[Bps-public-commit] rt-extension-resetpassword branch, new-user-create-password, repushed

Craig Kaiser craig at bestpractical.com
Wed Feb 26 12:31:22 EST 2020 

The branch new-user-create-password was deleted and repushed:
       was 40c25a0e3d5e3ccb8751cc34a7af194d97b46414
       now 35488a2932f8f9b9c629168ff6feb31915bb77ed

1:  65b32fc = 1:  65b32fc Move token generation and password reset to lib method
2:  095f7cc = 2:  095f7cc Check that valid user object is passed to CreateTokenAndResetPassword
3:  8e54d3e ! 3:  2f2dab2 Allow new users to create new user accounts and set password
    @@ -145,12 +145,24 @@
     --- a/html/NoAuth/ResetPassword/Request.html
     +++ b/html/NoAuth/ResetPassword/Request.html
     @@
    +     <&|/l&>Email address</&>:<input name="Email" value="" />
    +     <input type="submit" class="button" value="<%loc('Send it!')%>" />
    + </form>
    ++    <a href="<%$RT::WebURL|n%>"><&|/l&>Login</&></a>
    + </div>
    + 
    + <%INIT>
    +@@
      if ($ARGS{'Email'}) {
          my $u = RT::User->new($RT::SystemUser);
          $u->LoadByCols(EmailAddress => $ARGS{'Email'});
     -    if ($u->id and $u->HasPassword and not $u->Disabled) {
     +
    -+    if ($u->id and $u->HasPassword and $u->Privileged and !$u->Disabled) {
    ++    # Do not allow password reset if this page is suppose to be hidden
    ++    return if RT->Config->Get('DisableResetPasswordOnLogin');
    ++
    ++    # If the user exists and has a password and is not disabled then they can always reset their password
    ++    if ($u->id and $u->HasPassword and !$u->Disabled) {
              my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
      
              if ($status) {
    @@ -164,6 +176,7 @@
              }
     -    } elsif ($u->id and $u->Disabled) {
     +    }
    ++    # Disabled users do not get to reset their passwords
     +    elsif ($u->id and $u->Disabled) {
              push @actions, loc("You can't reset your password because your user is disabled.");
              RT->Logger->warning("Disabled user " . $u->Name . " attempted to reset password");
    @@ -174,25 +187,25 @@
     -        push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
     -        RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
          }
    ++    # If the user exists but does not have a password value then we need to consult the config flag
     +    elsif ($u->id) {
     +        if ( RT::Config->Get('AllowUsersWithoutPassword') ) {
     +            my ($status, $msg) = RT::Extension::ResetPassword::CreateTokenAndResetPassword($u);
     +            if ($status) {
     +                push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
     +                RT->Logger->info("Password reset token send to " . $u->EmailAddress);
    -+
    -+                $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
    -+                $refresh = 1;
    -+            } else {
    -+                push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
    ++            }
    ++            else {
    ++                push @actions, loc("Unable to send new password email, contact your RT administrator for more assistance");
     +                RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
     +            }
     +        }
     +        else {
    -+            push @actions, loc("You can't reset your password as you aren't privileged.");
    -+            RT->Logger->warning("User " . $u->Name . " is not privileged and attempted a password reset");
    -+        }
    -+    }
    ++            push @actions, loc("Unable to send new password email, contact your RT administrator for more assistance");
    ++            RT->Logger->warning("User " . $u->Name . " attempted to reset their password without having an existing password");
    ++        }
    ++    }
    ++    # If the user does not exists check if users are allowed to be created via this page
     +    else {
     +        if ( RT::Config->Get('CreateNewUserAndSetPassword') ) {
     +            my ($status, $msg) = $u->Create(
    @@ -207,14 +220,12 @@
     +                RT->Logger->info("Password reset token send to " . $u->EmailAddress);
     +            }
     +            else {
    -+                push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
    ++                push @actions, loc("Unable to send new password email, contact your RT administrator for more assistance");
     +                RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
     +            }
    -+            $m->notes->{RefreshURL} = RT->Config->Get('WebPath')."/";
    -+            $refresh = 1;
     +        }
     +        else {
    -+            push @actions, loc("RT couldn't find a user with that email address. Give it another try?");
    ++            push @actions, loc("Unable to send new password email, contact your RT administrator for more assistance");
     +            RT->Logger->warning("Password reset attempted for non-existent user " . $ARGS{'Email'});
     +        }
     +    }
4:  58edb7a < -:  ------- Keep the behavior between finding a user and not the same
5:  291ad0a = 4:  d804c2b Center the password links on login page
6:  40c25a0 = 5:  35488a2 Update docs for new features

More information about the Bps-public-commit mailing list