From 33ae2b001092d34492644ce5b3da24cea9362374 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 00:36:48 +0200 Subject: [PATCH 1/6] Define private prop --- adapters/OctopushVirtualNumberAdapter.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/adapters/OctopushVirtualNumberAdapter.php b/adapters/OctopushVirtualNumberAdapter.php index 33473f9..1715937 100644 --- a/adapters/OctopushVirtualNumberAdapter.php +++ b/adapters/OctopushVirtualNumberAdapter.php @@ -44,6 +44,11 @@ class OctopushVirtualNumberAdapter implements AdapterInterface */ private $api_url = 'https://api.octopush.com/v1/public'; + /** + * Octopush phone number + */ + private $number; + /** * Adapter constructor, called when instanciated by RaspiSMS. From ad93a7b5370b9d95238480bf4c8ae8e11584cf30 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 01:21:23 +0200 Subject: [PATCH 2/6] Add function to impersonate a user --- VERSION | 2 +- controllers/publics/Account.php | 21 +++++++++++ controllers/publics/Connect.php | 1 + controllers/publics/User.php | 66 +++++++++++++++++++++++++++++++++ routes.php | 2 + templates/incs/nav.php | 8 +++- templates/user/list.php | 1 + 7 files changed, 99 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index ed530b3..d80dc33 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.1.5 +v3.1.6 diff --git a/controllers/publics/Account.php b/controllers/publics/Account.php index 84e8d55..bcd4327 100644 --- a/controllers/publics/Account.php +++ b/controllers/publics/Account.php @@ -204,4 +204,25 @@ namespace controllers\publics; return $this->redirect(\descartes\Router::url('Connect', 'login')); } + + /** + * Allow to stop impersonating a user + * @param mixed $csrf + */ + public function stop_impersonate() + { + $old_session = $_SESSION['old_session'] ?? false; + if (!$old_session) + { + \FlashMessage\FlashMessage::push('danger', 'Impossible de récupérer l\'identité originale, vous avez été deconnecté à la place.'); + + return $this->redirect(\descartes\Router::url('Connect', 'logout')); + } + + $user_email = $_SESSION['user']['email']; + $_SESSION = $old_session; + + \FlashMessage\FlashMessage::push('success', 'Vous n\'incarnez plus l\'utilisateur ' . $user_email . '.'); + return $this->redirect(\descartes\Router::url('Dashboard', 'show')); + } } diff --git a/controllers/publics/Connect.php b/controllers/publics/Connect.php index d254b97..8c5faf2 100644 --- a/controllers/publics/Connect.php +++ b/controllers/publics/Connect.php @@ -164,4 +164,5 @@ namespace controllers\publics; return $this->redirect(\descartes\Router::url('Connect', 'login')); } + } diff --git a/controllers/publics/User.php b/controllers/publics/User.php index ab4df63..0581548 100644 --- a/controllers/publics/User.php +++ b/controllers/publics/User.php @@ -18,6 +18,7 @@ class User extends \descartes\Controller { private $internal_user; private $internal_quota; + private $internal_setting; /** * Cette fonction est appelée avant toute les autres : @@ -30,6 +31,7 @@ class User extends \descartes\Controller $bdd = \descartes\Model::_connect(DATABASE_HOST, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD); $this->internal_user = new \controllers\internals\User($bdd); $this->internal_quota = new \controllers\internals\Quota($bdd); + $this->internal_setting = new \controllers\internals\Setting($bdd); \controllers\internals\Tool::verifyconnect(); @@ -407,4 +409,68 @@ class User extends \descartes\Controller return $this->redirect(\descartes\Router::url('User', 'list')); } + + + /** + * Allow an admin to impersonate a user + * @param mixed $csrf + * @param array int $_GET['user_ids'] : Ids of users to impersonate, the array should actually contain one id only, we keep use of array for simpler compatibility in UI + */ + public function impersonate ($csrf) + { + if (!$this->verify_csrf($csrf)) + { + \FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !'); + + return $this->redirect(\descartes\Router::url('User', 'list')); + } + + if (count($_GET['user_ids']) != 1) + { + \FlashMessage\FlashMessage::push('danger', 'Vous devez séléctionner un et un seul utilisateur à incarner !'); + + return $this->redirect(\descartes\Router::url('User', 'list')); + } + + $id_user = (int) $_GET['user_ids'][0]; + + //Check if this user exists + $user = $this->internal_user->get($id_user); + if (!$user) + { + \FlashMessage\FlashMessage::push('danger', 'Cet utilisateur n\'existe pas !'); + + return $this->redirect(\descartes\Router::url('User', 'list')); + } + + $settings = $this->internal_setting->gets_for_user($id_user); + if (!$settings) + { + \FlashMessage\FlashMessage::push('danger', 'Impossible de charger les settings de cet utilisateur !'); + + return $this->redirect(\descartes\Router::url('User', 'list')); + } + + if (\models\User::STATUS_ACTIVE !== $user['status']) + { + \FlashMessage\FlashMessage::push('danger', 'Impossible d\'incarner cet utilisateur car il est actuellement suspendu'); + + return $this->redirect(\descartes\Router::url('User', 'list')); + } + + $user['settings'] = $settings; + + //Save old session to get it back later + $old_session = $_SESSION; + $_SESSION = [ + 'old_session' => $old_session, + 'impersonate' => true, + 'connect' => true, + 'user' => $user, + ]; + + \FlashMessage\FlashMessage::push('success', 'Vous incarnez désormais l\'utilisateur ' . $user['email'] . '.'); + return $this->redirect(\descartes\Router::url('Dashboard', 'show')); + } + } diff --git a/routes.php b/routes.php index a0fab1f..5ddf90b 100644 --- a/routes.php +++ b/routes.php @@ -21,6 +21,7 @@ 'update_api_key' => '/account/update_api_key/{csrf}/', 'delete' => '/account/delete/{csrf}/', 'logout' => '/logout/', + 'stop_impersonate' => '/stop_impersonate/{csrf}/', ], 'Command' => [ @@ -148,6 +149,7 @@ 'edit' => '/user/edit/', 'update' => '/user/update/{csrf}/', 'update_status' => '/user/delete/{status}/{csrf}/', + 'impersonate' => '/user/impersonate/{csrf}/', ], 'Phone' => [ diff --git a/templates/incs/nav.php b/templates/incs/nav.php index a40d176..91e2340 100644 --- a/templates/incs/nav.php +++ b/templates/incs/nav.php @@ -21,7 +21,13 @@
  • - Déconnexion + +
  • > + Ne plus incarner +
    • + + Déconnexion + diff --git a/templates/user/list.php b/templates/user/list.php index e66c21d..c1d8db3 100644 --- a/templates/user/list.php +++ b/templates/user/list.php @@ -58,6 +58,7 @@ Action pour la séléction : + From 8f7868cae7e560bf31a55bafd3e3d9161d0e8ca2 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 01:36:22 +0200 Subject: [PATCH 3/6] Limit to last 10k the sended sms to see --- controllers/publics/Sended.php | 2 +- templates/sended/list.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/publics/Sended.php b/controllers/publics/Sended.php index 8227e38..4079f19 100644 --- a/controllers/publics/Sended.php +++ b/controllers/publics/Sended.php @@ -53,7 +53,7 @@ namespace controllers\publics; */ public function list_json() { - $entities = $this->internal_sended->list_for_user($_SESSION['user']['id']); + $entities = $this->internal_sended->list_for_user($_SESSION['user']['id'], 10000); foreach ($entities as &$entity) { $entity['destination_formatted'] = \controllers\internals\Tool::phone_link($entity['destination']); diff --git a/templates/sended/list.php b/templates/sended/list.php index c7ce818..35d5f17 100644 --- a/templates/sended/list.php +++ b/templates/sended/list.php @@ -31,7 +31,7 @@
    -

    Liste des SMS envoyés

    +

    Liste des SMS envoyés (10 000 derniers SMS maximum)

    From 8492da652ac68c7bef196465f2fc228178a61b5c Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 02:13:40 +0200 Subject: [PATCH 4/6] re-enable smsstops --- controllers/internals/Received.php | 8 ++++++++ controllers/internals/Scheduled.php | 19 +++++++++++++++++++ controllers/internals/SmsStop.php | 11 +++++++++++ 3 files changed, 38 insertions(+) diff --git a/controllers/internals/Received.php b/controllers/internals/Received.php index 60aefba..b9b6cfc 100644 --- a/controllers/internals/Received.php +++ b/controllers/internals/Received.php @@ -68,6 +68,14 @@ namespace controllers\internals; return false; } + //Check if the received message is a SMS STOP and we must register it + $internal_smsstop = new SmsStop($this->bdd); + $is_stop = $internal_smsstop->check_for_stop($received['text']); + if ($is_stop) + { + $internal_smsstop->create($id_user, $origin); + } + //Link medias $internal_media = new Media($this->bdd); foreach ($media_ids as $media_id) diff --git a/controllers/internals/Scheduled.php b/controllers/internals/Scheduled.php index 1a0c75c..a2d7019 100644 --- a/controllers/internals/Scheduled.php +++ b/controllers/internals/Scheduled.php @@ -285,7 +285,9 @@ namespace controllers\internals; $internal_group = new \controllers\internals\Group($this->bdd); $internal_conditional_group = new \controllers\internals\ConditionalGroup($this->bdd); $internal_phone = new \controllers\internals\Phone($this->bdd); + $internal_smsstop = new \controllers\internals\SmsStop($this->bdd); + $users_smsstops = []; $users_settings = []; $users_phones = []; $users_mms_phones = []; @@ -305,6 +307,17 @@ namespace controllers\internals; $users_settings[$scheduled['id_user']][$name] = $value; } } + + if (!isset($users_smsstops[$scheduled['id_user']]) && $users_settings[$scheduled['id_user']]['smsstop']) + { + $users_smsstops[$scheduled['id_user']] = []; + + $smsstops = $internal_smsstop->gets_for_user($scheduled['id_user']); + foreach ($smsstops as $smsstop) + { + $users_settings[$scheduled['id_user']][] = $smsstop['number']; + } + } if (!isset($users_phones[$scheduled['id_user']])) { @@ -467,6 +480,12 @@ namespace controllers\internals; continue; } + //Remove messages to smsstops numbers + if (in_array($message['destination'], $users_smsstops[$scheduled['id_user']])) + { + continue; + } + $smss_to_send[] = $message; } } diff --git a/controllers/internals/SmsStop.php b/controllers/internals/SmsStop.php index 6ea87ae..a170e75 100644 --- a/controllers/internals/SmsStop.php +++ b/controllers/internals/SmsStop.php @@ -73,4 +73,15 @@ namespace controllers\internals; return $this->model; } + + /** + * Parse a string to check if its a SMS stop + * + * @param string $str : The string to check + * @return bool : true if sms stop, false else + */ + public function check_for_stop (string $str) + { + return trim(mb_strtolower($str)) == 'STOP'; + } } From 1f46b3ad5715848f9a049f2d28c64b50a818d280 Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 02:36:22 +0200 Subject: [PATCH 5/6] fix smsstop --- controllers/internals/Scheduled.php | 4 ++-- controllers/internals/SmsStop.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/controllers/internals/Scheduled.php b/controllers/internals/Scheduled.php index a2d7019..9282aed 100644 --- a/controllers/internals/Scheduled.php +++ b/controllers/internals/Scheduled.php @@ -307,7 +307,7 @@ namespace controllers\internals; $users_settings[$scheduled['id_user']][$name] = $value; } } - + if (!isset($users_smsstops[$scheduled['id_user']]) && $users_settings[$scheduled['id_user']]['smsstop']) { $users_smsstops[$scheduled['id_user']] = []; @@ -315,7 +315,7 @@ namespace controllers\internals; $smsstops = $internal_smsstop->gets_for_user($scheduled['id_user']); foreach ($smsstops as $smsstop) { - $users_settings[$scheduled['id_user']][] = $smsstop['number']; + $users_smsstops[$scheduled['id_user']][] = $smsstop['number']; } } diff --git a/controllers/internals/SmsStop.php b/controllers/internals/SmsStop.php index a170e75..1cfc649 100644 --- a/controllers/internals/SmsStop.php +++ b/controllers/internals/SmsStop.php @@ -82,6 +82,6 @@ namespace controllers\internals; */ public function check_for_stop (string $str) { - return trim(mb_strtolower($str)) == 'STOP'; + return trim(mb_strtolower($str)) == 'stop'; } } From 919b81bdf1cba339b42529d601934df5f9c23d8d Mon Sep 17 00:00:00 2001 From: osaajani <> Date: Tue, 13 Jul 2021 02:37:45 +0200 Subject: [PATCH 6/6] fix smsstop --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index d80dc33..e5e2ba2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v3.1.6 +v3.1.7