Merge branch 'master' into 168-add-hooks-for-other-actions-than-passw…

…ord-modification

composer.json

@@ -25,6 +25,9 @@
             "cp vendor/datatables.net/datatables.net-bs5/css/dataTables.bootstrap5.min.css htdocs/vendor/datatables/",
             "cp vendor/datatables.net/datatables.net-bs5/js/dataTables.bootstrap5.min.js htdocs/vendor/datatables/",
             "cp vendor/datatables.net/datatables.net-buttons/js/dataTables.buttons.min.js htdocs/vendor/datatables/",
+            "cp vendor/datatables.net/datatables.net-buttons/js/buttons.colVis.min.js htdocs/vendor/datatables/",
+            "cp vendor/datatables.net/datatables.net-buttons/js/buttons.html5.min.js htdocs/vendor/datatables/",
+            "cp vendor/datatables.net/datatables.net-buttons/js/buttons.print.min.js htdocs/vendor/datatables/",
             "cp vendor/datatables.net/datatables.net-buttons-bs5/css/buttons.bootstrap5.min.css htdocs/vendor/datatables/",
             "cp vendor/datatables.net/datatables.net-buttons-bs5/js/buttons.bootstrap5.min.js htdocs/vendor/datatables/",
             "rm -rf vendor/datatables.net",

conf/config.inc.php

@@ -82,13 +82,13 @@
     'authtimestamp' => array( 'attribute' => 'authtimestamp', 'faclass' => 'lock', 'type' => 'date' ),
     'identifier' => array( 'attribute' => 'uid', 'faclass' => 'user-o', 'type' => 'text' ),
     'pwdaccountlockedtime' => array( 'attribute' => 'pwdaccountlockedtime', 'faclass' => 'lock', 'type' => 'date' ),
-    'pwdchangedtime' => array( 'attribute' => 'pwdchangedtime', 'faclass' => 'lock', 'type' => 'date' ),
-    'pwdfailuretime' => array( 'attribute' => 'pwdfailuretime', 'faclass' => 'lock', 'type' => 'date' ),
+    'pwdchangedtime' => array( 'attribute' => 'pwdchangedtime', 'faclass' => 'lock', 'type' => 'date', 'sort' => 'descending' ),
+    'pwdfailuretime' => array( 'attribute' => 'pwdfailuretime', 'faclass' => 'lock', 'type' => 'date', 'sort' => 'descending' ),
     'pwdlastsuccess' => array( 'attribute' => 'pwdlastsuccess', 'faclass' => 'lock', 'type' => 'date' ),
     'pwdpolicysubentry' => array( 'attribute' => 'pwdpolicysubentry', 'faclass' => 'lock', 'type' => 'ppolicy_dn' ),
-    'pwdgraceusetime' => array( 'attribute' => ' pwdgraceusetime', 'faclass' => 'lock', 'type' => 'date' ),
-    'starttime' => array( 'attribute' => ' pwdstarttime', 'faclass' => 'lock', 'type' => 'date' ),
-    'endtime' => array( 'attribute' => ' pwdendtime', 'faclass' => 'lock', 'type' => 'date' ),
+    'pwdgraceusetime' => array( 'attribute' => 'pwdgraceusetime', 'faclass' => 'lock', 'type' => 'date' ),
+    'starttime' => array( 'attribute' => 'pwdstarttime', 'faclass' => 'lock', 'type' => 'date' ),
+    'endtime' => array( 'attribute' => 'pwdendtime', 'faclass' => 'lock', 'type' => 'date' ),
 );
 $activedirectory_attributes_map = array(
     'authtimestamp' => array( 'attribute' => 'lastlogon', 'faclass' => 'lock', 'type' => 'ad_date' ),
@@ -111,12 +111,14 @@
 
 $datatables_page_length_choices = array(10, 25, 50, 100, -1);
 $datatables_page_length_default = 10;
+$datatables_print_all = true;
+$datatables_print_page = true;
 $datatables_auto_print = true;
 
 $display_items = array('identifier', 'firstname', 'lastname', 'title', 'businesscategory', 'employeenumber', 'employeetype', 'mail', 'mailquota', 'phone', 'mobile', 'fax', 'postaladdress', 'street', 'postalcode', 'l', 'state', 'organizationalunit', 'organization', 'manager', 'secretary' );
 $display_title = "fullname";
 $display_show_undefined = false;
-$display_password_items = array('pwdchangedtime', 'pwdfailuretime','pwdpolicysubentry', 'authtimestamp', 'pwdlastsuccess', 'pwdgraceusetime', 'starttime', 'endtime', 'created', 'modified');
+$display_password_items = array('pwdchangedtime', 'pwdfailuretime','pwdpolicysubentry', 'authtimestamp', 'pwdgraceusetime', 'starttime', 'endtime', 'created', 'modified');
 $display_password_expiration_date = true;
 
 # Features
@@ -160,6 +162,10 @@
 $use_disablecomment = false;
 $use_disablecomment_required = false;
 
+$show_validitystatus = true;
+$use_updatestarttime = true;
+$use_updateendtime = true;
+$use_searchinvalid = true;
 
 # Local password policy
 # This is applied before directory password policy

docs/attributes.rst

@@ -6,6 +6,7 @@ Attributes are defined in ``$attributes_map``, where each item is an array with
 * ``attribute``: name of LDAP attribute, in lower case
 * ``faclass``: name of Font Awesome icon class
 * ``type``: type of attribute (text, mailto, tel or date)
+* ``sort``: optional, when attribute is multi-valued, sort them. Two possible values: ``ascending`` (default) or ``descending``
 
 This is used to configure how attribute is displayed.
 

docs/display-parameters.rst

@@ -54,3 +54,12 @@ You can disable the expire status panel:
 .. code-block:: php
 
     $show_expirestatus = false;
+
+Validity status
+---------------
+
+You can disable the validity status panel:
+
+.. code-block:: php
+
+    $show_validitytatus = false;

docs/index.rst

@@ -27,6 +27,7 @@ LDAP Tool Box Service Desk documentation
    resetpassword.rst
    lockaccount.rst
    enableaccount.rst
+   updatestartendtime.rst
    hook.rst
    dashboards.rst
    configuration-mail.rst

docs/presentation.rst

@@ -17,10 +17,12 @@ Features
 * Test current password
 * Reset password and force password change at next connection
 * Lock and unlock account
+* Update account validity dates
 * Create and view audit logs
 * Dashboards:
 
   * Accounts locked
   * Accounts with a password that will soon expire
   * Accounts with an expired password
-  * Accounts idle (never connected or not connected since a number of days)
+  * Accounts idle (never connected or not connected since a number of days)
+  * Accounts invalid (for which start date is in the future, or end date is in the past)

docs/search-parameters.rst

@@ -28,6 +28,9 @@ Configure items shown when displaying results:
 Datatables
 ----------
 
+Pagination
+~~~~~~~~~~
+
 Define pagination values in dropdown:
 
 .. code-block:: php
@@ -40,9 +43,22 @@ Set default pagination for results (can also be used to force the length without
 
     $datatables_page_length_default = 10;
 
-Enable or disable autoPrint feature:
+Print
+~~~~~
+Show "print all" button:
 
 .. code-block:: php
 
-    $datatables_auto_print = true;
+    $datatables_print_all = true;
+
+Show "print page" button:
+
+.. code-block:: php
 
+    $datatables_print_page = true;
+
+Enable autoPrint feature (will launch print dialog directly when cliking on print buttons):
+
+.. code-block:: php
+
+    $datatables_auto_print = true;

docs/updatestartendtime.rst

@@ -0,0 +1,39 @@
+Update start and end validity dates
+===================================
+
+Some LDAP directories provide attributes to define start and end account validify dates.
+
+For OpenLDAP since 2.5 version, attributes are ``pwdStartTime`` and ``pwdEndTime``.
+
+For Active Directory, only end time is available, in ``accountExpires`` attribute.
+
+Show validity status
+-------------------
+
+Service Desk will display if account is valid or not. To allow this feature:
+
+.. code-block:: php
+
+    $show_validitystatus = true;
+
+Update start date
+-----------------
+
+This feature allows to edit the account start validity date. This requires to have the `starttime` field defined in the attributes map.
+
+To enable this feature:
+
+.. code-block:: php
+
+    $use_updatestarttime = true;
+
+Update end date
+-----------------
+
+This feature allows to edit the account end validity date. This requires to have the `endtime` field defined in the attributes map.
+
+To enable this feature:
+
+.. code-block:: php
+
+    $use_updateendtime = true;

docs/upgrade.rst

@@ -4,7 +4,7 @@ Upgrade
 From 0.5 to 0.6
 ---------------
 
-bundled dependencies
+Bundled dependencies
 ~~~~~~~~~~~~~~~~~~~~
 
 The dependencies are now explicitly listed in the service-desk package, including the bundled ones.
@@ -15,7 +15,7 @@ You can find bundled dependencies list:
 * in Provides field in rpm package
 
 
-configuration
+Configuration
 ~~~~~~~~~~~~~
 
 The configuration files are now in ``/etc/service-desk`` directory.
@@ -29,7 +29,7 @@ Please take in consideration that ``config.inc.php`` is now replaced systematica
 
 Avoid as much as possible editing the ``/etc/service-desk/config.inc.php`` file. Prefer modifying the ``/etc/service-desk/config.inc.local.php``.
 
-password policy
+Password policy
 ~~~~~~~~~~~~~~~
 
 When you change the password for a user, you can now configure a local password policy for ensuring the password strength is sufficient.
@@ -43,15 +43,15 @@ You can give a look to the :doc:`password policy documentation <ppolicy>` for mo
    The local password policy is now defined in a library: `ltb-common <https://github.com/ltb-project/ltb-common>`_.
 
 
-cache cleaning
+Cache cleaning
 ~~~~~~~~~~~~~~
 
 Now the cache is being cleaned-up during service-desk upgrade / install.
 
 This is intended to avoid smarty problems due to service-desk templates upgrade, and possibly smarty upgrade itself.
 
 
-dependencies update
+Dependencies update
 ~~~~~~~~~~~~~~~~~~~
 
 Removed packaged dependencies:
@@ -117,7 +117,6 @@ Removed bundled dependencies:
 Note that hidden files (.gitignore,...) from bundled dependencies are now removed from packages.
 
 
-
 Last authentication time and idle accounts
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -142,3 +141,18 @@ You can enable this feature by setting a non-zero value to the page size paramet
 .. code-block:: php
 
    $ldap_page_size = 100;
+
+Account validity
+~~~~~~~~~~~~~~~~
+
+Account validity feature is enabled by default. For OpenLDAP it relies on ``pwdStartTime`` and ``pwdEndTime`` attributes available since OpenLDAP 2.5.
+For Active Directory, only the end time is available, in ``accountExpires`` attribute.
+
+You can disable this new feature if you don't want to use it:
+
+.. code-block:: php
+
+   $show_validitystatus = false;
+   $use_updatestarttime = false;
+   $use_updateendtime = false;
+   $use_searchinvalid = false;

htdocs/display.php

@@ -9,8 +9,10 @@
 $edit_link = "";
 $checkpasswordresult= "";
 $resetpasswordresult= "";
-$accountunlockresult= "";
-$accountlockresult= "";
+$unlockaccountresult= "";
+$lockaccountresult= "";
+$enableaccountresult= "";
+$disableaccountresult= "";
 $prehookresult= "";
 $posthookresult= "";
 $prehooklockresult= "";
@@ -21,6 +23,10 @@
 $canLockAccount="";
 $isAccountEnabled = "";
 $lockDate = "";
+$isAccountValid = "";
+$startDate = "";
+$endDate = "";
+$updatevaliditydatesresult = "";
 
 if (isset($_GET["dn"]) and $_GET["dn"]) {
     $dn = $_GET["dn"];
@@ -38,12 +44,20 @@
     $resetpasswordresult = $_GET["resetpasswordresult"];
 }
 
-if (isset($_GET["accountunlockresult"]) and $_GET["accountunlockresult"]) {
-    $accountunlockresult = $_GET["accountunlockresult"];
+if (isset($_GET["unlockaccountresult"]) and $_GET["unlockaccountresult"]) {
+    $unlockaccountresult = $_GET["unlockaccountresult"];
 }
 
-if (isset($_GET["accountlockresult"]) and $_GET["accountlockresult"]) {
-    $accountlockresult = $_GET["accountlockresult"];
+if (isset($_GET["lockaccountresult"]) and $_GET["lockaccountresult"]) {
+    $lockaccountresult = $_GET["lockaccountresult"];
+}
+
+if (isset($_GET["enableaccountresult"]) and $_GET["enableaccountresult"]) {
+    $enableaccountresult = $_GET["enableaccountresult"];
+}
+
+if (isset($_GET["disableaccountresult"]) and $_GET["disableaccountresult"]) {
+    $disableaccountresult = $_GET["disableaccountresult"];
 }
 
 if (isset($_GET["prehookresult"]) and $_GET["prehookresult"]) {
@@ -70,6 +84,10 @@
     $posthookunlockresult = $_GET["posthookunlockresult"];
 }
 
+if (isset($_GET["updatevaliditydatesresult"]) and $_GET["updatevaliditydatesresult"]) {
+    $updatevaliditydatesresult = $_GET["updatevaliditydatesresult"];
+}
+
 if ($result === "") {
 
     require_once("../conf/config.inc.php");
@@ -112,7 +130,44 @@
         # Sort attributes values
         foreach ($entry[0] as $attr => $values) {
             if ( is_array($values) && $values['count'] > 1 ) {
-                asort($values);
+
+                # Find key in attributes_map
+                $attributes_map_filter = array_filter($attributes_map, function($v) use(&$attr) {
+                    return $v['attribute'] == "$attr";
+                });
+                if( count($attributes_map_filter) < 1 )
+                {
+                    $k = "";
+                    error_log("WARN: no key found for attribute $attr in \$attributes_map");
+                }
+                elseif( count($attributes_map_filter) > 1 )
+                {
+                    $k = array_key_first($attributes_map_filter);
+                    error_log("WARN: multiple keys found for attribute $attr in \$attributes_map, using first one: $k");
+                }
+                else
+                {
+                    $k = array_key_first($attributes_map_filter);
+                }
+
+                if(isset($attributes_map[$k]['sort']))
+                {
+                    if($attributes_map[$k]['sort'] == "descending" )
+                    {
+                        # descending sort
+                        arsort($values);
+                    }
+                    else
+                    {
+                        # ascending sort
+                        asort($values);
+                    }
+                }
+                else
+                {
+                    # if 'sort' param unset: default to ascending sort
+                    asort($values);
+                }
             }
             if ( isset($values['count']) ) {
                 unset($values['count']);
@@ -144,6 +199,18 @@
             $isAccountEnabled = $directory->isAccountEnabled($ldap, $dn);
         }
 
+        if ($show_validitystatus) {
+            $isAccountValid = $directory->isAccountValid($ldap, $dn);
+            if ($use_updatestarttime and isset($entry[0][ $attributes_map['starttime']['attribute'] ])) {
+                $starttime = $entry[0][ $attributes_map['starttime']['attribute'] ][0];
+                $startDate = $directory->getPhpDate( $starttime );
+            }
+            if ($use_updateendtime and isset($entry[0][ $attributes_map['endtime']['attribute'] ])) {
+                $endtime = $entry[0][ $attributes_map['endtime']['attribute'] ][0];
+                $endDate = $directory->getPhpDate( $endtime );
+            }
+        }
+
     }}}
 }
 
@@ -166,8 +233,10 @@
 
 $smarty->assign("checkpasswordresult", $checkpasswordresult);
 $smarty->assign("resetpasswordresult", $resetpasswordresult);
-$smarty->assign("accountunlockresult", $accountunlockresult);
-$smarty->assign("accountlockresult", $accountlockresult);
+$smarty->assign("unlockaccountresult", $unlockaccountresult);
+$smarty->assign("lockaccountresult", $lockaccountresult);
+$smarty->assign("enableaccountresult", $enableaccountresult);
+$smarty->assign("disableaccountresult", $disableaccountresult);
 $smarty->assign("prehookresult", $prehookresult);
 $smarty->assign("posthookresult", $posthookresult);
 $smarty->assign("prehooklockresult", $prehooklockresult);
@@ -181,5 +250,9 @@
 } else {
     $smarty->assign('msg_resetpasswordresult','');
 }
+$smarty->assign("isAccountValid", $isAccountValid);
+$smarty->assign("startDate", $startDate);
+$smarty->assign("endDate", $endDate);
+$smarty->assign("updatevaliditydatesresult", $updatevaliditydatesresult);
 
 ?>