POST);
-$gump->validation_rules(array(
-  'id'=> 'required|numeric',
-  'password'=> 'required|checkPasswordLength',
-));
-
-$gump->filter_rules(array(
-  'id'=> 'trim',
-  'password'=> 'trim',
-));
-
-$validated_data = $gump->run($_POST);
-
-if ($validated_data === false) {
-  exit(json_encode([
-    'status'=>'erreur',
-    'msg'=>implode('; ',$gump->get_errors_array())
-  ]));
+if($p['config']['optionGeLoginPassAttribution'] == 'random') {
+  //check & validate datas
+  $gump=new GUMP('fr');
+  $_POST = $gump->sanitize($_POST);
+  $gump->validation_rules(array(
+    'id'=> 'required|numeric',
+  ));
+  $gump->filter_rules(array(
+    'id'=> 'trim',
+  ));
+
+  $validated_data = $gump->run($_POST);
+
+  if ($validated_data === false) {
+    exit(json_encode([
+      'status'=>'erreur',
+      'msg'=>implode('; ',$gump->get_errors_array())
+    ]));
+  } else {
+    $randomPassword = msTools::getRandomStr($p['config']['optionGeLoginPassMinLongueur']);
+    msUser::setUserNewPassword($_POST['id'], $randomPassword);
+    msUser::mailUserNewPassword($_POST['id'], $randomPassword);
+
+    exit(json_encode([
+      'status'=>'ok',
+      'msg'=>''
+    ]));
+  }
+
+
 } else {
-  msUser::setUserNewPassword($_POST['id'], $_POST['password']);
-  exit(json_encode([
-    'status'=>'ok',
-    'msg'=>''
-  ]));
+  //check & validate datas
+  $gump=new GUMP('fr');
+  $_POST = $gump->sanitize($_POST);
+  $gump->validation_rules(array(
+    'id'=> 'required|numeric',
+    'password'=> 'required|checkPasswordLength',
+  ));
+
+  $gump->filter_rules(array(
+    'id'=> 'trim',
+    'password'=> 'trim',
+  ));
+
+  $validated_data = $gump->run($_POST);
+
+  if ($validated_data === false) {
+    exit(json_encode([
+      'status'=>'erreur',
+      'msg'=>implode('; ',$gump->get_errors_array())
+    ]));
+  } else {
+    msUser::setUserNewPassword($_POST['id'], $_POST['password']);
+    exit(json_encode([
+      'status'=>'ok',
+      'msg'=>''
+    ]));
+  }
 }