diff options
author | Zoltan Flamis <zoltan@innocraft.com> | 2021-05-27 01:28:59 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-27 01:28:59 +0300 |
commit | 70b05de003487a31495bb9927017606a2faab7dd (patch) | |
tree | 3dcdcf0d6dc2298f356248f88d8f2e51e214afb2 /plugins | |
parent | 30583c72fbb57469ee953536f69af2859fef61db (diff) |
Email notifications for critical actions (#17531)
* wip email notifications
* use Mail class
* token and login settings notification emails
* more notification emails
* user created/deleted notification
* use an abstract class
* import class
* catch email ex
* wip
* change settings changed emails
* import loggerinterface
* simpler email bodies
* some small tweaks to the translations
Co-authored-by: diosmosis <diosmosis@users.noreply.github.com>
Diffstat (limited to 'plugins')
17 files changed, 511 insertions, 1 deletions
diff --git a/plugins/CoreAdminHome/Emails/RecoveryCodesRegeneratedEmail.php b/plugins/CoreAdminHome/Emails/RecoveryCodesRegeneratedEmail.php new file mode 100644 index 0000000000..7a045ccb25 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/RecoveryCodesRegeneratedEmail.php @@ -0,0 +1,21 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class RecoveryCodesRegeneratedEmail extends SecurityNotificationEmail +{ + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationRecoveryCodesRegeneratedBody') . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/RecoveryCodesShowedEmail.php b/plugins/CoreAdminHome/Emails/RecoveryCodesShowedEmail.php new file mode 100644 index 0000000000..0d5535b915 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/RecoveryCodesShowedEmail.php @@ -0,0 +1,21 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class RecoveryCodesShowedEmail extends SecurityNotificationEmail +{ + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationRecoveryCodesShowedBody') . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/SecurityNotificationEmail.php b/plugins/CoreAdminHome/Emails/SecurityNotificationEmail.php new file mode 100644 index 0000000000..191b3d3f2f --- /dev/null +++ b/plugins/CoreAdminHome/Emails/SecurityNotificationEmail.php @@ -0,0 +1,85 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Mail; +use Piwik\View; +use Piwik\Piwik; + +abstract class SecurityNotificationEmail extends Mail +{ + public static $notifyPluginList = [ + 'Login' => 'CoreAdminHome_BruteForce', + 'TwoFactorAuth' => 'CoreAdminHome_TwoFactorAuth', + 'CoreAdminHome' => 'CoreAdminHome_Cors' + ]; + + /** + * @var string + */ + private $login; + + /** + * @var string + */ + private $emailAddress; + + public function __construct($login, $emailAddress) + { + parent::__construct(); + + $this->login = $login; + $this->emailAddress = $emailAddress; + + $this->setUpEmail(); + } + + /** + * @return string + */ + public function getLogin() + { + return $this->login; + } + + /** + * @return string + */ + public function getEmailAddress() + { + return $this->emailAddress; + } + + + private function setUpEmail() + { + $this->setDefaultFromPiwik(); + $this->addTo($this->emailAddress); + $this->setSubject($this->getDefaultSubject()); + $this->addReplyTo($this->getFrom(), $this->getFromName()); + $this->setWrappedHtmlBody($this->getDefaultBodyView()); + } + + protected function getDefaultSubject() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationEmailSubject'); + } + + protected function getDefaultBodyView() + { + $view = new View('@CoreAdminHome/_securityNotificationEmail.twig'); + $view->login = $this->login; + $view->body = $this->getBody(); + + return $view; + } + + abstract protected function getBody(); +} diff --git a/plugins/CoreAdminHome/Emails/SettingsChangedEmail.php b/plugins/CoreAdminHome/Emails/SettingsChangedEmail.php new file mode 100644 index 0000000000..2a9b0b55ea --- /dev/null +++ b/plugins/CoreAdminHome/Emails/SettingsChangedEmail.php @@ -0,0 +1,43 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class SettingsChangedEmail extends SecurityNotificationEmail +{ + /** + * @var string + */ + private $superuser; + + /** + * @var string + */ + private $pluginNames; + + public function __construct($login, $emailAddress, $pluginNames, $superuser = null) + { + $this->pluginNames = $pluginNames; + $this->superuser = $superuser; + + parent::__construct($login, $emailAddress); + } + + protected function getBody() + { + if ($this->superuser) { + return Piwik::translate('CoreAdminHome_SecurityNotificationSettingsChangedByOtherSuperUserBody', [$this->superuser, $this->pluginNames]); + } + + return Piwik::translate('CoreAdminHome_SecurityNotificationSettingsChangedByUserBody', [$this->pluginNames]) . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/TokenAuthCreatedEmail.php b/plugins/CoreAdminHome/Emails/TokenAuthCreatedEmail.php new file mode 100644 index 0000000000..c5acdb0769 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/TokenAuthCreatedEmail.php @@ -0,0 +1,33 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class TokenAuthCreatedEmail extends SecurityNotificationEmail +{ + /** + * @var string + */ + private $tokenDescription; + + public function __construct($login, $emailAddress, $tokenDescription) + { + $this->tokenDescription = $tokenDescription; + + parent::__construct($login, $emailAddress); + } + + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationTokenAuthCreatedBody', [$this->tokenDescription]) . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/TokenAuthDeletedEmail.php b/plugins/CoreAdminHome/Emails/TokenAuthDeletedEmail.php new file mode 100644 index 0000000000..3617e3a833 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/TokenAuthDeletedEmail.php @@ -0,0 +1,43 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class TokenAuthDeletedEmail extends SecurityNotificationEmail +{ + /** + * @var string + */ + private $tokenDescription; + + /** + * @var bool + */ + private $all; + + public function __construct($login, $emailAddress, $tokenDescription, $all = false) + { + $this->tokenDescription = $tokenDescription; + $this->all = $all; + + parent::__construct($login, $emailAddress); + } + + protected function getBody() + { + if ($this->all) { + return Piwik::translate('CoreAdminHome_SecurityNotificationAllTokenAuthDeletedBody') . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } + + return Piwik::translate('CoreAdminHome_SecurityNotificationTokenAuthDeletedBody', [$this->tokenDescription]) . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/TwoFactorAuthDisabledEmail.php b/plugins/CoreAdminHome/Emails/TwoFactorAuthDisabledEmail.php new file mode 100644 index 0000000000..20bed77db7 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/TwoFactorAuthDisabledEmail.php @@ -0,0 +1,21 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class TwoFactorAuthDisabledEmail extends SecurityNotificationEmail +{ + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationTwoFactorAuthDisabledBody') . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/TwoFactorAuthEnabledEmail.php b/plugins/CoreAdminHome/Emails/TwoFactorAuthEnabledEmail.php new file mode 100644 index 0000000000..c06e6ea498 --- /dev/null +++ b/plugins/CoreAdminHome/Emails/TwoFactorAuthEnabledEmail.php @@ -0,0 +1,21 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class TwoFactorAuthEnabledEmail extends SecurityNotificationEmail +{ + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationTwoFactorAuthEnabledBody') . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/UserCreatedEmail.php b/plugins/CoreAdminHome/Emails/UserCreatedEmail.php new file mode 100644 index 0000000000..ea141fb6ef --- /dev/null +++ b/plugins/CoreAdminHome/Emails/UserCreatedEmail.php @@ -0,0 +1,33 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class UserCreatedEmail extends SecurityNotificationEmail +{ + /** + * @var string + */ + private $userLogin; + + public function __construct($login, $emailAddress, $userLogin) + { + $this->userLogin = $userLogin; + + parent::__construct($login, $emailAddress); + } + + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationUserCreatedBody', [$this->userLogin]) . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/Emails/UserDeletedEmail.php b/plugins/CoreAdminHome/Emails/UserDeletedEmail.php new file mode 100644 index 0000000000..a4f1df5f3a --- /dev/null +++ b/plugins/CoreAdminHome/Emails/UserDeletedEmail.php @@ -0,0 +1,33 @@ +<?php +/** + * Matomo - free/libre analytics platform + * + * @link https://matomo.org + * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later + * + */ + +namespace Piwik\Plugins\CoreAdminHome\Emails; + +use Piwik\Piwik; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; + +class UserDeletedEmail extends SecurityNotificationEmail +{ + /** + * @var string + */ + private $userLogin; + + public function __construct($login, $emailAddress, $userLogin) + { + $this->userLogin = $userLogin; + + parent::__construct($login, $emailAddress); + } + + protected function getBody() + { + return Piwik::translate('CoreAdminHome_SecurityNotificationUserDeletedBody', [$this->userLogin]) . ' ' . Piwik::translate('UsersManager_IfThisWasYouPasswordChange'); + } +} diff --git a/plugins/CoreAdminHome/lang/en.json b/plugins/CoreAdminHome/lang/en.json index a47671d780..2023365f59 100644 --- a/plugins/CoreAdminHome/lang/en.json +++ b/plugins/CoreAdminHome/lang/en.json @@ -139,6 +139,23 @@ "TrackingFailuresEmail1": "This is just to let you know that %s different kinds of tracking failures have occurred in the last days.", "TrackingFailuresEmail2": "To view all the failed tracking requests %1$sclick here%2$s.", "ImportFromGoogleAnalytics": "Import from Google Analytics", - "ImportFromGoogleAnalyticsDescription": "If you have a Google Analytics property and are switching to Matomo, you can import your existing data using the %1$sGoogleAnalyticsImporter%2$s plugin." + "ImportFromGoogleAnalyticsDescription": "If you have a Google Analytics property and are switching to Matomo, you can import your existing data using the %1$sGoogleAnalyticsImporter%2$s plugin.", + "SecurityNotificationEmailSubject": "Security Notification", + "SecurityNotificationRecoveryCodesShowedBody": "Someone viewed the two-factor authentication recovery codes of your account.", + "SecurityNotificationRecoveryCodesRegeneratedBody": "Someone generated new two-factor authentication recovery codes for your account.", + "SecurityNotificationTwoFactorAuthEnabledBody": "Someone enabled two-factor authentication in your account.", + "SecurityNotificationTwoFactorAuthDisabledBody": "Someone disabled two-factor authentication in your account.", + "SecurityNotificationTokenAuthCreatedBody": "Someone created an auth token (description: %s) in your account. If it wasn't you, delete the token.", + "SecurityNotificationTokenAuthDeletedBody": "Someone deleted an auth token (description: %s) in your account.", + "SecurityNotificationAllTokenAuthDeletedBody": "Someone deleted all of the auth tokens in your account.", + "SecurityNotificationSettingsChangedByUserBody": "Someone modified the system settings. Affected settings: %s.", + "SecurityNotificationSettingsChangedByOtherSuperUserBody": "Another super user (%1$s) modified the system settings. Affected settings: %2$s. If you know about this activity, carry on. If you don't recognize this activity, please contact the other super users.", + "SecurityNotificationUserCreatedBody": "Someone created a new user (login: %s) in your account.", + "SecurityNotificationUserDeletedBody": "Someone deleted a user (login: %s) in your account.", + "SecurityNotificationIfItWasYou": "If it was you, carry on. If you don't recognize this activity, please reset your password.", + "SecurityNotificationCheckTwoFactor": "Please check your two-factor authentication app or device.", + "BruteForce": "Brute Force", + "TwoFactorAuth": "Two-factor auth", + "Cors": "Cors" } } diff --git a/plugins/CoreAdminHome/templates/_securityNotificationEmail.twig b/plugins/CoreAdminHome/templates/_securityNotificationEmail.twig new file mode 100644 index 0000000000..de4dda16f6 --- /dev/null +++ b/plugins/CoreAdminHome/templates/_securityNotificationEmail.twig @@ -0,0 +1,2 @@ +<p>{{ 'General_HelloUser'|translate(login) }}</p> +<p>{{ body }}</p> diff --git a/plugins/CorePluginsAdmin/API.php b/plugins/CorePluginsAdmin/API.php index 5b4450b52e..32ba59a75e 100644 --- a/plugins/CorePluginsAdmin/API.php +++ b/plugins/CorePluginsAdmin/API.php @@ -13,6 +13,9 @@ use Piwik\Plugin\SettingsProvider; use Exception; use Piwik\Plugins\Login\PasswordVerifier; use Piwik\Version; +use Piwik\Container\StaticContainer; +use Piwik\Plugins\CoreAdminHome\Emails\SettingsChangedEmail; +use Piwik\Plugins\CoreAdminHome\Emails\SecurityNotificationEmail; /** * API for plugin CorePluginsAdmin @@ -61,15 +64,26 @@ class API extends \Piwik\Plugin\API $this->settingsMetadata->setPluginSettings($pluginsSettings, $settingValues); + $sendSettingsChangedNotificationEmailPlugins = []; + try { foreach ($pluginsSettings as $pluginSetting) { if (!empty($settingValues[$pluginSetting->getPluginName()])) { $pluginSetting->save(); + + $pluginName = $pluginSetting->getPluginName(); + if (in_array($pluginName, array_keys(SecurityNotificationEmail::$notifyPluginList))) { + $sendSettingsChangedNotificationEmailPlugins[] = $pluginName; + } } } } catch (Exception $e) { throw new Exception(Piwik::translate('CoreAdminHome_PluginSettingsSaveFailed')); } + + if (count($sendSettingsChangedNotificationEmailPlugins) > 0) { + $this->sendNotificationEmails($sendSettingsChangedNotificationEmailPlugins); + } } /** @@ -137,4 +151,40 @@ class API extends \Piwik\Plugin\API throw new Exception(Piwik::translate('UsersManager_CurrentPasswordNotCorrect')); } } + + private function sendNotificationEmails($sendSettingsChangedNotificationEmailPlugins) + { + $pluginNames = []; + foreach ($sendSettingsChangedNotificationEmailPlugins as $plugin) { + $pluginNames[] = Piwik::translate(SettingsChangedEmail::$notifyPluginList[$plugin]); + } + $pluginNames = implode(', ', $pluginNames); + + $container = StaticContainer::getContainer(); + + $email = $container->make(SettingsChangedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'pluginNames' => $pluginNames + )); + $email->safeSend(); + + $superuserEmailAddresses = Piwik::getAllSuperUserAccessEmailAddresses(); + unset($superuserEmailAddresses[Piwik::getCurrentUserLogin()]); + $superUserEmail = false; + + foreach ($superuserEmailAddresses as $address) { + $superUserEmail = $superUserEmail ?: $container->make(SettingsChangedEmail::class, array( + 'login' => Piwik::translate('Installation_SuperUser'), + 'emailAddress' => $address, + 'pluginNames' => $pluginNames, + 'superuser' => Piwik::getCurrentUserLogin() + )); + $superUserEmail->addTo($address); + } + + if ($superUserEmail) { + $superUserEmail->safeSend(); + } + } } diff --git a/plugins/TwoFactorAuth/Controller.php b/plugins/TwoFactorAuth/Controller.php index 5c7b451e1f..daa97f21eb 100644 --- a/plugins/TwoFactorAuth/Controller.php +++ b/plugins/TwoFactorAuth/Controller.php @@ -21,6 +21,10 @@ use Piwik\Session\SessionNamespace; use Piwik\Url; use Piwik\View; use Exception; +use Piwik\Plugins\CoreAdminHome\Emails\RecoveryCodesShowedEmail; +use Piwik\Plugins\CoreAdminHome\Emails\TwoFactorAuthEnabledEmail; +use Piwik\Plugins\CoreAdminHome\Emails\TwoFactorAuthDisabledEmail; +use Piwik\Plugins\CoreAdminHome\Emails\RecoveryCodesRegeneratedEmail; class Controller extends \Piwik\Plugin\Controller { @@ -148,6 +152,13 @@ class Controller extends \Piwik\Plugin\Controller $this->twoFa->disable2FAforUser(Piwik::getCurrentUserLogin()); $this->passwordVerify->forgetVerifiedPassword(); + $container = StaticContainer::getContainer(); + $email = $container->make(TwoFactorAuthDisabledEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail() + )); + $email->safeSend(); + $this->redirectToIndex('UsersManager', 'userSecurity', null, null, null, array( 'disableNonce' => false )); @@ -218,6 +229,13 @@ class Controller extends \Piwik\Plugin\Controller Piwik::postEvent('TwoFactorAuth.enabled', array($login)); + $container = StaticContainer::getContainer(); + $email = $container->make(TwoFactorAuthEnabledEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail() + )); + $email->safeSend(); + if ($standalone) { $this->redirectToIndex('CoreHome', 'index'); return; @@ -274,11 +292,18 @@ class Controller extends \Piwik\Plugin\Controller $regenerateSuccess = false; $regenerateError = false; + $container = StaticContainer::getContainer(); if ($postedValidNonce && $this->passwordVerify->hasBeenVerified()) { $this->passwordVerify->forgetVerifiedPassword(); $this->recoveryCodeDao->createRecoveryCodesForLogin(Piwik::getCurrentUserLogin()); $regenerateSuccess = true; + + $email = $container->make(RecoveryCodesRegeneratedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail() + )); + $email->safeSend(); // no need to redirect as password was verified nonce // if user has posted a valid nonce, we do not need to require password again as nonce must have been generated recent // avoids use case where eg password verify is only valid for one more minute when opening the page but user regenerates 2min later @@ -293,6 +318,14 @@ class Controller extends \Piwik\Plugin\Controller $recoveryCodes = $this->recoveryCodeDao->getAllRecoveryCodesForLogin(Piwik::getCurrentUserLogin()); + if (!$regenerateSuccess && !$regenerateError) { + $email = $container->make(RecoveryCodesShowedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail() + )); + $email->safeSend(); + } + return $this->renderTemplate('showRecoveryCodes', array( 'codes' => $recoveryCodes, 'regenerateNonce' => Nonce::getNonce(self::REGENERATE_CODES_2FA_NONCE), diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index 41d91f9bd8..559099245d 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -25,11 +25,13 @@ use Piwik\NoAccessException; use Piwik\Option; use Piwik\Piwik; use Piwik\Plugin; +use Piwik\Plugins\CoreAdminHome\Emails\UserCreatedEmail; use Piwik\Plugins\Login\PasswordVerifier; use Piwik\SettingsPiwik; use Piwik\Site; use Piwik\Tracker\Cache; use Piwik\View; +use Piwik\Plugins\CoreAdminHome\Emails\UserDeletedEmail; /** * The UsersManager API lets you Manage Users and their permissions to access specific websites. @@ -722,6 +724,14 @@ class API extends \Piwik\Plugin\API $this->model->addUser($userLogin, $passwordTransformed, $email, Date::now()->getDatetime()); + $container = StaticContainer::getContainer(); + $email = $container->make(UserCreatedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'userLogin' => $userLogin + )); + $email->safeSend(); + // we reload the access list which doesn't yet take in consideration this new user Access::getInstance()->reloadAccess(); Cache::deleteTrackerCache(); @@ -988,6 +998,14 @@ class API extends \Piwik\Plugin\API $this->model->deleteUserOptions($userLogin); $this->model->deleteUserAccess($userLogin); + $container = StaticContainer::getContainer(); + $email = $container->make(UserDeletedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'userLogin' => $userLogin + )); + $email->safeSend(); + Cache::deleteTrackerCache(); } diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index ce979f36be..0b903ee711 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -35,6 +35,8 @@ use Piwik\Validators\CharacterLength; use Piwik\Validators\NotEmpty; use Piwik\View; use Piwik\Session\SessionInitializer; +use Piwik\Plugins\CoreAdminHome\Emails\TokenAuthCreatedEmail; +use Piwik\Plugins\CoreAdminHome\Emails\TokenAuthDeletedEmail; class Controller extends ControllerAdmin { @@ -330,12 +332,29 @@ class Controller extends ControllerAdmin $notification->context = Notification::CONTEXT_SUCCESS; Notification\Manager::notify('successdeletetokens', $notification); + $container = StaticContainer::getContainer(); + $email = $container->make(TokenAuthDeletedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'tokenDescription' => '', + 'all' => true + )); + $email->safeSend(); } elseif (is_numeric($idTokenAuth)) { + $description = $this->userModel->getUserTokenDescriptionByIdTokenAuth($idTokenAuth, Piwik::getCurrentUserLogin()); $this->userModel->deleteToken($idTokenAuth, Piwik::getCurrentUserLogin()); $notification = new Notification(Piwik::translate('UsersManager_TokenSuccessfullyDeleted')); $notification->context = Notification::CONTEXT_SUCCESS; Notification\Manager::notify('successdeletetoken', $notification); + + $container = StaticContainer::getContainer(); + $email = $container->make(TokenAuthDeletedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'tokenDescription' => $description + )); + $email->safeSend(); } } @@ -367,6 +386,14 @@ class Controller extends ControllerAdmin $this->userModel->addTokenAuth($login, $generatedToken, $description, Date::now()->getDatetime()); + $container = StaticContainer::getContainer(); + $email = $container->make(TokenAuthCreatedEmail::class, array( + 'login' => Piwik::getCurrentUserLogin(), + 'emailAddress' => Piwik::getCurrentUserEmail(), + 'tokenDescription' => $description + )); + $email->safeSend(); + return $this->renderTemplate('addNewTokenSuccess', array('generatedToken' => $generatedToken)); } elseif (isset($_POST['description'])) { $noDescription = true; diff --git a/plugins/UsersManager/Model.php b/plugins/UsersManager/Model.php index 14a57b50c6..618d169866 100644 --- a/plugins/UsersManager/Model.php +++ b/plugins/UsersManager/Model.php @@ -316,6 +316,15 @@ class Model return $db->fetchRow("SELECT * FROM " . $this->tokenTable . " WHERE `password` = ?", $tokenAuth); } + public function getUserTokenDescriptionByIdTokenAuth($idTokenAuth, $login) + { + $db = $this->getDb(); + + $token = $db->fetchRow("SELECT description FROM " . $this->tokenTable . " WHERE `idusertokenauth` = ? and login = ? LIMIT 1", array($idTokenAuth, $login)); + + return $token ? $token['description'] : ''; + } + private function getQueryNotExpiredToken() { return array( |