Pwd reset by mail in progress (#595)

2017-01-29 18:08:33 +00:00 · 2017-01-29 18:08:33 +00:00 · 7db2fbfe07
commit 7db2fbfe07
parent 01682ae3a2
2 changed files with 50 additions and 15 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
@ -91,6 +91,11 @@ sub _reset {
    my ( $self, $req ) = @_;
    my ( $mailToken, $newPwd, $confirmPwd );

+    # Check for password change form
+    if ( $req->param('newpassword') or $req->param('reset') ) {
+        return $self->changePassword($req);
+    }
+
    # Check for first access
    $mailToken = $req->datas->{mailToken} = $req->param('mail_token');
    unless ( $req->param('mail') || $mailToken ) {
@ -328,7 +333,38 @@ sub _reset {
        return PE_MAILCONFIRMOK;
    }

-    # mailToken is valid, time to change password
+    # User has a valid mailToken, allow to change password
+    # A token is required
+    $self->ott->setToken( $req, { %{ $req->sessionInfo }, pwdAllowed => 1 } );
+    return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
+    return PE_PASSWORDFORMEMPTY;
+}
+
+sub changePassword {
+    my ( $self, $req ) = @_;
+    $self->lmLog( 'Change password form response', 'debug' );
+
+    if ( my $token = $req->param('token') ) {
+        $req->sessionInfo( $self->ott->getToken($token) );
+        unless ( $req->sessionInfo ) {
+            $self->p->userNotice(
+                'User tries to change password with an invalid or expired token'
+            );
+            return PE_NOTOKEN;
+        }
+    }
+
+    # These 2 cases means that a user tries to change password without
+    # following valid links!!!
+    else {
+        $self->p->userError('User tries to change password without token');
+        return PE_NOTOKEN;
+    }
+    unless ( delete $req->sessionInfo->{pwdAllowed} ) {
+        $self->p->userError(
+            'User tries to use another token to change a password');
+        return PE_NOTOKEN;
+    }

    # Check if user wants to generate the new password
    if ( $req->param('reset') ) {
@ -351,11 +387,11 @@ sub _reset {
    else {
        $req->datas->{newpassword}     = $req->param('newpassword');
        $req->datas->{confirmpassword} = $req->param('confirmpassword');
-        unless ( $req->datas->{newpassword} && $req->datas->{confirmpassword} )
+        unless ($req->datas->{newpassword}
+            and $req->datas->{confirmpassword}
+            and $req->datas->{newpassword} eq $req->datas->{confirmpassword} )
        {
-            # A token is required
            $self->ott->setToken( $req, $req->sessionInfo );
-            return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
            return PE_PASSWORDFORMEMPTY;
        }

@ -403,7 +439,8 @@ sub _reset {

    # Send mail
    return PE_MAILERROR
-      unless $self->send_mail( $self->{mailAddress}, $subject, $body, $html );
+      unless $self->send_mail( $req->datas->{mailAddress}, $subject, $body,
+        $html );

    PE_MAILOK;
 }
--- a/lemonldap-ng-portal/t/43-MailReset.t
+++ b/lemonldap-ng-portal/t/43-MailReset.t
@ -15,7 +15,7 @@ my $mail2 = 0;
 my $client = LLNG::Manager::Test->new(
    {
        ini => {
-            logLevel                   => 'debug',
+            logLevel                   => 'error',
            useSafeJail                => 1,
            portalDisplayRegister      => 1,
            authentication             => 'Demo',
@ -42,14 +42,14 @@ ok(
        length => length($query),
        accept => 'text/html'
    ),
-    'Post email'
+    'Post mail'
 );
 count(1);

 # $query has been set by MIME::Lite::send
 ok(
    $res = $client->_get( '/resetpwd', query => $query, accept => 'text/html' ),
-    'Post mail token'
+    'Post mail token received by mail'
 );
 count(1);
 ( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
@ -80,7 +80,7 @@ no warnings 'redefine';
 sub MIME::Lite::send {
    my ($mail) = @_;
    pass('----- Mail given to MIME::Lite -----');
-    ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, 'Found dest' )
+    ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, ' Found dest' )
      or explain( $mail->header_as_string, 'To: dwho@badwolf.org' );
    count(2);
    unless ($mail2) {
@ -88,7 +88,7 @@ sub MIME::Lite::send {
        ok(
            $mail->body_as_string =~
              m#a href="http://auth.example.com/resetpwd\?(.*?)"#,
-            'Found link'
+            ' Found link'
        );
        count(1);
        $query = $1;
@ -96,13 +96,11 @@ sub MIME::Lite::send {
    }
    else {
        $mailSend = 2;
-        ok(
-            $mail->body_as_string =~
-              m#yourLoginIs.+?<b>(\w+)</b>.*?pwdIs.+?<b>(.*?)</b>#s,
-            'Get login/pwd'
-        );
+        ok( $mail->body_as_string =~ /pwdChanged/, ' Password was changed' );
        ( $user, $pwd ) = ( $1, $2 );
        count(1);
    }
+    pass('----- Mail sent -----');
+    count(1);
 }