From e71295d6d156bf0707a7f72361905f188e8931d7 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 2 Jan 2017 00:33:38 +0000 Subject: [PATCH] Overhaul password reset --- blocks/ORB/Login.pm | 82 ++++++++++++++++++++++++++++----------------- lang/en/login.lang | 3 ++ 2 files changed, 55 insertions(+), 30 deletions(-) diff --git a/blocks/ORB/Login.pm b/blocks/ORB/Login.pm index e666ddb..d2d3a76 100755 --- a/blocks/ORB/Login.pm +++ b/blocks/ORB/Login.pm @@ -746,22 +746,25 @@ sub _validate_passchange { # @return Two values: a reference to the user whose password has been reset # on success, or an error message, and a reference to a hash containing # the data entered by the user. -# FIXME: OVERHAUL sub _validate_reset { my $self = shift; my $args = {}; my $error; # Obtain the userid from the query string, if possible. - my $uid = is_defined_numeric($self -> {"cgi"}, "uid") - or return ("{L_LOGIN_ERR_NOUID}", $args); + ($args -> {"uid"}, $error) = $self -> validate_numeric("uid", { "required" => 1, + "nidename" => "{L_LOGIN_UID}", + "intonly" => 1, + "min" => 2}); + return ("{L_LOGIN_ERR_NOUID}", $args) + if($error); - my $user = $self -> {"session"} -> {"auth"} -> {"app"} -> get_user_byid($uid) + my $user = $self -> {"session"} -> {"auth"} -> {"app"} -> get_user_byid($args -> {"uid"}) or return ("{L_LOGIN_ERR_BADUID}", $args); # Get the reset code, should be a 64 character alphanumeric string ($args -> {"resetcode"}, $error) = $self -> validate_string("resetcode", {"required" => 1, - "nicename" => "{L_LOGIN_RESETCODE}", + "nicename" => "{L_LOGIN_RESET_CODE}", "minlen" => 64, "maxlen" => 64, "formattest" => '^[a-zA-Z0-9]+$', @@ -1123,7 +1126,7 @@ sub _generate_recover { message => "{L_LOGIN_RECOVER_MESSAGE}", buttons => [ {"message" => "{L_LOGIN_LOGIN}", "colour" => "standard", - "href" => $url} ])); + "href" => $url } ])); } @@ -1133,7 +1136,6 @@ sub _generate_recover { # # @param error If set, display an error message rather than a 'completed' message. # @return An array of two values: the page title string, the 'resent' message. -# FIXME: OVERHAUL sub _generate_reset { my $self = shift; my $error = shift; @@ -1142,26 +1144,22 @@ sub _generate_reset { if(!$error) { return ("{L_LOGIN_RESET_DONETITLE}", - $self -> message_box("{L_LOGIN_RESET_DONETITLE}", - "security", - "{L_LOGIN_RESET_SUMMARY}", - "{L_LOGIN_RESET_MESSAGE}", - undef, - "logincore", - [ {"message" => "{L_LOGIN_LOGIN}", - "colour" => "blue", - "action" => "location.href='$url'"} ])); + $self -> message_box(title => "{L_LOGIN_RESET_DONETITLE}", + type => "account", + summary => "{L_LOGIN_RESET_SUMMARY}", + message => "{L_LOGIN_RESET_MESSAGE}", + buttons => [ {"message" => "{L_LOGIN_LOGIN}", + "colour" => "standard", + "href" => $url } ])); } else { return ("{L_LOGIN_RESET_ERRTITLE}", - $self -> message_box("{L_LOGIN_RESET_ERRTITLE}", - "error", - "{L_LOGIN_RESET_ERRSUMMARY}", - $self -> {"template"} -> replace_langvar("LOGIN_RESET_ERRDESC", {"%(reason)s" => $error}), - undef, - "logincore", - [ {"message" => "{L_LOGIN_LOGIN}", - "colour" => "blue", - "action" => "location.href='$url'"} ])); + $self -> message_box(title => "{L_LOGIN_RESET_ERRTITLE}", + type => "error", + summary => "{L_LOGIN_RESET_ERRSUMMARY}", + message => $self -> {"template"} -> replace_langvar("LOGIN_RESET_ERRDESC", {"%(reason)s" => $error}), + button => [ { "message" => "{L_LOGIN_LOGIN}", + "colour" => "blue", + "href" => $url } ])); } } @@ -1251,7 +1249,7 @@ sub _handle_signup { ## @method private @ _handle_activate() -# Handle the process of showing the form they can enter an acitivation code +# Handle the process of showing the form they can enter an activation code # through, and processing submission from the form. # # @return An array containing the page title, content, extra header data, and @@ -1279,7 +1277,7 @@ sub _handle_activate { ## @method private @ _handle_resend() -# Handle the process of showing the form they can request a new acitivation code +# Handle the process of showing the form they can request a new activation code # through, and processing submission from the form. # # @return An array containing the page title, content, extra header data, and @@ -1303,17 +1301,22 @@ sub _handle_resend { } -# FIXME: OVERHAUL +## @method private @ _handle_resend() +# Handle the process of showing the form they can request a password reset code +# through, and processing submission from the form. +# +# @return An array containing the page title, content, extra header data, and +# extra javascript content. sub _handle_recover { my $self = shift; if(defined($self -> {"cgi"} -> param("dorecover"))) { my ($user, $args) = $self -> _validate_recover(); if(!ref($user)) { - $self -> log("Reset error", $user); + $self -> log("Recover error", $user); return $self -> _generate_recover_form($user); } else { - $self -> log("Reset success", $user -> {"username"}); + $self -> log("Recover success", $user -> {"username"}); return $self -> _generate_recover($user); } } @@ -1322,6 +1325,25 @@ sub _handle_recover { } +## @method private @ _handle_reset() +# Handle the process of resetting the user's password. +# +# @return An array containing the page title, content, extra header data, and +# extra javascript content. +sub _handle_reset { + my $self = shift; + + my ($user, $args) = $self -> _validate_reset(); + if(!ref($user)) { + $self -> log("Reset error", $user); + return $self -> _generate_reset($user); + } else { + $self -> log("Reset success", $user -> {"username"}); + return $self -> _generate_reset(); + } +} + + # FIXME: OVERHAUL sub _handle_passchange { my $self = shift; diff --git a/lang/en/login.lang b/lang/en/login.lang index 1a24636..033d4f5 100755 --- a/lang/en/login.lang +++ b/lang/en/login.lang @@ -91,6 +91,9 @@ LOGIN_ERR_BADRECCHAR = Account reset codes may only contain alphanumeric charac LOGIN_ERR_BADRECCODE = The provided account reset code is invalid. Note that the code is case sensitive - upper and lower case characters are treated differently. Please check you entered the code correctly. LOGIN_ERR_NORECINACT = Your account is inactive, and therefore can not be recovered. In order to access your account, please request a new activation code and password. +LOGIN_RESET_UID = User ID +LOGIN_RESET_CODE = Reset code + LOGIN_RESET_SUBJECT = Your {V_[sitename]} account LOGIN_RESET_GREET = Hi %(username)s LOGIN_RESET_INTRO = Your password has been reset, and your username and new password are given below: