make account validity duration overridable by users

c64f9ad2 · Guillaume ROUSSE · 6780ef33 · c64f9ad2 · c64f9ad2 · c64f9ad2
Commit c64f9ad2 authored 4 years ago by Guillaume ROUSSE
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -497,6 +497,7 @@ sub req_complete_challenge {
            action     => 'complete_challenge',
            entityid   => $entityid,
            email      => $email,
+            validity   => $self->{configuration}->{service}->{account_validity_period},
        }
    );
 }
@@ -510,6 +511,7 @@ sub req_create_accounts {
    my $entityid = $self->get_parameter(name => 'entityid');
    my $token    = $self->get_parameter(name => 'token');
    my $email    = $self->get_parameter(name => 'email');
+    my $validity = $self->get_parameter(name => 'validity');

    $self->check_token(token => $token, entityid => $entityid);

@@ -528,16 +530,21 @@ sub req_create_accounts {
    my $profiles =
        $self->{configuration}->{$entityid}->{account_profiles} ||
        $self->{configuration}->{service}->{account_profiles};
-    my $validity_period =
-        $self->{configuration}->{$entityid}->{account_validity_period} ||
-        $self->{configuration}->{service}->{account_validity_period};
+
+    my $creation_date  = DateTime->now();
+    my $token_expiration_date = DateTime->now()->add(
+        hours => $self->{configuration}->{service}->{tokens_validity_period}
+    );
+    my $account_expiration_date = DateTime->now()->add(
+        days => $validity
+    );

    my $download_token = AccountManager::Token->new(
        db              => $self->{db},
        email_address   => $email,
        entityid        => $entityid,
-        creation_date   => DateTime->now(),
-        expiration_date => DateTime->now()->add(hours => $validity_period),
+        creation_date   => $creation_date,
+        expiration_date => $token_expiration_date,
        secret          => AccountManager::Tools::generate_secret(20)
    );

@@ -559,8 +566,8 @@ sub req_create_accounts {
            password_crypt  => AccountManager::Tools::encrypt($password, $key),
            password_hash   => AccountManager::Tools::sha256_hash($password),
            token           => $download_token->secret(),
-            creation_date   => DateTime->now(),
-            expiration_date => DateTime->now()->add(days => $validity_period)
+            creation_date   => $creation_date,
+            expiration_date => $account_expiration_date,
        );
        next unless $account->save();
        push @accounts, $account;
@@ -613,7 +620,7 @@ sub req_create_accounts {
            },
            email        => $email,
            download_url => $download_url,
-            days         => $validity_period,
+            days         => $validity,
        }
    );
 }

--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -35,6 +35,10 @@ msgstr "À propos"
 msgid "Account profile: %1"
 msgstr "Profil d'utilisateur: %1"

+#: templates/web/renater/complete_challenge.tt2.html:22
+msgid "Accounts validity period, in days:"
+msgstr "Durée de validité des comptes, en jours:"
+
 #: templates/web/edugain/create_accounts.tt2.html:51 templates/web/renater/create_accounts.tt2.html:53
 msgid "After a successfull authentication process these attributes are transmitted via the SAML protocol to your service provider."
 msgstr "Ces attributs sont transmis via le protocole SAML, après une authentification réussie, à votre fournisseur de service."

--- a/templates/web/edugain/complete_challenge.tt2.html
+++ b/templates/web/edugain/complete_challenge.tt2.html
@@ -17,11 +17,14 @@
        <fieldset>
            <legend>[% lh.maketext("Please provide the validation token here:") %]</legend>
            <input name="token" value="" id="token" type="text" class="required"/>
-            <label for="token" class="error"></label>
-            <input type="hidden" name="federation" value="[% federation %]"/>
-            <input type="hidden" name="entityid" value="[% entityid %]"/>
-            <input type="hidden" name="email" value="[% email %]"/>
        </fieldset>
+        <fieldset>
+            <legend>[% lh.maketext("Accounts validity period, in days:") %]</legend>
+            <input name="validity" value="[% validity %]" id="validity" type="number" class="required" min="1"/>
+        </fieldset>
+        <input type="hidden" name="federation" value="[% federation %]"/>
+        <input type="hidden" name="entityid" value="[% entityid %]"/>
+        <input type="hidden" name="email" value="[% email %]"/>
    </div>

    <div class="actions clearfix">

--- a/templates/web/renater/complete_challenge.tt2.html
+++ b/templates/web/renater/complete_challenge.tt2.html
@@ -17,11 +17,14 @@
        <fieldset>
            <legend>[% lh.maketext("Please provide the validation token here:") %]</legend>
            <input name="token" value="" id="token" type="text" class="required"/>
-            <label for="token" class="error"></label>
-            <input type="hidden" name="federation" value="[% federation %]"/>
-            <input type="hidden" name="entityid" value="[% entityid %]"/>
-            <input type="hidden" name="email" value="[% email %]"/>
        </fieldset>
+        <fieldset>
+            <legend>[% lh.maketext("Accounts validity period, in days:") %]</legend>
+            <input name="validity" value="[% validity %]" id="validity" type="number" class="required" min="1"/>
+        </fieldset>
+        <input type="hidden" name="federation" value="[% federation %]"/>
+        <input type="hidden" name="entityid" value="[% entityid %]"/>
+        <input type="hidden" name="email" value="[% email %]"/>
    </div>

    <div class="actions clearfix">