diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-10-16 15:25:46 +0200 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2014-10-17 16:24:21 +0200 |
| commit | c5fe3bd6593d0a07c087d1e60ae2e4b8ab5f9fa9 (patch) | |
| tree | 6a08b3c928c88d4d3bda7d0544a7fc18da9f7ea5 /app/Controllers/authController.php | |
| parent | 1283e73d08a0441dbf84d7e45ff8c1c42bf188b1 (diff) | |
Reorganize user pages
Three pages:
- User profil
- User management
- Authentication
Diffstat (limited to 'app/Controllers/authController.php')
| -rw-r--r-- | app/Controllers/authController.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index e30fa4b72..751ce1f3f 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -5,6 +5,66 @@ */ class FreshRSS_auth_Controller extends Minz_ActionController { /** + * This action handles authentication management page. + * + * Parameters are: + * - token (default: current token) + * - anon_access (default: false) + * - anon_refresh (default: false) + * - auth_type (default: none) + * - unsafe_autologin (default: false) + * - api_enabled (default: false) + * + * @todo move unsafe_autologin in an extension. + */ + public function indexAction() { + if (!FreshRSS_Auth::hasAccess('admin')) { + Minz_Error::error(403, + array('error' => array(_t('access_denied')))); + } + + if (Minz_Request::isPost()) { + $ok = true; + + $current_token = $this->view->conf->token; + $token = Minz_Request::param('token', $current_token); + $this->view->conf->_token($token); + $ok &= $this->view->conf->save(); + + $anon = Minz_Request::param('anon_access', false); + $anon = ((bool)$anon) && ($anon !== 'no'); + $anon_refresh = Minz_Request::param('anon_refresh', false); + $anon_refresh = ((bool)$anon_refresh) && ($anon_refresh !== 'no'); + $auth_type = Minz_Request::param('auth_type', 'none'); + $unsafe_autologin = Minz_Request::param('unsafe_autologin', false); + $api_enabled = Minz_Request::param('api_enabled', false); + if ($anon != Minz_Configuration::allowAnonymous() || + $auth_type != Minz_Configuration::authType() || + $anon_refresh != Minz_Configuration::allowAnonymousRefresh() || + $unsafe_autologin != Minz_Configuration::unsafeAutologinEnabled() || + $api_enabled != Minz_Configuration::apiEnabled()) { + + Minz_Configuration::_authType($auth_type); + Minz_Configuration::_allowAnonymous($anon); + Minz_Configuration::_allowAnonymousRefresh($anon_refresh); + Minz_Configuration::_enableAutologin($unsafe_autologin); + Minz_Configuration::_enableApi($api_enabled); + $ok &= Minz_Configuration::writeFile(); + } + + invalidateHttpCache(); + + if ($ok) { + Minz_Request::good('configuration_updated', + array('c' => 'auth', 'a' => 'index')); + } else { + Minz_Request::bad('error_occurred', + array('c' => 'auth', 'a' => 'index')); + } + } + } + + /** * This action handles the login page. * * It forwards to the correct login page (form or Persona) or main page if |