Account synchronization, minor changes

debian/changelog

@@ -1,4 +1,4 @@
-hedera-web (1.379-deb8) stable; urgency=low
+hedera-web (1.381-deb8) stable; urgency=low
 
   * Initial Release.
 

debian/cron.d

@@ -1,8 +1,8 @@
 MAILTO=webmaster
-*/4 *  * * *   root  /usr/share/hedera-web/cli.php -m tpv/confirm-mail
-*/2 *  * * *   root  /usr/share/hedera-web/cli.php -m edi/load
-0 23   * * *   root  /usr/share/hedera-web/cli.php -m edi/clean
-0 5    * * *   root  /usr/share/hedera-web/cli.php -m edi/update
-*/1 *  * * *   root  /usr/share/hedera-web/cli.php -m misc/mail
-0 5    * * *   root  /usr/share/hedera-web/cli.php -m misc/exchange-rate
-45 14  20 11 * root  /usr/share/hedera-web/cli.php -m misc/exchange-rate
+*/4 *  * * *   root  hedera-web.php -m tpv/confirm-mail
+*/2 *  * * *   root  hedera-web.php -m edi/load
+0 23   * * *   root  hedera-web.php -m edi/clean
+0 5    * * *   root  hedera-web.php -m edi/update
+*/1 *  * * *   root  hedera-web.php -m misc/mail
+0 5    * * *   root  hedera-web.php -m misc/exchange-rate
+45 14  20 11 * root  hedera-web.php -m misc/exchange-rate

debian/install

@@ -1,6 +1,7 @@
 conf/*                      etc/hedera-web
 web                         usr/share/php/vn
 doc/*                       usr/share/doc/hedera-web
+hedera-web.php              usr/bin
 forms                       usr/share/hedera-web
 image                       usr/share/hedera-web
 js                          usr/share/hedera-web
@@ -9,6 +10,5 @@ pages                       usr/share/hedera-web
 reports                     usr/share/hedera-web
 rest                        usr/share/hedera-web
 index.php                   usr/share/hedera-web
-cli.php                     usr/share/hedera-web
 package.json                usr/share/hedera-web
 build                       usr/share/hedera-web

env.php

@@ -11,4 +11,3 @@ const _CONFIG_DIR = __DIR__.'/../../.config';
 const _LOG_DIR = '/tmp';
 const _DATA_DIR = '/tmp';
 
-?>

forms/account/conf/conf.js

@@ -37,14 +37,12 @@ Hedera.Conf = new Class
 			if (newPassword !== repeatedPassword)
 				throw new Error (_('Passwords doesn\'t match'));
 		
-			var batch = new Sql.Batch ();
-			batch.addValues ({	
+			var params = {	
 				'oldPassword': oldPassword,
 				'newPassword': newPassword
-			});
-
-			var query = 'CALL account.userChangePassword (#oldPassword, #newPassword)';
-			this.conn.execQuery (query, this.onPasswordUpdate.bind (this), batch);
+			};
+			this.conn.send ('core/change-password', params,
+				this._onPassChange.bind (this));
 		}
 		catch (e)
 		{
@@ -52,15 +50,15 @@ Hedera.Conf = new Class
 		}
 	}
 	
-	,onPasswordUpdate: function (resultSet)
+	,_onPassChange: function (json, error)
 	{
-		try {
-			resultSet.fetchResult ();
+		if (json)
+		{
 			this.$('change-password').hide ();
 			Htk.Toast.showMessage (_('Password changed!'));
 			this.$('user-form').refresh ();
 		}
-		catch (e)
+		else
 		{
 			Htk.Toast.showError (_('Password doesn\'t meet the requirements'));
 			this.$('old-password').select ();

forms/admin/connections/ui.xml

@@ -22,7 +22,7 @@
 		<htk-repeater form-id="iter">
 			<db-model property="model" id="sessions" on-status-changed="onModelStatusChange">
 				<custom>
-					SELECT s.id, vu.user userId, vu.stamp, c.Cliente, s.lastUpdate, 
+					SELECT vu.user userId, vu.stamp, c.Cliente, s.lastUpdate, 
 							a.platform, a.browser, a.version, u.name user
 						FROM userSession s
 							JOIN visitUser vu ON vu.id = s.userVisit

forms/ecomerce/ticket/ticket.js

@@ -3,6 +3,16 @@ Hedera.Ticket = new Class
 ({
 	Extends: Hedera.Form
 
+	,onTicketChange: function (ticket)
+	{
+		if (!ticket.value)
+			return;
+
+		var batch = new Sql.Batch ();
+		batch.addValue ('ticket', ticket.value);
+		this.conn.execQuery ('CALL ticketLog (#ticket)', null, batch);
+	}
+
 	,onPrintClick: function (event)
 	{
 		var batch = new Sql.Batch ();

forms/ecomerce/ticket/ui.xml

@@ -1,9 +1,9 @@
 <vn>
 <vn-group>
-	<vn-param id="ticket-id"/>
+	<vn-param id="ticket-id" on-changed="onTicketChange"/>
 	<vn-hash-param key="ticket" param="ticket-id"/>
 	<db-form id="ticket">
-		<db-model property="model" id="ticket-data">
+		<db-model id="ticket-data" property="model">
 			<custom>
 				SELECT t.id, date, a.Agencia, note, p.name province,
 				zip_code, city, c.name, consignee, invoice, delivery

hedera-web.php

@@ -1,7 +1,7 @@
 #!/usr/bin/php -q
 <?php
 
-@include_once __DIR__.'/environ.php';
+@include_once __DIR__.'/env.php';
 require_once 'vn-autoload.php';
 
 $cliApp = new Vn\Lib\CliApp ('hedera-web', __DIR__.'/rest');

js/hedera/login.css

@@ -46,12 +46,16 @@
 
 .vn-login .login
 {
+	position: relative;
+	height: inherit;
 	max-width: 15em;
 	margin: 0 auto;
-	padding-top: 6em;
 }
 .vn-login form
 {
+	position: absolute;
+	top: 50%;
+	margin-top: -18.5em;
 	width: 100%;
 	padding: 1em 0;
 }
@@ -187,15 +191,17 @@ hr
 	text-align: center;
 }
 
-@media (max-height: 670px)
+@media (max-height: 50em)
 {
 	.vn-login
 	{
 		height: auto;
 	}
-	.vn-login .login
+	.vn-login form
 	{
-		padding-top: 3.5em;
+		position: relative;
+		margin-top: 0;
+		padding-top: 4.5em;
 	}
 }
 

rest/core/account.php

@@ -0,0 +1,100 @@
+<?php
+
+class Account
+{
+	const USER = 1 << 1;
+	const PASS = 1 << 2;
+
+	static function sync ($db, $user, $password = NULL, $sync = self::USER)
+	{
+		$conf = $db->getRow (
+			'SELECT sambaHost, homesHost, sshUser, sshPass FROM account.accountConfig');
+		$sshPass = base64_decode ($conf['sshPass']);
+
+		$hasAccount = $db->getValue (
+			'SELECT COUNT(*) > 0
+				FROM account.user u
+					JOIN account.account a ON u.id = a.id
+				WHERE u.name = #',
+			[$user]
+		);
+		
+		if (!$hasAccount)
+			return;
+			
+		$sambaSsh = new SshConnection ($conf['sambaHost']
+			,$conf['sshUser']
+			,$sshPass
+		);
+
+		if ($sync & self::USER)
+		{
+			$userId = $db->getValue ('SELECT id FROM account.user WHERE name = #', [$user]);
+			$accConf = $db->getRow ('SELECT uidBase, domain FROM account.accountConfig');
+
+			$escUser = SshConnection::escape ($user);
+			$escUid = SshConnection::escape ($accConf['uidBase'] + $userId);
+			$escMail = SshConnection::escape ("$user@{$accConf['domain']}");
+
+			$sambaSsh->exec (
+				"/mnt/cluster/scripts/create-user.sh $escUser $escUid $escMail");
+
+			$homesSsh = new SshConnection ($conf['homesHost']
+				,$conf['sshUser']
+				,$sshPass
+			);				
+			$homesSsh->exec (
+				"/mnt/storage/scripts/create-user.sh $escUser");
+		}
+
+		if ($sync & self::PASS && !empty ($password))
+		{
+			$escUser = SshConnection::escape ($user);
+			$escPassword = SshConnection::escape ($password);
+			$sambaSsh->exec (
+				"/mnt/cluster/scripts/set-password.sh $escUser $escPassword");
+
+			new SshConnection ($conf['homesHost'], $user, $password);
+		}
+	}
+}
+
+class SshConnection
+{
+	var $connection;
+
+	/**
+	 * Abrebiated method to make SSH connections.
+	 **/
+	function __construct ($host, $user, $password)
+	{
+		$this->connection = $connection = ssh2_connect ($host);
+
+		if (!$connection)
+			throw new Exception ("Can't connect to SSH server $host");
+		
+		$authOk = ssh2_auth_password ($connection, $user, $password);
+
+		if (!$authOk)
+			throw new Exception ("SSH authentication failed on server $host");
+			
+		return $connection;
+	}
+	
+	/**
+	 * Executes a command on the host.
+	 **/
+	function exec ($command)
+	{
+		return ssh2_exec ($this->connection, $command);
+	}
+	
+	/**
+	 * Escapes the double quotes from an string.
+	 **/
+	static function escape ($str)
+	{
+		return '"'. str_replace ('"', '\\"', $str) .'"';
+	}
+}
+

rest/core/change-password.php

@@ -0,0 +1,23 @@
+<?php
+
+include __DIR__.'/account.php';
+
+/**
+ * Updates the user password.
+ **/
+class ChangePassword extends Vn\Web\JsonRequest
+{
+	const PARAMS = ['newPassword'];
+
+	function run ($db)
+	{
+		$newPassword = $_REQUEST['newPassword'];
+		$oldPassword = $_REQUEST['oldPassword'];
+
+		$db->query ('CALL account.userChangePassword (#, #)',
+			[$oldPassword, $newPassword]);
+		Account::sync ($db, $_SESSION['user'], $newPassword, Account::PASS);
+		return TRUE;
+	}
+}
+

rest/core/login.php

@@ -4,15 +4,6 @@ class Login extends Vn\Web\JsonRequest
 {
 	function run ($db)
 	{
-		try {
-			$this->updateCredentials ($db);
-			//$this->updateCredentialsLdap ($db);
-		}
-		catch (Exception $e)
-		{
-			error_log ($e->getMessage ());
-		}
-
 		$token = $this->service->createToken (
 			$_SESSION['user'],
 			!empty ($_POST['remember'])
@@ -23,71 +14,5 @@ class Login extends Vn\Web\JsonRequest
 			'token' => $token
 		];
 	}
-	
-	/**
-	 * Updates the user credentials in other user databases like Samba
-	 * LDAP .
-	 **/
-	function updateCredentialsLdap ($db)
-	{
-		$host = $ldapConf['host'];
-	
-		if ($ldapConf->secure)
-			$ldapHost = "ldaps://$host";
-		else
-			$ldapHost = "ldap://$host";
-	
-		$ldap = ldap_connect ($ldapHost, $ldapConf['port']);
-		
-		if (!ldap_bind ($ldap, $ldapConf['user'], $ldapConf['password']))
-			throw new Exception ('LDAP authentication failed');
-		
-		error_log ('Connected to LDAP!');
-	}
-	
-	/**
-	 * Updates the user credentials in other user databases like Samba.
-	 **/
-	function updateCredentials ($db)
-	{
-		if (empty ($_POST['password']))
-			return;
-	
-		$hasAccount = $db->getValue (
-			'SELECT COUNT(*) > 0
-				FROM account.user u
-					JOIN account.account a ON u.id = a.id
-				WHERE u.name = #',
-			[$_SESSION['user']]
-		);
-		
-		if (!$hasAccount)
-			return;
-
-		$sshConf = $db->getRow ('SELECT host, user, password FROM ssh_config');
-	
-		$ssh = ssh2_connect ($sshConf['host']);
-
-		if (!$ssh)
-			throw new Exception ("Can't connect to SSH server {$sshConf['host']}");
-		
-		$sshAuth = ssh2_auth_password ($ssh,
-			$sshConf['user'], base64_decode ($sshConf['password']));
-
-		if (!$sshAuth)
-			throw new Exception ("SSH authentication failed");
-		
-		$user = $this->escape ($_SESSION['user']);
-		$pass = $this->escape ($_POST['password']);
-		$stream = ssh2_exec ($ssh, "samba-tool user create \"$user\" \"$pass\"");
-	}
-	
-	/**
-	 * Escapes the double quotes from an string.
-	 **/
-	function escape ($str)
-	{
-		return str_replace ('"', '\\"', $str);
-	}
 }
 

rest/core/set-password.php

@@ -0,0 +1,26 @@
+<?php
+
+include __DIR__.'/account.php';
+
+/**
+ * Sets the user password.
+ **/
+class SetPassword extends Vn\Web\JsonRequest
+{
+	const PARAMS = [
+		 'setUser'
+		,'setPassword'
+	];
+
+	function run ($db)
+	{
+		$setUser = $_REQUEST['setUser'];
+		$setPassword = $_REQUEST['setPassword'];
+		
+		$db->query ('CALL account.userSetPassword (#, #)',
+			[$setUser, $setPassword]);
+		Account::sync ($db, $setUser, $setPassword, Account::PASS);
+		return TRUE;
+	}
+}
+

rest/core/sync-user.php

@@ -0,0 +1,19 @@
+<?php
+
+include __DIR__.'/account.php';
+
+/**
+ * Updates the user credentials on external systems like Samba, create
+ * home directory, create mailbox, etc.
+ **/
+class SyncUser extends Vn\Web\JsonRequest
+{
+	const PARAMS = ['syncUser'];
+
+	function run ($db)
+	{
+		Account::sync ($db, $_REQUEST['syncUser'], NULL, Account::USER);	
+		return TRUE;
+	}
+}
+

rest/edi/load.php

@@ -134,9 +134,12 @@ class Load extends Edi\Method
 				// Gets the exchange features
 
 				$res = $db->query (
-					'SELECT presentation_order, feature '
-					.'FROM item_feature WHERE item_id = #ref '
-					.'AND expiry_date IS NULL'
+					'SELECT presentation_order, feature 
+						FROM item_feature
+						WHERE item_id = #ref
+							AND entry_date <= CURDATE()
+							AND (expiry_date IS NULL OR expiry_date >= CURDATE())
+						GROUP BY presentation_order'
 					,$ediValues
 				);
 

web/html-service.php

@@ -103,7 +103,12 @@ class HtmlService extends Service
 	
 	function getUrl ($fileName)
 	{
-		return $fileName .'?'. $this->getVersion ();
+		if (file_exists ($fileName))
+			$mTime = '?'. strftime ('%G%m%d%H%M%S', filemtime ($fileName));
+		else
+			$mTime = '?'. $this->getVersion ();	
+		
+		return $fileName.$mTime;
 	}
 
 	function includeJs ($fileName)

web/service.php

@@ -267,7 +267,7 @@ abstract class Service
 		{
 			$isAuthorized = $db->getValue ('SELECT userCheckRestPriv (#)',
 				[$_REQUEST['method']]);
-				
+	
 			if (!$isAuthorized)
 				throw new UserException (s('You don\'t have enough privileges'));