hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-23 18:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix phras-47 Force authentication to see push content

Browse Source
This commit is contained in:
Nicolas Le Goff
2014-05-05 17:52:53 +02:00
parent c56fc230ab
commit 45ec715eea
7 changed files with 54 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/Alchemy/Phrasea/Controller/Prod/Push.php
View File

@@ -213,15 +213,20 @@ class Push implements ControllerProviderInterface
$app['EM']->flush(); $app['EM']->flush();
$url = $app->url('lightbox_compare', array( $arguments = array(
'ssel_id' => $Basket->getId(), 'ssel_id' => $Basket->getId(),
'LOG' => $app['tokens']->getUrlToken( );
if (!$app['phraseanet.registry']->get('GV_force_push_authentication') || !$request->get('force_authentication')) {
$arguments['LOG'] = $app['tokens']->getUrlToken(
\random::TYPE_VIEW, \random::TYPE_VIEW,
$user_receiver->get_id(), $user_receiver->get_id(),
null, null,
$Basket->getId() $Basket->getId()
) );
)); }
$url = $app->url('lightbox_compare', $arguments);
$receipt = $request->get('recept') ? $app['authentication']->getUser()->get_email() : ''; $receipt = $request->get('recept') ? $app['authentication']->getUser()->get_email() : '';
@@ -359,7 +364,7 @@ class Push implements ControllerProviderInterface
try { try {
$participant_user = \User_Adapter::getInstance($participant['usr_id'], $app); $participant_user = \User_Adapter::getInstance($participant['usr_id'], $app);
} catch (\Exception $e) { } catch (\Exception $e) {
throw new ControllerException(sprintf(_('Unknown user %d'), $receiver['usr_id'])); throw new ControllerException(sprintf(_('Unknown user %d'), $participant['usr_id']));
} }
try { try {

10
lib/Alchemy/Phrasea/Security/Firewall.php
View File

@@ -102,10 +102,14 @@ class Firewall
return $this; return $this;
} }
public function requireAuthentication() public function requireAuthentication(Request $request = null)
{ {
$params = array();
if (null !== $request) {
$params['redirect'] = '..' . $request->getPathInfo();
}
if (!$this->app['authentication']->isAuthenticated()) { if (!$this->app['authentication']->isAuthenticated()) {
return new RedirectResponse($this->app->path('homepage')); return new RedirectResponse($this->app->path('homepage', $params));
} }
} }
@@ -118,7 +122,7 @@ class Firewall
$app = $this->app; $app = $this->app;
$controllers->before(function (Request $request) use ($app) { $controllers->before(function (Request $request) use ($app) {
if (null !== $response = $app['firewall']->requireAuthentication()) { if (null !== $response = $app['firewall']->requireAuthentication($request)) {
return $response; return $response;
} }
}); });

7
lib/conf.d/_GV_template.inc
View File

@@ -265,6 +265,13 @@ return call_user_func_array(function(Application $app) {
), array( ), array(
'section' => _('Main configuration'), 'section' => _('Main configuration'),
'vars' => array( 'vars' => array(
array(
'type' => \registry::TYPE_BOOLEAN,
'name' => 'GV_force_push_authentication',
'comment' => _('Enable Forcing authentication to see push content'),
'help' => _('Adds an option to the push form submission to restrict push recipient(s) to Phraseanet users only.'),
'default' => false
),
array( array(
'type' => \registry::TYPE_STRING, 'type' => \registry::TYPE_STRING,
'name' => 'GV_adminMail', 'name' => 'GV_adminMail',

1
templates/web/prod/actions/Push.html.twig
View File

@@ -214,6 +214,7 @@
<textarea name="message" style="display:none;"></textarea> <textarea name="message" style="display:none;"></textarea>
<input type="hidden" name="duration" value=""/> <input type="hidden" name="duration" value=""/>
<input type="checkbox" value="1" name="recept" style="display:none;"/> <input type="checkbox" value="1" name="recept" style="display:none;"/>
<input type="checkbox" value="1" name="force_authentication" style="display:none;"/>
<div class="PNB badges"></div> <div class="PNB badges"></div>
</form> </form>
<div class="PNB10 footer"> <div class="PNB10 footer">

31
templates/web/prod/templates/push.html.twig
View File

@@ -128,7 +128,7 @@
<script type="text/template" id="feedback_sendform_tpl"> <script type="text/template" id="feedback_sendform_tpl">
<form> <form>
<div class="Feedback" style="display:none;"> <div class="Feedback control-group" style="display:none;">
<label for="PushSendFormDuration">{% trans %}Time for feedback (days){% endtrans %}</label> <label for="PushSendFormDuration">{% trans %}Time for feedback (days){% endtrans %}</label>
<select id="PushSendFormDuration" name="duration" class="input-block-level"> <select id="PushSendFormDuration" name="duration" class="input-block-level">
<option {% if 20 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="20">20</option> <option {% if 20 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="20">20</option>
@@ -140,20 +140,39 @@
<option {% if 1 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="1">1</option> <option {% if 1 == app['phraseanet.registry'].get('GV_val_expiration') %}selected="selected"{% endif %} value="1">1</option>
</select> </select>
</div> </div>
<div> <div class="control-group">
<label for="PushSendFormRecept">{% trans %}Name{% endtrans %}</label> <label for="PushSendFormName">{% trans %}Name{% endtrans %}</label>
<input id="PushSendFormName" type="text" name="name" class="input-block-level"/> <input id="PushSendFormName" type="text" name="name" class="input-block-level"/>
</div> </div>
<div> <div class="control-group">
<label for="PushSendFormMessage">{% trans %}Message{% endtrans %}</label> <label for="PushSendFormMessage">{% trans %}Message{% endtrans %}</label>
<textarea id="PushSendFormMessage" name="message" class="input-block-level"></textarea> <textarea id="PushSendFormMessage" name="message" class="input-block-level" rows="6"></textarea>
</div> </div>
<div> <div class="control-group">
<label for="PushSendFormRecept" class="checkbox"> <label for="PushSendFormRecept" class="checkbox">
<input id="PushSendFormRecept" type="checkbox" name="recept" value="1"/> <input id="PushSendFormRecept" type="checkbox" name="recept" value="1"/>
{% trans %}Accuse de reception{% endtrans %} {% trans %}Accuse de reception{% endtrans %}
</label> </label>
</div> </div>
{% if app['phraseanet.registry'].get('GV_force_push_authentication') %}
<div class="control-group">
<label for="PushForceAuthentication" class="checkbox">
<input id="PushForceAuthentication" type="checkbox" checked="checked" name="force_authentication" value="1"/>
{% trans %}Force authentication{% endtrans %}
</label>
</div>
<div class="control-group info">
<span class="help-inline" style="font-style: italic">
<i class="icon-info-sign"></i>
{% trans %}
The parameter "force authentication" forces the recipient(s) of the push to possess a Phraseanet account
to see its contents.
This avoids anonymous users to access to the content of the push if they were able to get the display
url through a forwarded mail for example.
{% endtrans %}
</span>
</div>
{% endif %}
</form> </form>
</script> </script>

4
tests/Alchemy/Tests/Phrasea/Security/FirewallTest.php
View File

@@ -8,12 +8,12 @@ class FirewallTest extends \PhraseanetWebTestCaseAuthenticatedAbstract
public function testRequiredAuth() public function testRequiredAuth()
{ {
$this->assertNull(self::$DI['app']['firewall']->requireAuthentication(self::$DI['app'])); $this->assertNull(self::$DI['app']['firewall']->requireAuthentication());
} }
public function testRequiredAuthNotAuthenticated() public function testRequiredAuthNotAuthenticated()
{ {
$this->logout(self::$DI['app']); $this->logout(self::$DI['app']);
$this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication(self::$DI['app'])); $this->assertInstanceOf('Symfony\Component\HttpFoundation\RedirectResponse', self::$DI['app']['firewall']->requireAuthentication());
} }
} }

3
www/skins/prod/jquery.Feedback.js
View File

@@ -166,12 +166,13 @@
$('input[name="duration"]', $FeedBackForm).val($('select[name="duration"]', $dialog.getDomElement()).val()); $('input[name="duration"]', $FeedBackForm).val($('select[name="duration"]', $dialog.getDomElement()).val());
$('textarea[name="message"]', $FeedBackForm).val($('textarea[name="message"]', $dialog.getDomElement()).val()); $('textarea[name="message"]', $FeedBackForm).val($('textarea[name="message"]', $dialog.getDomElement()).val());
$('input[name="recept"]', $FeedBackForm).attr('checked', $('input[name="recept"]', $dialog.getDomElement()).attr('checked')); $('input[name="recept"]', $FeedBackForm).attr('checked', $('input[name="recept"]', $dialog.getDomElement()).attr('checked'));
$('input[name="force_authentication"]', $FeedBackForm).attr('checked', $('input[name="force_authentication"]', $dialog.getDomElement()).attr('checked'));
$FeedBackForm.trigger('submit'); $FeedBackForm.trigger('submit');
}; };
var options = { var options = {
size: 'Small', size: 'Medium',
buttons: buttons, buttons: buttons,
loading: true, loading: true,
title: language.send, title: language.send,