icingaweb2/application/controllers/AccountController.php

<?php

// SPDX-FileCopyrightText: 2018 Icinga GmbH <https://icinga.com>
// SPDX-License-Identifier: GPL-3.0-or-later

namespace Icinga\Controllers;

use GuzzleHttp\Psr7\ServerRequest;
use Icinga\Application\Config;
use Icinga\Application\Hook\TwoFactorHook;
use Icinga\Authentication\TwoFactorTotp;
use Icinga\Authentication\User\UserBackend;
use Icinga\Common\Database;
use Icinga\Data\ConfigObject;
use Icinga\Exception\ConfigurationError;
use Icinga\Forms\Account\ChangePasswordForm;
use Icinga\Forms\Account\TwoFactorConfigForm;
use Icinga\Forms\Account\TwoFactorChooseMethodForm;
use Icinga\Forms\PreferenceForm;
use Icinga\User\Preferences\PreferencesStore;
use Icinga\Web\Controller;
use ipl\Html\Contract\Form;

/**
 * My Account
 */
class AccountController extends Controller
{
    use Database;

    /**
     * {@inheritdoc}
     */
    public function init()
    {
        $this->getTabs()
            ->add('account', array(
                'title' => $this->translate('Update your account'),
                'label' => $this->translate('My Account'),
                'url'   => 'account'
            ))
            ->add('navigation', array(
                'title' => $this->translate('List and configure your own navigation items'),
                'label' => $this->translate('Navigation'),
                'url'   => 'navigation'
            ))
            ->add(
                'devices',
                array(
                    'title' => $this->translate('List of devices you are logged in'),
                    'label' => $this->translate('My Devices'),
                    'url'   => 'my-devices'
                )
            );
    }

    /**
     * My account
     */
    public function indexAction()
    {
        $config = Config::app()->getSection('global');
        $user = $this->Auth()->getUser();
        if ($user->getAdditional('backend_type') === 'db') {
            if ($user->can('user/password-change')) {
                try {
                    $userBackend = UserBackend::create($user->getAdditional('backend_name'));
                } catch (ConfigurationError $e) {
                    $userBackend = null;
                }
                if ($userBackend !== null) {
                    $changePasswordForm = new ChangePasswordForm();
                    $changePasswordForm
                        ->setBackend($userBackend)
                        ->handleRequest();
                    $this->view->changePasswordForm = $changePasswordForm;
                }
            }
        }

        // #################################################################################### TODO remove this comment

        $twoFactorChooseMethodForm = new TwoFactorChooseMethodForm();
        $twoFactorChooseMethodForm->handleRequest(ServerRequest::fromGlobals());
        $this->view->twoFactorForm = $twoFactorChooseMethodForm;

        if (false) {
            $twoFactor = TwoFactorTotp::loadFromDb($this->getDb(), $user->getUsername());
            if ($twoFactor === null) {
                $twoFactor = TwoFactorTotp::generate($user->getUsername());
            }


            $twoFactorForm = new TwoFactorConfigForm();
            $twoFactorForm->setUser($user);
            $twoFactorForm->setTwoFactor($twoFactor);
            $twoFactorForm->on(Form::ON_SUBMIT, function (TwoFactorConfigForm $form) {
                if ($redirectUrl = $form->getRedirectUrl()) {
                    $this->redirectNow($redirectUrl);
                }
            });
            $twoFactorForm->handleRequest(ServerRequest::fromGlobals());

            $this->view->twoFactorForm = $twoFactorForm;
        }

        // #################################################################################### TODO remove this comment

        $form = new PreferenceForm();
        $form->setPreferences($user->getPreferences());
        if (isset($config->config_resource)) {
            $form->setStore(PreferencesStore::create(new ConfigObject(array(
                'resource'  => $config->config_resource
            )), $user));
        }
        $form->handleRequest();

        $this->view->form = $form;
        $this->view->title = $this->translate('My Account');
        $this->getTabs()->activate('account');
    }
}
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`<?php`
License source files as GPL-3.0-or-later Add SPDX license headers and mark source files as GPL-3.0-or-later to preserve the option to relicense under later GPL versions. 2026-03-26 12:46:27 -04:00
			`// SPDX-FileCopyrightText: 2018 Icinga GmbH <https://icinga.com>`
			`// SPDX-License-Identifier: GPL-3.0-or-later`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00
			`namespace Icinga\Controllers;`

Rewrite `TwoFactorConfigForm` to ipl form 2025-11-21 05:47:56 -05:00			`use GuzzleHttp\Psr7\ServerRequest;`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`use Icinga\Application\Config;`
wip 2026-04-21 06:38:19 -04:00			`use Icinga\Application\Hook\TwoFactorHook;`
Use more appropriate names 2025-11-20 04:07:27 -05:00			`use Icinga\Authentication\TwoFactorTotp;`
Allow users to change their password if backend is db refs #10616 2016-07-21 11:38:19 -04:00			`use Icinga\Authentication\User\UserBackend;`
Refactor 2FA secret handling Previously, a new 2FA secret was generated and stored temporarily in the session. It was only persisted to the database when the user clicked the "Save Changes" button. This behavior has been removed. Now, the secret is written directly to the database once it has been initially verified with a token. To generate a new secret if one already exists, just remove the old one. There is no longer a separate setting to toggle whether 2FA is enabled for a user — 2FA is considered enabled if a secret exists for that user in the database. 2025-09-30 06:18:26 -04:00			`use Icinga\Common\Database;`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`use Icinga\Data\ConfigObject;`
Allow users to change their password if backend is db refs #10616 2016-07-21 11:38:19 -04:00			`use Icinga\Exception\ConfigurationError;`
			`use Icinga\Forms\Account\ChangePasswordForm;`
Use more appropriate names 2025-11-20 04:07:27 -05:00			`use Icinga\Forms\Account\TwoFactorConfigForm;`
wip 2026-04-21 06:38:19 -04:00			`use Icinga\Forms\Account\TwoFactorChooseMethodForm;`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`use Icinga\Forms\PreferenceForm;`
			`use Icinga\User\Preferences\PreferencesStore;`
			`use Icinga\Web\Controller;`
Rewrite `TwoFactorConfigForm` to ipl form 2025-11-21 05:47:56 -05:00			`use ipl\Html\Contract\Form;`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00
			`/**`
			`* My Account`
			`*/`
			`class AccountController extends Controller`
			`{`
Refactor 2FA secret handling Previously, a new 2FA secret was generated and stored temporarily in the session. It was only persisted to the database when the user clicked the "Save Changes" button. This behavior has been removed. Now, the secret is written directly to the database once it has been initially verified with a token. To generate a new secret if one already exists, just remove the old one. There is no longer a separate setting to toggle whether 2FA is enabled for a user — 2FA is considered enabled if a secret exists for that user in the database. 2025-09-30 06:18:26 -04:00			`use Database;`

Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`/**`
			`* {@inheritdoc}`
			`*/`
			`public function init()`
			`{`
			`$this->getTabs()`
			`->add('account', array(`
			`'title' => $this->translate('Update your account'),`
			`'label' => $this->translate('My Account'),`
			`'url' => 'account'`
			`))`
			`->add('navigation', array(`
			`'title' => $this->translate('List and configure your own navigation items'),`
			`'label' => $this->translate('Navigation'),`
			`'url' => 'navigation'`
Remember me (#4112) Co-authored-by: Sukhwinder Dhillon <sukhwinder.dhillon@icinga.com> 2021-05-21 09:43:06 -04:00			`))`
			`->add(`
			`'devices',`
			`array(`
			`'title' => $this->translate('List of devices you are logged in'),`
			`'label' => $this->translate('My Devices'),`
			`'url' => 'my-devices'`
			`)`
			`);`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`}`

			`/**`
			`* My account`
			`*/`
			`public function indexAction()`
			`{`
			`$config = Config::app()->getSection('global');`
			`$user = $this->Auth()->getUser();`
Allow users to change their password if backend is db refs #10616 2016-07-21 11:38:19 -04:00			`if ($user->getAdditional('backend_type') === 'db') {`
Adjust global permissions 2021-02-18 02:52:57 -05:00			`if ($user->can('user/password-change')) {`
AccountController: Prohibit password changes for users with `no-user/password-change` 2019-12-05 03:13:34 -05:00			`try {`
			`$userBackend = UserBackend::create($user->getAdditional('backend_name'));`
			`} catch (ConfigurationError $e) {`
			`$userBackend = null;`
			`}`
			`if ($userBackend !== null) {`
			`$changePasswordForm = new ChangePasswordForm();`
			`$changePasswordForm`
			`->setBackend($userBackend)`
			`->handleRequest();`
			`$this->view->changePasswordForm = $changePasswordForm;`
			`}`
Allow users to change their password if backend is db refs #10616 2016-07-21 11:38:19 -04:00			`}`
			`}`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00
wip 2026-04-21 06:38:19 -04:00			`// #################################################################################### TODO remove this comment`

			`$twoFactorChooseMethodForm = new TwoFactorChooseMethodForm();`
			`$twoFactorChooseMethodForm->handleRequest(ServerRequest::fromGlobals());`
			`$this->view->twoFactorForm = $twoFactorChooseMethodForm;`
Remove permission `user/two-factor-authentication` The user should not need to ask for more security. 2025-12-11 05:49:19 -05:00
wip 2026-04-21 06:38:19 -04:00			`if (false) {`
			`$twoFactor = TwoFactorTotp::loadFromDb($this->getDb(), $user->getUsername());`
			`if ($twoFactor === null) {`
			`$twoFactor = TwoFactorTotp::generate($user->getUsername());`
Initial implementation From https://github.com/Icinga/icingaweb2/pull/5397 2025-07-24 15:09:08 -04:00			`}`

Rewrite `TwoFactorConfigForm` to ipl form 2025-11-21 05:47:56 -05:00
wip 2026-04-21 06:38:19 -04:00			`$twoFactorForm = new TwoFactorConfigForm();`
			`$twoFactorForm->setUser($user);`
			`$twoFactorForm->setTwoFactor($twoFactor);`
			`$twoFactorForm->on(Form::ON_SUBMIT, function (TwoFactorConfigForm $form) {`
			`if ($redirectUrl = $form->getRedirectUrl()) {`
			`$this->redirectNow($redirectUrl);`
			`}`
			`});`
			`$twoFactorForm->handleRequest(ServerRequest::fromGlobals());`

			`$this->view->twoFactorForm = $twoFactorForm;`
			`}`

			`// #################################################################################### TODO remove this comment`
Initial implementation From https://github.com/Icinga/icingaweb2/pull/5397 2025-07-24 15:09:08 -04:00
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`$form = new PreferenceForm();`
			`$form->setPreferences($user->getPreferences());`
Remove obsolete `config_backend` option and not required code The user preferences backend is now always a `db`. 2022-05-03 04:16:27 -04:00			`if (isset($config->config_resource)) {`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`$form->setStore(PreferencesStore::create(new ConfigObject(array(`
			`'resource' => $config->config_resource`
			`)), $user));`
			`}`
			`$form->handleRequest();`

			`$this->view->form = $form;`
Set a proper title for all controller actions refs #3851 2019-07-12 04:22:01 -04:00			`$this->view->title = $this->translate('My Account');`
Rename Preferences to My Account refs #10616 2016-07-21 06:31:10 -04:00			`$this->getTabs()->activate('account');`
			`}`
			`}`