[Bps-public-commit] rt-extension-resetpassword branch, new-user-create-password, created. 1.04-4-g79f1a39
Craig Kaiser
craig at bestpractical.com
Thu Feb 13 15:58:18 EST 2020
The branch, new-user-create-password has been created
at 79f1a3957b0a3ba3a8b1dac6e9bedf3bec6aa875 (commit)
- Log -----------------------------------------------------------------
commit 65b32fc519384ee8ad8fcbaa0070aabca4ad001a
Author: Craig Kaiser <craig at bestpractical.com>
Date: Thu Jan 9 11:42:11 2020 -0500
Move token generation and password reset to lib method
diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
index 794c44c..5d33ecf 100644
--- a/html/NoAuth/ResetPassword/Request.html
+++ b/html/NoAuth/ResetPassword/Request.html
@@ -65,22 +65,7 @@ if ($ARGS{'Email'}) {
my $u = RT::User->new($RT::SystemUser);
$u->LoadByCols(EmailAddress => $ARGS{'Email'});
if ($u->id and $u->HasPassword and not $u->Disabled) {
- my $token = Digest::MD5->new()->add(
- $u->id,
- $u->__Value('Password'),
- $RT::DatabasePassword,
- $u->LastUpdated,
- @{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset'
- )->hexdigest();
-
- my ($status, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
- To => $u->EmailAddress,
- Template => 'PasswordReset',
- Arguments => {
- Token => $token,
- User => $u,
- },
- );
+ my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
if ($status) {
push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 1e96f02..ec583d8 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -5,6 +5,28 @@ use warnings;
our $VERSION = '1.04';
+sub CreateTokenAndResetPassword {
+ my $user = shift;
+
+ my $token = Digest::MD5->new()->add(
+ $user->id,
+ $user->__Value('Password'),
+ $RT::DatabasePassword,
+ $user->LastUpdated,
+ @{[$RT::WebPath]} . '/NoAuth/ResetPassword/Reset'
+ )->hexdigest();
+
+ my ($status, $msg) = RT::Interface::Email::SendEmailUsingTemplate(
+ To => $user->EmailAddress,
+ Template => 'PasswordReset',
+ Arguments => {
+ Token => $token,
+ User => $user,
+ },
+ );
+ return ($status, $msg);
+}
+
=head1 NAME
RT::Extension::ResetPassword - add "forgot your password?" link to RT instance
commit d10a07fb8ffc5d7d26bb28e92aa6a0b3991dca0d
Author: Craig Kaiser <craig at bestpractical.com>
Date: Thu Feb 13 15:10:05 2020 -0500
Add config options for allowing a new user to create a account and password
diff --git a/README b/README
index 1b303c7..3d0a515 100644
--- a/README
+++ b/README
@@ -70,6 +70,18 @@ CONFIGURATION
being sent, thus not revealing the reasons for any failure. All failures
will still be logged with an appropriate diagnostic message.
+ $CreateNewsUserAsPrivileged
+ Set this config value to true if users creating a new account should
+ default to privileged users. WARNING Setting this to true can be
+ dangerous as it allows anyone to create a new priviledged user,
+ usually privlidged users are given rights to edit and see information
+ not desired to be public.
+
+ $CreateNewUserOnPasswordSet
+ This configuration option determines if a nonexistant user can create
+ an new user record. WARNING see the note about the danger of setting
+ this to true and setting $CreateNewsUserAsPrivileged to true as well.
+
AUTHOR
Best Practical Solutions, LLC <modules at bestpractical.com>
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index ec583d8..c13ea9f 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -8,6 +8,11 @@ our $VERSION = '1.04';
sub CreateTokenAndResetPassword {
my $user = shift;
+ unless ( $user && $user->Id ) {
+ RT::Logger->error( "Need to provide a loaded RT::User object for CreateTokenAndResetPassword." );
+ return;
+ }
+
my $token = Digest::MD5->new()->add(
$user->id,
$user->__Value('Password'),
@@ -114,6 +119,24 @@ appear to the requestor to have resulted in an email being sent, thus
not revealing the reasons for any failure. All failures will still be
logged with an appropriate diagnostic message.
+=over 2
+
+=item C<$CreateNewsUserAsPrivileged>
+
+Set this config value to true if users creating a new account should default to privileged users.
+WARNING Setting this to true can be dangerous as it allows anyone to create a new priviledged user,
+usually privlidged users are given rights to edit and see information not desired to be public.
+
+
+=item C<$CreateNewUserOnPasswordSet>
+
+This configuration option determines if a nonexistant user can create an new user record.
+WARNING see the note about the danger of setting this to true and setting C<$CreateNewsUserAsPrivileged>
+to true as well.
+
+=back
+=cut
+
=head1 AUTHOR
Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>
commit b84b53be17b5dd39a00784d20fcca31f7743d020
Author: Craig Kaiser <craig at bestpractical.com>
Date: Thu Feb 13 15:13:22 2020 -0500
Allow new users to create new user accounts and set password
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
index 3c99919..ad06843 100644
--- a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
+++ b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
@@ -1,2 +1,7 @@
<br/><div id="lostpassword" style="align:left;clear:both;">
-<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html"><&|/l&>Forgot your password?</&></a></div>
+<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Reset your password</&>"><&|/l&>Forgot your password</&></a></div>
+
+% if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
+ <div id="firstpassword" style="align:left;clear:both;">
+ <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html?Title=<&|/l&>Create your password</&>"><&|/l&>New account</&></a></div>
+% }
diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
index 5d33ecf..bfe3cd0 100644
--- a/html/NoAuth/ResetPassword/Request.html
+++ b/html/NoAuth/ResetPassword/Request.html
@@ -64,26 +64,51 @@ my $title = loc("Reset your password");
if ($ARGS{'Email'}) {
my $u = RT::User->new($RT::SystemUser);
$u->LoadByCols(EmailAddress => $ARGS{'Email'});
- if ($u->id and $u->HasPassword and not $u->Disabled) {
+
+ if ($u->id and $u->HasPassword and $u->Privileged and !$u->Disabled) {
my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
if ($status) {
push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
RT->Logger->info("Password reset token send to " . $u->EmailAddress);
- } else {
+ }
+ else {
push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
}
- } elsif ($u->id and $u->Disabled) {
+ }
+ elsif ($u->id and $u->Disabled) {
push @actions, loc("You can't reset your password because your user is disabled.");
RT->Logger->warning("Disabled user " . $u->Name . " attempted to reset password");
- } elsif ($u->id) {
- push @actions, loc("You can't reset your password as you don't already have one.");
- RT->Logger->warning("User " . $u->Name . " with no password attempted a password reset")
+ }
+ elsif ($u->id) {
+ push @actions, loc("You can't reset your password as you aren't privileged.");
+ RT->Logger->warning("User " . $u->Name . " with no password attempted a password reset");
} else {
- push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
- RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
+ if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
+ my ($status, $msg) = $u->Create(
+ Privileged => RT::Config->Get('CreateNewsUserAsPrivileged') || 0,
+ EmailAddress => $ARGS{'Email'},
+ );
+ RT::Logger->error($msg) unless $status;
+
+ ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
+ if ($status) {
+ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
+ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
+ } else {
+ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
+ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
+ }
+ $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
+ $refresh = 1;
+ }
+ else {
+ push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
+ RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
+ }
}
+
if(RT->Config->Get("HidePasswordResetErrors")) {
pop @actions;
push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
diff --git a/html/NoAuth/ResetPassword/Reset/dhandler b/html/NoAuth/ResetPassword/Reset/dhandler
index ad19b0a..5763bf9 100644
--- a/html/NoAuth/ResetPassword/Reset/dhandler
+++ b/html/NoAuth/ResetPassword/Reset/dhandler
@@ -75,4 +75,3 @@ else {
<input type ="submit" value ="<%loc('Change password')%>">
</form>
%}
-<a href="<%$RT::WebURL|n%>"><&|/l&>Login</&></a>
commit 79f1a3957b0a3ba3a8b1dac6e9bedf3bec6aa875
Author: Craig Kaiser <craig at bestpractical.com>
Date: Thu Feb 13 14:57:46 2020 -0500
Allow for an admin to send a password reset email
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate
new file mode 100644
index 0000000..53fd8af
--- /dev/null
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeCreate
@@ -0,0 +1,6 @@
+<%init>
+$session{'SendPasswordResetEmail'} = $ARGSRef->{'SendPasswordResetEmail'};
+</%init>
+<%args>
+$ARGSRef
+</%args>
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
new file mode 100644
index 0000000..88364b4
--- /dev/null
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
@@ -0,0 +1,17 @@
+<%INIT>
+if ( ( $ARGS{'SendPasswordResetEmail'} || $session{'SendPasswordResetEmail'} ) && $User && $User->Id ) {
+ my ($ret, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($User);
+ if ( $ret ) {
+ push @{$Results}, 'Password reset email passed to new user';
+ }
+ else {
+ RT::Logger->error( "$msg" );
+ }
+}
+$session{'SendPasswordResetEmail'} = undef;
+</%INIT>
+<%ARGS>
+$Results
+$User
+$ARGSRef
+</%ARGS>
diff --git a/html/Elements/EditPassword b/html/Elements/EditPassword
new file mode 100644
index 0000000..3de003f
--- /dev/null
+++ b/html/Elements/EditPassword
@@ -0,0 +1,84 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2019 Best Practical Solutions, LLC
+%# <sales at bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<input value="1" <% $session{'SendPasswordResetEmail'} ? 'checked' : '' %> id="SendPasswordResetEmail" name="SendPasswordResetEmail" type="checkbox"></input>
+<label for="SendPasswordResetEmail"><&|/l&>Send new password email</&></label><br />
+
+% unless ( $cond{'CanSet'} ) {
+<% $cond{'Reason'} %><br />
+% } else {
+<table>
+
+% if ( $cond{'RequireCurrent'} ) {
+<tr>
+<td class="label"><&|/l, $session{'CurrentUser'}->Name()&>[_1]'s current password</&>:</td>
+<td class="value"><input type="password" name="<% $Name[0] %>" size="16" autocomplete="off" /></td>
+</tr>
+% }
+
+<tr>
+<td class="label"><&|/l&>New password</&>:</td>
+<td class="value"><input type="password" name="<% $Name[1] %>" size="16" autocomplete="off" /></td>
+</tr>
+
+<tr>
+<td class="label"><&|/l&>Retype Password</&>:</td>
+<td class="value"><input type="password" name="<% $Name[2] %>" size="16" autocomplete="off" /></td>
+</tr>
+
+</table>
+% }
+
+<%ARGS>
+$User
+ at Name => qw(CurrentPass NewPass1 NewPass2)
+</%ARGS>
+<%INIT>
+
+my %cond = $User->CurrentUserRequireToSetPassword;
+
+</%INIT>
diff --git a/html/NoAuth/ResetPassword/Request.html b/html/NoAuth/ResetPassword/Request.html
index bfe3cd0..b6bdc0c 100644
--- a/html/NoAuth/ResetPassword/Request.html
+++ b/html/NoAuth/ResetPassword/Request.html
@@ -43,7 +43,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => $title &>
+<& /Elements/Header, Title => $title, Refresh => $refresh &>
<div id="body" class="login-body">
<h1><%$title%></h1>
@@ -61,6 +61,7 @@ my @actions;
my $title = loc("Reset your password");
+my $refresh;
if ($ARGS{'Email'}) {
my $u = RT::User->new($RT::SystemUser);
$u->LoadByCols(EmailAddress => $ARGS{'Email'});
@@ -71,8 +72,10 @@ if ($ARGS{'Email'}) {
if ($status) {
push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
RT->Logger->info("Password reset token send to " . $u->EmailAddress);
- }
- else {
+
+ $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
+ $refresh = 1;
+ } else {
push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
}
diff --git a/html/NoAuth/ResetPassword/Reset/dhandler b/html/NoAuth/ResetPassword/Reset/dhandler
index 5763bf9..35dbe79 100644
--- a/html/NoAuth/ResetPassword/Reset/dhandler
+++ b/html/NoAuth/ResetPassword/Reset/dhandler
@@ -6,6 +6,8 @@ my $show_form = 1;
my $title = loc('Reset your password');
my $virtual_path = $m->dhandler_arg();
my ( $submitted_token, $id ) = split( '/', $virtual_path );
+my $refresh;
+
my $token;
# Validate the token
my $u = RT::User->new($RT::SystemUser);
@@ -41,7 +43,8 @@ else {
{
my ( $val, $msg ) = $u->SetPassword( $ARGS{'password'} );
push @results, $msg;
- if ($val) { $show_form = 0;}
+ $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
+ if ($val) { $show_form = 0; $refresh = 1; }
}
elsif ( $ARGS{'password'} ) {
push @results, loc("The two passwords you typed didn't match.");
@@ -52,7 +55,7 @@ else {
</%init>
-<& /Elements/Header, Title => $title &>
+<& /Elements/Header, Title => $title, Refresh => $refresh &>
<div id="body" class="login-body">
<h1><%$title%></h1>
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list