[Fusionforge-commits] FusionForge branch feature/user-account-expiry-5.1 created. 33ea7cdb7b5030b4fe5d2342834b9ab3349c9faf

Thorsten Glaser mirabilos at fusionforge.org
Fri Dec 5 14:02:22 CET 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, feature/user-account-expiry-5.1 has been created
        at  33ea7cdb7b5030b4fe5d2342834b9ab3349c9faf (commit)

- Log -----------------------------------------------------------------
commit 33ea7cdb7b5030b4fe5d2342834b9ab3349c9faf
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Fri Dec 5 14:01:48 2014 +0100

    oops, forgot to actually honour the parameter to disable expiry checking

diff --git a/src/common/include/session.php b/src/common/include/session.php
index e2bb694..6a76457 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -549,7 +549,7 @@ function session_set_internalEx($user_id, $res=false, $checkvalid=true) {
 
 	$G_SESSION = user_get_object($user_id, $res);
 	if ($G_SESSION) {
-		if (!$G_SESSION->isActive(false))
+		if ($checkvalid && !$G_SESSION->isActive(false))
 			return false;
 		$G_SESSION->setLoggedIn(true);
 	}

commit 4d847728e600283686232eca0b01327234fd2f69
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 16:14:44 2014 +0100

    automated suspension of expired users, every hour

diff --git a/src/cronjobs/shell_cleanup.php b/src/cronjobs/shell_cleanup.php
new file mode 100755
index 0000000..70b384c
--- /dev/null
+++ b/src/cronjobs/shell_cleanup.php
@@ -0,0 +1,56 @@
+#!/usr/bin/php
+<?php
+/*-
+ * Cleanup cronjob for the FusionForge shell module
+ *
+ * Copyright © 2014
+ *	Thorsten “mirabilos” Glaser <t.glaser at tarent.de>
+ * All rights reserved.
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *-
+ * Short description of the module or comments or whatever
+ */
+
+require dirname(__FILE__).'/../common/include/env.inc.php';
+require_once $gfcommon.'include/pre.php';
+require_once $gfcommon.'include/cron_utils.php';
+
+$res = db_query_params('SELECT * FROM users
+	WHERE expire_date != 0
+	    AND expire_date < $1',
+    array(time()));
+
+while ($arr = db_fetch_array($res)) {
+	$u = new GFUser($arr['user_id'], $arr);
+	if (!$u || !is_object($u)) {
+		echo "E: could not get user " . $arr['user_id'] . "\n";
+		continue;
+	} else
+	if ($u->isError())
+		echo "W: user " . $arr['user_id'] . " has error\n";
+	if (!$u->setStatus('S'))
+		echo "E: could not suspend user " . $arr['user_id'] .
+		    " (" . $u->getUnixName() . "): " .
+		    $u->getErrorMessage() . "\n";
+	if (!$u->setUnixStatus('S'))
+		echo "E: could not suspend account " . $arr['user_id'] .
+		    " (" . $u->getUnixName() . "): " .
+		    $u->getErrorMessage() . "\n";
+}
+
+/* sync nss-pgsql */
+cron_reload_nscd();
diff --git a/src/packaging/cron.d/shell-postgresql b/src/packaging/cron.d/shell-postgresql
index ee816f8..62cc1a9 100644
--- a/src/packaging/cron.d/shell-postgresql
+++ b/src/packaging/cron.d/shell-postgresql
@@ -4,3 +4,6 @@
 
 # SCM/user/group update
 0 * * * * root [ -x /usr/share/@OLDPACKAGE@/bin/update-user-group-ssh.sh ] && /usr/share/@OLDPACKAGE@/bin/update-user-group-ssh.sh > /dev/null 2>&1
+
+# Maintenance (suspend expired users, etc.)
+40 * * * * root $PHP $FFCRON/shell_cleanup.php
diff --git a/src/packaging/install/shell-postgresql b/src/packaging/install/shell-postgresql
index 1d30a26..313ca78 100644
--- a/src/packaging/install/shell-postgresql
+++ b/src/packaging/install/shell-postgresql
@@ -1,2 +1,3 @@
+cronjobs/shell_cleanup.php usr/share/@OLDPACKAGE@/cronjobs/
 deb-specific/fusionforge.rsyslog etc/rsyslog.d/
 utils/install-nsspgsql.sh usr/share/@OLDPACKAGE@/bin/

commit 014bdc42a3d703867d583466badea85aad5e01f1
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 16:00:08 2014 +0100

    remove expiry when deleting a user

diff --git a/src/common/include/User.class.php b/src/common/include/User.class.php
index f31b76f..c7732cf 100644
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@ -484,6 +484,13 @@ Enjoy the site.
 				db_rollback();
 				return false;
 			}
+			$res = db_query_params('UPDATE users SET expire_date=0 WHERE user_id=$1',
+			    array($this->getID()));
+			if (!$res) {
+				$this->setError(_('ERROR - Could Not Update User Object:') . ' ' . db_error());
+				db_rollback();
+				return false;
+			}
 			if (!$this->setUnixStatus('D')) {
 				db_rollback();
 				return false;

commit 9f9239d0c45ed848d01e643e6b4d661bdeb161ba
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 15:49:45 2014 +0100

    better error msg when logging in

diff --git a/src/common/include/session.php b/src/common/include/session.php
index 4e156db..e2bb694 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -188,11 +188,11 @@ function session_login_valid_dbonly($loginname, $passwd, $allowpending) {
 
 	// Try to get the users from the database using user_id and (MD5) user_pw
 	if (forge_get_config('require_unique_email')) {
-		$res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE (user_name=$1 OR email=$1) AND user_pw=$2',
+		$res = db_query_params ('SELECT user_id,status,unix_pw,expire_date FROM users WHERE (user_name=$1 OR email=$1) AND user_pw=$2',
 					array ($loginname,
 					       md5($passwd))) ;
 	} else {
-		$res = db_query_params ('SELECT user_id,status,unix_pw FROM users WHERE user_name=$1 AND user_pw=$2',
+		$res = db_query_params ('SELECT user_id,status,unix_pw,expire_date FROM users WHERE user_name=$1 AND user_pw=$2',
 					array ($loginname,
 					       md5($passwd))) ;
 	}
@@ -263,6 +263,10 @@ function session_login_valid_dbonly($loginname, $passwd, $allowpending) {
 		if ($allowpending && ($usr['status'] == 'P')) {
 			//1;
 		} else {
+			if ($usr['expire_date'] && ($usr['expire_date'] < time())) {
+				$feedback = _('Account expired');
+				return false;
+			}
 			if ($usr['status'] == 'S') {
 				//acount suspended
 				$feedback = _('Account Suspended');

commit 7c870cb85d1519404ff3861d2fdedbbf4114caef
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 15:43:39 2014 +0100

    make sqlparser.pm happy

diff --git a/src/db/20141203-user-expiry.sql b/src/db/20141203-user-expiry.sql
index ef30ab9..08d9fa0 100644
--- a/src/db/20141203-user-expiry.sql
+++ b/src/db/20141203-user-expiry.sql
@@ -9,4 +9,4 @@ DO $$
 			WHEN duplicate_column THEN RAISE NOTICE 'column expire_date already added to table users';
 		END;
 	END;
-$$
+$$;

commit 8b60c8042e2544b10fc5bd4c0d143d488c21c858
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 15:33:27 2014 +0100

    manual and login-preventing account expiry times

diff --git a/src/common/include/Group.class.php b/src/common/include/Group.class.php
index 6691056..3434698 100644
--- a/src/common/include/Group.class.php
+++ b/src/common/include/Group.class.php
@@ -2496,7 +2496,7 @@ class Group extends Error {
 		
 		// Temporarily switch to the submitter's identity
 		$saved_session = session_get_user () ;
-		session_set_internal ($idadmin_group) ;
+		session_set_internalEx($idadmin_group, false, false);
 
 		if ($template) {
 			if (forge_get_config ('use_tracker')) {
@@ -2660,7 +2660,7 @@ class Group extends Error {
 		}
 
 		// Switch back to user preference
-		session_set_internal ($saved_session->getID()) ;
+		session_set_internalEx($saved_session->getID(), false, false);
 		setup_gettext_from_context();
 
 		db_commit();
diff --git a/src/common/include/User.class.php b/src/common/include/User.class.php
index e5eb345..f31b76f 100644
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@ -678,14 +678,52 @@ Enjoy the site.
 	 *	isActive - whether this user is confirmed and active.
 	 *
 	 *	Database field status of 'A' returns true.
+	 *	Account is not expired.
 	 *	@return	boolean is_active.
 	 */
-	function isActive() {
-		if ($this->getStatus()=='A') {
+	function isActive($checkstatus=true) {
+		if ($checkstatus && ($this->getStatus() != 'A'))
+			/* account not active */
+			return false;
+		if (!$this->getExpiry())
+			/* account does not expire */
 			return true;
-		} else {
+		if ($this->getExpiry() < time())
+			/* account has expired */
+			return false;
+		return true;
+	}
+
+	/* returns time_t, or falsy if account does not expire */
+	function getExpiry() {
+		return $this->data_array['expire_date'];
+	}
+
+	/* takes a time_t or 0 if account does not expire */
+	function setExpiry($t) {
+		db_begin();
+		$res = db_query_params('UPDATE users
+			SET expire_date=$2
+			WHERE user_id=$1',
+		    array($this->getID(), $t));
+		if (!$res) {
+			$this->setError(_('ERROR - Could Not Update User Object:') . ' ' . db_error());
+			db_rollback();
 			return false;
 		}
+		if (!$this->fetchData($this->getID())) {
+			db_rollback();
+			return false;
+		}
+
+		$hook_params = array(
+			'user' => $this,
+			'user_id' => $this->getID(),
+		    );
+		plugin_hook("user_update_expiry", $hook_params);
+
+		db_commit();
+		return true;
 	}
 
 	/**
@@ -1627,5 +1665,3 @@ function sortUserList (&$list, $criterion='name') {
 // mode: php
 // c-file-style: "bsd"
 // End:
-
-?>
diff --git a/src/common/include/session.php b/src/common/include/session.php
index 163daa4..4e156db 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -535,20 +535,23 @@ function session_set_new($user_id) {
 		exit_error(db_error(), '');
 	} elseif (db_numrows($res) < 1) {
 		exit_error(_('Could not fetch user session data'), '');
-	} else {
-		session_set_internal($user_id, $res);
+	} elseif (!session_set_internalEx($user_id, $res)) {
+		exit_error(_('Account expired'), '');
 	}
 }
 
-function session_set_internal($user_id, $res=false) {
+function session_set_internalEx($user_id, $res=false, $checkvalid=true) {
 	global $G_SESSION;
 
 	$G_SESSION = user_get_object($user_id, $res);
 	if ($G_SESSION) {
+		if (!$G_SESSION->isActive(false))
+			return false;
 		$G_SESSION->setLoggedIn(true);
 	}
 
 	RBACEngine::getInstance()->invalidateRoleCaches();
+	return true;
 }
 
 /**
@@ -624,12 +627,7 @@ function session_set() {
 		}
 	} // else (hash does not exist) or (session hash is bad)
 
-	if ($id_is_good) {
-		$G_SESSION = user_get_object($user_id, $result);
-		if ($G_SESSION) {
-			$G_SESSION->setLoggedIn(true);
-		}
-	} else {
+	if (!$id_is_good || !session_set_internalEx($user_id, $result)) {
 		$G_SESSION=false;
 
 		// if there was bad session cookie, kill it and the user cookie
diff --git a/src/db/20141203-user-expiry.sql b/src/db/20141203-user-expiry.sql
new file mode 100644
index 0000000..ef30ab9
--- /dev/null
+++ b/src/db/20141203-user-expiry.sql
@@ -0,0 +1,12 @@
+-- ALTER TABLE ADD COLUMN IF NOT EXISTS for PostgreSQL
+
+DO $$
+	BEGIN
+		BEGIN
+			ALTER TABLE users
+			    ADD COLUMN expire_date INTEGER NOT NULL DEFAULT 0;
+		EXCEPTION
+			WHEN duplicate_column THEN RAISE NOTICE 'column expire_date already added to table users';
+		END;
+	END;
+$$
diff --git a/src/deb-specific/db-upgrade.pl b/src/deb-specific/db-upgrade.pl
index 6d2d045..11e2784 100755
--- a/src/deb-specific/db-upgrade.pl
+++ b/src/deb-specific/db-upgrade.pl
@@ -1957,6 +1957,7 @@ eval {
     &update_with_sql("20120321-add-news-in-activity_vw","5.1-12");
     &update_with_sql("20120903-no-unix-account-for-deleted-users", "5.1-13");
     &update_with_sql("20121112-fix-projecttask-external_id", "5.1-14");
+    &update_with_sql("20141203-user-expiry", "5.1-15");
 
     ########################### INSERT HERE #################################
 
diff --git a/src/www/admin/useredit.php b/src/www/admin/useredit.php
index e5891f8..602de3e 100644
--- a/src/www/admin/useredit.php
+++ b/src/www/admin/useredit.php
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001 (c) VA Linux Systems
  * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
+ * Copyright © 2014 Thorsten “mirabilos” Glaser <t.glaser at tarent.de>
  *
  * This file is part of FusionForge. FusionForge is free software;
  * you can redistribute it and/or modify it under the terms of the
@@ -24,6 +25,7 @@
 require_once('../env.inc.php');
 require_once $gfcommon.'include/pre.php';
 require_once $gfcommon.'include/account.php';
+require_once $gfcommon.'include/datepick.php';
 require_once $gfwww.'admin/admin_utils.php';
 
 session_require_global_perm ('forge_admin');
@@ -56,8 +58,16 @@ if (getStringFromRequest('delete_user') != '' && getStringFromRequest('confirm_d
 	$shell = getStringFromRequest('shell');
 	$status = getStringFromRequest('status');
 
+	$newexp = getIntFromRequest('accexp_bool') ?
+	    getStringFromRequest('accexp_date') : '';
+	$newexp = $newexp ? datepick_parse($newexp) : 0;
+	if ($newexp && ($newexp < time()))
+		/* account has expired */
+		$status = 'S';
+
     //XXX use_shell
 	if (!$u->setEmail($email)
+		|| !$u->setExpiry($newexp)
 		|| (forge_get_config('use_shell') && !$u->setShell($shell))
 		|| !$u->setStatus($status)) {
 		exit_error( _('Could Not Complete Operation: ').$u->getErrorMessage(),'admin');
@@ -82,6 +92,7 @@ if (getStringFromRequest('delete_user') != '' && getStringFromRequest('confirm_d
 
 }
 
+datepick_prepare();
 $title = _('Site Admin: User Info');
 site_admin_header(array('title'=>$title));
 
@@ -121,6 +132,21 @@ site_admin_header(array('title'=>$title));
 </tr>
 
 <tr>
+<td><?php echo _('Account expiry'); ?></td>
+<td><?php
+$isexp = $u->getExpiry();
+echo html_e('input', array(
+	'type' => 'checkbox',
+	'name' => 'accexp_bool',
+	'value' => 1,
+	'checked' => ($isexp ? 'checked' : false),
+    )) . ' ' . _('expires on') . ': ';
+datepick_emit('accexp_date',
+    $isexp ? datepick_format($isexp, true) : '', true);
+?></td>
+</tr>
+
+<tr>
 <td>
 <?php echo _('Web account status'); ?>
 </td>

commit 8e0d092f040d94df710803504d7dc9c9320b9377
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Wed Dec 3 16:00:46 2014 +0100

    bugfix: check set*Status retval in delete

diff --git a/src/common/include/User.class.php b/src/common/include/User.class.php
index 17b7f95..e5eb345 100644
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@ -480,8 +480,14 @@ Enjoy the site.
 			$hook_params['user_id'] = $this->getID();
 			plugin_hook ("user_delete", $hook_params);
 			
-			$this->setStatus('D');
-			$this->setUnixStatus('D');
+			if (!$this->setStatus('D', true)) {
+				db_rollback();
+				return false;
+			}
+			if (!$this->setUnixStatus('D')) {
+				db_rollback();
+				return false;
+			}
 			db_commit();
 		}
 		return true;

-----------------------------------------------------------------------


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list