Commit 7db2fbfe authored by Xavier Guimard's avatar Xavier Guimard

Pwd reset by mail in progress (#595)

parent 01682ae3
......@@ -91,6 +91,11 @@ sub _reset {
my ( $self, $req ) = @_;
my ( $mailToken, $newPwd, $confirmPwd );
# Check for password change form
if ( $req->param('newpassword') or $req->param('reset') ) {
return $self->changePassword($req);
}
# Check for first access
$mailToken = $req->datas->{mailToken} = $req->param('mail_token');
unless ( $req->param('mail') || $mailToken ) {
......@@ -328,7 +333,38 @@ sub _reset {
return PE_MAILCONFIRMOK;
}
# mailToken is valid, time to change password
# User has a valid mailToken, allow to change password
# A token is required
$self->ott->setToken( $req, { %{ $req->sessionInfo }, pwdAllowed => 1 } );
return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
return PE_PASSWORDFORMEMPTY;
}
sub changePassword {
my ( $self, $req ) = @_;
$self->lmLog( 'Change password form response', 'debug' );
if ( my $token = $req->param('token') ) {
$req->sessionInfo( $self->ott->getToken($token) );
unless ( $req->sessionInfo ) {
$self->p->userNotice(
'User tries to change password with an invalid or expired token'
);
return PE_NOTOKEN;
}
}
# These 2 cases means that a user tries to change password without
# following valid links!!!
else {
$self->p->userError('User tries to change password without token');
return PE_NOTOKEN;
}
unless ( delete $req->sessionInfo->{pwdAllowed} ) {
$self->p->userError(
'User tries to use another token to change a password');
return PE_NOTOKEN;
}
# Check if user wants to generate the new password
if ( $req->param('reset') ) {
......@@ -351,11 +387,11 @@ sub _reset {
else {
$req->datas->{newpassword} = $req->param('newpassword');
$req->datas->{confirmpassword} = $req->param('confirmpassword');
unless ( $req->datas->{newpassword} && $req->datas->{confirmpassword} )
unless ($req->datas->{newpassword}
and $req->datas->{confirmpassword}
and $req->datas->{newpassword} eq $req->datas->{confirmpassword} )
{
# A token is required
$self->ott->setToken( $req, $req->sessionInfo );
return PE_PASSWORDFIRSTACCESS if ( $req->method eq 'GET' );
return PE_PASSWORDFORMEMPTY;
}
......@@ -403,7 +439,8 @@ sub _reset {
# Send mail
return PE_MAILERROR
unless $self->send_mail( $self->{mailAddress}, $subject, $body, $html );
unless $self->send_mail( $req->datas->{mailAddress}, $subject, $body,
$html );
PE_MAILOK;
}
......
......@@ -15,7 +15,7 @@ my $mail2 = 0;
my $client = LLNG::Manager::Test->new(
{
ini => {
logLevel => 'debug',
logLevel => 'error',
useSafeJail => 1,
portalDisplayRegister => 1,
authentication => 'Demo',
......@@ -42,14 +42,14 @@ ok(
length => length($query),
accept => 'text/html'
),
'Post email'
'Post mail'
);
count(1);
# $query has been set by MIME::Lite::send
ok(
$res = $client->_get( '/resetpwd', query => $query, accept => 'text/html' ),
'Post mail token'
'Post mail token received by mail'
);
count(1);
( $host, $url, $query ) = expectForm( $res, '#', undef, 'token' );
......@@ -80,7 +80,7 @@ no warnings 'redefine';
sub MIME::Lite::send {
my ($mail) = @_;
pass('----- Mail given to MIME::Lite -----');
ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, 'Found dest' )
ok( $mail->header_as_string =~ /dwho\@badwolf.org/s, ' Found dest' )
or explain( $mail->header_as_string, 'To: dwho@badwolf.org' );
count(2);
unless ($mail2) {
......@@ -88,7 +88,7 @@ sub MIME::Lite::send {
ok(
$mail->body_as_string =~
m#a href="http://auth.example.com/resetpwd\?(.*?)"#,
'Found link'
' Found link'
);
count(1);
$query = $1;
......@@ -96,13 +96,11 @@ sub MIME::Lite::send {
}
else {
$mailSend = 2;
ok(
$mail->body_as_string =~
m#yourLoginIs.+?<b>(\w+)</b>.*?pwdIs.+?<b>(.*?)</b>#s,
'Get login/pwd'
);
ok( $mail->body_as_string =~ /pwdChanged/, ' Password was changed' );
( $user, $pwd ) = ( $1, $2 );
count(1);
}
pass('----- Mail sent -----');
count(1);
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment