X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Fopac-password-recovery.pl;h=6429f7b9a17d1b88d40f68ca1022a69c2140d2da;hb=f822dee088b86edecd5d5c73718ad9f8a04c0664;hp=f4c5e2bd238ae7569da2bd11fe631972c07334d9;hpb=e29163af4cde7ce33060716091726e6fa2eef65e;p=koha.git diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index f4c5e2bd23..6429f7b9a1 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -10,7 +10,6 @@ use C4::Context; use Koha::Patron::Password::Recovery qw(SendPasswordRecoveryEmail ValidateBorrowernumber GetValidLinkInfo CompletePasswordRecovery DeleteExpiredPasswordRecovery); use Koha::Patrons; -use Koha::AuthUtils qw(hash_password); use Koha::Patrons; my $query = new CGI; use HTML::Entities; @@ -28,10 +27,9 @@ my ( $template, $dummy, $cookie ) = get_template_and_user( my $email = $query->param('email') // q{}; my $password = $query->param('password'); my $repeatPassword = $query->param('repeatPassword'); -my $minPassLength = C4::Context->preference('minPasswordLength'); my $id = $query->param('id'); my $uniqueKey = $query->param('uniqueKey'); -my $username = $query->param('username'); +my $username = $query->param('username') // q{}; my $borrower_number; #errors @@ -47,13 +45,10 @@ my $errBadEmail; #new password form error my $errLinkNotValid; -my $errPassNotMatch; -my $errPassTooShort; if ( $query->param('sendEmail') || $query->param('resendEmail') ) { #try with the main email - $email ||= ''; # avoid undef my $borrower; my $search_results; @@ -65,7 +60,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email => $email } } ); } - if ( not $search_results || $search_results->count < 1) { + if ( !defined $search_results || $search_results->count < 1) { $hasError = 1; $errNoBorrowerFound = 1; } @@ -78,23 +73,19 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { $errMultipleAccountsForEmail = 1; } elsif ( $borrower = $search_results->next() ) { # One matching borrower - $username ||= $borrower->userid; - my @emails = ( $borrower->email, $borrower->emailpro, $borrower->B_email ); + my @emails = grep { $_ } ( $borrower->email, $borrower->emailpro, $borrower->B_email ); - my $firstNonEmptyEmail = ''; - foreach my $address ( @emails ) { - $firstNonEmptyEmail = $address if length $address; - last if $firstNonEmptyEmail; - } + my $firstNonEmptyEmail; + $firstNonEmptyEmail = $emails[0] if @emails; # Is the given email one of the borrower's ? - if ( $email && !( grep { $_ eq $email } @emails ) ) { + if ( $email && !( grep /^$email$/i, @emails ) ) { $hasError = 1; $errNoBorrowerFound = 1; } -# If we dont have an email yet. Get one of the borrower's email or raise an error. - elsif ( !$email && !( $email = $firstNonEmptyEmail ) ) { + # If there is no given email, and there is no email on record + elsif ( !$email && !$firstNonEmptyEmail ) { $hasError = 1; $errNoBorrowerEmail = 1; } @@ -109,6 +100,10 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { DeleteExpiredPasswordRecovery( $borrower->borrowernumber ); } } + # Set the $email, if we don't have one. + if ( !$hasError && !$email ) { + $email = $firstNonEmptyEmail; + } } else { # 0 matching borrower $hasError = 1; @@ -128,7 +123,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { username => $username ); } - elsif ( SendPasswordRecoveryEmail( $borrower, $email, $query->param('resendEmail') ) ) { # generate uuid and send recovery email + elsif ( SendPasswordRecoveryEmail( $borrower, $email, scalar $query->param('resendEmail') ) ) { # generate uuid and send recovery email $template->param( mail_sent => 1, email => $email @@ -136,6 +131,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { } else { # if it doesn't work.... $template->param( + hasError => 1, password_recovery => 1, sendmailError => 1 ); @@ -144,37 +140,40 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { elsif ( $query->param('passwordReset') ) { ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); - #validate password length & match - if ( ($borrower_number) - && ( $password eq $repeatPassword ) - && ( length($password) >= $minPassLength ) ) - { #apply changes - Koha::Patrons->find($borrower_number)->update_password( $username, hash_password($password) ); - CompletePasswordRecovery($uniqueKey); - $template->param( - password_reset_done => 1, - username => $username - ); - } - else { #errors - if ( !$borrower_number ) { #parameters not valid - $errLinkNotValid = 1; - } - elsif ( $password ne $repeatPassword ) { #passwords does not match - $errPassNotMatch = 1; - } - elsif ( length($password) < $minPassLength ) { #password too short - $errPassTooShort = 1; + my $error; + if ( not $borrower_number ) { + $error = 'errLinkNotValid'; + } elsif ( $password ne $repeatPassword ) { + $error = 'errPassNotMatch'; + } else { + try { + Koha::Patrons->find($borrower_number)->set_password({ password => $password }); + + CompletePasswordRecovery($uniqueKey); + $template->param( + password_reset_done => 1, + username => $username + ); } + catch { + if ( $_->isa('Koha::Exceptions::Password::TooShort') ) { + $error = 'password_too_short'; + } + elsif ( $_->isa('Koha::Exceptions::Password::WhitespaceCharacters') ) { + $error = 'password_has_whitespaces'; + } + elsif ( $_->isa('Koha::Exceptions::Password::TooWeak') ) { + $error = 'password_too_weak'; + } + }; + } + if ( $error ) { $template->param( - new_password => 1, - minPassLength => $minPassLength, - email => $email, - uniqueKey => $uniqueKey, - errLinkNotValid => $errLinkNotValid, - errPassNotMatch => $errPassNotMatch, - errPassTooShort => $errPassTooShort, - hasError => 1 + new_password => 1, + email => $email, + uniqueKey => $uniqueKey, + hasError => 1, + $error => 1, ); } } @@ -188,7 +187,6 @@ elsif ($uniqueKey) { #reset password form $template->param( new_password => 1, - minPassLength => $minPassLength, email => $email, uniqueKey => $uniqueKey, username => $username,