Pwd reset by mail in progress (#595)
This commit is contained in:
parent
01682ae3a2
commit
7db2fbfe07
|
@ -91,6 +91,11 @@ sub _reset {
|
|||
my ( $self, $req ) = @_;
|
||||
my ( $mailToken, $newPwd, $confirmPwd );
|
||||
|
||||
# Check for password change form
|
||||
if ( $req->param('newpassword') or $req->param('reset') ) {
|
||||
return $self->changePassword($req);
|
||||
}
|
||||
|
||||
# Check for first access
|
||||
$mailToken = $req->datas->{mailToken} = $req->param('mail_token');
|
||||
unless ( $req->param('mail') || $mailToken ) {
|
||||
|
@ -328,7 +333,38 @@ sub _reset {
|
|||
return PE_MAILCONFIRMOK;
|
||||
}
|
||||
|
||||
# mailToken is valid, time to change password
|
||||
# User has a valid mailToken, allow to change password
|
||||
# A token is required
|
||||
$self->ott->setToken( $req, { %{ $req->sessionInfo }, pwdAllowed => 1 } );
|
||||
return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
|
||||
return PE_PASSWORDFORMEMPTY;
|
||||
}
|
||||
|
||||
sub changePassword {
|
||||
my ( $self, $req ) = @_;
|
||||
$self->lmLog( 'Change password form response', 'debug' );
|
||||
|
||||
if ( my $token = $req->param('token') ) {
|
||||
$req->sessionInfo( $self->ott->getToken($token) );
|
||||
unless ( $req->sessionInfo ) {
|
||||
$self->p->userNotice(
|
||||
'User tries to change password with an invalid or expired token'
|
||||
);
|
||||
return PE_NOTOKEN;
|
||||
}
|
||||
}
|
||||
|
||||
# These 2 cases means that a user tries to change password without
|
||||
# following valid links!!!
|
||||
else {
|
||||
$self->p->userError('User tries to change password without token');
|
||||
return PE_NOTOKEN;
|
||||
}
|
||||
unless ( delete $req->sessionInfo->{pwdAllowed} ) {
|
||||
$self->p->userError(
|
||||
'User tries to use another token to change a password');
|
||||
return PE_NOTOKEN;
|
||||
}
|
||||
|
||||
# Check if user wants to generate the new password
|
||||
if ( $req->param('reset') ) {
|
||||
|
@ -351,11 +387,11 @@ sub _reset {
|
|||
else {
|
||||
$req->datas->{newpassword} = $req->param('newpassword');
|
||||
$req->datas->{confirmpassword} = $req->param('confirmpassword');
|
||||
unless ( $req->datas->{newpassword} && $req->datas->{confirmpassword} )
|
||||
unless ($req->datas->{newpassword}
|
||||
and $req->datas->{confirmpassword}
|
||||
and $req->datas->{newpassword} eq $req->datas->{confirmpassword} )
|
||||
{
|
||||
# A token is required
|
||||
$self->ott->setToken( $req, $req->sessionInfo );
|
||||
return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
|
||||
return PE_PASSWORDFORMEMPTY;
|
||||
}
|
||||
|
||||
|
@ -403,7 +439,8 @@ sub _reset {
|
|||
|
||||
# Send mail
|
||||
return PE_MAILERROR
|
||||
unless $self->send_mail( $self->{mailAddress}, $subject, $body, $html );
|
||||
unless $self->send_mail( $req->datas->{mailAddress}, $subject, $body,
|
||||
$html );
|
||||
|
||||
PE_MAILOK;
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ my $mail2 = 0;
|
|||
my $client = LLNG::Manager::Test->new(
|
||||
{
|
||||
ini => {
|
||||
logLevel => 'debug',
|
||||
logLevel => 'error',
|
||||
useSafeJail => 1,
|
||||
portalDisplayRegister => 1,
|
||||
authentication => 'Demo',
|
||||
|
@ -42,14 +42,14 @@ ok(
|
|||
length => length($query),
|
||||
accept => 'text/html'
|
||||
),
|
||||
'Post email'
|
||||
'Post mail'
|
||||
);
|
||||
count(1);
|
||||
|
||||
# $query has been set by MIME::Lite::send
|
||||
ok(
|
||||
$res = $client->_get( '/resetpwd', query => $query, accept => 'text/html' ),
|
||||
'Post mail token'
|
||||
'Post mail token received by mail'
|
||||
);
|
||||
count(1);
|
||||
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
|
||||
|
@ -80,7 +80,7 @@ no warnings 'redefine';
|
|||
sub MIME::Lite::send {
|
||||
my ($mail) = @_;
|
||||
pass('----- Mail given to MIME::Lite -----');
|
||||
ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, 'Found dest' )
|
||||
ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, ' Found dest' )
|
||||
or explain( $mail->header_as_string, 'To: dwho@badwolf.org' );
|
||||
count(2);
|
||||
unless ($mail2) {
|
||||
|
@ -88,7 +88,7 @@ sub MIME::Lite::send {
|
|||
ok(
|
||||
$mail->body_as_string =~
|
||||
m#a href="http://auth.example.com/resetpwd\?(.*?)"#,
|
||||
'Found link'
|
||||
' Found link'
|
||||
);
|
||||
count(1);
|
||||
$query = $1;
|
||||
|
@ -96,13 +96,11 @@ sub MIME::Lite::send {
|
|||
}
|
||||
else {
|
||||
$mailSend = 2;
|
||||
ok(
|
||||
$mail->body_as_string =~
|
||||
m#yourLoginIs.+?<b>(\w+)</b>.*?pwdIs.+?<b>(.*?)</b>#s,
|
||||
'Get login/pwd'
|
||||
);
|
||||
ok( $mail->body_as_string =~ /pwdChanged/, ' Password was changed' );
|
||||
( $user, $pwd ) = ( $1, $2 );
|
||||
count(1);
|
||||
}
|
||||
pass('----- Mail sent -----');
|
||||
count(1);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user