Commit 5b067df7 authored by Richard Mansfield's avatar Richard Mansfield Committed by Gerrit Code Review
Browse files

Merge "Add admin option to change a users username (Bug #633273)"

parents e7c44a14 1179587f
......@@ -55,6 +55,15 @@ $elements['id'] = array(
'value' => $id,
);
if (method_exists($authobj, 'change_username')) {
$elements['username'] = array(
'type' => 'text',
'title' => get_string('changeusername', 'admin'),
'description' => get_string('changeusernamedescription', 'admin'),
'defaultvalue' => $user->username,
);
}
if (method_exists($authobj, 'change_password')) {
// Only show the password options if the plugin allows for the functionality
$elements['password'] = array(
......@@ -188,15 +197,12 @@ function edituser_site_validate(Pieform $form, $values) {
}
function edituser_site_submit(Pieform $form, $values) {
global $USER, $authobj;
global $USER, $authobj, $SESSION;
if (!$user = get_record('usr', 'id', $values['id'])) {
return false;
}
if (method_exists($authobj, 'change_password')) {
$user->passwordchange = (int) ($values['passwordchange'] == 'on');
}
$user->quota = $values['quota'];
$user->expiry = db_format_timestamp($values['expiry']);
......@@ -253,24 +259,63 @@ function edituser_site_submit(Pieform $form, $values) {
));
}
$user->authinstance = $values['authinstance'];
// update the global $authobj to match the new authinstance
// this is used by the password/username change methods
// if either/both has been requested at the same time
$authobj = AuthFactory::create($user->authinstance);
}
}
// Only change the pw if the new auth instance allows for it
if (method_exists($authobj, 'change_password')) {
$user->passwordchange = (int) ($values['passwordchange'] == 'on');
if (isset($values['password']) && $values['password'] !== '') {
$userobj = new User();
$userobj = $userobj->find_by_id($user->id);
$authobj = AuthFactory::create($user->authinstance);
if (method_exists($authobj, 'change_password')) {
// Only change the pw if the new auth instance allows for it
$user->password = $authobj->change_password($userobj, $values['password']);
$user->salt = $userobj->salt;
unset($userobj);
}
} else {
// inform the user that the chosen auth instance doesn't allow password changes
// but only if they tried changing it
if (isset($values['password']) && $values['password'] !== '') {
$SESSION->add_error_msg(get_string('passwordchangenotallowed', 'admin'));
// Set empty pw with salt
$user->password = '';
$user->salt = auth_get_random_salt();
}
}
if (isset($values['username']) && $values['username'] !== '') {
$userobj = new User();
$userobj = $userobj->find_by_id($user->id);
if ($userobj->username != $values['username']) {
// Only change the username if the auth instance allows for it
if (method_exists($authobj, 'change_username')) {
// check the existence of the chosen username
try {
if ($authobj->user_exists($values['username'])) {
// set an error message if it is already in use
$SESSION->add_error_msg(get_string('usernameexists', 'account'));
}
} catch (AuthUnknownUserException $e) {
// update the username otherwise
$user->username = $authobj->change_username($userobj, $values['username']);
}
} else {
// inform the user that the chosen auth instance doesn't allow username changes
$SESSION->add_error_msg(get_string('usernamechangenotallowed', 'admin'));
}
}
unset($userobj, $authobj);
unset($userobj);
}
update_record('usr', $user);
......
......@@ -130,6 +130,29 @@ class AuthInternal extends Auth {
return preg_match('/^[a-zA-Z0-9!@#$%^&*()\-_=+\[{\]}\\|;:\'",<\.>\/?`]{3,30}$/', $username);
}
/**
* Changes the user's username.
*
* This method is not strictly part of the authentication API, but if
* defined allows the method to change a user's username.
*
* @param object $user The user to change the password for
* @param string $username The username to set for the user
* @return string The new username, or the original username if it could not be set
*/
public function change_username(User $user, $username) {
$this->must_be_ready();
// proposed username must pass validation
if ($this->is_username_valid($username)) {
$user->username = $username;
$user->commit();
}
// return the new username, or the original one if it failed validation
return $user->username;
}
/*
The following two functions are inspired by Andrew McMillan's salted md5
functions in AWL, adapted with his kind permission. Changed to use sha1
......
......@@ -33,7 +33,9 @@ $string['oldpasswordincorrect'] = 'This is not your current password';
$string['changeusernameheading'] = 'Change username';
$string['changeusername'] = 'New username';
$string['changeusernamedesc'] = 'The username you use to log into %s. Usernames are 3-30 characters long, and may contain letters, numbers, and most common symbols excuding spaces.';
$string['changeusernamedesc'] = 'The username you use to log into %s. Usernames are 3-30 characters long, and may contain letters, numbers, and most common symbols excluding spaces.';
$string['usernameexists'] = 'This username is taken, please choose another.';
$string['accountoptionsdesc'] = 'General account options';
$string['friendsnobody'] = 'Nobody may add me as a friend';
......
......@@ -487,6 +487,8 @@ $string['userunsuspended'] = 'User unsuspended';
// User account settings
$string['accountsettings'] = 'Account settings';
$string['siteaccountsettings'] = 'Site account settings';
$string['changeusername'] = 'Change username';
$string['changeusernamedescription'] = 'Change this user\'s username. Usernames are 3-30 characters long, and may contain letters, numbers, and most common symbols excluding spaces.';
$string['resetpassword'] = 'Reset password';
$string['resetpassworddescription'] = 'If you enter text here, it will replace the user\'s current password.';
$string['forcepasswordchange'] = 'Force password change on next login';
......@@ -516,6 +518,8 @@ $string['suspenddeleteuser'] = 'Suspend/Delete User';
$string['suspenddeleteuserdescription'] = 'Here you may suspend or entirely delete a user account. Suspended users are unable to log in until their account is unsuspended. Please note that while a suspension can be undone, deletion <strong>cannot</strong> be undone.';
$string['deleteusernote'] = 'Please note that this operation <strong>cannot be undone</strong>.';
$string['youcannotadministerthisuser'] = 'You cannot administer this user';
$string['usernamechangenotallowed'] = 'The chosen authentication method does not allow changes to the username.';
$string['passwordchangenotallowed'] = 'The chosen authentication method does not allow changes to the password.';
// Add User
$string['adduser'] = 'Add User';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment