Do not remove mail token before form has been submitted (#2239)
This commit is contained in:
parent
b86c3431c2
commit
7d327f0e2e
|
@ -32,7 +32,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
PE_USERNOTFOUND
|
||||
);
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.9';
|
||||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin',
|
||||
'Lemonldap::NG::Portal::Lib::SMTP', 'Lemonldap::NG::Portal::Lib::_tokenRule';
|
||||
|
@ -130,7 +130,6 @@ sub _reset {
|
|||
|
||||
# Restore pdata if any
|
||||
$req->pdata( $mailSession->data->{_pdata} || {} );
|
||||
$mailSession->remove;
|
||||
$searchByMail = 0 unless ( $req->{user} =~ /\@/ );
|
||||
}
|
||||
|
||||
|
@ -409,6 +408,23 @@ sub changePwd {
|
|||
return PE_NOTOKEN;
|
||||
}
|
||||
|
||||
# Remove the mail token session if mail token is provided
|
||||
my $mailToken = $req->param('mail_token');
|
||||
if ($mailToken) {
|
||||
$self->logger->debug("Token given for password reset: $mailToken");
|
||||
|
||||
# Check if token is valid
|
||||
my $mailSession =
|
||||
$self->p->getApacheSession( $mailToken, kind => "TOKEN" );
|
||||
unless ($mailSession) {
|
||||
$self->userLogger->warn('Bad reset token');
|
||||
return PE_BADMAILTOKEN;
|
||||
}
|
||||
|
||||
$self->logger->debug("Delete token $mailToken");
|
||||
$mailSession->remove;
|
||||
}
|
||||
|
||||
# Check if user wants to generate the new password
|
||||
if ( $req->param('reset') ) {
|
||||
$self->logger->debug(
|
||||
|
|
|
@ -102,6 +102,7 @@
|
|||
<div class="form">
|
||||
|
||||
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
|
||||
<input type="hidden" name="mail_token" value="<TMPL_VAR NAME="MAIL_TOKEN">" />
|
||||
<input type="hidden" name="url" value="<TMPL_VAR NAME="AUTH_URL">" />
|
||||
<TMPL_IF NAME="CHOICE_VALUE">
|
||||
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
|
||||
|
|
Loading…
Reference in New Issue
Block a user