Merge branch 'develop' into feature/faf_event_service

# Conflicts: # application/cmdbabstract.class.inc.php # application/loginwebpage.class.inc.php # core/dbobject.class.php # core/log.class.inc.php # lib/composer/autoload_classmap.php # lib/composer/autoload_static.php # setup/compiler.class.inc.php # test/phpunit.xml.dist
2026-02-13 07:24:13 +01:00 · 2021-12-31 08:42:16 +01:00
parent 78f51d40f6 16142bd979
commit 551abc861e
4160 changed files with 303752 additions and 85353 deletions
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2017 Combodo SARL
+// Copyright (C) 2010-2021 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -20,12 +20,14 @@
 /**
 * Class LoginWebPage
 *
- * @copyright   Copyright (C) 2010-2017 Combodo SARL
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
 * @license     http://opensource.org/licenses/AGPL-3.0
 */

 use Combodo\iTop\Service\Event;
 use Combodo\iTop\Service\EventName;
+use Combodo\iTop\Application\Branding;
+use Combodo\iTop\Application\Helper\Session;

 /**
 * Web page used for displaying the login form
@@ -81,14 +83,14 @@ class LoginWebPage extends NiceWebPage
 	
 	public function __construct($sTitle = null)
 	{
-	    if($sTitle === null)
-        {
-            $sTitle = Dict::S('UI:Login:Title');
-        }
+		if ($sTitle === null) {
+			$sTitle = Dict::S('UI:Login:Title');
+		}

 		parent::__construct($sTitle);
 		$this->SetStyleSheet();
-		$this->add_header("Cache-control: no-cache");
+		$this->no_cache();
+		$this->add_xframe_options();
 	}
 	
 	public function SetStyleSheet()
@@ -110,7 +112,7 @@ class LoginWebPage extends NiceWebPage
 	 * @throws \CoreException
 	 * @throws \CoreUnexpectedValue
 	 */
-	public static function SynchroniseProfiles(&$oUser, array $aProfiles, $sOrigin)
+	public static function SynchronizeProfiles(&$oUser, array $aProfiles, $sOrigin)
 	{
 		$oProfilesSet = $oUser->Get(‘profile_list’);
 		//delete old profiles
@@ -142,16 +144,9 @@ class LoginWebPage extends NiceWebPage

 	public function DisplayLoginHeader($bMainAppLogo = false)
 	{
-		$sLogo = 'itop-logo-external.png';
-		$sBrandingLogo = 'login-logo.png';
-
 		$sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_APPLICATION, ITOP_VERSION);
 		$sIconUrl = Utils::GetConfig()->Get('app_icon_url');
-		$sDisplayIcon = utils::GetAbsoluteUrlAppRoot().'images/'.$sLogo.'?t='.utils::GetCacheBusterTimestamp();
-		if (file_exists(MODULESROOT.'branding/'.$sBrandingLogo))
-		{
-			$sDisplayIcon = utils::GetAbsoluteUrlModulesRoot().'branding/'.$sBrandingLogo.'?t='.utils::GetCacheBusterTimestamp();
-		}
+		$sDisplayIcon = Branding::GetLoginLogoAbsoluteUrl();
 		$this->add("<div id=\"login-logo\"><a href=\"".htmlentities($sIconUrl, ENT_QUOTES,
 				self::PAGES_CHARSET)."\"><img title=\"$sVersionShort\" src=\"$sDisplayIcon\"></a></div>\n");
 	}
@@ -395,11 +390,11 @@ class LoginWebPage extends NiceWebPage
 	public static function ResetSession()
 	{
 		// Unset all of the session variables.
-		unset($_SESSION['auth_user']);
-		unset($_SESSION['login_state']);
-		unset($_SESSION['can_logoff']);
-		unset($_SESSION['archive_mode']);
-		unset($_SESSION['impersonate_user']);
+		Session::Unset('auth_user');
+		Session::Unset('login_state');
+		Session::Unset('can_logoff');
+		Session::Unset('archive_mode');
+		Session::Unset('impersonate_user');
 		UserRights::_ResetSessionCache();
 		// If it's desired to kill the session, also delete the session cookie.
 		// Note: This will destroy the session, and not just the session data!
@@ -445,11 +440,11 @@ class LoginWebPage extends NiceWebPage
 		}
 		$bLoginDebug = MetaModel::GetConfig()->Get('login_debug');

-		if (!isset($_SESSION['login_state']) || ($_SESSION['login_state'] == self::LOGIN_STATE_ERROR))
+		if (Session::Get('login_state') == self::LOGIN_STATE_ERROR)
 		{
-			$_SESSION['login_state'] = self::LOGIN_STATE_START;
+			Session::Set('login_state', self::LOGIN_STATE_START);
 		}
-		$sLoginState = $_SESSION['login_state'];
+		$sLoginState = Session::Get('login_state');
 		$bFireEvent = ($sLoginState != self::LOGIN_STATE_CONNECTED);

 		$sSessionLog = '';
@@ -509,7 +504,7 @@ class LoginWebPage extends NiceWebPage

 				// Every plugin has nothing else to do in this state, go forward
 				$sLoginState = self::AdvanceLoginFSMState($sLoginState);
-				$_SESSION['login_state'] = $sLoginState;
+				Session::Set('login_state', $sLoginState);
 			}
 			catch (Exception $e)
 			{
@@ -536,7 +531,7 @@ class LoginWebPage extends NiceWebPage

 		if ($bFilterWithMode)
 		{
-			$sCurrentLoginMode = isset($_SESSION['login_mode']) ? $_SESSION['login_mode'] : '';
+			$sCurrentLoginMode = Session::Get('login_mode', '');
 		}
 		else
 		{
@@ -675,8 +670,8 @@ class LoginWebPage extends NiceWebPage
 			$oLog->DBInsertNoReload();
 		}

-		$_SESSION['auth_user'] = $sAuthUser;
-		$_SESSION['login_mode'] = $sLoginMode;
+		Session::Set('auth_user', $sAuthUser);
+		Session::Set('login_mode', $sLoginMode);
 		UserRights::_InitSessionCache();
 	}

@@ -691,10 +686,10 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function CheckLoggedUser(&$iErrorCode)
 	{
-		if (isset($_SESSION['auth_user']))
+		if (Session::IsSet('auth_user'))
 		{
 			// Already authenticated
-			$bRet = UserRights::Login($_SESSION['auth_user']); // Login & set the user's language
+			$bRet = UserRights::Login(Session::Get('auth_user')); // Login & set the user's language
 			if ($bRet)
 			{
 				$iErrorCode = self::EXIT_CODE_OK;
@@ -722,17 +717,17 @@ class LoginWebPage extends NiceWebPage

 	public static function SetLoginModeAndReload($sNewLoginMode)
 	{
-		if (isset($_SESSION['login_mode']) && ($_SESSION['login_mode'] == $sNewLoginMode))
+		if (Session::Get('login_mode') == $sNewLoginMode)
 		{
 			return;
 		}
-		$_SESSION['login_mode'] = $sNewLoginMode;
+		Session::Set('login_mode', $sNewLoginMode);
 		self::HTTPReload();
 	}

 	public static function HTTPReload()
 	{
-		$sOriginURL = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+		$sOriginURL = utils::GetCurrentAbsoluteUrl();
 		if (!utils::StartsWith($sOriginURL, utils::GetAbsoluteUrlAppRoot()))
 		{
 			// If the found URL does not start with the configured AppRoot URL
@@ -839,9 +834,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);

@@ -893,9 +888,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);

@@ -934,11 +929,11 @@ class LoginWebPage extends NiceWebPage

 			// Now synchronize the profiles
 			$sOrigin = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sOrigin .= " ({$_SESSION['login_mode']})";
+				$sOrigin .= " (".Session::Get('login_mode').")";
 			}
-			$aExistingProfiles = self::SynchroniseProfiles($oUser, $aProfiles, $sOrigin);
+			$aExistingProfiles = self::SynchronizeProfiles($oUser, $aProfiles, $sOrigin);
 			if ($oUser->IsModified())
 			{
 				$oUser->DBWrite();
@@ -1021,7 +1016,6 @@ class LoginWebPage extends NiceWebPage
 		$sMessage = self::HandleOperations($operation); // May exit directly
 	
 		$iRet = self::Login($iOnExit);
-	
 		if ($iRet == self::EXIT_CODE_OK)
 		{
 			if ($bMustBeAdmin && !UserRights::IsAdministrator())
@@ -1101,19 +1095,23 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
+				$sAuthUser = Session::Get('auth_user');
+				$sIssue = Session::Get('pwd_issue');
+				Session::Unset('pwd_issue');
+				$bFailedLogin = ($sIssue != null); // Force the "failed login" flag to display the "issue" message
+
 				UserRights::Login($sAuthUser); // Set the user's language
 				$oPage = self::NewLoginWebPage();
-				$oPage->DisplayChangePwdForm();
+				$oPage->DisplayChangePwdForm($bFailedLogin, $sIssue);
 				$oPage->output();
 				exit;
 			}
 		}
 		else if ($operation == 'check_pwd_policy')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			$sAuthUser = Session::Get('auth_user');
 			UserRights::Login($sAuthUser); // Set the user's language

 			$aPwdMap = array();
@@ -1131,9 +1129,9 @@ class LoginWebPage extends NiceWebPage
 		}
 		if ($operation == 'do_change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
+				$sAuthUser = Session::Get('auth_user');
 				UserRights::Login($sAuthUser); // Set the user's language
 				$sOldPwd = utils::ReadPostedParam('old_pwd', '', 'raw_data');
 				$sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data');