dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pwd reset in progress (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2017-01-29 13:06:28 +00:00
parent 7a3725db9d
commit de67ee9230
6 changed files with 60 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OneTimeToken.pm
View File

@ -59,9 +59,9 @@ sub getToken {
}
sub setToken {
my ( $self, $req ) = @_;
my ( $self, $req, $info ) = @_;
$self->lmLog( 'Prepare token', 'debug' );
$req->token( $self->createToken );
$req->token( $self->createToken($info) );
}
1;

65
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MailReset.pm
View File

@ -44,8 +44,16 @@ has mailott => (
}
);
# Form timout token generator (used if requireToken is set)
has ott => ( is => 'rw' );
# Form timout token generator (used even if requireToken is not set)
has ott => (
is => 'rw',
default => sub {
my $ott =
$_[0]->{p}->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken');
$ott->timeout( $_[0]->conf->{formTimeout} );
return $ott;
}
);
# Captcha generator
has captcha => ( is => 'rw' );
@ -62,14 +70,6 @@ sub init {
if ( $self->conf->{captcha_mail_enabled} ) {
$self->captcha( $self->p->loadModule('::Lib::Captcha') ) or return 0;
}
# Initialize form token if needed (captcha provides also a token)
elsif ( $self->conf->{requireToken} ) {
$_[0]->ott(
$_[0]->p->loadModule('Lemonldap::NG::Portal::Lib::OneTimeToken') )
or return 0;
$_[0]->ott->timeout( $_[0]->conf->{formTimeout} );
}
return 1;
}
@ -125,7 +125,7 @@ sub _reset {
# Check if token exists
my $token;
if ( $self->ott or $self->captcha ) {
if ( $self->conf->{requireToken} or $self->captcha ) {
$token = $req->param('token');
unless ($token) {
$self->setSecurity($req);
@ -156,7 +156,7 @@ sub _reset {
}
$self->lmLog( "Captcha code verified", 'debug' );
}
elsif ( $self->ott ) {
elsif ( $self->conf->{requireToken} ) {
unless ( $self->ott->getToken($token) ) {
$self->setSecurity($req);
$self->p->userNotice('Reset try with expired/bas token');
@ -226,9 +226,9 @@ sub _reset {
# Update session
$mailSession->update($infos);
$req->id($mailSession->id);
$req->id( $mailSession->id );
}
elsif($mailSession) {
elsif ($mailSession) {
$self->lmLog( 'Mail session found: ' . $mailSession->id, 'debug' );
$req->datas->{mailAlreadySent} = 1;
}
@ -270,7 +270,7 @@ sub _reset {
$req->datas->{mailAddress} ||=
$self->p->getFirstValue(
$req->{sessionInfo}->{ $self->conf->{mailSessionKey} } );
return PE_MAILERROR unless($req->datas->{mailAddress});
return PE_MAILERROR unless ( $req->datas->{mailAddress} );
# Build confirmation url
my $url =
@ -315,7 +315,11 @@ sub _reset {
# Send mail
unless (
$self->send_mail( $req->datas->{mailAddress}, $subject, $body, $html ) )
$self->send_mail(
$req->datas->{mailAddress},
$subject, $body, $html
)
)
{
$self->lmLog( 'Unable to send reset mail', 'debug' );
@ -349,6 +353,8 @@ sub _reset {
$req->datas->{confirmpassword} = $req->param('confirmpassword');
unless ( $req->datas->{newpassword} && $req->datas->{confirmpassword} )
{
# A token is required
$self->ott->setToken( $req, $req->sessionInfo );
return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
return PE_PASSWORDFORMEMPTY;
}
@ -407,13 +413,14 @@ sub setSecurity {
if ( $self->captcha ) {
$self->captcha->setCaptcha($req);
}
elsif ( $self->ott ) {
elsif ( $self->conf->{requireToken} ) {
$self->ott->setToken($req);
}
}
sub display {
my ( $self, $req ) = @_;
$self->lmLog( 'Display called with code: ' . $req->error, 'debug' );
my %tplPrm = (
PORTAL_URL => $self->conf->{portal},
SKIN_PATH => '/static',
@ -429,13 +436,9 @@ sub display {
STARTMAILTIME => $req->datas->{startMailTime},
MAILALREADYSENT => $req->datas->{mailAlreadySent},
MAIL => (
$self->p->checkXSSAttack( 'mail', $req->{mail} ) ? ""
: $self->{mail}
),
MAIL_TOKEN => (
$self->p->checkXSSAttack( 'mail_token', $req->datas->{mailToken} )
$self->p->checkXSSAttack( 'mail', $req->{mail} )
? ""
: $req->datas->{mailToken}
: $self->{mail}
),
DISPLAY_FORM => 0,
DISPLAY_RESEND_FORM => 0,
@ -443,6 +446,12 @@ sub display {
DISPLAY_MAILSENT => 0,
DISPLAY_PASSWORD_FORM => 0,
);
if ( $req->datas->{mailToken}
and !$self->p->checkXSSAttack( 'mail_token', $req->datas->{mailToken} )
)
{
$tplPrm{MAIL_TOKEN} = $req->datas->{mailToken};
}
# Display captcha if it's enabled
if ( $req->captcha ) {
@ -465,25 +474,25 @@ sub display {
and !$req->datas->{mailToken}
)
{
$self->lmLog('Display form','debug');
$self->lmLog( 'Display form', 'debug' );
$tplPrm{DISPLAY_FORM} = 1;
}
# Display mail confirmation resent form
elsif ( $req->error == PE_MAILCONFIRMATION_ALREADY_SENT ) {
$self->lmLog('Display resend form','debug');
$self->lmLog( 'Display resend form', 'debug' );
$tplPrm{DISPLAY_RESEND_FORM} = 1;
}
# Display confirmation mail sent
elsif ( $req->error == PE_MAILCONFIRMOK ) {
$self->lmLog('Display "confirm mail sent"','debug');
$self->lmLog( 'Display "confirm mail sent"', 'debug' );
$tplPrm{DISPLAY_CONFIRMMAILSENT} = 1;
}
# Display mail sent
elsif ( $req->error == PE_MAILOK ) {
$self->lmLog('Display "mail sent"','debug');
$self->lmLog( 'Display "mail sent"', 'debug' );
$tplPrm{DISPLAY_MAILSENT} = 1;
}
@ -493,7 +502,7 @@ sub display {
and $req->error != PE_BADMAILTOKEN
and $req->error != PE_MAILOK )
{
$self->lmLog('Display password form','debug');
$self->lmLog( 'Display password form', 'debug' );
$tplPrm{DISPLAY_PASSWORD_FORM} = 1;
}

4
lemonldap-ng-portal/site/templates/bootstrap/mail.tpl
View File

@ -96,8 +96,8 @@
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF>
<TMPL_IF NAME="MAIL_TOKEN">
<input type="hidden" id="mail_token" name="mail_token" value="<TMPL_VAR NAME="MAIL_TOKEN">" />
<TMPL_IF NAME="TOKEN">
<input type="hidden" id="token" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<h3 trspan="changePwd">Change your password</h3>

4
lemonldap-ng-portal/site/templates/impact/mail.tpl
View File

@ -88,8 +88,8 @@
<TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF>
<TMPL_IF NAME="MAIL_TOKEN">
<input type="hidden" id="mail_token" name="mail_token" value="<TMPL_VAR NAME="MAIL_TOKEN">" />
<TMPL_IF NAME="TOKEN">
<input type="hidden" id="token" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<div id="content-all-info">
<table>

4
lemonldap-ng-portal/site/templates/pastel/mail.tpl
View File

@ -93,8 +93,8 @@
<TMPL_IF NAME="CHOICE_VALUE">
<input type="hidden" id="authKey" name="<TMPL_VAR NAME="CHOICE_PARAM">" value="<TMPL_VAR NAME="CHOICE_VALUE">" />
</TMPL_IF>
<TMPL_IF NAME="MAIL_TOKEN">
<input type="hidden" id="mail_token" name="mail_token" value="<TMPL_VAR NAME="MAIL_TOKEN">" />
<TMPL_IF NAME="TOKEN">
<input type="hidden" id="token" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<h3 trspan="changePwd">Change your password</h3>
<table>

17
lemonldap-ng-portal/t/43-MailReset.t
View File

@ -52,8 +52,21 @@ ok(
'Post mail token'
);
count(1);
( $host, $url, $query ) = expectForm( $res, '#', undef, 'mail_token' );
ok($res->[2]->[0]=~/newpassword/s,' Ask for a new password');
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
ok( $res->[2]->[0] =~ /newpassword/s, ' Ask for a new password' );
count(1);
$query .= '&newpassword=zz&confirmpassword=zz';
# Post new password
ok(
$res = $client->_post(
'/resetpwd', IO::String->new($query),
length => length($query),
accept => 'text/html'
),
'Post new password'
);
count(1);
#print STDERR Dumper($query);