由 Administrator 于 2008/12/02, 12:37 最后修改
显示最后作者
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{velocity}} | ||
| 2 | #** | ||
| 3 | This page starts the password reset procedure. It works according to the next algorithm: | ||
| 4 | 1. Display a form requesting the username | ||
| 5 | 2. When receiving the username via form submission, generate a random verification string which is stored (as a hash) inside a ResetPasswordRequestClass object attached to the user's profile page. If no such object exists, it is created, but an existing object will be reused, meaning that at most one password reset request can be active at a moment. | ||
| 6 | 3. Send an email to the address configured in the user's profile, containing a link to the second step of the password reset procedure. | ||
| 7 | |||
| 8 | URL parameters: | ||
| 9 | |||
| 10 | u = user account sent in the form | ||
| 11 | |||
| 12 | !!!!! IMPORTANT !!!!! | ||
| 13 | |||
| 14 | This document requires programming rights, so always make sure | ||
| 15 | it is saved by a user with programming rights, and that | ||
| 16 | it is secured against unprivileged editing. | ||
| 17 | |||
| 18 | *### | ||
| 19 | ## | ||
| 20 | ## | ||
| 21 | ## First, check if the page has programming rights, as nothing works otherwise | ||
| 22 | #if($xwiki.hasProgrammingRights()) | ||
| 23 | ## | ||
| 24 | ## | ||
| 25 | ## The name of the class used for storing password reset verification data. | ||
| 26 | #set($verifClass = 'XWiki.ResetPasswordRequestClass') | ||
| 27 | #set($userName = "$!request.get('u')") | ||
| 28 | #if($userName == '')## First step, display the form requesting the username | ||
| 29 | = $msg.get('xe.admin.passwordreset.forgotpassword') = | ||
| 30 | |||
| 31 | $msg.get('xe.admin.passwordreset.startprocess') | ||
| 32 | |||
| 33 | {{html}} | ||
| 34 | <form method="post" action=""> | ||
| 35 | <div> | ||
| 36 | <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> | ||
| 37 | <label for="u">$msg.get('xe.admin.passwordreset.username')</label> <input type="text" id="u" name="u"/> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.admin.passwordreset.resetpassword')" class="button"/></span> | ||
| 38 | </div> | ||
| 39 | </form> | ||
| 40 | {{/html}} | ||
| 41 | #else## Second step, generate the verification string, store it, and send the email | ||
| 42 | ## TODO: Once the usernames are not bound to the XWiki space, revisit this code | ||
| 43 | #if($userName.indexOf('.') != -1) | ||
| 44 | #set($userDoc = $xwiki.getDocument(${userName})) | ||
| 45 | #else | ||
| 46 | #set($userDoc = $xwiki.getDocument("XWiki.${userName}")) | ||
| 47 | #end | ||
| 48 | ## Check if the user exists and has a valid email address configured in his profile | ||
| 49 | #set($userObj = '') | ||
| 50 | #set($userObj = $userDoc.getObject('XWiki.XWikiUsers')) | ||
| 51 | #if("$!userObj" == '') | ||
| 52 | |||
| 53 | {{warning}}$msg.get('xe.admin.passwordreset.nouser', [$escapetool.xml($userName)]){{/warning}} | ||
| 54 | |||
| 55 | #elseif ($userDoc.getObject('XWiki.LDAPProfileClass')) | ||
| 56 | |||
| 57 | {{warning}}$msg.get('xe.admin.passwordreset.ldapuser', [$escapetool.xml($userName)]){{/warning}} | ||
| 58 | |||
| 59 | #else | ||
| 60 | #set($userEmail = $userObj.getProperty('email').value) | ||
| 61 | #if("$!userEmail" == '') | ||
| 62 | |||
| 63 | {{error}}$msg.get('xe.admin.passwordreset.cannotreset'){{/error}} | ||
| 64 | |||
| 65 | #else | ||
| 66 | ## Find the object that will hold the verification string | ||
| 67 | #set($verifObj = '') | ||
| 68 | #set($verifObj = $userDoc.getObject($verifClass)) | ||
| 69 | #if("$!verifObj" == '') | ||
| 70 | #set($verifObj = $userDoc.newObject($verifClass)) | ||
| 71 | #end | ||
| 72 | ## Generate a random string | ||
| 73 | #set($verifStr = $xwiki.generateRandomString(30)) | ||
| 74 | ## If the class is correctly configured, the string should automatically be stored as a hash | ||
| 75 | #set($discard = $verifObj.set('verification', $verifStr)) | ||
| 76 | #set($discard = $userDoc.saveWithProgrammingRights()) | ||
| 77 | ## Compose the verification URL | ||
| 78 | #set($passwordResetURL = $xwiki.getDocument('XWiki.ResetPasswordComplete').getExternalURL('view', "u=${userName}&v=${verifStr}")) | ||
| 79 | ## Send an email; the variables will be retrieved from the velocity context | ||
| 80 | #set($mailResult = $xwiki.mailsender.sendMessageFromTemplate($xwiki.getXWikiPreference('admin_email', 'no-reply@xwiki.org'), $userEmail, $util.null, $util.null, $xcontext.language, 'XWiki.ResetPasswordMailContent', $xcontext.vcontext)) | ||
| 81 | #if($mailResult == 0) | ||
| 82 | |||
| 83 | {{info}}$msg.get('xe.admin.passwordreset.emailsent', [$escapetool.xml($userEmail)]){{/info}} | ||
| 84 | |||
| 85 | #else | ||
| 86 | |||
| 87 | {{error}}$msg.get('xe.admin.passwordreset.reseterror'){{/error}} | ||
| 88 | |||
| 89 | #end | ||
| 90 | #end | ||
| 91 | #end | ||
| 92 | {{html}} | ||
| 93 | <a href="$doc.getURL()">« $msg.get('xe.admin.passwordreset.retry')</a> | | ||
| 94 | <a href="$xwiki.getURL('XWiki.XWikiLogin', 'login', '')">$msg.get('xe.admin.passwordreset.login') »</a> | ||
| 95 | {{/html}} | ||
| 96 | #end | ||
| 97 | ## Clear private variables, so that they cannot be accessed from the rest of the page (comments, panels...) | ||
| 98 | #set($verifStr = '') | ||
| 99 | #set($passwordResetURL = '') | ||
| 100 | ## | ||
| 101 | ## | ||
| 102 | #else | ||
| 103 | ## No programming rights, warn and exit | ||
| 104 | {{error}}$msg.get('xe.admin.passwordreset.noprogrammingrights'){{/error}} | ||
| 105 | #end | ||
| 106 | {{/velocity}} |