Fixes #4240 - allows admins to use custom password reset URL

This commit is contained in:
snipe 2017-10-19 12:22:27 -07:00
parent 54000ff69f
commit e185dc68af
7 changed files with 70 additions and 2 deletions

View file

@ -826,6 +826,7 @@ class SettingsController extends Controller
$setting->is_ad = $request->input('is_ad', '0');
$setting->ldap_tls = $request->input('ldap_tls', '0');
$setting->ldap_pw_sync = $request->input('ldap_pw_sync', '0');
$setting->custom_forgot_pass_url = $request->input('custom_forgot_pass_url');
if ($setting->save()) {
return redirect()->route('settings.index')

View file

@ -38,6 +38,7 @@ class Setting extends Model
"pwd_secure_min" => "numeric|required|min:5",
"audit_warning_days" => "numeric|nullable",
"audit_interval" => "numeric|nullable",
"custom_forgot_pass_url" => "url|nullable",
];
protected $fillable = ['site_name','email_domain','email_format','username_format'];

View file

@ -0,0 +1,32 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class AddCustomForgotPasswordUrl extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('settings', function (Blueprint $table) {
$table->string('custom_forgot_pass_url')->nullable()->default(null);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('settings', function (Blueprint $table) {
$table->dropColumn('custom_forgot_pass_url');
});
}
}

View file

@ -23,6 +23,8 @@ return array(
'confirm_purge_help' => 'Enter the text "DELETE" in the box below to purge your deleted records. This action cannot be undone.',
'custom_css' => 'Custom CSS',
'custom_css_help' => 'Enter any custom CSS overrides you would like to use. Do not include the &lt;style&gt;&lt;/style&gt; tags.',
'custom_forgot_pass_url' => 'Custom Password Reset URL',
'custom_forgot_pass_url_help' => 'This replaces the built-in forgotten password URL on the login screen, useful to direct people to internal or hosted LDAP password reset functionality. It will effectively disable local user forgotten password functionality.',
'default_currency' => 'Default Currency',
'default_eula_text' => 'Default EULA',
'default_language' => 'Default Language',
@ -44,6 +46,8 @@ return array(
'ldap_enabled' => 'LDAP enabled',
'ldap_integration' => 'LDAP Integration',
'ldap_settings' => 'LDAP Settings',
'ldap_login_test_help' => 'Enter a valid LDAP username and password to test whether your LDAP login is configured correctly.',
'ldap_login_sync_help' => 'This only tests that LDAP can sync correctly. If your LDAP Authentication query is not correct, users may still not be able to login.',
'ldap_server' => 'LDAP Server',
'ldap_server_help' => 'This should start with ldap:// (for unencrypted or TLS) or ldaps:// (for SSL)',
'ldap_server_cert' => 'LDAP SSL certificate validation',

View file

@ -63,7 +63,13 @@
<button class="btn btn-lg btn-primary btn-block">{{ trans('auth/general.login') }}</button>
</div>
<div class="col-md-12 col-sm-12 col-xs-12 text-right" style="padding-top: 10px;">
@if ($snipeSettings->custom_forgot_pass_url)
<a href="{{ $snipeSettings->custom_forgot_pass_url }}" rel="noopener">{{ trans('auth/general.forgot_password') }}</a>
@else
<a href="{{ route('password.request') }}">{{ trans('auth/general.forgot_password') }}</a>
@endif
</div>
</div> <!-- end login box -->

View file

@ -3,6 +3,11 @@
{{-- Page content --}}
@section('content')
@if ($snipeSettings->custom_forgot_pass_url)
<a href="{{ $snipeSettings->custom_forgot_pass_url }}" rel="noopener">{{ trans('auth/general.forgot_password') }}</a>
@else
<form class="form" role="form" method="POST" action="{{ url('/password/email') }}">
{!! csrf_field() !!}
<div class="container">
@ -50,5 +55,7 @@
</div>
</form>
@endif
@stop

View file

@ -377,12 +377,29 @@
<span id="ldaptestloginstatus"></span>
</div>
<div class="col-md-9 col-md-offset-3">
<p class="help-block">Enter a valid LDAP username and password to test whether your LDAP login is configured correctly.</p>
<p class="help-block">{{ trans('admin/settings/general.ldap_login_test_help') }}</p>
</div>
</div>
@endif
<!-- LDAP Forgotten password -->
<div class="form-group {{ $errors->has('custom_forgot_pass_url') ? 'error' : '' }}">
<div class="col-md-3">
{{ Form::label('custom_forgot_pass_url', trans('admin/settings/general.custom_forgot_pass_url')) }}
</div>
<div class="col-md-9">
@if (config('app.lock_passwords')===true)
{{ Form::text('custom_forgot_pass_url', Input::old('custom_forgot_pass_url', $setting->custom_forgot_pass_url), array('class' => 'form-control', 'disabled'=>'disabled','placeholder' => 'https://my.ldapserver-forgotpass.com')) }}
@else
{{ Form::text('custom_forgot_pass_url', Input::old('custom_forgot_pass_url', $setting->custom_forgot_pass_url), array('class' => 'form-control','placeholder' => 'https://my.ldapserver-forgotpass.com')) }}
@endif
<p class="help-block">{{ trans('admin/settings/general.custom_forgot_pass_url_help') }}</p>
{!! $errors->first('custom_forgot_pass_url', '<span class="alert-msg">:message</span>') !!}
</div>
</div><!-- LDAP Server -->
</div>
</div> <!--/.box-body-->
<div class="box-footer">