antville/antville
antville/antville
1
1
Fork 0
Code Issues 51 Pull requests 9 Projects Releases 9 Wiki Activity Actions

* For now only import layouts with exact the same version strings

Browse source 
* Fixed password reset feature: before any other action is taken a confirmation e-mail will be sent
This commit is contained in:
Tobi Schäfer 2008-04-22 14:57:18 +00:00
parent 4a59353b6f
commit 91def0b843
5 changed files with 63 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
code/Layout/Layout.js
View file

@ -171,7 +171,7 @@ Layout.prototype.import_action = function() {
(new helma.Zip(zip)).extractAll(temp); (new helma.Zip(zip)).extractAll(temp);
zip.remove(); zip.remove();
var data = Xml.read(new helma.File(temp, "data.xml")); var data = Xml.read(new helma.File(temp, "data.xml"));
if (!data.version || data.version < Root.VERSION) { if (!data.version || data.version !== Root.VERSION) {
throw Error("Incompatible layout version"); throw Error("Incompatible layout version");
} }
// Backup the current layout if necessary // Backup the current layout if necessary

20
code/Members/$Members.skin
View file

@ -138,6 +138,10 @@ value="register"><% gettext Register %></button>
</form> </form>
<% #reset %> <% #reset %>
<p class="storyTitle"><% response.title %></p>
<p class="small"><% gettext "Enter your user name and the e-mail address you
have used when you registered. You will then receive a confirmation e-mail
containing further instructions." %></p>
<form id="login" method="post" action="<% response.action %>"> <form id="login" method="post" action="<% response.action %>">
<div class="small"><% gettext Username suffix=: %></div> <div class="small"><% gettext Username suffix=: %></div>
<div><input type="text" name="name" id="name" size="15" tabindex="1" <div><input type="text" name="name" id="name" size="15" tabindex="1"
@ -151,6 +155,22 @@ tabindex="4"><% gettext "Reset password" %></button>
<a href="" class="cancel"><% gettext Cancel %></a> <a href="" class="cancel"><% gettext Cancel %></a>
</form> </form>
<% #password %>
<p class="storyTitle"><% response.title %></p>
<form id="login" method="post" action="<% response.action %>">
<div class="small"><% gettext Password suffix=: %></div>
<div><input type="password" name="password" id="password" size="15" tabindex="1" /></div>
<div class="small"><% gettext "Confirm Password" suffix=: %></div>
<div><input type="password" name="passwordConfirm" id="passwordConfirm"
size="15" tabindex="2" /></div>
<input type="hidden" name="user" id="user" value="<% request.user %>" />
<input type="hidden" name="token" id="token" value="<% request.token %>" />
<br />
<button type="submit" id="submit" name="save" value="1"
tabindex="4"><% gettext Save %></button>
<a href="" class="cancel"><% gettext Cancel %></a>
</form>
<% #add %> <% #add %>
<form method="post" action="<% response.action %>"> <form method="post" action="<% response.action %>">
<table border="0" cellspacing="0" cellpadding="0"> <table border="0" cellspacing="0" cellpadding="0">

53
code/Members/Members.js
View file

@ -100,35 +100,56 @@ Members.prototype.register_action = function() {
} }
Members.prototype.reset_action = function() { Members.prototype.reset_action = function() {
// FIXME: Remove debugging code
/* if (req.queryParams.user) {
var user = User.getByName(req.queryParams.user);
if (user) {
user.hash = (req.queryParams.password + user.salt).md5();
}
} */
// FIXME: First send verification message, *then* reset password!
if (req.postParams.reset) { if (req.postParams.reset) {
try { try {
if (!req.postParams.name || !req.postParams.email) { if (!req.postParams.name || !req.postParams.email) {
throw Error(gettext("Please enter username and e-mail of the desired account.")); throw Error(gettext("Please enter a user name and e-mail address."));
} }
var user = User.getByName(req.postParams.name); var user = User.getByName(req.postParams.name);
if (!user || user.email !== req.postParams.email) { if (!user || user.email !== req.postParams.email) {
throw Error(gettext("Username and e-mail do not match.")) throw Error(gettext("User name and e-mail address do not match."))
} }
var password = jala.util.createPassword(25, 2); var token = User.getSalt();
user.hash = (password + user.salt).md5() user.metadata.set("resetToken", token);
sendMail(root.email, user.email, sendMail(root.email, user.email,
gettext("Your login at {0}", this._parent.title), gettext("Confirmation for password reset at {0}", this._parent.title),
user.renderSkinAsString("$$User#reset", user.renderSkinAsString("$User#reset", {
{password: password})); href: this.href("reset"),
res.message = "A new password is sent to the account's e-mail address."; token: token
}));
res.message = gettext("A confirmation mail was sent to your e-mail address.");
res.redirect(this._parent.href()); res.redirect(this._parent.href());
} catch(ex) { } catch(ex) {
app.log(ex); app.log(ex);
res.message = ex; res.message = ex;
} }
} else if (req.data.user && req.data.token) {
var user = User.getById(req.data.user);
if (user) {
var token = user.metadata.get("resetToken");
if (token) {
session.login(user);
if (req.postParams.save) {
var password = req.postParams.password;
if (!password) {
res.message = gettext("Please enter a new password.");
} else if (password !== req.postParams.passwordConfirm) {
res.message = gettext("The passwords do not match.");
} else {
user.hash = (password + user.salt).md5();
user.metadata.remove("resetToken");
res.message = gettext("Your password was changed.");
res.redirect(this._parent.href());
}
}
res.data.title = gettext("Enter new password");
res.data.body = this.renderSkinAsString("$Members#password");
this._parent.renderSkin("Site#page");
return;
}
}
res.message = gettext("This URL is not valid for resetting your password.");
res.redirect(this.href(req.action));
} }
res.data.action = this.href(req.action); res.data.action = this.href(req.action);
res.data.title = gettext("Reset password"); res.data.title = gettext("Reset password");

2
code/Root/Root.js
View file

@ -22,7 +22,7 @@
// $URL$ // $URL$
// //
Root.VERSION = 1.2; Root.VERSION = "1.2";
Root.getScopes = defineConstants(Root, markgettext("every site"), Root.getScopes = defineConstants(Root, markgettext("every site"),
markgettext("public sites"), markgettext("trusted sites"), markgettext("public sites"), markgettext("trusted sites"),

9
code/User/$User.skin
View file

@ -109,13 +109,12 @@ appear as link next to your posted items." %></span></td>
<% #reset %> <% #reset %>
<% gettext 'Hello {0}.' <% user.name %> %> <% gettext 'Hello {0}.' <% user.name %> %>
<% gettext "You (or someone pretending to be you) requested to reset the <% gettext "You (or someone pretending to be you) requested to reset the password of your account for the site {0} [1]." <% site.title %> %>
password of your account for the site {0} [1]." <% site.title %> %>
<% gettext "Below you find a new password that temporarily will give you access <% gettext "To confirm the request please click the link below." %>
to the site. Please change the password immediately after your next login." %> <% gettext "You will then be asked to change your password." %>
<% gettext "Your temporary password: {0}" <% param.password %> %> <% param.href %>?user=<% user.id %>&token=<% param.token %>
<% gettext "Best regards." %> <% gettext "Best regards." %>
<% gettext "The Management" %> <% gettext "The Management" %>