Harden password reset process

The improvements are: - Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config - Redirect user to main page after password change using relative URL - Don't leak info whether user exists or has recovery info defined - Throttle password reset requests to prevent brute force attacks - Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled - Make database upgrade code compatible with other databases types - Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
2025-07-29 22:41:11 +03:00 · 2016-10-19 13:06:10 +02:00
parent 8bb6000072
commit ffb84283c2
13 changed files with 192 additions and 167 deletions
--- a/model/AdminHandler.php
+++ b/model/AdminHandler.php
@ -35,6 +35,8 @@ class AdminHandler extends PFAHandler {
            $domains_grouped = 'group_concat(domain)';
        }

+        $passwordReset = Config::read('forgotten_admin_password_reset');
+
        $this->struct=array(
            # field name                allow       display in...   type    $PALANG label          $PALANG description   default / options / ...
            #                           editing?    form    list
@ -47,10 +49,6 @@ class AdminHandler extends PFAHandler {
                /*select*/ 'password as password2'
            ),

-            'phone'           => pacol( 1,          1,      0,      'text', 'pCreate_mailbox_phone', 'pCreate_mailbox_phone_desc', ''),
-
-            'email_other'     => pacol( 1,          1,      0,      'mail', 'pCreate_mailbox_email', 'pCreate_mailbox_email_desc', ''),
-
            'superadmin'      => pacol( 1,          1,      0,      'bool', 'super_admin'        , 'super_admin_desc'  , 0
 # TODO: (finally) replace the ALL domain with a column in the admin table
 # TODO: current status: 'superadmin' column exists and is written when storing an admin with AdminHandler,
@ -78,6 +76,10 @@ class AdminHandler extends PFAHandler {
                             ' ) AS __domain on username = __domain_username'),

            'active'          => pacol( 1,          1,      1,      'bool', 'active'             , ''                  , 1     ),
+            'phone'           => pacol( 1,  $passwordReset, 0,      'text', 'pCreate_mailbox_phone', 'pCreate_mailbox_phone_desc', ''),
+            'email_other'     => pacol( 1,  $passwordReset, 0,      'mail', 'pCreate_mailbox_email', 'pCreate_mailbox_email_desc', ''),
+            'token'           => pacol( 1,          0,      0,      'text', ''                   , ''                  ),
+            'token_validity'  => pacol( 1,          0,      0,      'ts',   ''                   , ''                  ),
            'created'         => pacol( 0,          0,      0,      'ts',   'created'            , ''                  ),
            'modified'        => pacol( 0,          0,      1,      'ts',   'last_modified'      , ''                  ),
        );