[Bps-public-commit] rt-extension-resetpassword branch, new-user-create-password, repushed
Craig Kaiser
craig at bestpractical.com
Mon Jan 13 11:37:12 EST 2020
The branch new-user-create-password was deleted and repushed:
was 6b667c9be05d5b3d711d0a308810b8d9d0855e0b
now 9a3e58c913cfbd543c1548f8600f85ac1ae85dcd
1: 5d80792 = 1: 5d80792 Move token generation and password reset to lib method
2: 70ebfd1 ! 2: 9a3e58c Config values for creating new users on password set when no user exists for email
@@ -1,6 +1,29 @@
Author: Craig Kaiser <craig at bestpractical.com>
- Allow for users to create priv user records with no account
+ Config values for creating new users on password set when no user exists for email
+
+diff --git a/README b/README
+--- a/README
++++ b/README
+@@
+ being sent, thus not revealing the reasons for any failure. All failures
+ will still be logged with an appropriate diagnostic message.
+
++ $CreateNewsUserAsPrivileged
++ Set this config value to true if users creating a new account should
++ default to privileged users. WARNING Setting this to true can be
++ dangerous as it allows anyone to create a new priviledged user,
++ usually privlidged users are given rights to edit and see information
++ not desired to be public.
++
++ $CreateNewUserOnPasswordSet
++ This configuration option determines if a nonexistant user can create
++ an new user record. WARNING see the note about the danger of setting
++ this to true and setting $CreateNewsUserAsPrivileged to true as well.
++
+ AUTHOR
+ Best Practical Solutions, LLC <modules at bestpractical.com>
+
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default b/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
--- a/html/Callbacks/RT-Extension-ResetPassword/Elements/Login/Default
@@ -9,8 +32,10 @@
<br/><div id="lostpassword" style="align:left;clear:both;">
<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/Request.html"><&|/l&>Forgot your password?</&></a></div>
+
-+<div id="firstpassword" style="align:right;clear:both;">
-+<a href="<%$RT::WebPath%>/NoAuth/ResetPassword/NewUser.html"><&|/l&>New user and need a password?</&></a></div>
++% if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
++ <div id="firstpassword" style="align:left;clear:both;">
++ <a href="<%$RT::WebPath%>/NoAuth/ResetPassword/NewUser.html"><&|/l&>New user and need a password?</&></a></div>
++% }
diff --git a/html/NoAuth/ResetPassword/NewUser.html b/html/NoAuth/ResetPassword/NewUser.html
new file mode 100644
@@ -110,19 +135,25 @@
+ RT->Logger->warning("$msg")
+ }
+ } else {
-+ my ($status, $msg) = $u->Create(
-+ Privileged => RT::Config->Get('CreateNewsUserAsPrivileged') || 0,
-+ EmailAddress => $ARGS{'Email'},
-+ );
-+ RT::Logger->error($msg) unless $status;
++ if ( RT::Config->Get('CreateNewUserOnPasswordSet') ) {
++ my ($status, $msg) = $u->Create(
++ Privileged => RT::Config->Get('CreateNewsUserAsPrivileged') || 0,
++ EmailAddress => $ARGS{'Email'},
++ );
++ RT::Logger->error($msg) unless $status;
+
-+ ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
-+ if ($status) {
-+ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
-+ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
-+ } else {
-+ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
-+ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
++ ($status, $msg) = RT::Extension::ResetPassword->CreateTokenAndResetPassword($u);
++ if ($status) {
++ push @actions, loc("RT has sent you an email message with instructions about how to reset your password");
++ RT->Logger->info("Password reset token send to " . $u->EmailAddress);
++ } else {
++ push @actions, loc("Failed to send password reset token, please contact your RT administrator.");
++ RT->Logger->error("Failed to send password reset token to " . $u->EmailAddress . ": $msg");
++ }
++ }
++ else {
++ push @actions, loc("Cannot set password for user that does not exist");
++ RT->Logger->info("Cannot set password for user that does not exist: " . $u->EmailAddress . ", see theb \$CreateNewUserOnPasswordSet config option");
+ }
+ }
+ if(RT->Config->Get("HidePasswordResetErrors")) {
@@ -139,13 +170,24 @@
not revealing the reasons for any failure. All failures will still be
logged with an appropriate diagnostic message.
++=over 2
++
+=item C<$CreateNewsUserAsPrivileged>
+
+Set this config value to true if users creating a new account should default to privileged users.
++WARNING Setting this to true can be dangerous as it allows anyone to create a new priviledged user,
++usually privlidged users are given rights to edit and see information not desired to be public.
+
++
++=item C<$CreateNewUserOnPasswordSet>
++
++This configuration option determines if a nonexistant user can create an new user record.
++WARNING see the note about the danger of setting this to true and setting C<$CreateNewsUserAsPrivileged>
++to true as well.
++
++=back
+=cut
+
=head1 AUTHOR
Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>
-
3: 6b667c9 < -: ------- Config option for creating a user on password set if no user record exists
More information about the Bps-public-commit
mailing list