[Bps-public-commit] rt-extension-resetpassword branch, new-user-create-password, repushed
Craig Kaiser
craig at bestpractical.com
Wed Feb 26 10:46:33 EST 2020
The branch new-user-create-password was deleted and repushed:
was 6d93e79c53c310d49a1bd67bbc71ebeba64e1043
now 40c25a0e3d5e3ccb8751cc34a7af194d97b46414
1: 65b32fc = 1: 65b32fc Move token generation and password reset to lib method
2: c5262cf < --: ------- Add documentation for config options for allowing a new user to create an account and password
3: a35354e = 2: 095f7cc Check that valid user object is passed to CreateTokenAndResetPassword
4: ee8b84d < --: ------- Allow new users to create new user accounts and set password
5: e2e772f ! 3: 8e54d3e Allow new users to create new user accounts and set password
@@ -1,9 +1,6 @@
Author: Craig Kaiser <craig at bestpractical.com>
- Allow for an admin to send a password reset email
-
- Had to overlay html/Elements/EditPassword to place the send reset
- password email in a logical place on the page.
+ Allow new users to create new user accounts and set password
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate
new file mode 100644
@@ -41,6 +38,19 @@
+$ARGSRef
+</%ARGS>
+diff --git a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
+--- a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
++++ b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
+@@
+ <br/><div id="lostpassword" style="align:left;clear:both;">
+-<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html"><&|/l&>Forgot your password?</&></a></div>
++<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Reset your password</&>"><&|/l&>Forgot your password</&></a></div>
++
++% if ( RT::Config->Get('CreateNewUserAndSetPassword') ) {
++ <div id="firstpassword" style="align:left;clear:both;">
++ <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Create your password</&>"><&|/l&>New account</&></a></div>
++% }
+
diff --git a/html/Elements/EditPassword b/html/Elements/EditPassword
new file mode 100644
--- /dev/null
@@ -131,3 +141,85 @@
+
+</%INIT>
+diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
+--- a/html/NoAuth/ResetPassword/Request.html
++++ b/html/NoAuth/ResetPassword/Request.html
+@@
+ if ($ARGS{'Email'}) {
+ my $u = RT::User->new($RT::SystemUser);
+ $u->LoadByCols(EmailAddress => $ARGS{'Email'});
+- if ($u->id and $u->HasPassword and not $u->Disabled) {
++
++ if ($u->id and $u->HasPassword and $u->Privileged and !$u->Disabled) {
+ my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
+
+ if ($status) {
+ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
+- } else {
++ }
++ else {
+ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
+ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
+ }
+- } elsif ($u->id and $u->Disabled) {
++ }
++ elsif ($u->id and $u->Disabled) {
+ push @actions, loc("You can't reset your password because your user is disabled.");
+ RT->Logger->warning("Disabled user " . $u->Name . " attempted to reset password");
+- } elsif ($u->id) {
+- push @actions, loc("You can't reset your password as you don't already have one.");
+- RT->Logger->warning("User " . $u->Name . " with no password attempted a password reset")
+- } else {
+- push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
+- RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
+ }
++ elsif ($u->id) {
++ if ( RT::Config->Get('AllowUsersWithoutPassword') ) {
++ my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
++ if ($status) {
++ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
++ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
++
++ $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
++ $refresh = 1;
++ } else {
++ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
++ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
++ }
++ }
++ else {
++ push @actions, loc("You can't reset your password as you aren't privileged.");
++ RT->Logger->warning("User " . $u->Name . " is not privileged and attempted a password reset");
++ }
++ }
++ else {
++ if ( RT::Config->Get('CreateNewUserAndSetPassword') ) {
++ my ($status, $msg) = $u->Create(
++ Privileged => RT::Config->Get('CreateNewUserAsPrivileged') || 0,
++ EmailAddress => $ARGS{'Email'},
++ );
++ RT::Logger->error($msg) unless $status;
++
++ ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
++ if ($status) {
++ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
++ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
++ }
++ else {
++ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
++ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
++ }
++ $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
++ $refresh = 1;
++ }
++ else {
++ push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
++ RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
++ }
++ }
++
+ if(RT->Config->Get("HidePasswordResetErrors")) {
+ pop @actions;
+ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+
6: 255c7bd < --: ------- Add AllowUsersWithoutPassword config option
7: 6364a79 ! 4: 58edb7a Keep the behavior between finding a user and not the same
@@ -34,8 +34,8 @@
+ push @actions, loc("Unable to send new password email, contact your RT administrator for more assistance");
+ RT->Logger->warning("User " . $u->Name . " attempted to reset their password without having an existing password");
}
- } else {
- if ( RT::Config->Get('CreateNewUserAndSetPassword') ) {
+ }
+ else {
@@
RT->Logger->info("Password reset token send to " . $u->EmailAddress);
}
8: ff0430b ! 5: 291ad0a Center the password links on login page
@@ -9,8 +9,10 @@
-<br/><div id="lostpassword" style="align:left;clear:both;">
-<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Reset your password</&>"><&|/l&>Forgot your password</&></a></div>
-
++% unless ( RT::Config->Get('DisableResetPasswordOnLogin') ) {
+<div id="lostpassword" class="input-row" style="text-align:right;clear:both;">
+ <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Reset your password</&>"><&|/l&>Forgot your password</&></a>
++% }
% if ( RT::Config->Get('CreateNewUserAndSetPassword') ) {
- <div id="firstpassword" style="align:left;clear:both;">
- <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Create your password</&>"><&|/l&>New account</&></a></div>
9: 06e213c < --: ------- Fix curly brackets to not be inline
10: 6d93e79 ! 6: 40c25a0 Update docs for new features
@@ -1,6 +1,11 @@
Author: Craig Kaiser <craig at bestpractical.com>
- Update README with example scenarios for config options
+ Update docs for new features
+
+ $AllowUsersWithoutPassword
+ $CreateNewUserAsPrivileged
+ $CreateNewUserAndSetPassword
+ $DisableResetPasswordOnLogin
diff --git a/README b/README
--- a/README
@@ -38,9 +43,31 @@
+ restricted by a company firewall so that only users on the company
+ network can access the UI and create new user records.
+
- $AllowUsersWithoutPassword
- Setting this config option to true will allow existing users who do
- not have a password value to send themselves a reset password email
++ $AllowUsersWithoutPassword
++ Setting this config option to true will allow existing users who do
++ not have a password value to send themselves a reset password email
++ and set a password.
++
++ $CreateNewUserAsPrivileged
++ Set this config value to true if users creating a new account should
++ default to privileged users. WARNING Setting this to true can be
++ dangerous as it allows anyone to create a new priviledged user,
++ usually privlidged users are given rights to edit and see
++ information not desired to be public.
++
++ $CreateNewUserAndSetPassword
++ This configuration option determines if a nonexistant user can
++ create an new user record. WARNING see the note about the danger of
++ setting this to true and setting $CreateNewUserAsPrivileged to true
++ as well.
++
++ $DisableResetPasswordOnLogin
++ Set this config value to true if you do not want the "forgot
++ password" option to display on the login page.
++
+ AUTHOR
+ Best Practical Solutions, LLC <modules at bestpractical.com>
+
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
--- a/lib/RT/Extension/ResetPassword.pm
@@ -76,6 +103,34 @@
+access to the web UI is restricted by a company firewall so that only users on the company
+network can access the UI and create new user records.
+
- =over 4
++=over 4
++
++=item C<$AllowUsersWithoutPassword>
++
++Setting this config option to true will allow existing users who do not have a password
++value to send themselves a reset password email and set a password.
++
++=item C<$CreateNewUserAsPrivileged>
++
++Set this config value to true if users creating a new account should default to privileged users.
++WARNING Setting this to true can be dangerous as it allows anyone to create a new priviledged user,
++usually privlidged users are given rights to edit and see information not desired to be public.
++
++
++=item C<$CreateNewUserAndSetPassword>
++
++This configuration option determines if a nonexistant user can create an new user record.
++WARNING see the note about the danger of setting this to true and setting C<$CreateNewUserAsPrivileged>
++to true as well.
++
++=item C<$DisableResetPasswordOnLogin>
++
++Set this config value to true if you do not want the "forgot password" option to display on the login
++page.
++
++=back
++=cut
++
+ =head1 AUTHOR
- =item C<$AllowUsersWithoutPassword>
+ Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>
More information about the Bps-public-commit
mailing list