From 8c6da61f469274aaae7dbbbb1b9c123c49b95196 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 12:53:53 +0200 Subject: [PATCH 1/8] Disable all new registred users --- controller/registercontroller.php | 12 +++++++++++- service/mailservice.php | 4 ++-- service/registrationservice.php | 3 +++ templates/email.newuser.disabled_html.php | 2 ++ templates/email.newuser.disabled_plaintext.php | 2 ++ 5 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 templates/email.newuser.disabled_html.php create mode 100644 templates/email.newuser.disabled_plaintext.php diff --git a/controller/registercontroller.php b/controller/registercontroller.php index 2112e3a..7c16c54 100644 --- a/controller/registercontroller.php +++ b/controller/registercontroller.php @@ -149,7 +149,17 @@ class RegisterController extends Controller { ], 'guest'); } - return $this->registrationService->loginUser($user->getUID(), $username, $password, false); + if ($user->isEnabled()) { + // log the user + return $this->registrationService->loginUser($user->getUID(), $username, $password, false); + } else { + // warn the user their account needs admin validation + return new TemplateResponse( + 'registration', + 'message', + array('msg' => "Your account has been successfully created, but it still needs approval from an administrator."), + 'guest'); + } } private function renderError($error, $hint="") { diff --git a/service/mailservice.php b/service/mailservice.php index 25448ac..47acb75 100644 --- a/service/mailservice.php +++ b/service/mailservice.php @@ -135,9 +135,9 @@ class MailService { 'user' => $username, 'sitename' => $this->defaults->getName() ]; - $html_template = new TemplateResponse('registration', 'email.newuser_html', $template_var, 'blank'); + $html_template = new TemplateResponse('registration', 'email.newuser.disabled_html', $template_var, 'blank'); $html_part = $html_template->render(); - $plaintext_template = new TemplateResponse('registration', 'email.newuser_plaintext', $template_var, 'blank'); + $plaintext_template = new TemplateResponse('registration', 'email.newuser.disabled_plaintext', $template_var, 'blank'); $plaintext_part = $plaintext_template->render(); $subject = $this->l10n->t('A new user "%s" has created an account on %s', [$username, $this->defaults->getName()]); diff --git a/service/registrationservice.php b/service/registrationservice.php index bf4c67f..37a004f 100644 --- a/service/registrationservice.php +++ b/service/registrationservice.php @@ -293,6 +293,9 @@ class RegistrationService { } } + // Disable user unconditionaly + $user->setEnabled(false); + // Delete pending registration if no client secret is stored if($registration->getClientSecret() === null) { $res = $this->registrationMapper->delete($registration); diff --git a/templates/email.newuser.disabled_html.php b/templates/email.newuser.disabled_html.php new file mode 100644 index 0000000..ef23ba2 --- /dev/null +++ b/templates/email.newuser.disabled_html.php @@ -0,0 +1,2 @@ +t('A new user "%s" has created an account on %s and awaits admin validation', [$_['user'], $_['sitename']]); diff --git a/templates/email.newuser.disabled_plaintext.php b/templates/email.newuser.disabled_plaintext.php new file mode 100644 index 0000000..ef23ba2 --- /dev/null +++ b/templates/email.newuser.disabled_plaintext.php @@ -0,0 +1,2 @@ +t('A new user "%s" has created an account on %s and awaits admin validation', [$_['user'], $_['sitename']]); From 651439c233288bd2a91a146410b54e9dc834f749 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 14:02:38 +0200 Subject: [PATCH 2/8] Option for disabling new registered users --- controller/settingscontroller.php | 19 +++++++++++++++++-- service/mailservice.php | 22 +++++++++++++++++----- service/registrationservice.php | 9 ++++++--- templates/admin.php | 5 +++++ 4 files changed, 45 insertions(+), 10 deletions(-) diff --git a/controller/settingscontroller.php b/controller/settingscontroller.php index f01eadc..0252317 100644 --- a/controller/settingscontroller.php +++ b/controller/settingscontroller.php @@ -47,14 +47,21 @@ class SettingsController extends Controller { * * @param string $registered_user_group all newly registered user will be put in this group * @param string $allowed_domains Registrations are only allowed for E-Mailadresses with these domains + * @param bool $admin_approval_required newly registered users have to be validated by an admin * @return DataResponse */ - public function admin($registered_user_group, $allowed_domains) { + public function admin($registered_user_group, $allowed_domains, $admin_approval_required) { + // handle domains if ( ( $allowed_domains==='' ) || ( $allowed_domains === NULL ) ){ $this->config->deleteAppValue($this->appName, 'allowed_domains'); }else{ $this->config->setAppValue($this->appName, 'allowed_domains', $allowed_domains); } + + // handle admin validation + $this->config->setAppValue($this->appName, 'admin_approval_required', $admin_approval_required ? "yes" : "no"); + + // handle groups $groups = $this->groupmanager->search(''); $group_id_list = array(); foreach ( $groups as $group ) { @@ -92,17 +99,25 @@ class SettingsController extends Controller { * @return TemplateResponse */ public function displayPanel() { + // handle groups $groups = $this->groupmanager->search(''); $group_id_list = []; foreach ( $groups as $group ) { $group_id_list[] = $group->getGid(); } $current_value = $this->config->getAppValue($this->appName, 'registered_user_group', 'none'); + + // handle domains $allowed_domains = $this->config->getAppValue($this->appName, 'allowed_domains', ''); + + // handle admin validation + $admin_approval_required = $this->config->getAppValue($this->appName, 'admin_approval_required', "no"); + return new TemplateResponse('registration', 'admin', [ 'groups' => $group_id_list, 'current' => $current_value, - 'allowed' => $allowed_domains + 'allowed' => $allowed_domains, + 'approval_required' => $admin_approval_required ], ''); } } diff --git a/service/mailservice.php b/service/mailservice.php index 47acb75..39172a1 100644 --- a/service/mailservice.php +++ b/service/mailservice.php @@ -106,8 +106,9 @@ class MailService { /** * @param string $userId + * @param bool $userIsEnabled */ - public function notifyAdmins($userId) { + public function notifyAdmins($userId, $userIsEnabled) { // Notify admin $admin_users = $this->groupManager->get('admin')->getUsers(); $to_arr = array(); @@ -118,7 +119,7 @@ class MailService { } } try { - $this->sendNewUserNotifEmail($to_arr, $userId); + $this->sendNewUserNotifEmail($to_arr, $userId, $userIsEnabled); } catch (\Exception $e) { $this->logger->error('Sending admin notification email failed: '. $e->getMessage()); } @@ -128,16 +129,27 @@ class MailService { * Sends new user notification email to admin * @param array $to * @param string $username the new user + * @param bool $userIsEnabled the new user account is enabled * @throws \Exception */ - private function sendNewUserNotifEmail(array $to, $username) { + private function sendNewUserNotifEmail(array $to, $username, $userIsEnabled) { $template_var = [ 'user' => $username, 'sitename' => $this->defaults->getName() ]; - $html_template = new TemplateResponse('registration', 'email.newuser.disabled_html', $template_var, 'blank'); + + // handle user enableness + if ($userIsEnabled) { + $html_template_file = 'email.newuser_html'; + $plaintext_template_file = 'email.newuser_plaintext'; + } else { + $html_template_file = 'email.newuser.disabled_html'; + $plaintext_template_file = 'email.newuser.disabled_plaintext'; + } + + $html_template = new TemplateResponse('registration', $html_template_file, $template_var, 'blank'); $html_part = $html_template->render(); - $plaintext_template = new TemplateResponse('registration', 'email.newuser.disabled_plaintext', $template_var, 'blank'); + $plaintext_template = new TemplateResponse('registration', $plaintext_template_file, $template_var, 'blank'); $plaintext_part = $plaintext_template->render(); $subject = $this->l10n->t('A new user "%s" has created an account on %s', [$username, $this->defaults->getName()]); diff --git a/service/registrationservice.php b/service/registrationservice.php index 37a004f..83a4d57 100644 --- a/service/registrationservice.php +++ b/service/registrationservice.php @@ -293,8 +293,11 @@ class RegistrationService { } } - // Disable user unconditionaly - $user->setEnabled(false); + // disable user if this is requested by config + $admin_approval_required = $this->config->getAppValue($this->appName, 'admin_approval_required', "no"); + if ($admin_approval_required) { + $user->setEnabled(false); + } // Delete pending registration if no client secret is stored if($registration->getClientSecret() === null) { @@ -304,7 +307,7 @@ class RegistrationService { } } - $this->mailService->notifyAdmins($userId); + $this->mailService->notifyAdmins($userId, $user->isEnabled()); return $user; } diff --git a/templates/admin.php b/templates/admin.php index 8695603..8641035 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -23,4 +23,9 @@ foreach ( $_['groups'] as $group ) { t('Enter a semicolon-separated list of allowed domains. Example: owncloud.com;github.com'));?>

+

+ +

From dc922e72b7ef4b7f6902cfef1eccbb84fcadadc2 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 14:09:55 +0200 Subject: [PATCH 3/8] Fix wrong interpreted config value type --- service/registrationservice.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/registrationservice.php b/service/registrationservice.php index 83a4d57..0214550 100644 --- a/service/registrationservice.php +++ b/service/registrationservice.php @@ -295,7 +295,7 @@ class RegistrationService { // disable user if this is requested by config $admin_approval_required = $this->config->getAppValue($this->appName, 'admin_approval_required', "no"); - if ($admin_approval_required) { + if ($admin_approval_required == "yes") { $user->setEnabled(false); } From d933e7889698f71911effa074407163c811d4899 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 15:01:51 +0200 Subject: [PATCH 4/8] L10n for admin validation messages --- controller/registercontroller.php | 2 +- l10n/de.js | 5 ++++- l10n/de.json | 7 +++++-- l10n/fr.js | 5 ++++- l10n/fr.json | 7 +++++-- l10n/ja.js | 5 ++++- l10n/ja.json | 7 +++++-- templates/email.newuser.disabled_html.php | 2 +- templates/email.newuser.disabled_plaintext.php | 2 +- 9 files changed, 30 insertions(+), 12 deletions(-) diff --git a/controller/registercontroller.php b/controller/registercontroller.php index 7c16c54..9132681 100644 --- a/controller/registercontroller.php +++ b/controller/registercontroller.php @@ -157,7 +157,7 @@ class RegisterController extends Controller { return new TemplateResponse( 'registration', 'message', - array('msg' => "Your account has been successfully created, but it still needs approval from an administrator."), + array('msg' => $this->l10n->t("Your account has been successfully created, but it still needs approval from an administrator.")), 'guest'); } } diff --git a/l10n/de.js b/l10n/de.js index a5f8233..ed79558 100644 --- a/l10n/de.js +++ b/l10n/de.js @@ -38,6 +38,9 @@ OC.L10N.register( "Email" : "E-Mail", "Request verification link" : "Bestätigungslink anfragen", "Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben", - "You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten" + "You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "Ein neuer Benutzer \"%s\" hat ein Konto auf %s erstellt und erwarte den Administrator Approbation ", + "Your account has been successfully created, but it still needs approval from an administrator." : "Ihr Konto wurde erfolgreich erstellt, aber es muss von einem Administrator genehmigt werden.", + "Require admin approval?" : "Ist der Administrator Approbation erforderlich?" }, "nplurals=2; plural=(n != 1);"); diff --git a/l10n/de.json b/l10n/de.json index f52c182..7aca01f 100644 --- a/l10n/de.json +++ b/l10n/de.json @@ -36,6 +36,9 @@ "Email" : "E-Mail", "Request verification link" : "Bestätigungslink anfragen", "Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben", - "You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten" + "You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "Ein neuer Benutzer \"%s\" hat ein Konto auf %s erstellt und erwarte den Administrator Approbation ", + "Your account has been successfully created, but it still needs approval from an administrator." : "Ihr Konto wurde erfolgreich erstellt, aber es muss von einem Administrator genehmigt werden.", + "Require admin approval?" : "Ist der Administrator Approbation erforderlich?" },"pluralForm" :"nplurals=2; plural=(n != 1);" -} \ No newline at end of file +} diff --git a/l10n/fr.js b/l10n/fr.js index bb2a4da..1e36187 100644 --- a/l10n/fr.js +++ b/l10n/fr.js @@ -30,6 +30,9 @@ OC.L10N.register( "Email" : "Adresse courriel", "Request verification link" : "Demander un lien de vérification.", "Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide", - "You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification" + "You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "Un nouvel utilisateur \"%s\" a créé un compte sur %s et attend l'approbation d'un administrateur", + "Your account has been successfully created, but it still needs approval from an administrator." : "Votre compte a bien été créé, il doit maintenant être approuvé par un administrateur.", + "Require admin approval?" : "Nécessite l'approbation d'un administrateur ?" }, "nplurals=2; plural=(n > 1);"); diff --git a/l10n/fr.json b/l10n/fr.json index 89d800a..6328e81 100644 --- a/l10n/fr.json +++ b/l10n/fr.json @@ -28,6 +28,9 @@ "Email" : "Adresse courriel", "Request verification link" : "Demander un lien de vérification.", "Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide", - "You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification" + "You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "Un nouvel utilisateur \"%s\" a créé un compte sur %s et attend l'approbation d'un administrateur", + "Your account has been successfully created, but it still needs approval from an administrator." : "Votre compte a bien été créé, il doit maintenant être approuvé par un administrateur.", + "Require admin approval?" : "Nécessite l'approbation d'un administrateur ?" },"pluralForm" :"nplurals=2; plural=(n > 1);" -} \ No newline at end of file +} diff --git a/l10n/ja.js b/l10n/ja.js index c5a5ff5..80d2cd2 100644 --- a/l10n/ja.js +++ b/l10n/ja.js @@ -30,6 +30,9 @@ OC.L10N.register( "Email" : "メール", "Request verification link" : "確認URLリンクをリクエスト", "Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。", - "You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。" + "You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "新しいユーザー \"%s\" を アカウント名 \"%s\" として作成しました、今管理者の承認は必要です", + "Your account has been successfully created, but it still needs approval from an administrator." : "アカウントは作成成功しましたけど、管理者の承認は必要です。", + "Require admin approval?" : "管理者の承認は必要ですか" }, "nplurals=1; plural=0;"); diff --git a/l10n/ja.json b/l10n/ja.json index b7b1094..91af2c4 100644 --- a/l10n/ja.json +++ b/l10n/ja.json @@ -28,6 +28,9 @@ "Email" : "メール", "Request verification link" : "確認URLリンクをリクエスト", "Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。", - "You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。" + "You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。", + "A new user \"%s\" has created an account on %s and awaits admin approbation" : "新しいユーザー \"%s\" を アカウント名 \"%s\" として作成しました、今管理者の承認は必要です", + "Your account has been successfully created, but it still needs approval from an administrator." : "アカウントは作成成功しましたけど、管理者の承認は必要です。", + "Require admin approval?" : "管理者の承認は必要ですか" },"pluralForm" :"nplurals=1; plural=0;" -} \ No newline at end of file +} diff --git a/templates/email.newuser.disabled_html.php b/templates/email.newuser.disabled_html.php index ef23ba2..6407ffb 100644 --- a/templates/email.newuser.disabled_html.php +++ b/templates/email.newuser.disabled_html.php @@ -1,2 +1,2 @@ t('A new user "%s" has created an account on %s and awaits admin validation', [$_['user'], $_['sitename']]); +echo $l->t('A new user "%s" has created an account on %s and awaits admin approbation', [$_['user'], $_['sitename']]); diff --git a/templates/email.newuser.disabled_plaintext.php b/templates/email.newuser.disabled_plaintext.php index ef23ba2..6407ffb 100644 --- a/templates/email.newuser.disabled_plaintext.php +++ b/templates/email.newuser.disabled_plaintext.php @@ -1,2 +1,2 @@ t('A new user "%s" has created an account on %s and awaits admin validation', [$_['user'], $_['sitename']]); +echo $l->t('A new user "%s" has created an account on %s and awaits admin approbation', [$_['user'], $_['sitename']]); From 1246ea24e53859fe593592afb69310e9a1e7d362 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 16:43:39 +0200 Subject: [PATCH 5/8] Add notification to subadmins of the default group --- service/mailservice.php | 16 +++++++++++++++- service/registrationservice.php | 5 ++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/service/mailservice.php b/service/mailservice.php index 39172a1..02cd682 100644 --- a/service/mailservice.php +++ b/service/mailservice.php @@ -106,11 +106,25 @@ class MailService { /** * @param string $userId + * @param string $userGroupId * @param bool $userIsEnabled */ - public function notifyAdmins($userId, $userIsEnabled) { + public function notifyAdmins($userId, $userIsEnabled, $userGroupId) { // Notify admin $admin_users = $this->groupManager->get('admin')->getUsers(); + + // if the user is disabled and belongs to a group + // add subadmins of this group to notification list + if (!$userIsEnabled and $userGroupId) { + $group = $this->groupManager->get($userGroupId); + $subadmin_users = $group->getSubAdmin()->getGroupsSubAdmins($group); + foreach ($subadmin_users as $user) { + if (!in_array($user, $admin_users)) { + $admin_users[] = $user; + } + } + } + $to_arr = array(); foreach ( $admin_users as $au ) { $au_email = $au->getEMailAddress(); diff --git a/service/registrationservice.php b/service/registrationservice.php index 0214550..ef7c0f9 100644 --- a/service/registrationservice.php +++ b/service/registrationservice.php @@ -288,9 +288,12 @@ class RegistrationService { try { $group = $this->groupManager->get($registered_user_group); $group->addUser($user); + $groupId = $group->gitGID(); } catch (\Exception $e) { throw new RegistrationException($e->getMessage()); } + } else { + $groupId = ""; } // disable user if this is requested by config @@ -307,7 +310,7 @@ class RegistrationService { } } - $this->mailService->notifyAdmins($userId, $user->isEnabled()); + $this->mailService->notifyAdmins($userId, $user->isEnabled(), $groupId); return $user; } From 6844009d716285ecb835dd897756dadd68cfb968 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 16:47:18 +0200 Subject: [PATCH 6/8] Fix typo --- service/registrationservice.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/registrationservice.php b/service/registrationservice.php index ef7c0f9..20f4e8c 100644 --- a/service/registrationservice.php +++ b/service/registrationservice.php @@ -288,7 +288,7 @@ class RegistrationService { try { $group = $this->groupManager->get($registered_user_group); $group->addUser($user); - $groupId = $group->gitGID(); + $groupId = $group->getGID(); } catch (\Exception $e) { throw new RegistrationException($e->getMessage()); } From 614eabce41a6e160bdd9b29ff408ade19fe73c76 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 16:55:06 +0200 Subject: [PATCH 7/8] Fix call to getSubAdmin --- service/mailservice.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/mailservice.php b/service/mailservice.php index 02cd682..248f95d 100644 --- a/service/mailservice.php +++ b/service/mailservice.php @@ -117,7 +117,7 @@ class MailService { // add subadmins of this group to notification list if (!$userIsEnabled and $userGroupId) { $group = $this->groupManager->get($userGroupId); - $subadmin_users = $group->getSubAdmin()->getGroupsSubAdmins($group); + $subadmin_users = $this->$groupManager->getSubAdmin()->getGroupsSubAdmins($group); foreach ($subadmin_users as $user) { if (!in_array($user, $admin_users)) { $admin_users[] = $user; From 595bc5b0ab54dad5bffc5433ee7f4369c0bc65c4 Mon Sep 17 00:00:00 2001 From: Neraste Date: Sat, 21 Oct 2017 16:57:54 +0200 Subject: [PATCH 8/8] Fix typo --- service/mailservice.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/mailservice.php b/service/mailservice.php index 248f95d..a9b0e57 100644 --- a/service/mailservice.php +++ b/service/mailservice.php @@ -117,7 +117,7 @@ class MailService { // add subadmins of this group to notification list if (!$userIsEnabled and $userGroupId) { $group = $this->groupManager->get($userGroupId); - $subadmin_users = $this->$groupManager->getSubAdmin()->getGroupsSubAdmins($group); + $subadmin_users = $this->groupManager->getSubAdmin()->getGroupsSubAdmins($group); foreach ($subadmin_users as $user) { if (!in_array($user, $admin_users)) { $admin_users[] = $user;