From 1b988f9574c47fe110cc91364a58677f794b5b83 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 10 Jun 2014 09:11:26 -0400
Subject: [PATCH] Merge branch 'master' of https://github.com/simonpl/roundcubemail into simonpl-master

---
 CHANGELOG                               |    1 
 plugins/password/localization/en_US.inc |    1 
 plugins/password/config.inc.php.dist    |    3 +
 plugins/password/password.php           |   78 ++++++++++++++++++++++++++++++---------
 4 files changed, 65 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 995f1f4..821d0ef 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Password: Add option to force new users to change their password (#1486884)
 - Improve support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
 - Enable basic keyboard navigation throughout the UI (#1487845)
 - Select/scroll to previously selected message when returning from message page (#1489023)
diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist
index 8f7a57f..16b7f93 100644
--- a/plugins/password/config.inc.php.dist
+++ b/plugins/password/config.inc.php.dist
@@ -35,6 +35,9 @@
 // for upgrading the stored passwords after the encryption scheme has changed.
 $config['password_force_save'] = false;
 
+// Enables forcing new users to change their password at their first login.
+$config['password_force_new_user'] = false;
+
 
 // SQL Driver options
 // ------------------
diff --git a/plugins/password/localization/en_US.inc b/plugins/password/localization/en_US.inc
index a4c077f..94475ce 100644
--- a/plugins/password/localization/en_US.inc
+++ b/plugins/password/localization/en_US.inc
@@ -33,5 +33,6 @@
 $messages['passwordshort'] = 'Password must be at least $length characters long.';
 $messages['passwordweak'] = 'Password must include at least one number and one punctuation character.';
 $messages['passwordforbidden'] = 'Password contains forbidden characters.';
+$messages['firstloginchange'] = 'This is your first login. Please change your password.';
 
 ?>
diff --git a/plugins/password/password.php b/plugins/password/password.php
index 83f951b..7b6b80d 100644
--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@@ -40,9 +40,10 @@
  */
 class password extends rcube_plugin
 {
-    public $task    = 'settings';
+    public $task    = 'settings|login';
     public $noframe = true;
     public $noajax  = true;
+    private $newuser = false;
 
     function init()
     {
@@ -50,26 +51,15 @@
 
         $this->load_config();
 
-        // Host exceptions
-        $hosts = $rcmail->config->get('password_hosts');
-        if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
+        if($rcmail->task == 'settings' && !$this->check_host_login_exceptions()) {
             return;
         }
-
-        // Login exceptions
-        if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
-            $exceptions = array_map('trim', (array) $exceptions);
-            $exceptions = array_filter($exceptions);
-            $username   = $_SESSION['username'];
-
-            foreach ($exceptions as $ec) {
-                if ($username === $ec) {
-                    return;
-                }
-            }
-        }
-
+        
         $this->add_hook('settings_actions', array($this, 'settings_actions'));
+        if($rcmail->config->get('password_force_new_user')) {
+            $this->add_hook('user_create', array($this, 'user_create'));
+            $this->add_hook('login_after', array($this, 'login_after'));
+        }
 
         $this->register_action('plugin.password', array($this, 'password_init'));
         $this->register_action('plugin.password-save', array($this, 'password_save'));
@@ -94,6 +84,10 @@
 
         $rcmail = rcmail::get_instance();
         $rcmail->output->set_pagetitle($this->gettext('changepasswd'));
+        $first = rcube_utils::get_input_value('_first', rcube_utils::INPUT_GET);
+        if(isset($first) && $first == 'true') {
+            $rcmail->output->command('display_message', $this->gettext('firstloginchange'), 'notice');
+        }
         $rcmail->output->send('plugin');
     }
 
@@ -300,4 +294,52 @@
 
         return $reason;
     }
+    
+    function user_create($args)
+    {
+        $this->newuser = true;
+        return $args;
+    }
+        
+    function login_after($args)
+    {
+        if(!$this->check_host_login_exceptions()) {
+            return $args;
+        }
+        if($this->newuser)
+        {
+            $args['_task'] = 'settings';
+            $args['_action'] = 'plugin.password';
+            $args['_first'] = 'true';
+        }
+        return $args;
+    }
+    
+    // Check if host and login is allowed to change the password, false = not allowed, true = not allowed
+    private function check_host_login_exceptions()
+    {
+        $rcmail = rcmail::get_instance();
+        // Host exceptions
+        $hosts = $rcmail->config->get('password_hosts');
+        $this->allowed_hosts = $hosts;
+        if (!empty($hosts) && !in_array($_SESSION['storage_host'], $hosts)) {
+            return false;
+        }
+        
+
+        // Login exceptions
+        if ($exceptions = $rcmail->config->get('password_login_exceptions')) {
+            $exceptions = array_map('trim', (array) $exceptions);
+            $exceptions = array_filter($exceptions);
+            $this->login_exceptions = $exceptions;
+            $username   = $_SESSION['username'];
+
+            foreach ($exceptions as $ec) {
+                if ($username === $ec) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
 }

--
Gitblit v1.9.1