[#136] Only external users can change password

2fc415ae · Francesc Guasch · fd0aecae · 2fc415ae · 2fc415ae · 2fc415ae
Commit 2fc415ae authored Apr 25, 2017 by Francesc Guasch
--- a/lib/Ravada.pm
+++ b/lib/Ravada.pm
@@ -162,6 +162,7 @@ sub _upgrade_table {

    warn "INFO: adding $field $definition to $table\n";
    $dbh->do("alter table $table add $field $definition");
+    return 1;
 }

 sub _create_table {
@@ -228,6 +229,12 @@ sub _upgrade_tables {
    $self->_upgrade_table('iso_images','device','varchar(255)');

    $self->_upgrade_table('users','language','char(3) DEFAULT NULL');
+    if ( $self->_upgrade_table('users','is_external','int(11) DEFAULT 0')) {
+        my $sth = $CONNECTOR->dbh->prepare(
+            "UPDATE users set is_external=1 WHERE password='*LK* no pss'"
+        );
+        $sth->execute;
+    }
 }



--- a/lib/Ravada/Auth/LDAP.pm
+++ b/lib/Ravada/Auth/LDAP.pm
@@ -297,7 +297,7 @@ sub _check_user_profile {
    my $user_sql = Ravada::Auth::SQL->new(name => $self->name);
    return if $user_sql->id;

-    Ravada::Auth::SQL::add_user(name => $self->name);
+    Ravada::Auth::SQL::add_user(name => $self->name, is_external => 1, is_temporary => 0);
 }

 sub _match_password {

--- a/lib/Ravada/Auth/SQL.pm
+++ b/lib/Ravada/Auth/SQL.pm
@@ -106,14 +106,16 @@ sub add_user {
        if keys %args;

    my $sth = $$CON->dbh->prepare(
-            "INSERT INTO users (name,password,is_admin,is_temporary) VALUES(?,?,?,?)");
+            "INSERT INTO users (name,password,is_admin,is_temporary, is_external)"
+            ." VALUES(?,?,?,?,?)");

    if ($password) {
        $password = sha1_hex($password);
    } else {
        $password = '*LK* no pss';
    }
-    $sth->execute($name,$password,$is_admin,$is_temporary);
+    $sth->execute($name,$password,$is_admin,$is_temporary
+        , ($args{is_external} or 0));
    $sth->finish;
 }

@@ -247,6 +249,21 @@ sub is_admin {
    return $self->{_data}->{is_admin};
 }

+=head2 is_external
+
+Returns true if the user authentication is not from SQL
+
+    my $is = $user->is_external;
+
+=cut
+
+
+sub is_external {
+    my $self = shift;
+    return $self->{_data}->{is_external};
+}
+
+
 =head2 is_temporary

 Returns true if the user is admin.

--- a/sql/mysql/users.sql
+++ b/sql/mysql/users.sql
@@ -5,6 +5,7 @@ CREATE TABLE `users` (
  `change_password` integer DEFAULT 1,
  `is_admin` integer DEFAULT 0,
  `is_temporary` integer DEFAULT 0,
+  `is_external` integer DEFAULT 0,
  `language` char(3) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)

--- a/sql/sqlite/users.sql
+++ b/sql/sqlite/users.sql
@@ -5,6 +5,7 @@ CREATE TABLE `users` (
 ,  `change_password` integer DEFAULT 1
 ,  `is_admin` integer DEFAULT 0
 ,  `is_temporary` integer DEFAULT 0
+,  `is_external` integer DEFAULT 0
 ,  `language` char(3) DEFAULT NULL
 ,  UNIQUE (`name`)
 );
--- a/templates/bootstrap/user_settings.html.ep
+++ b/templates/bootstrap/user_settings.html.ep
@@ -33,8 +33,8 @@
 %                            }     
                        </form>                
                        </p>
-                        <p>____<p></br>
-                          
+%   if (!$_user->is_external) {
+                        <hr>
                        <form method='post' enctype="multipart/form-data">
                            <p><%=l 'New Password:' %><input type= 'password' name= 'password' id='password'></p>
                            <p><%=l 'Confirm Password:' %><input type='password' name='conf_password' id='conf_password'></p>
@@ -44,6 +44,7 @@
 %                               }     
                            </p>
                        </form>
+%   }
                  </div>
                  </div>
            </div>