Extracts user-lifecycle, audit and telemetry from the security subpage into their own tiles, and renames the slimmed-down security subpage to account-access for a clearer scope. Each subpage now has at most three detail cards instead of the eight previously crowded into security. Hub gains four tiles, sub-action redirects (expire-remember-tokens, run-user-lifecycle) move to their new sections, architecture tests track the new section list and i18n adds the new labels in de + en. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
182 lines
8.8 KiB
PHTML
182 lines
8.8 KiB
PHTML
<?php
|
|
|
|
/**
|
|
* @var array $values
|
|
* @var array $settings
|
|
* @var int $activeLoginTokens
|
|
* @var bool $canUpdateSettings
|
|
*/
|
|
|
|
use MintyPHP\Session;
|
|
|
|
$values = $values ?? [];
|
|
$settings = $settings ?? [];
|
|
$appRegistration = !empty($values['app_registration']);
|
|
$sessionIdleTimeoutMinutes = (int) ($values['session_idle_timeout_minutes'] ?? 30);
|
|
$sessionAbsoluteTimeoutHours = (int) ($values['session_absolute_timeout_hours'] ?? 8);
|
|
$rememberTokenLifetimeDays = (int) ($values['remember_token_lifetime_days'] ?? 30);
|
|
$microsoftAutoRememberDefault = !empty($values['microsoft_auto_remember_default']);
|
|
$appRegistrationDesc = $settings['app_registration']['description'] ?? 'setting.app_registration';
|
|
$sessionIdleTimeoutMinutesDesc = $settings['session_idle_timeout_minutes']['description'] ?? 'setting.session_idle_timeout_minutes';
|
|
$sessionAbsoluteTimeoutHoursDesc = $settings['session_absolute_timeout_hours']['description'] ?? 'setting.session_absolute_timeout_hours';
|
|
$rememberTokenLifetimeDaysDesc = $settings['remember_token_lifetime_days']['description'] ?? 'setting.remember_token_lifetime_days';
|
|
$microsoftAutoRememberDefaultDesc = $settings['microsoft_auto_remember_default']['description'] ?? 'setting.microsoft_auto_remember_default';
|
|
$activeLoginTokens = (int) ($activeLoginTokens ?? 0);
|
|
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
|
$isReadOnly = !$canUpdateSettings;
|
|
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
|
$disabledAttr = $isReadOnly ? 'disabled' : '';
|
|
?>
|
|
|
|
<div class="app-details-container">
|
|
<section>
|
|
<?php
|
|
$titlebar = [
|
|
'title' => t('Account access settings'),
|
|
'backHref' => 'admin/settings',
|
|
'backTitle' => t('Cancel'),
|
|
'actions' => $canUpdateSettings ? [
|
|
[
|
|
'form' => 'settings-account-access-form',
|
|
'name' => 'action',
|
|
'value' => 'save',
|
|
'class' => 'secondary outline',
|
|
'label' => t('Save'),
|
|
],
|
|
[
|
|
'form' => 'settings-account-access-form',
|
|
'name' => 'action',
|
|
'value' => 'save_close',
|
|
'class' => 'primary',
|
|
'label' => t('Save & close'),
|
|
],
|
|
] : [],
|
|
];
|
|
require templatePath('partials/app-details-titlebar.phtml');
|
|
?>
|
|
|
|
<form id="settings-account-access-form" method="post" data-details-storage="settings-account-access-details-v1" data-standard-detail-form="1">
|
|
<details class="app-details-card" name="settings-account-access-registration" data-details-key="settings-account-access-registration">
|
|
<summary>
|
|
<span class="app-details-card-summary-title"><?php e(t('Allow registration')); ?></span>
|
|
<span class="app-details-card-summary-meta">
|
|
<span class="badge" data-variant="neutral"><?php e($appRegistration ? t('Enabled') : t('Disabled')); ?></span>
|
|
</span>
|
|
</summary>
|
|
<div class="app-details-card-container">
|
|
<blockquote data-variant="info">
|
|
<small><?php e(t('Registration controls whether new users can create an account.')); ?></small>
|
|
</blockquote>
|
|
<fieldset>
|
|
<legend>
|
|
<small><?php e(t($appRegistrationDesc)); ?></small>
|
|
</legend>
|
|
<label class="app-field">
|
|
<input type="checkbox" name="app_registration" value="1" <?php e($appRegistration ? 'checked' : ''); ?>
|
|
<?php e($disabledAttr); ?>>
|
|
<span><?php e(t('Allow registration')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
|
</label>
|
|
</fieldset>
|
|
</div>
|
|
</details>
|
|
|
|
<details class="app-details-card" name="settings-account-access-session" data-details-key="settings-account-access-session" open>
|
|
<summary>
|
|
<span class="app-details-card-summary-title"><?php e(t('Session policy')); ?></span>
|
|
<span class="app-details-card-summary-meta">
|
|
<span class="badge" data-variant="neutral"><?php e((string) $sessionIdleTimeoutMinutes); ?></span>
|
|
<span class="badge" data-variant="neutral"><?php e((string) $sessionAbsoluteTimeoutHours); ?></span>
|
|
</span>
|
|
</summary>
|
|
<div class="app-details-card-container">
|
|
<blockquote data-variant="info">
|
|
<small><?php e(t('Session limits define how long logged-in users stay signed in.')); ?></small>
|
|
</blockquote>
|
|
<div class="grid">
|
|
<label class="app-field">
|
|
<span><?php e(t('Session idle timeout (minutes)')); ?></span>
|
|
<input type="number" name="session_idle_timeout_minutes"
|
|
value="<?php e((string) $sessionIdleTimeoutMinutes); ?>" min="5" max="1440" step="1"
|
|
<?php e($readonlyAttr); ?>>
|
|
<small><?php e(t($sessionIdleTimeoutMinutesDesc)); ?></small>
|
|
<small class="muted"><?php e(t('Allowed range: 5-1440 minutes (default: 30)')); ?></small>
|
|
</label>
|
|
<label class="app-field">
|
|
<span><?php e(t('Session absolute timeout (hours)')); ?></span>
|
|
<input type="number" name="session_absolute_timeout_hours"
|
|
value="<?php e((string) $sessionAbsoluteTimeoutHours); ?>" min="1" max="72" step="1"
|
|
<?php e($readonlyAttr); ?>>
|
|
<small><?php e(t($sessionAbsoluteTimeoutHoursDesc)); ?></small>
|
|
<small class="muted"><?php e(t('Allowed range: 1-72 hours (default: 8)')); ?></small>
|
|
</label>
|
|
</div>
|
|
</div>
|
|
</details>
|
|
|
|
<details class="app-details-card" name="settings-account-access-login-persistence" data-details-key="settings-account-access-login-persistence">
|
|
<summary>
|
|
<span class="app-details-card-summary-title"><?php e(t('Login persistence')); ?></span>
|
|
<span class="app-details-card-summary-meta">
|
|
<span class="badge" data-variant="neutral"><?php e((string) $rememberTokenLifetimeDays); ?></span>
|
|
</span>
|
|
</summary>
|
|
<div class="app-details-card-container">
|
|
<blockquote data-variant="info">
|
|
<small><?php e(t('Controls remember-me token lifetime and Microsoft auto-remember behavior.')); ?></small>
|
|
</blockquote>
|
|
<div class="grid">
|
|
<label class="app-field">
|
|
<span><?php e(t('Remember token lifetime (days)')); ?></span>
|
|
<input type="number" name="remember_token_lifetime_days"
|
|
value="<?php e((string) $rememberTokenLifetimeDays); ?>" min="1" max="365" step="1"
|
|
<?php e($readonlyAttr); ?>>
|
|
<small><?php e(t($rememberTokenLifetimeDaysDesc)); ?></small>
|
|
<small class="muted"><?php e(t('Allowed range: 1-365 days (default: 30)')); ?></small>
|
|
</label>
|
|
<fieldset>
|
|
<legend>
|
|
<small><?php e(t($microsoftAutoRememberDefaultDesc)); ?></small>
|
|
</legend>
|
|
<label class="app-field">
|
|
<input type="checkbox" name="microsoft_auto_remember_default" value="1"
|
|
<?php e($microsoftAutoRememberDefault ? 'checked' : ''); ?>
|
|
<?php e($disabledAttr); ?>>
|
|
<span><?php e(t('Microsoft Auto-Remember default')); ?></span>
|
|
</label>
|
|
<small class="muted"><?php e(t('When enabled, successful Microsoft logins automatically persist a remember-me token (unless overridden per tenant).')); ?></small>
|
|
</fieldset>
|
|
</div>
|
|
</div>
|
|
</details>
|
|
|
|
<?php if ($canUpdateSettings): ?>
|
|
<details class="app-details-card" name="settings-account-access-login-tokens" data-details-key="settings-account-access-login-tokens">
|
|
<summary>
|
|
<span class="app-details-card-summary-title"><?php e(t('Login tokens')); ?></span>
|
|
<span class="app-details-card-summary-meta">
|
|
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active login tokens'), $activeLoginTokens)); ?></span>
|
|
</span>
|
|
</summary>
|
|
<div class="app-details-card-container">
|
|
<blockquote data-variant="warning">
|
|
<small><?php e(t('This will expire all remember-me tokens immediately and force users to sign in again.')); ?></small>
|
|
</blockquote>
|
|
<button type="submit" class="danger" formnovalidate
|
|
formaction="admin/settings/expire-remember-tokens"
|
|
formmethod="post"
|
|
data-detail-confirm-message="<?php e(t('Expire all login tokens?')); ?>"
|
|
data-detail-action-kind="danger">
|
|
<?php e(t('Expire all login tokens')); ?>
|
|
</button>
|
|
</div>
|
|
</details>
|
|
<?php endif; ?>
|
|
|
|
<?php Session::getCsrfInput(); ?>
|
|
</form>
|
|
</section>
|
|
<aside id="app-details-aside-section">
|
|
<div class="app-details-aside-section"></div>
|
|
</aside>
|
|
</div>
|