diff --git a/lib/redmine_dmsf.rb b/lib/redmine_dmsf.rb index ab807695..d8eac720 100644 --- a/lib/redmine_dmsf.rb +++ b/lib/redmine_dmsf.rb @@ -78,6 +78,7 @@ require "#{File.dirname(__FILE__)}/redmine_dmsf/errors/dmsf_lock_error" require "#{File.dirname(__FILE__)}/redmine_dmsf/errors/dmsf_zip_max_files_error" # Hooks +require "#{File.dirname(__FILE__)}/redmine_dmsf/hooks/controllers/account_controller_hooks" require "#{File.dirname(__FILE__)}/redmine_dmsf/hooks/controllers/search_controller_hooks" require "#{File.dirname(__FILE__)}/redmine_dmsf/hooks/controllers/issues_controller_hooks" require "#{File.dirname(__FILE__)}/redmine_dmsf/hooks/views/view_projects_form_hook" diff --git a/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb b/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb new file mode 100644 index 00000000..e6005dc9 --- /dev/null +++ b/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +# Redmine plugin for Document Management System "Features" +# +# Karel Pičman +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +module RedmineDmsf + module Hooks + module Controllers + # Account controller hooks + class AccountControllerHooks < Redmine::Hook::Listener + def controller_account_success_authentication_after(context = {}) + return unless context.is_a?(Hash) + + controller = context[:controller] + return unless controller + + user = context[:user] + return unless user + + # Updates user's DMSF WebDAV digest + if controller.params[:password].present? + token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest') + token ||= Token.create!(user_id: user.id, action: 'dmsf-webdav-digest') + token.value = Digest::MD5.hexdigest( + "#{user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{controller.params[:password]}" + ) + token.save + end + rescue StandardError => e + Rails.logger.error e.message + end + end + end + end +end diff --git a/lib/redmine_dmsf/webdav/dmsf_controller.rb b/lib/redmine_dmsf/webdav/dmsf_controller.rb index 576be978..edac3bb1 100644 --- a/lib/redmine_dmsf/webdav/dmsf_controller.rb +++ b/lib/redmine_dmsf/webdav/dmsf_controller.rb @@ -69,19 +69,23 @@ module RedmineDmsf nc = params['nc'] user = User.find_by(login: username) unless user - log_error('Digest authentication: provided user name has no match in the DB') + Rails.logger.error 'Digest authentication: provided user name has no match in the DB' + raise Unauthorized + end + unless user.active? + Rails.logger.error l(:notice_account_locked) raise Unauthorized end token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest') if token.nil? && defined?(EasyExtensions) if user.easy_digest_token_expired? - log_error('Digest authentication: digest token expired') + Rails.logger.error "Digest authentication: #{user} is locked" raise Unauthorized end ha1 = user.easy_digest_token else unless token - log_error("Digest authentication: no digest found for #{user}") + Rails.logger.error "Digest authentication: no digest found for #{user}" raise Unauthorized end ha1 = token.value