Commit b97bf0e9 authored by chuck cranor's avatar chuck cranor

add UI_EXTERNAL_ACCOUNTS to defs file for better UI config

This patch adds the UI_EXTERNAL_ACCOUNTS configuration variable
to the defs file.  The high-level goal is to allow Emulab to function
in labs where user accounts and passwords changes/resets are managed
externally from Emulab (e.g. in some other database or maybe even
in an LDAP).  This variable impacts both the "request an account" and
"password change" workflows:

[1] "request an account" - If UI_EXTERNAL_ACCOUNTS is set to 1,
    it will remove/disable all "create a new account" functions from
    the UI.   as part of this, we restore "Allow for a site specific
    front page" to the portal frontpage so that frontpage.html can
    be edited to remove the "request an account" button on the
    default home page.
    impacts www/aptui/frontpage.php, www/aptui/quickvm_sup.php,
    www/aptui/signup.php, www/joinproject.php3, www/menu.php3,
    and www/newproject.php3

[2] "password change"  - If UI_EXTERNAL_ACCOUNTS is set to 1,
    it will remove all "change password" and "forgot password" functions
    from the UI.
    impacts www/aptui/changepswd.php, www/aptui/forgotpswd.php,
    www/aptui/login.php, /www/aptui/quickvm_sup.php, www/login.php3,
    www/moduserinfo.php3, and www/password.php3
parent 003e90ff
......@@ -676,6 +676,7 @@ TBROBOCOPSEMAIL_NOSLASH
TBROBOCOPSEMAIL
TBOPSEMAIL_NOSLASH
TBOPSEMAIL
UI_EXTERNAL_ACCOUNTS
BOOTINFO_EVENTS
SDCOLLECTD_USE_RRDTOOL
SDCOLLECTD_DOSTATS
......@@ -5094,6 +5095,7 @@ done
#
......@@ -5275,6 +5277,7 @@ EXPIRE_PASSWORDS=1
SDCOLLECTD_DOSTATS=0
SDCOLLECTD_USE_RRDTOOL=0
BOOTINFO_EVENTS=1
UI_EXTERNAL_ACCOUNTS=0
#
# XXX You really don't want to change these!
......
......@@ -336,6 +336,7 @@ AC_SUBST(EXPIRE_PASSWORDS)
AC_SUBST(SDCOLLECTD_DOSTATS)
AC_SUBST(SDCOLLECTD_USE_RRDTOOL)
AC_SUBST(BOOTINFO_EVENTS)
AC_SUBST(UI_EXTERNAL_ACCOUNTS)
#
# Offer both versions of the email addresses that have the @ escaped
......@@ -516,6 +517,7 @@ EXPIRE_PASSWORDS=1
SDCOLLECTD_DOSTATS=0
SDCOLLECTD_USE_RRDTOOL=0
BOOTINFO_EVENTS=1
UI_EXTERNAL_ACCOUNTS=0
#
# XXX You really don't want to change these!
......
......@@ -35,6 +35,13 @@ RedirectSecure();
$optargs = OptionalPageArguments("user", PAGEARG_USER,
"key", PAGEARG_STRING,
"reset", PAGEARG_STRING);
#
# see if UI change password is disabled (e.g. passwords externally managed)
#
if ($UI_EXTERNAL_ACCOUNTS) {
SPITUSERERROR("Password change disabled on this system");
return;
}
#
# We use this page for both resetting a forgotten password, and for
......
......@@ -33,6 +33,14 @@ if ($CHECKLOGIN_STATUS & CHECKLOGIN_LOGGEDIN) {
SPITUSERERROR("You are already logged in!");
}
#
# see if UI change password is disabled (e.g. passwords externally managed)
#
if ($UI_EXTERNAL_ACCOUNTS) {
SPITUSERERROR("Password change disabled on this system");
return;
}
#
# Verify page arguments.
#
......
......@@ -38,7 +38,17 @@ $this_user = CheckLogin($check_status);
SPITHEADER(1, true, true);
SPITREQUIRE("");
$matter = file_get_contents("frontpage.html");
#
# Allow for a site specific front page
#
$sitefile = "frontpage-" . strtolower($THISHOMEBASE) . ".html";
# allow local frontpage customizations
if (file_exists($sitefile)) {
$matter = file_get_contents($sitefile);
} else {
$matter = file_get_contents("frontpage.html");
}
$stats = json_decode(file_get_contents("$APTBASE/stats-ajax.php"), true);
$whoarewe = ($TBMAINSITE ? "" : $THISHOMEBASE);
$counts = "<tr><th>Type</th><th>Free</th><th>% Inuse</th></tr>";
......
......@@ -96,6 +96,7 @@ function SPITFORM($uid, $referrer, $error)
global $TBDB_UIDLEN, $TBBASE, $refer;
global $ISAPT, $ISCLOUD, $ISPNET, $ISPOWDER;
global $adminmode, $cleanmode;
global $UI_EXTERNAL_ACCOUNTS;
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
......@@ -194,10 +195,17 @@ function SPITFORM($uid, $referrer, $error)
</div>
<div class='form-group'>
<!-- <div class="col-sm-12"> -->
<?php
if ($UI_EXTERNAL_ACCOUNTS == 0) {
?>
<a class='pull-right'
type='button' href='forgotpswd.php'
style='margin-right: 10px;'>
Forgot Password?</a>
<?php
}
?>
<!-- </div> -->
</div>
<?php
......
......@@ -90,6 +90,7 @@ $PAGEHEADER_FUNCTION = function($thinheader = 0, $nomenu = false,
global $ISPNET, $ISPOWDER, $ISEMULAB;
global $login_user, $login_status, $SUPPORT, $FIRSTUSER;
global $disable_accounts, $page_title, $drewheader, $embedded;
global $UI_EXTERNAL_ACCOUNTS;
$cleanmode = (isset($_COOKIE['cleanmode']) &&
$_COOKIE['cleanmode'] == 1 ? 1 : 0);
$showmenus = 0;
......@@ -249,11 +250,13 @@ $PAGEHEADER_FUNCTION = function($thinheader = 0, $nomenu = false,
}
if (!NOLOGINS()) {
if (!$login_user) {
$navbar_right .=
"<li id='signupitem' class='apt-left'>" .
" <a class='btn btn-success navbar-btn apt-navbar-btn'
id='signupbutton'
href='signup.php'>Sign Up</a></li>\n";
if ($UI_EXTERNAL_ACCOUNTS == 0) {
$navbar_right .=
"<li id='signupitem' class='apt-left'>" .
" <a class='btn btn-success navbar-btn apt-navbar-btn'
id='signupbutton'
href='signup.php'>Sign Up</a></li>\n";
}
if ($page_title != "Login") {
$navbar_right .=
"<li id='loginitem' class='apt-left'>" .
......@@ -410,6 +413,7 @@ function SPITNAV($hiddenxs, $nonav, $navbar_status, $navbar_right, $login_uid)
global $PORTAL_MANUAL, $APTLOGO, $login_status, $login_user, $TBMAINSITE;
global $THISHOMEBASE, $ISEMULAB, $ISPNET, $ISPOWDER, $TBBASE;
global $PORTAL_WIKI;
global $UI_EXTERNAL_ACCOUNTS;
$hiddenxs = "";
echo "
......@@ -563,8 +567,10 @@ if (!$login_user->portal()) {
if (!$nonav && !($login_status & CHECKLOGIN_WEBONLY)) {
echo "
<li><a href='myaccount.php'>Manage Account</a></li>
<li><a href='signup.php'>Start/Join Project</a></li>
<li><a href='changepswd.php'>Change Password</a></li>";
<li><a href='signup.php'>Start/Join Project</a></li>";
if ($UI_EXTERNAL_ACCOUNTS == 0) {
echo "<li><a href='changepswd.php'>Change Password</a></li>";
}
if ($login_user->isActive()) {
echo "
<li><a href='getcreds.php'>Download Credentials</a></li>
......
......@@ -37,7 +37,11 @@ $license_defs = array();
# Get current user.
#
RedirectSecure();
$this_user = CheckLogin($check_status);
if ($UI_EXTERNAL_ACCOUNTS) {
$this_user = CheckLoginOrDie(); # force login, newuser is disabled
} else {
$this_user = CheckLogin($check_status);
}
if (isset($this_user)) {
# Allow unapproved users to join multiple groups ...
CheckLoginOrDie(CHECKLOGIN_UNAPPROVED|CHECKLOGIN_NONLOCAL);
......
......@@ -91,6 +91,7 @@ $IPV6_SUBNET_PREFIX = "@IPV6_SUBNET_PREFIX@";
$TBMAILTAG = $THISHOMEBASE;
$WITHZFS = @WITHZFS@;
$ZFS_NOEXPORT = @ZFS_NOEXPORT@;
$UI_EXTERNAL_ACCOUNTS = @UI_EXTERNAL_ACCOUNTS@;
$TBMAILADDR_OPS = "@TBOPSEMAIL_NOSLASH@";
$TBMAILADDR_WWW = "@TBWWWEMAIL_NOSLASH@";
......
......@@ -43,7 +43,11 @@ $show_sslcertbox = TBGetSiteVar("protogeni/show_sslcertbox");
#
# Get current user.
#
$this_user = CheckLogin($check_status);
if ($UI_EXTERNAL_ACCOUNTS) {
$this_user = CheckLoginOrDie(); # force login, newuser is disabled
} else {
$this_user = CheckLogin($check_status);
}
#
# Verify page arguments.
......
......@@ -131,6 +131,7 @@ function SPITFORM($uid, $key, $referrer, $error, $adminmode, $simple, $view)
{
global $TBDB_UIDLEN, $TBBASE;
global $isgenitool;
global $UI_EXTERNAL_ACCOUNTS;
PAGEHEADER("Login",$view);
......@@ -209,9 +210,11 @@ function SPITFORM($uid, $key, $referrer, $error, $adminmode, $simple, $view)
echo "</form>
</table>\n";
echo "<center><h2>
<a href='password.php3'>Forgot your password?</a>
</h2></center>\n";
if ($UI_EXTERNAL_ACCOUNTS == 0) {
echo "<center><h2>
<a href='password.php3'>Forgot your password?</a>
</h2></center>\n";
}
}
#
......
......@@ -752,6 +752,7 @@ function WRITESIDEBAR() {
global $THISHOMEBASE;
global $currentusage, $FANCYBANNER, $ELABINELAB, $PLABSUPPORT;
global $WIKIDOCURL, $FORUMURL;
global $UI_EXTERNAL_ACCOUNTS;
$firstinitstate = TBGetFirstInitState();
list($newsBase, $newsDate, $newNews) = GETNEWSINFO();
......@@ -813,7 +814,7 @@ function WRITESIDEBAR() {
}
$lbox_content = "";
if (!$firstinitstate) {
if (!$firstinitstate && $UI_EXTERNAL_ACCOUNTS == 0) {
$lbox_content .=
"<a href=\"$TBBASE/reqaccount.php3\">".
"<img alt=\"Request Account\" border=0 ".
......
......@@ -58,6 +58,7 @@ function SPITFORM($formfields, $errors)
global $target_user, $wikionly;
global $shelllist, $defaultshell;
global $WIKIDOCURL;
global $UI_EXTERNAL_ACCOUNTS;
$username = $target_user->uid();
$uid_idx = $target_user->uid_idx();
......@@ -279,7 +280,8 @@ function SPITFORM($formfields, $errors)
# must retype on error.
#
echo "<tr></tr>\n";
echo "<tr>
if ($UI_EXTERNAL_ACCOUNTS == 0) {
echo "<tr>
<td colspan=2>Password[<b>1</b>]:</td>
<td class=left>
<input type=password
......@@ -288,7 +290,7 @@ function SPITFORM($formfields, $errors)
size=8></td>
</tr>\n";
echo "<tr>
echo "<tr>
<td colspan=2>Retype Password:</td>
<td class=left>
<input type=password
......@@ -296,6 +298,7 @@ function SPITFORM($formfields, $errors)
value=\"" . $formfields["password2"] . "\"
size=8></td>
</tr>\n";
}
if (!$wikionly) {
#
......@@ -497,12 +500,17 @@ if (count($errors)) {
#
$args = array();
# Always pass the password fields if specified.
if (isset($formfields["password1"]) && $formfields["password1"] != "") {
$args["password1"] = $formfields["password1"];
}
if (isset($formfields["password2"]) && $formfields["password2"] != "") {
$args["password2"] = $formfields["password2"];
#
# see if UI change password is disabled (e.g. passwords externally managed)
#
if ($UI_EXTERNAL_ACCOUNTS == 0) {
# Always pass the password fields if specified.
if (isset($formfields["password1"]) && $formfields["password1"] != "") {
$args["password1"] = $formfields["password1"];
}
if (isset($formfields["password2"]) && $formfields["password2"] != "") {
$args["password2"] = $formfields["password2"];
}
}
if (isset($formfields["w_password1"]) && $formfields["w_password1"] != "") {
$args["w_password1"] = $formfields["w_password1"];
......
......@@ -30,7 +30,11 @@ include("defs.php3");
#
# Get current user.
#
$this_user = CheckLogin($check_status);
if ($UI_EXTERNAL_ACCOUNTS) {
$this_user = CheckLoginOrDie(); # force login, newuser is disabled
} else {
$this_user = CheckLogin($check_status);
}
#
# Verify page arguments.
......
......@@ -31,6 +31,15 @@ $optargs = OptionalPageArguments("simple", PAGEARG_BOOLEAN,
"email", PAGEARG_STRING,
"phone", PAGEARG_STRING);
#
# see if UI change password is disabled (e.g. passwords externally managed)
#
if ($UI_EXTERNAL_ACCOUNTS) {
PAGEHEADER("Forgot Your Password?", $view);
USERERROR("Password change disabled on this system", 1);
return;
}
# Display a simpler version of this page.
if (!isset($simple)) {
$simple = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment