KTS-3516

"Deleted user that has been added via the Authenticated Source can be logged in after deletion." Fixed. Added a check to see if the user has been deleted before doing the auto-signup. Added a config option to disable the auto signup. Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8867 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-3516
"Deleted user that has been added via the Authenticated Source can be logged in after deletion." Fixed. Added a check to see if the user has been deleted before doing the auto-signup. Added a config option to disable the auto signup. Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8867 c91229c3-7414-0410-bfa2-8a42b809f60b
Megan Watson
1 parent 36123930
Showing 2 changed files with 60 additions and 24 deletions
lib/users/User.inc
login.php
@@ -8,31 +8,31 @@
  * Document Management Made Simple
  * Copyright (C) 2008 KnowledgeTree Inc.
  * Portions copyright The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
- * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco, 
+ *
+ * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
  * California 94120-7775, or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
+ * must display the words "Powered by KnowledgeTree" and retain the original
  * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -399,6 +399,29 @@ class User extends KTEntity {
         return KTEntityUtil::getBy('User', 'username', $sUserName, $aOptions);
     }
  
+    /**
+     * Check whether a user has been deleted
+     *
+     * @param string $sUsername
+     * @return boolean
+     */
+    function checkDeletedUser($sUsername) {
+        $deletedUsername = "kt_deleted_{$sUsername}_";
+        $query = "SELECT * FROM users WHERE username LIKE '{$deletedUsername}%'";
+        $result = DBUtil::getOneResult($query);
+
+        if(PEAR::isError($result) || empty($result)){
+            return false;
+        }
+
+        // Check that the deleted username is correct
+        if($deletedUsername.$result['id'] != $result['username']){
+            return false;
+        }
+
+        return true;
+    }
+
     function getByAuthenticationSource($oSource, $aOptions = null) {
         $iSourceId = KTUtil::getId($oSource);
         $aOptions = KTUtil::meldOptions($aOptions, array(
@@ -502,8 +525,8 @@ class User extends KTEntity {
  
     function hasPermission($oUser, $oPermission, $oFolderOrDocument) {
     	return KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $oFolderOrDocument);
-    		
+
 	}
-	
+
 }
 ?>
 \ No newline at end of file
@@ -294,20 +294,33 @@ class LoginPageDispatcher extends KTDispatcher {
         if (empty($aExtra)) {
             $aExtra = array();
         }
-        $res = KTAuthenticationUtil::autoSignup($username, $password, $aExtra);
-        if (empty($res)) {
-            return $res;
-        }
-        if (is_a($res, 'User')) {
-            $this->performLogin($res);
+
+        // Check if the user has been deleted before allowing auto-signup
+        $delUser = User::checkDeletedUser($username);
+
+        if($delUser){
+            return ;
         }
-        if (is_a($res, 'KTAuthenticationSource')) {
-            $_SESSION['autosignup'] = $aExtra;
-            $this->redirectTo('autoSignup', array(
-                'source_id' => $res->getId(),
-                'username' => $username,
-            ));
-            exit(0);
+
+        $oKTConfig = KTConfig::getSingleton();
+        $allow = $oKTConfig->get('session/allowAutoSignup', true);
+
+        if($allow){
+            $res = KTAuthenticationUtil::autoSignup($username, $password, $aExtra);
+            if (empty($res)) {
+                return $res;
+            }
+            if (is_a($res, 'User')) {
+                $this->performLogin($res);
+            }
+            if (is_a($res, 'KTAuthenticationSource')) {
+                $_SESSION['autosignup'] = $aExtra;
+                $this->redirectTo('autoSignup', array(
+                    'source_id' => $res->getId(),
+                    'username' => $username,
+                ));
+                exit(0);
+            }
         }
     }