mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-03-10 11:10:47 -04:00
ca6a1b35af
* fix(security): add row-level authorization to password change endpoints - Prevents non-admin users from viewing other users' password forms - Prevents non-admin users from changing other users' passwords - Uses can_modify_employee() check consistent with Employees controller fix - Addresses BOLA vulnerability in Home controller (GHSA-q58g-gg7v-f9rf) * test(security): add BOLA authorization tests for Home controller - Test non-admin cannot view/change admin password - Test user can view/change own password - Test admin can view/change any password - Test default employee_id uses current user - Add JUnit test result upload to CI workflow * refactor: apply PSR-12 naming and add DEFAULT_EMPLOYEE_ID constant - Add DEFAULT_EMPLOYEE_ID constant to Constants.php - Rename variables to follow PSR-12 camelCase convention - Use ternary for default employee ID assignment * refactor: use NEW_ENTRY constant instead of adding DEFAULT_EMPLOYEE_ID Reuse existing NEW_ENTRY constant for default employee ID parameter. Avoids adding redundant constants to Constants.php with same value (-1). --------- Co-authored-by: jekkos <jeroen@steganos.dev>
128 lines
4.3 KiB
PHP
128 lines
4.3 KiB
PHP
<?php
|
|
|
|
namespace App\Controllers;
|
|
|
|
use CodeIgniter\HTTP\RedirectResponse;
|
|
use CodeIgniter\HTTP\ResponseInterface;
|
|
|
|
class Home extends Secure_Controller
|
|
{
|
|
public function __construct()
|
|
{
|
|
parent::__construct('home', null, 'home');
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getIndex(): string
|
|
{
|
|
$logged_in = $this->employee->is_logged_in();
|
|
return view('home/home');
|
|
}
|
|
|
|
/**
|
|
* Logs the currently logged in employee out of the system. Used in app/Views/partial/header.php
|
|
*
|
|
* @return RedirectResponse
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getLogout(): RedirectResponse
|
|
{
|
|
$this->employee->logout();
|
|
return redirect()->to('login');
|
|
}
|
|
|
|
/**
|
|
* Load "change employee password" form
|
|
*
|
|
* @return string
|
|
* @noinspection PhpUnused
|
|
*/
|
|
public function getChangePassword(int $employeeId = NEW_ENTRY): string
|
|
{
|
|
$loggedInEmployee = $this->employee->get_logged_in_employee_info();
|
|
$currentPersonId = $loggedInEmployee->person_id;
|
|
|
|
$employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
|
|
|
|
if (!$this->employee->can_modify_employee($employeeId, $currentPersonId)) {
|
|
header('Location: ' . base_url('no_access/home/home'));
|
|
exit();
|
|
}
|
|
|
|
$person_info = $this->employee->get_info($employeeId);
|
|
foreach (get_object_vars($person_info) as $property => $value) {
|
|
$person_info->$property = $value;
|
|
}
|
|
$data['person_info'] = $person_info;
|
|
|
|
return view('home/form_change_password', $data);
|
|
}
|
|
|
|
/**
|
|
* Change employee password
|
|
*
|
|
* @return ResponseInterface
|
|
*/
|
|
public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
|
|
{
|
|
$currentUser = $this->employee->get_logged_in_employee_info();
|
|
|
|
$employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
|
|
|
|
if (!$this->employee->can_modify_employee($employeeId, $currentUser->person_id)) {
|
|
return $this->response->setStatusCode(403)->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.unauthorized_modify')
|
|
]);
|
|
}
|
|
|
|
if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
|
|
if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
|
|
// Validate password length BEFORE hashing
|
|
$new_password = $this->request->getPost('password');
|
|
|
|
if (strlen($new_password) < 8) {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.password_minlength'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
|
|
$employee_data = [
|
|
'username' => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
|
|
'password' => password_hash($new_password, PASSWORD_DEFAULT),
|
|
'hash_version' => 2
|
|
];
|
|
|
|
if ($this->employee->change_password($employee_data, $employeeId)) {
|
|
return $this->response->setJSON([
|
|
'success' => true,
|
|
'message' => lang('Employees.successful_change_password'),
|
|
'id' => $employeeId
|
|
]);
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.unsuccessful_change_password'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.current_password_invalid'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
} else {
|
|
return $this->response->setJSON([
|
|
'success' => false,
|
|
'message' => lang('Employees.current_password_invalid'),
|
|
'id' => NEW_ENTRY
|
|
]);
|
|
}
|
|
}
|
|
} |