Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Component js to generate password

Browse Source
This commit is contained in:
Laurent Destailleur 2023-01-17 11:47:16 +01:00
parent 756a971dad
commit 8ced6d52e7
3 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/core/ajax/security.php
View File

@ -36,9 +36,10 @@ if (!defined('NOREQUIREAJAX')) {
if (!defined('NOREQUIRESOC')) {
define('NOREQUIRESOC', '1');
}
if (!defined('NOREQUIRETRAN')) {
// We need langs because the getRandomPassword may use user language to define some rules of pass generation
/*if (!defined('NOREQUIRETRAN')) {
define('NOREQUIRETRAN', '1');
}
}*/
// Load Dolibarr environment
require '../../main.inc.php';
@ -55,9 +56,9 @@ top_httphead();
//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
// Registering the location of boxes
// Return a new generated password
if ($action) {
if ($action == 'getrandompassword' && ($user->admin || $user->rights->api->apikey->generate)) {
if ($action == 'getrandompassword') {
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
$generic = GETPOST('generic') ? true : false;
echo getRandomPassword($generic);

7
htdocs/core/lib/security2.lib.php
View File

@ -560,10 +560,11 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
*
* @param string $htmlname HTML name of element to insert key into
* @param string $htmlnameofbutton HTML name of button
* @param int $generic 1=Return a generic pass, 0=Return a pass following setup rules
* @return string HTML javascript code to set a password
* @see getRandomPassword()
*/
function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token')
function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token', $generic = 1)
{
global $conf;
@ -571,10 +572,10 @@ function dolJSToSetRandomPassword($htmlname, $htmlnameofbutton = 'generate_token
print "\n".'<!-- Js code to suggest a security key --><script type="text/javascript">';
print '$(document).ready(function () {
$("#'.dol_escape_js($htmlnameofbutton).'").click(function() {
console.log("We click on the button to suggest a key");
console.log("We click on the button '.dol_escape_js($htmlnameofbutton).' to suggest a key. We will fill '.dol_escape_js($htmlname).'");
$.get( "'.DOL_URL_ROOT.'/core/ajax/security.php", {
action: \'getrandompassword\',
generic: true,
generic: '.($generic ? '1' : '0').',
token: \''.dol_escape_js(newToken()).'\'
},
function(result) {

14
htdocs/user/card.php
View File

@ -1037,7 +1037,10 @@ if ($action == 'create' || $action == 'adduserldap') {
$valuetoshow .= preg_replace('/./i', '*', $ldap_pass);
} else {
// We do not use a field password but a field text to show new password to use.
$valuetoshow .= ($valuetoshow ? ' + '.$langs->trans("DolibarrPassword") : '').'<input maxsize="32" type="text" name="password" value="'.dol_escape_htmltag($password).'" autocomplete="new-password">';
$valuetoshow .= ($valuetoshow ? ' + '.$langs->trans("DolibarrPassword") : '').'<input class="minwidth300 maxwidth400 widthcentpercentminusx" maxsize="32" type="text" id="password" name="password" value="'.dol_escape_htmltag($password).'" autocomplete="new-password">';
if (!empty($conf->use_javascript_ajax)) {
$valuetoshow .= '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_password" class="linkobject"');
}
}
}
@ -1058,7 +1061,7 @@ if ($action == 'create' || $action == 'adduserldap') {
//$generated_password = getRandomPassword(false);
print '<tr><td>'.$langs->trans("ApiKey").'</td>';
print '<td>';
print '<input class="minwidth300 widthcentpercentminusx" maxsize="32" type="text" id="api_key" name="api_key" value="'.GETPOST('api_key', 'alphanohtml').'" autocomplete="off">';
print '<input class="minwidth300 maxwidth400 widthcentpercentminusx" maxsize="32" type="text" id="api_key" name="api_key" value="'.GETPOST('api_key', 'alphanohtml').'" autocomplete="off">';
if (!empty($conf->use_javascript_ajax)) {
print '&nbsp;'.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"');
}
@ -2406,7 +2409,7 @@ if ($action == 'create' || $action == 'adduserldap') {
}
if (preg_match('/dolibarr/', $dolibarr_main_authentication)) {
if ($caneditpassword) {
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').'<input maxlength="128" type="password" class="flat" name="password" value="'.dol_escape_htmltag($object->pass).'" autocomplete="new-password">';
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').'<input maxlength="128" type="password" class="flat" id="password" name="password" value="'.dol_escape_htmltag($object->pass).'" autocomplete="new-password">';
} else {
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass);
}
@ -2889,11 +2892,10 @@ if ($action == 'create' || $action == 'adduserldap') {
}
if (!empty($conf->api->enabled)) {
$constname = 'api_key';
// Add button to autosuggest a key
include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
print dolJSToSetRandomPassword($constname, 'generate_api_key');
print dolJSToSetRandomPassword('password', 'generate_password', 0);
print dolJSToSetRandomPassword('api_key', 'generate_api_key', 1);
}
// End of page