Added modal functionality to insert comment to audit logs when un/loc…

…king account. (#140) * #127: Added modal functionality to insert comment to audit logs when un/locking account. * #127: Adding un/lock comment documentation. * #127: Removed code duplication. Using comment modal reference. * #127: Created comment.tpl to make reusable component. * #127: Minor formating. * #127: Added feature to enable and disable comment. Added documentation for the feature. * #127: Deleting accidental pushed image. * #127: Fixing requested suggestions. * Add translation * #127: Added functionality to require comment. Changed audit to only write comment if value is set. Added documentation for required comment feature. * #127: Simplying conditions. * Improve code for comment in audit * Use textarea for comment * Clean unused lang messages * Add vanilla tooltip to modal buttons --------- Co-authored-by: Clément OUDOT <[email protected]>
ltb-project · Jul 23, 2024 · 279c726 · 279c726
1 parent 70d0388
commit 279c726
Show file tree

Hide file tree

Showing 11 changed files with 127 additions and 33 deletions.
diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -105,7 +105,11 @@
 $resetpassword_reset_default = true;
 $show_lockstatus = true;
 $use_unlockaccount = true;
+$use_unlockcomment = false;
+$use_unlockcomment_required = false;
 $use_lockaccount = true;
+$use_lockcomment = false;
+$use_lockcomment_required = false;
 $show_expirestatus = true;
 $use_searchlocked = true;
 $use_searchexpired = true;

diff --git a/docs/audit.rst b/docs/audit.rst
@@ -13,6 +13,7 @@ The items provided in the audit log are:
 * Who has done the action (see Admin name below)
 * Action
 * Result of the action
+* Additional comment (Optionally entered by Admin)
 
 Example:
 
@@ -24,7 +25,8 @@ Example:
     "user_dn":"uid=donald,ou=users,dc=example,dc=com",
     "done_by":"Mickey",
     "action":"lockaccount",
-    "result":"accountlocked"
+    "result":"accountlocked",
+    "comment":"Security breach"
    }
 
 Audit log file

diff --git a/docs/lockaccount.rst b/docs/lockaccount.rst
@@ -33,3 +33,25 @@ To enable this feature:
 .. code-block:: php
 
     $use_unlockaccount = true;
+
+Insert comment
+--------------
+
+A feature to enable comments when locking and unlocking user accounts can be enabled.
+
+To enable this feature:
+
+.. code-block:: php
+
+    $use_lockcomment = true;
+    $use_unlockcomment = true;
+
+Comment required
+----------------
+
+This features ensure a comment is required before locking/unlocking a user.
+
+.. code-block:: php
+
+    $use_lockcomment_required = true;
+    $use_unlockcomment_required = true;
diff --git a/htdocs/index.php b/htdocs/index.php
@@ -110,7 +110,11 @@
 $smarty->assign('resetpassword_reset_default',$resetpassword_reset_default);
 $smarty->assign('show_lockstatus',$show_lockstatus);
 $smarty->assign('use_unlockaccount',$use_unlockaccount);
+$smarty->assign('use_unlockcomment',$use_unlockcomment);
+$smarty->assign('use_unlockcomment_required',$use_unlockcomment_required);
 $smarty->assign('use_lockaccount',$use_lockaccount);
+$smarty->assign('use_lockcomment',$use_lockcomment);
+$smarty->assign('use_lockcomment_required',$use_lockcomment_required);
 $smarty->assign('show_expirestatus',$show_expirestatus);
 $smarty->assign('display_password_expiration_date',$display_password_expiration_date);
 $smarty->assign('use_searchlocked',$use_searchlocked);

diff --git a/htdocs/lockaccount.php b/htdocs/lockaccount.php
@@ -5,14 +5,18 @@
 
 $result = "";
 $dn = "";
-$password = "";
+$comment = "";
 
 if (isset($_POST["dn"]) and $_POST["dn"]) {
     $dn = $_POST["dn"];
 } else {
     $result = "dnrequired";
 }
 
+if (isset($_POST["comment"]) and $_POST["comment"]) {
+    $comment = $_POST["comment"];
+}
+
 if ($result === "") {
 
     require_once("../conf/config.inc.php");
@@ -73,7 +77,7 @@
 }
 
 if ($audit_log_file) {
-    auditlog($audit_log_file, $dn, $audit_admin, "lockaccount", $result);
+    auditlog($audit_log_file, $dn, $audit_admin, "lockaccount", $result, $comment);
 }
 
 header('Location: index.php?page=display&dn='.$dn.'&lockaccountresult='.$result);
diff --git a/htdocs/unlockaccount.php b/htdocs/unlockaccount.php
@@ -5,7 +5,7 @@
 
 $result = "";
 $dn = "";
-$password = "";
+$comment = "";
 $returnto = "display";
 
 if (isset($_POST["dn"]) and $_POST["dn"]) {
@@ -20,6 +20,10 @@
     $returnto = $_GET["returnto"];
 }
 
+if (isset($_POST["comment"]) and $_POST["comment"]) {
+    $comment = $_POST["comment"];
+}
+
 if ($result === "") {
 
     require_once("../conf/config.inc.php");
@@ -43,7 +47,7 @@
 }
 
 if ($audit_log_file) {
-    auditlog($audit_log_file, $dn, $audit_admin, "unlockaccount", $result);
+    auditlog($audit_log_file, $dn, $audit_admin, "unlockaccount", $result, $comment);
 }
 
 header('Location: index.php?page='.$returnto.'&dn='.$dn.'&unlockaccountresult='.$result);
diff --git a/lang/en.inc.php b/lang/en.inc.php
@@ -14,6 +14,8 @@
 $messages['changemessage'] = "Hello {name},\n\nYour password has been changed.\n\nIf you didn't request a password reset, please contact your administrator for details.";
 $messages['changemessageforadmin'] = "Hello,\n\nThe password of account {dn} has been changed.\n.";
 $messages['checkpassword'] = "Check password";
+$messages['close'] = "Close";
+$messages['comment_needed'] = "A comment will be asked";
 $messages['currentpassword'] = "Current password";
 $messages['dashboards'] = "Dashboards";
 $messages['displayentry'] = "Display entry";
@@ -26,6 +28,7 @@
 $messages['forcereset'] = "Force reset at next connection";
 $messages['idleaccounts'] = "Idle accounts";
 $messages['idleaccountstitle'] = "Accounts idle for more than $idledays days";
+$messages['insert_comment'] = "Insert comment";
 $messages['pager_all'] = "All";
 $messages['print_all'] = "Print all results";
 $messages['print_page'] = "Print this page";

diff --git a/lang/fr.inc.php b/lang/fr.inc.php
@@ -14,6 +14,8 @@
 $messages['changemessage'] = "Bonjour {name},\n\nVotre mot de passe a été changé.\nSi vous n'êtes pas à l'origine de cette demande, contactez votre administrateur pour obtenir des précisions.";
 $messages['changemessageforadmin'] = "Bonjour,\n\nLe mot de passe du compte {dn} a été changé.";
 $messages['checkpassword'] = "Vérification du mot de passe";
+$messages['close'] = "Fermer";
+$messages['comment_needed'] = "Un commentaire sera demandé";
 $messages['currentpassword'] = "Mot de passe actuel";
 $messages['dashboards'] = "Tableaux de bord";
 $messages['displayentry'] = "Afficher l'entrée";
@@ -26,6 +28,7 @@
 $messages['forcereset'] = "Forcer la réinitialisation à la prochaine connexion";
 $messages['idleaccounts'] = "Comptes inactifs";
 $messages['idleaccountstitle'] = "Comptes inactifs depuis plus de $idledays jours";
+$messages['insert_comment'] = "Insérer un commentaire";
 $messages['pager_all'] = "Tout";
 $messages['print_all'] = "Imprimer tous les résultats";
 $messages['print_page'] = "Imprimer cette page";

diff --git a/lib/audit.inc.php b/lib/audit.inc.php
@@ -1,13 +1,19 @@
 <?php
-function auditlog($file, $dn, $admin, $action, $result) {
-  $log = array (
+function auditlog($file, $dn, $admin, $action, $result, $comment) {
+
+  $log = array(
     "date" => date_format(date_create(), "D, d M Y H:i:s"),
     "ip" => $_SERVER['REMOTE_ADDR'],
     "user_dn" => $dn,
     "done_by" => $admin,
     "action" => $action,
     "result" => $result
   );
+
+  if ($comment) {
+    $log['comment'] = $comment;
+  }
+
   file_put_contents($file, json_encode($log, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) . PHP_EOL, FILE_APPEND | LOCK_EX);
 }
 ?>
diff --git a/templates/comment.tpl b/templates/comment.tpl
@@ -0,0 +1,23 @@
+<form id={$method} method="post" action="index.php?page={$page}">
+    <input type="hidden" name="dn" value="{$dn}" />
+    <div class="modal fade" id="commentModal" tabindex="-1" aria-labelledby="CommentModal" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h1 class="modal-title fs-5" id="CommentModal">{$title}</h1>
+                </div>
+                <div class="modal-body">
+                    <textarea class="form-control" name="comment" id="comment-{$method}" rows="3" placeholder="{$msg_insert_comment}"{if $use_lockcomment_required || $use_unlockcomment_required}required{/if}></textarea>
+                </div>
+                <div class="modal-footer">
+                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">
+                        <i class="fa fa-fw fa-window-close-o"></i> {$msg_close}
+                    </button>
+                    <button type="submit" class="btn btn-success">
+                        <i class="fa fa-fw fa-check-square-o"></i> {$msg_submit}
+                    </button>
+                </div>
+            </div>
+        </div>
+    </div>
+</form>
diff --git a/templates/display.tpl b/templates/display.tpl
@@ -204,20 +204,30 @@
             </div>
 
              <div class="card-body">
-                 {if $unlockDate}
-                 <p>{$msg_unlockdate} {$unlockDate|date_format:{$date_specifiers}}</p>
-                 {/if}
-                 {if $use_unlockaccount}
-                 <form id="unlockaccount" method="post" action="index.php?page=unlockaccount">
-                     {if $unlockaccountresult eq 'ldaperror'}
-                     <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotunlocked}</div>
-                     {/if}
-                     <input type="hidden" name="dn" value="{$dn}" />
-                     <button type="submit" class="btn btn-success">
-                         <i class="fa fa-fw fa-unlock"></i> {$msg_unlockaccount}
-                     </button>
-                 </form>
-                 {/if}
+                {if $unlockDate}
+                <p>{$msg_unlockdate} {$unlockDate|date_format:{$date_specifiers}}</p>
+                {/if}
+                {if $use_unlockaccount}
+                {if $unlockaccountresult eq 'ldaperror'}
+                <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotunlocked}</div>
+                {/if}
+                {if $use_unlockcomment}
+                    <button type="button" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#commentModal">
+                        <i class="fa fa-fw fa-unlock me-2"></i>{$msg_unlockaccount}
+                        <i class="fa fa-fw fa-info-circle text-body-tertiary ms-2" title="{$msg_comment_needed}"></i>
+                    </button>
+                    <div>
+                        {include 'comment.tpl' method=unlock page=unlockaccount title=$msg_unlockaccount}
+                    </div>
+                {else}
+                    <form id="unlockaccount" method="post" action="index.php?page=unlockaccount">
+                    <input type="hidden" name="dn" value="{$dn}" />
+                        <button type="submit" class="btn btn-success">
+                            <i class="fa fa-fw fa-unlock"></i> {$msg_unlockaccount}
+                        </button>
+                    </form>
+                {/if}
+                {/if}
             </div>
         </div>
         {/if}
@@ -231,17 +241,27 @@
                 </p>
             </div>
 
-             {if $use_lockaccount}
-             <div class="card-body">
-                 <form id="lockaccount" method="post" action="index.php?page=lockaccount">
-                     {if $lockaccountresult eq 'ldaperror'}
-                     <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotlocked}</div>
-                     {/if}
-                     <input type="hidden" name="dn" value="{$dn}" />
-                     <button type="submit" class="btn btn-success">
-                         <i class="fa fa-fw fa-lock"></i> {$msg_lockaccount}
-                     </button>
-                 </form>
+            {if $use_lockaccount}
+            <div class="card-body">
+                {if $lockaccountresult eq 'ldaperror'}
+                    <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotlocked}</div>
+                {/if}
+                {if $use_lockcomment}
+                    <button type="button" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#commentModal">
+                        <i class="fa fa-fw fa-lock me-2"></i>{$msg_lockaccount}
+                        <i class="fa fa-fw fa-info-circle text-body-tertiary ms-2" title="{$msg_comment_needed}"></i>
+                    </button>
+                    <div>
+                        {include 'comment.tpl' method=lock page=lockaccount title=$msg_lockaccount}
+                    </div>
+                {else}
+                    <form id="lockaccount" method="post" action="index.php?page=lockaccount">
+                    <input type="hidden" name="dn" value="{$dn}" />
+                        <button type="submit" class="btn btn-success">
+                            <i class="fa fa-fw fa-lock"></i> {$msg_lockaccount}
+                        </button>
+                    </form>
+                {/if}
             </div>
             {/if}
         </div>
@@ -260,6 +280,5 @@
         </div>
         {/if}
         {/if}
-
    </div>
 </div>