Chris/ORB
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Overhaul password reset

Browse Source
This commit is contained in:
Chris 2017-01-02 00:33:38 +00:00
parent daf27a0497
commit e71295d6d1
2 changed files with 55 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
blocks/ORB/Login.pm
View File

@ -746,22 +746,25 @@ sub _validate_passchange {
# @return Two values: a reference to the user whose password has been reset # @return Two values: a reference to the user whose password has been reset
# on success, or an error message, and a reference to a hash containing # on success, or an error message, and a reference to a hash containing
# the data entered by the user. # the data entered by the user.
# FIXME: OVERHAUL
sub _validate_reset { sub _validate_reset {
my $self = shift; my $self = shift;
my $args = {}; my $args = {};
my $error; my $error;
# Obtain the userid from the query string, if possible. # Obtain the userid from the query string, if possible.
my $uid = is_defined_numeric($self -> {"cgi"}, "uid") ($args -> {"uid"}, $error) = $self -> validate_numeric("uid", { "required" => 1,
or return ("{L_LOGIN_ERR_NOUID}", $args); "nidename" => "{L_LOGIN_UID}",
"intonly" => 1,
"min" => 2});
return ("{L_LOGIN_ERR_NOUID}", $args)
if($error);
my $user = $self -> {"session"} -> {"auth"} -> {"app"} -> get_user_byid($uid) my $user = $self -> {"session"} -> {"auth"} -> {"app"} -> get_user_byid($args -> {"uid"})
or return ("{L_LOGIN_ERR_BADUID}", $args); or return ("{L_LOGIN_ERR_BADUID}", $args);
# Get the reset code, should be a 64 character alphanumeric string # Get the reset code, should be a 64 character alphanumeric string
($args -> {"resetcode"}, $error) = $self -> validate_string("resetcode", {"required" => 1, ($args -> {"resetcode"}, $error) = $self -> validate_string("resetcode", {"required" => 1,
"nicename" => "{L_LOGIN_RESETCODE}", "nicename" => "{L_LOGIN_RESET_CODE}",
"minlen" => 64, "minlen" => 64,
"maxlen" => 64, "maxlen" => 64,
"formattest" => '^[a-zA-Z0-9]+$', "formattest" => '^[a-zA-Z0-9]+$',
@ -1123,7 +1126,7 @@ sub _generate_recover {
message => "{L_LOGIN_RECOVER_MESSAGE}", message => "{L_LOGIN_RECOVER_MESSAGE}",
buttons => [ {"message" => "{L_LOGIN_LOGIN}", buttons => [ {"message" => "{L_LOGIN_LOGIN}",
"colour" => "standard", "colour" => "standard",
"href" => $url} ])); "href" => $url } ]));
} }
@ -1133,7 +1136,6 @@ sub _generate_recover {
# #
# @param error If set, display an error message rather than a 'completed' message. # @param error If set, display an error message rather than a 'completed' message.
# @return An array of two values: the page title string, the 'resent' message. # @return An array of two values: the page title string, the 'resent' message.
# FIXME: OVERHAUL
sub _generate_reset { sub _generate_reset {
my $self = shift; my $self = shift;
my $error = shift; my $error = shift;
@ -1142,26 +1144,22 @@ sub _generate_reset {
if(!$error) { if(!$error) {
return ("{L_LOGIN_RESET_DONETITLE}", return ("{L_LOGIN_RESET_DONETITLE}",
$self -> message_box("{L_LOGIN_RESET_DONETITLE}", $self -> message_box(title => "{L_LOGIN_RESET_DONETITLE}",
"security", type => "account",
"{L_LOGIN_RESET_SUMMARY}", summary => "{L_LOGIN_RESET_SUMMARY}",
"{L_LOGIN_RESET_MESSAGE}", message => "{L_LOGIN_RESET_MESSAGE}",
undef, buttons => [ {"message" => "{L_LOGIN_LOGIN}",
"logincore", "colour" => "standard",
[ {"message" => "{L_LOGIN_LOGIN}", "href" => $url } ]));
"colour" => "blue",
"action" => "location.href='$url'"} ]));
} else { } else {
return ("{L_LOGIN_RESET_ERRTITLE}", return ("{L_LOGIN_RESET_ERRTITLE}",
$self -> message_box("{L_LOGIN_RESET_ERRTITLE}", $self -> message_box(title => "{L_LOGIN_RESET_ERRTITLE}",
"error", type => "error",
"{L_LOGIN_RESET_ERRSUMMARY}", summary => "{L_LOGIN_RESET_ERRSUMMARY}",
$self -> {"template"} -> replace_langvar("LOGIN_RESET_ERRDESC", {"%(reason)s" => $error}), message => $self -> {"template"} -> replace_langvar("LOGIN_RESET_ERRDESC", {"%(reason)s" => $error}),
undef, button => [ { "message" => "{L_LOGIN_LOGIN}",
"logincore", "colour" => "blue",
[ {"message" => "{L_LOGIN_LOGIN}", "href" => $url } ]));
"colour" => "blue",
"action" => "location.href='$url'"} ]));
} }
} }
@ -1251,7 +1249,7 @@ sub _handle_signup {
## @method private @ _handle_activate() ## @method private @ _handle_activate()
# Handle the process of showing the form they can enter an acitivation code # Handle the process of showing the form they can enter an activation code
# through, and processing submission from the form. # through, and processing submission from the form.
# #
# @return An array containing the page title, content, extra header data, and # @return An array containing the page title, content, extra header data, and
@ -1279,7 +1277,7 @@ sub _handle_activate {
## @method private @ _handle_resend() ## @method private @ _handle_resend()
# Handle the process of showing the form they can request a new acitivation code # Handle the process of showing the form they can request a new activation code
# through, and processing submission from the form. # through, and processing submission from the form.
# #
# @return An array containing the page title, content, extra header data, and # @return An array containing the page title, content, extra header data, and
@ -1303,17 +1301,22 @@ sub _handle_resend {
} }
# FIXME: OVERHAUL ## @method private @ _handle_resend()
# Handle the process of showing the form they can request a password reset code
# through, and processing submission from the form.
#
# @return An array containing the page title, content, extra header data, and
# extra javascript content.
sub _handle_recover { sub _handle_recover {
my $self = shift; my $self = shift;
if(defined($self -> {"cgi"} -> param("dorecover"))) { if(defined($self -> {"cgi"} -> param("dorecover"))) {
my ($user, $args) = $self -> _validate_recover(); my ($user, $args) = $self -> _validate_recover();
if(!ref($user)) { if(!ref($user)) {
$self -> log("Reset error", $user); $self -> log("Recover error", $user);
return $self -> _generate_recover_form($user); return $self -> _generate_recover_form($user);
} else { } else {
$self -> log("Reset success", $user -> {"username"}); $self -> log("Recover success", $user -> {"username"});
return $self -> _generate_recover($user); return $self -> _generate_recover($user);
} }
} }
@ -1322,6 +1325,25 @@ sub _handle_recover {
} }
## @method private @ _handle_reset()
# Handle the process of resetting the user's password.
#
# @return An array containing the page title, content, extra header data, and
# extra javascript content.
sub _handle_reset {
my $self = shift;
my ($user, $args) = $self -> _validate_reset();
if(!ref($user)) {
$self -> log("Reset error", $user);
return $self -> _generate_reset($user);
} else {
$self -> log("Reset success", $user -> {"username"});
return $self -> _generate_reset();
}
}
# FIXME: OVERHAUL # FIXME: OVERHAUL
sub _handle_passchange { sub _handle_passchange {
my $self = shift; my $self = shift;

3
lang/en/login.lang
View File

@ -91,6 +91,9 @@ LOGIN_ERR_BADRECCHAR = Account reset codes may only contain alphanumeric charac
LOGIN_ERR_BADRECCODE = The provided account reset code is invalid. Note that the code is case sensitive - upper and lower case characters are treated differently. Please check you entered the code correctly. LOGIN_ERR_BADRECCODE = The provided account reset code is invalid. Note that the code is case sensitive - upper and lower case characters are treated differently. Please check you entered the code correctly.
LOGIN_ERR_NORECINACT = Your account is inactive, and therefore can not be recovered. In order to access your account, please request a new activation code and password. LOGIN_ERR_NORECINACT = Your account is inactive, and therefore can not be recovered. In order to access your account, please request a new activation code and password.
LOGIN_RESET_UID = User ID
LOGIN_RESET_CODE = Reset code
LOGIN_RESET_SUBJECT = Your {V_[sitename]} account LOGIN_RESET_SUBJECT = Your {V_[sitename]} account
LOGIN_RESET_GREET = Hi %(username)s LOGIN_RESET_GREET = Hi %(username)s
LOGIN_RESET_INTRO = Your password has been reset, and your username and new password are given below: LOGIN_RESET_INTRO = Your password has been reset, and your username and new password are given below: