1
0
Files
breadcrumb-the-shire/pages/admin/settings/security(default).phtml
fs 69739c90d7 refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub
and six focused subpages (general, security, email, api, sso, branding),
each with its own form, CSRF scope and POST handler. Each subpage offers
Save / Save & close buttons plus a Cancel/back link to the hub.

Backend (AdminSettingsService, gateways, policies, DB schema) unchanged.
A new settingsSectionMergePost() helper overlays section POSTs onto the
current DB values so partial saves don't wipe unrelated fields (the
service defaults missing keys to 0/empty).

Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching
subpage, and architecture contracts now check the subpage files instead
of the removed monolithic index.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 22:43:12 +02:00

345 lines
18 KiB
PHTML

<?php
/**
* @var array $values
* @var array $settings
* @var int $activeLoginTokens
* @var bool $canUpdateSettings
*/
use MintyPHP\Session;
$values = $values ?? [];
$settings = $settings ?? [];
$appRegistration = !empty($values['app_registration']);
$sessionIdleTimeoutMinutes = (int) ($values['session_idle_timeout_minutes'] ?? 30);
$sessionAbsoluteTimeoutHours = (int) ($values['session_absolute_timeout_hours'] ?? 8);
$rememberTokenLifetimeDays = (int) ($values['remember_token_lifetime_days'] ?? 30);
$microsoftAutoRememberDefault = !empty($values['microsoft_auto_remember_default']);
$userInactivityDeactivateDays = (int) ($values['user_inactivity_deactivate_days'] ?? 180);
$userInactivityDeleteDays = (int) ($values['user_inactivity_delete_days'] ?? 365);
$systemAuditEnabled = !empty($values['system_audit_enabled']);
$systemAuditRetentionDays = (int) ($values['system_audit_retention_days'] ?? 365);
$frontendTelemetryEnabled = !empty($values['frontend_telemetry_enabled']);
$frontendTelemetrySampleRate = (string) ($values['frontend_telemetry_sample_rate'] ?? '0.2');
$frontendTelemetrySampleRateOptions = ['0.1', '0.2', '0.5', '1'];
if (!in_array($frontendTelemetrySampleRate, $frontendTelemetrySampleRateOptions, true)) {
$frontendTelemetrySampleRate = '0.2';
}
$frontendTelemetryAllowedEvents = $values['frontend_telemetry_allowed_events'] ?? ['warn_once', 'ajax_error'];
if (!is_array($frontendTelemetryAllowedEvents)) {
$frontendTelemetryAllowedEvents = preg_split('/[\s,]+/', (string) $frontendTelemetryAllowedEvents) ?: [];
}
$frontendTelemetryAllowedEvents = array_values(array_unique(array_filter(array_map(
static fn($entry): string => strtolower(trim((string) $entry)),
$frontendTelemetryAllowedEvents
))));
if ($frontendTelemetryAllowedEvents === []) {
$frontendTelemetryAllowedEvents = ['warn_once', 'ajax_error'];
}
$appRegistrationDesc = $settings['app_registration']['description'] ?? 'setting.app_registration';
$sessionIdleTimeoutMinutesDesc = $settings['session_idle_timeout_minutes']['description'] ?? 'setting.session_idle_timeout_minutes';
$sessionAbsoluteTimeoutHoursDesc = $settings['session_absolute_timeout_hours']['description'] ?? 'setting.session_absolute_timeout_hours';
$rememberTokenLifetimeDaysDesc = $settings['remember_token_lifetime_days']['description'] ?? 'setting.remember_token_lifetime_days';
$microsoftAutoRememberDefaultDesc = $settings['microsoft_auto_remember_default']['description'] ?? 'setting.microsoft_auto_remember_default';
$userInactivityDeactivateDaysDesc = $settings['user_inactivity_deactivate_days']['description'] ?? 'setting.user_inactivity_deactivate_days';
$userInactivityDeleteDaysDesc = $settings['user_inactivity_delete_days']['description'] ?? 'setting.user_inactivity_delete_days';
$systemAuditRetentionDaysDesc = $settings['system_audit_retention_days']['description'] ?? 'setting.system_audit_retention_days';
$activeLoginTokens = (int) ($activeLoginTokens ?? 0);
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
$isReadOnly = !$canUpdateSettings;
$readonlyAttr = $isReadOnly ? 'readonly' : '';
$disabledAttr = $isReadOnly ? 'disabled' : '';
?>
<div class="app-details-container">
<section>
<?php
$titlebar = [
'title' => t('Security settings'),
'backHref' => 'admin/settings',
'backTitle' => t('Cancel'),
'actions' => $canUpdateSettings ? [
[
'form' => 'settings-security-form',
'name' => 'action',
'value' => 'save',
'class' => 'secondary outline',
'label' => t('Save'),
],
[
'form' => 'settings-security-form',
'name' => 'action',
'value' => 'save_close',
'class' => 'primary',
'label' => t('Save & close'),
],
] : [],
];
require templatePath('partials/app-details-titlebar.phtml');
?>
<form id="settings-security-form" method="post" data-details-storage="settings-security-details-v1" data-standard-detail-form="1">
<details class="app-details-card" name="settings-security-registration" data-details-key="settings-security-registration">
<summary>
<span class="app-details-card-summary-title"><?php e(t('Allow registration')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e($appRegistration ? t('Enabled') : t('Disabled')); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('Registration controls whether new users can create an account.')); ?></small>
</blockquote>
<fieldset>
<legend>
<small><?php e(t($appRegistrationDesc)); ?></small>
</legend>
<label class="app-field">
<input type="checkbox" name="app_registration" value="1" <?php e($appRegistration ? 'checked' : ''); ?>
<?php e($disabledAttr); ?>>
<span><?php e(t('Allow registration')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
</label>
</fieldset>
</div>
</details>
<details class="app-details-card" name="settings-security-session" data-details-key="settings-security-session" open>
<summary>
<span class="app-details-card-summary-title"><?php e(t('Session policy')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e((string) $sessionIdleTimeoutMinutes); ?></span>
<span class="badge" data-variant="neutral"><?php e((string) $sessionAbsoluteTimeoutHours); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('Session limits define how long logged-in users stay signed in.')); ?></small>
</blockquote>
<div class="grid">
<label class="app-field">
<span><?php e(t('Session idle timeout (minutes)')); ?></span>
<input type="number" name="session_idle_timeout_minutes"
value="<?php e((string) $sessionIdleTimeoutMinutes); ?>" min="5" max="1440" step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($sessionIdleTimeoutMinutesDesc)); ?></small>
<small class="muted"><?php e(t('Allowed range: 5-1440 minutes (default: 30)')); ?></small>
</label>
<label class="app-field">
<span><?php e(t('Session absolute timeout (hours)')); ?></span>
<input type="number" name="session_absolute_timeout_hours"
value="<?php e((string) $sessionAbsoluteTimeoutHours); ?>" min="1" max="72" step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($sessionAbsoluteTimeoutHoursDesc)); ?></small>
<small class="muted"><?php e(t('Allowed range: 1-72 hours (default: 8)')); ?></small>
</label>
</div>
</div>
</details>
<details class="app-details-card" name="settings-security-login-persistence" data-details-key="settings-security-login-persistence">
<summary>
<span class="app-details-card-summary-title"><?php e(t('Login persistence')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e((string) $rememberTokenLifetimeDays); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('Controls remember-me token lifetime and Microsoft auto-remember behavior.')); ?></small>
</blockquote>
<div class="grid">
<label class="app-field">
<span><?php e(t('Remember token lifetime (days)')); ?></span>
<input type="number" name="remember_token_lifetime_days"
value="<?php e((string) $rememberTokenLifetimeDays); ?>" min="1" max="365" step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($rememberTokenLifetimeDaysDesc)); ?></small>
<small class="muted"><?php e(t('Allowed range: 1-365 days (default: 30)')); ?></small>
</label>
<fieldset>
<legend>
<small><?php e(t($microsoftAutoRememberDefaultDesc)); ?></small>
</legend>
<label class="app-field">
<input type="checkbox" name="microsoft_auto_remember_default" value="1"
<?php e($microsoftAutoRememberDefault ? 'checked' : ''); ?>
<?php e($disabledAttr); ?>>
<span><?php e(t('Microsoft Auto-Remember default')); ?></span>
</label>
<small class="muted"><?php e(t('When enabled, successful Microsoft logins automatically persist a remember-me token (unless overridden per tenant).')); ?></small>
</fieldset>
</div>
</div>
</details>
<details class="app-details-card" name="settings-security-user-lifecycle" data-details-key="settings-security-user-lifecycle">
<summary>
<span class="app-details-card-summary-title"><?php e(t('User lifecycle policy')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeactivateDays); ?></span>
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeleteDays); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('User lifecycle defines when inactive users are deactivated or deleted.')); ?></small>
</blockquote>
<div class="grid">
<label class="app-field">
<span><?php e(t('Deactivate users after inactivity (days)')); ?></span>
<input type="number" name="user_inactivity_deactivate_days"
value="<?php e((string) $userInactivityDeactivateDays); ?>" min="0" max="3650" step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($userInactivityDeactivateDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
</label>
<label class="app-field">
<span><?php e(t('Delete inactive users after (days)')); ?></span>
<input type="number" name="user_inactivity_delete_days"
value="<?php e((string) $userInactivityDeleteDays); ?>" min="0" max="3650" step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($userInactivityDeleteDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
</label>
</div>
<?php if ($canUpdateSettings): ?>
<button type="submit" class="danger" formnovalidate
formaction="admin/settings/run-user-lifecycle"
formmethod="post"
data-detail-confirm-message="<?php e(t('Run user lifecycle now?')); ?>"
data-detail-action-kind="danger">
<?php e(t('Run user lifecycle now')); ?>
</button>
<?php endif; ?>
</div>
</details>
<details class="app-details-card" name="settings-security-system-audit" data-details-key="settings-security-system-audit">
<summary>
<span class="app-details-card-summary-title"><?php e(t('System audit')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e($systemAuditEnabled ? t('Enabled') : t('Disabled')); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('System audit controls whether security events are logged and how long they are kept.')); ?></small>
</blockquote>
<label class="app-field">
<input type="checkbox" name="system_audit_enabled" value="1" <?php e($systemAuditEnabled ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
<span><?php e(t('Enable system audit log')); ?></span>
</label>
<hr>
<label class="app-field">
<span><?php e(t('Retention (days)')); ?></span>
<input
type="number"
name="system_audit_retention_days"
value="<?php e((string) $systemAuditRetentionDays); ?>"
min="30"
max="1095"
step="1"
<?php e($readonlyAttr); ?>>
<small><?php e(t($systemAuditRetentionDaysDesc)); ?></small>
</label>
</div>
</details>
<details class="app-details-card" name="settings-telemetry-core" data-details-key="settings-telemetry-core" open>
<summary>
<span class="app-details-card-summary-title"><?php e(t('Frontend telemetry')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e($frontendTelemetryEnabled ? t('Enabled') : t('Disabled')); ?></span>
<span class="badge" data-variant="neutral"><?php e($frontendTelemetrySampleRate); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('Telemetry helps detect recurring UI issues and failed requests in production.')); ?></small>
</blockquote>
<fieldset>
<legend><small><?php e(t('Frontend telemetry')); ?></small></legend>
<label class="app-field">
<input
type="checkbox"
role="switch"
name="frontend_telemetry_enabled"
value="1"
data-telemetry-enabled-toggle
<?php e($frontendTelemetryEnabled ? 'checked' : ''); ?>
<?php e($disabledAttr); ?>>
<span><?php e(t('Enable frontend telemetry')); ?></span>
</label>
</fieldset>
<fieldset data-telemetry-sampling-fieldset <?php e($frontendTelemetryEnabled ? '' : 'hidden'); ?>>
<legend><small><?php e(t('Sampling rate')); ?></small></legend>
<label class="app-field" data-telemetry-sampling-row>
<span><?php e(t('Sampling rate')); ?></span>
<select name="frontend_telemetry_sample_rate" data-telemetry-sampling-select <?php e($disabledAttr); ?>>
<option value="0.1" <?php e($frontendTelemetrySampleRate === '0.1' ? 'selected' : ''); ?>>10%</option>
<option value="0.2" <?php e($frontendTelemetrySampleRate === '0.2' ? 'selected' : ''); ?>>20%</option>
<option value="0.5" <?php e($frontendTelemetrySampleRate === '0.5' ? 'selected' : ''); ?>>50%</option>
<option value="1" <?php e($frontendTelemetrySampleRate === '1' ? 'selected' : ''); ?>>100%</option>
</select>
<small><?php e(t('The percentage of users who will have telemetry enabled.')); ?></small>
</label>
</fieldset>
</div>
</details>
<details class="app-details-card" name="telemetry-advanced" data-details-key="telemetry-advanced">
<summary>
<span class="app-details-card-summary-title"><?php e(t('Advanced telemetry options')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d events enabled'), count($frontendTelemetryAllowedEvents))); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="info">
<small><?php e(t('Limit which event types are collected to match your privacy and operations requirements.')); ?></small>
</blockquote>
<fieldset>
<legend><small><?php e(t('Allowed telemetry events')); ?></small></legend>
<label class="app-field">
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="warn_once" <?php e(in_array('warn_once', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
<span><?php e(t('warnOnce warnings')); ?></span>
</label>
<label class="app-field">
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="ajax_error" <?php e(in_array('ajax_error', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
<span><?php e(t('AJAX errors')); ?></span>
</label>
</fieldset>
</div>
</details>
<?php if ($canUpdateSettings): ?>
<details class="app-details-card" name="settings-security-login-tokens" data-details-key="settings-security-login-tokens">
<summary>
<span class="app-details-card-summary-title"><?php e(t('Login tokens')); ?></span>
<span class="app-details-card-summary-meta">
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active login tokens'), $activeLoginTokens)); ?></span>
</span>
</summary>
<div class="app-details-card-container">
<blockquote data-variant="warning">
<small><?php e(t('This will expire all remember-me tokens immediately and force users to sign in again.')); ?></small>
</blockquote>
<button type="submit" class="danger" formnovalidate
formaction="admin/settings/expire-remember-tokens"
formmethod="post"
data-detail-confirm-message="<?php e(t('Expire all login tokens?')); ?>"
data-detail-action-kind="danger">
<?php e(t('Expire all login tokens')); ?>
</button>
</div>
</details>
<?php endif; ?>
<?php Session::getCsrfInput(); ?>
</form>
</section>
<aside id="app-details-aside-section">
<div class="app-details-aside-section"></div>
</aside>
</div>