From c8be43409d130108c38f4f49a621ab51d287fe36 Mon Sep 17 00:00:00 2001 From: corentin-soriano Date: Mon, 16 Sep 2024 13:48:16 +0200 Subject: [PATCH 1/2] Automatically detect LDAP password changes and immediately prompt the user for the old password. --- includes/core/load.js.php | 3 +++ sources/identify.php | 18 +++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/includes/core/load.js.php b/includes/core/load.js.php index 02588b923..f9f2057f6 100755 --- a/includes/core/load.js.php +++ b/includes/core/load.js.php @@ -213,6 +213,9 @@ function(teampassUser) { // Show form $('#dialog-ldap-user-change-password').removeClass('hidden'); + $('#dialog-ldap-user-change-password-info') + .html('get('ldap_user_has_changed_his_password');?>') + .removeClass('hidden'); } else if (typeof data.queryResults !== 'undefined' && data.queryResults.keys_recovery_time === null && store.get('teampassUser').user_admin === 0) { // User has not yet recovered his keys $('#open_user_keys_management').removeClass('hidden'); diff --git a/sources/identify.php b/sources/identify.php index cde2bbd72..28d3c99ba 100755 --- a/sources/identify.php +++ b/sources/identify.php @@ -606,7 +606,23 @@ function identifyUser(string $sentData, array $SETTINGS): bool // User signature keys $returnKeys = prepareUserEncryptionKeys($userInfo, $passwordClear); $session->set('user-private_key', $returnKeys['private_key_clear']); - $session->set('user-public_key', $returnKeys['public_key']); + $session->set('user-public_key', $returnKeys['public_key']); + + // Automatically detect LDAP password changes. + if ($userInfo['auth_type'] === 'ldap' && $returnKeys['private_key_clear'] === '') { + // Add special "recrypt-private-key" in database profile. + DB::update( + prefixTable('users'), + array( + 'special' => 'recrypt-private-key', + ), + 'id = %i', + $userInfo['id'] + ); + + // Store new value in userInfos. + $userInfo['special'] = 'recrypt-private-key'; + } // API key $session->set( From 908668bac3b60fbd7a7dd11f1c2e9647ef03ab69 Mon Sep 17 00:00:00 2001 From: corentin-soriano Date: Mon, 16 Sep 2024 13:50:50 +0200 Subject: [PATCH 2/2] Fix issue with user key re-encryption when a sharekey is missing. --- sources/main.queries.php | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/sources/main.queries.php b/sources/main.queries.php index 675e734d6..ab6cecd2e 100755 --- a/sources/main.queries.php +++ b/sources/main.queries.php @@ -3083,24 +3083,16 @@ function changeUserLDAPAuthenticationPassword( ); } - // Test if possible to decvrypt one key - // Get one item - $record = DB::queryFirstRow( - 'SELECT id, pw - FROM ' . prefixTable('items') . ' - WHERE perso = 0' - ); - - // Get itemKey from current user + // Get one itemKey from current user $currentUserKey = DB::queryFirstRow( 'SELECT share_key, increment_id FROM ' . prefixTable('sharekeys_items') . ' - WHERE object_id = %i AND user_id = %i', - $record['id'], + WHERE user_id = %i + LIMIT 1', $post_user_id ); - if (count($currentUserKey) > 0) { + if (is_countable($currentUserKey) && count($currentUserKey) > 0) { // Decrypt itemkey with user key // use old password to decrypt private_key $itemKey = decryptUserObjectKey($currentUserKey['share_key'], $privateKey);