[Bps-public-commit] rt-extension-resetpassword branch, new-user-create-password, created. 1.04-3-gd4ac621

Craig Kaiser craig at bestpractical.com
Tue Feb 4 16:15:01 EST 2020


The branch, new-user-create-password has been created
        at  d4ac621b450fefa690439026cf6937481a31b06e (commit)

- Log -----------------------------------------------------------------
commit 5d80792e7f4ced04ac29d08e78e5dd540231ad1e
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Thu Jan 9 11:42:11 2020 -0500

    Move token generation and password reset to lib method

diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
index 794c44c..8a45b20 100644
--- a/html/NoAuth/ResetPassword/Request.html
+++ b/html/NoAuth/ResetPassword/Request.html
@@ -65,22 +65,7 @@ if ($ARGS{'Email'}) {
     my $u = RT::User->new($RT::SystemUser);
     $u->LoadByCols(EmailAddress => $ARGS{'Email'});
     if ($u->id and $u->HasPassword and not $u->Disabled) {
-        my $token = Digest::MD5->new()->add(
-            $u->id,
-            $u->__Value('Password'),
-            $RT::DatabasePassword,
-            $u->LastUpdated,
-            @{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset'
-        )->hexdigest();
-
-        my ($status, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
-            To        => $u->EmailAddress,
-            Template  => 'PasswordReset',
-            Arguments => {
-                Token => $token,
-                User  => $u,
-            },
-        );
+        my ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
 
         if ($status) {
             push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 1e96f02..13f973c 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -5,6 +5,29 @@ use warnings;
 
 our $VERSION = '1.04';
 
+sub CreateTokenAndResetPassword {
+    my $self = shift;
+    my $user = shift;
+
+    my $token = Digest::MD5->new()->add(
+        $user->id,
+        $user->__Value('Password'),
+        $RT::DatabasePassword,
+        $user->LastUpdated,
+        @{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset'
+    )->hexdigest();
+
+    my ($status, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
+        To        => $user->EmailAddress,
+        Template  => 'PasswordReset',
+        Arguments => {
+            Token => $token,
+            User  => $user,
+        },
+    );
+    return ($status, $msg);
+}
+
 =head1 NAME
 
 RT::Extension::ResetPassword - add "forgot your password?" link to RT instance

commit 9a3e58c913cfbd543c1548f8600f85ac1ae85dcd
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Thu Jan 9 11:43:07 2020 -0500

    Config values for creating new users on password set when no user exists for email

diff --git a/README b/README
index 1b303c7..3d0a515 100644
--- a/README
+++ b/README
@@ -70,6 +70,18 @@ CONFIGURATION
     being sent, thus not revealing the reasons for any failure. All failures
     will still be logged with an appropriate diagnostic message.
 
+    $CreateNewsUserAsPrivileged
+      Set this config value to true if users creating a new account should
+      default to privileged users. WARNING Setting this to true can be
+      dangerous as it allows anyone to create a new priviledged user,
+      usually privlidged users are given rights to edit and see information
+      not desired to be public.
+
+    $CreateNewUserOnPasswordSet
+      This configuration option determines if a nonexistant user can create
+      an new user record. WARNING see the note about the danger of setting
+      this to true and setting $CreateNewsUserAsPrivileged to true as well.
+
 AUTHOR
     Best Practical Solutions, LLC <modules at bestpractical.com>
 
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
index 3c99919..78810cc 100644
--- a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
+++ b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
@@ -1,2 +1,7 @@
 <br/><div id="lostpassword" style="align:left;clear:both;">
 <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html"><&|/l&>Forgot your password?</&></a></div>
+
+% if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
+  <div id="firstpassword" style="align:left;clear:both;">
+  <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/NewUser.html"><&|/l&>New user and need a password?</&></a></div>
+% }
diff --git a/html/NoAuth/ResetPassword/NewUser.html b/html/NoAuth/ResetPassword/NewUser.html
new file mode 100644
index 0000000..dbf5aec
--- /dev/null
+++ b/html/NoAuth/ResetPassword/NewUser.html
@@ -0,0 +1,120 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2019 Best Practical Solutions, LLC
+%#                                          <sales at bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<& /Elements/Header, Title => $title &>
+<div id="body" class="login-body">
+
+<h1><%$title%></h1>
+<& /Elements/ListActions, actions => \@actions  &>
+<p>
+<&|/l&>RT can send you an email message with a link that will allow you to set your password.</&>
+<form method="post" action="NewUser.html">
+    <&|/l&>Email address</&>:<input name="Email" value="" />
+    <input type="submit" class="button" value="<%loc('Send it!')%>" />
+</form>
+<a href="<%$RT::WebURL|n%>"><&|/l&>Login</&></a>
+</div>
+
+<%INIT>
+my @actions;
+
+my $title = loc("Create your password");
+
+if ($ARGS{'Email'}) {
+    my $u = RT::User->new($RT::SystemUser);
+    $u->LoadByCols(EmailAddress => $ARGS{'Email'});
+
+    if ($u->id and $u->HasPassword and $u->Privileged and not $u->Disabled) {
+        my ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
+
+        if ($status) {
+            push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+            RT->Logger->info("Password reset token send to " . $u->EmailAddress);
+        } else {
+            push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
+            RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
+        }
+    } elsif ($u->id and $u->Disabled) {
+        push @actions, loc("You can't reset your password because your user is disabled.");
+        RT->Logger->warning("Disabled user " . $u->Name . " attempted to reset password");
+    } elsif ($u->id and not $u->Privileged) {
+        my ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
+        if ($status) {
+            push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+            RT->Logger->info("Password reset token send to " . $u->EmailAddress);
+        } else {
+            push @actions, loc("You can't reset your password as you don't already have one.");
+            RT->Logger->warning("$msg")
+        }
+    } else {
+        if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
+            my ($status, $msg) = $u->Create(
+                Privileged => RT::Config->Get('CreateNewsUserAsPrivileged') || 0,
+                EmailAddress => $ARGS{'Email'},
+            );
+            RT::Logger->error($msg) unless $status;
+
+            ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
+            if ($status) {
+                push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+                RT->Logger->info("Password reset token send to " . $u->EmailAddress);
+            } else {
+                push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
+                RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
+            }
+        }
+        else {
+            push @actions, loc("Cannot set password for user that does not exist");
+            RT->Logger->info("Cannot set password for user that does not exist: " . $u->EmailAddress . ", see theb \$CreateNewUserOnPasswordSet config option");
+        }
+    }
+    if(RT->Config->Get("HidePasswordResetErrors")) {
+        pop @actions;
+        push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+    }
+}
+</%INIT>
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 13f973c..0512d85 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -115,6 +115,24 @@ appear to the requestor to have resulted in an email being sent, thus
 not revealing the reasons for any failure. All failures will still be
 logged with an appropriate diagnostic message.
 
+=over 2
+
+=item C<$CreateNewsUserAsPrivileged>
+
+Set this config value to true if users creating a new account should default to privileged users.
+WARNING Setting this to true can be dangerous as it allows anyone to create a new priviledged user,
+usually privlidged users are given rights to edit and see information not desired to be public.
+
+
+=item C<$CreateNewUserOnPasswordSet>
+
+This configuration option determines if a nonexistant user can create an new user record.
+WARNING see the note about the danger of setting this to true and setting C<$CreateNewsUserAsPrivileged>
+to true as well.
+
+=back
+=cut
+
 =head1 AUTHOR
 
 Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>

commit d4ac621b450fefa690439026cf6937481a31b06e
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Tue Feb 4 16:13:55 2020 -0500

    Allow for password reset email to be sent on user create page

diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate
new file mode 100644
index 0000000..53fd8af
--- /dev/null
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate
@@ -0,0 +1,6 @@
+<%init>
+$session{'SendPasswordResetEmail'} = $ARGSRef->{'SendPasswordResetEmail'};
+</%init>
+<%args>
+$ARGSRef
+</%args>
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
new file mode 100644
index 0000000..6795631
--- /dev/null
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
@@ -0,0 +1,33 @@
+<%init>
+if ( $session{'SendPasswordResetEmail'} && $User && $User->Id ) {
+    my ($token, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($User);
+    if ( $token ) {
+        push @{$Results}, 'Password reset email passed to new user';
+
+        my $template = RT::Template->new( RT->SystemUser );
+        (my $ret, $msg) = $template->LoadGlobalTemplate( 'Password Reset' );
+        unless ( $template->id ) {
+            RT::Logger->error( "Couldn't load template 'Password Reset'" );
+            return;
+        }
+        ($ret, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
+            To        => $User->EmailAddress,
+            Template  => 'Password Reset',
+            Arguments => {
+                Token => $token,
+                User  => $User,
+            },
+        );
+        RT::Logger->error( "$msg" ) unless $ret;
+    }
+    else {
+        RT::Logger->error( "$msg" );
+    }
+}
+$session{'SendPasswordResetEmail'} = undef;
+</%init>
+<%args>
+$Results
+$User
+$ARGSRef
+</%args>
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/RightColumnBottom b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/RightColumnBottom
new file mode 100644
index 0000000..6a94c93
--- /dev/null
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/RightColumnBottom
@@ -0,0 +1,5 @@
+<input value="1" <% $ARGS{'SendPasswordResetEmail'} ? 'checked' : '' %> name="SendPasswordResetEmail" type="checkbox">Send password reset email?</input>
+
+<%init>
+return unless $ARGS{'Create'} || ( $ARGS{'UserObj'} && !$ARGS{'UserObj'}->Id );
+</%init>
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 0512d85..3d69d06 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -9,6 +9,11 @@ sub CreateTokenAndResetPassword {
     my $self = shift;
     my $user = shift;
 
+    unless ( $user && $user->Id ) {
+        RT::Logger->error( "Need to provide a loaded RT::User object for CreateTokenAndResetPassword." );
+        return;
+    }
+
     my $token = Digest::MD5->new()->add(
         $user->id,
         $user->__Value('Password'),

-----------------------------------------------------------------------


More information about the Bps-public-commit mailing list