Skip to content

Commit

Permalink
Item14506: More work on ChangePassword REST Handler
Browse files Browse the repository at this point in the history 
And the ChangePassword topic.
  • Loading branch information
@gac410
gac410 committed Oct 12, 2017
1 parent 868047c commit 09bc84c
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 25 deletions.
12 changes: 7 additions & 5 deletions PasswordManagementPlugin/data/System/ChangePassword.txt
View file
Expand Up @@ -37,15 +37,17 @@ Once your password has been changed, the restriction will be removed."}%

<form name="changepasswd" action="%SCRIPTURLPATH{"rest"}%/PasswordManagementPlugin/changePassword" method="post">
<div id="changePassword" class="foswikiFormSteps">
<div class="foswikiFormStep">
<h3>User ID (WikiName or Login name) <span class="required">Required</span></h3>
<div class="col1">
%IF{"context isadmin" then="
<div class='foswikiFormStep'>
<h3>User ID (WikiName or Login name) <span class='required'>Required</span></h3>
<div class='col1'>
<p>
<input type="text" name="username" value="%WIKINAME%" size="40" class="foswikiInputField" />
<input type='text' name='username' value='%WIKINAME%' size='40' class='foswikiInputField' />
</p>
</div><!--//col1-->
<div class="foswikiClear"></div>
<div class='foswikiClear'></div>
</div><!--//foswikiFormStep-->
"}%
%IF{"'%SESSION_VARIABLE{"FOSWIKI_TOPICRESTRICTION"}%' = '%WEB%.%TOPIC%'" else="
<div class='foswikiFormStep'>
<h3>%MAKETEXT{"Current password:"}%</h3>
Expand Down
2 changes: 1 addition & 1 deletion PasswordManagementPlugin/lib/Foswiki/Plugins/PasswordManagementPlugin.pm
View file
Expand Up @@ -43,7 +43,7 @@ sub initPlugin {

Foswiki::Func::registerRESTHandler(
'resetPassword', \&_RESTresetPassword,
validate => 0,
validate => $Foswiki::cfg{Validation}{Method} eq 'none' ? 0 : 1,
authenticate => 0,
http_allow => 'POST',
description => 'Generate a Passord reset token and email to the user.',
Expand Down
37 changes: 18 additions & 19 deletions PasswordManagementPlugin/lib/Foswiki/Plugins/PasswordManagementPlugin/Core.pm
View file
Expand Up @@ -71,6 +71,8 @@ sub _RESTresetPassword {
);
}

# TOPICRESTRICTION - locks session down to a single topic
# PASSWORDRESET - Bypasses checking of old password.
my $token = Foswiki::LoginManager::generateLoginToken(
$user,
{
Expand Down Expand Up @@ -109,7 +111,7 @@ sub _RESTresetPassword {
FirstLastName => Foswiki::spaceOutWikiWord($wn),
WikiName => $wn,
EmailAddress => $email,
TokenLife => $Foswiki::cfg{Login}{TokenLifetime},
TokenLife => $Foswiki::cfg{Login}{TokenLifetime} || 900,
AuthToken => $token,
}
);
Expand Down Expand Up @@ -144,15 +146,14 @@ sub _RESTresetPassword {
params => [ $Foswiki::cfg{Login}{TokenLifetime}, $errors ]
);
}

#else {
# throw Foswiki::OopsException(
# 'register',
# topic => $Foswiki::cfg{HomeTopicName},
# def => 'reset_bad',
# params => [$message]
# );
#}
else {
throw Foswiki::OopsException(
'password',
topic => $Foswiki::cfg{HomeTopicName},
def => 'reset_bad',
params => [$errors]
);
}
}

=begin TML
Expand Down Expand Up @@ -191,13 +192,14 @@ sub _RESTchangePassword {

my $users = $session->{users};

unless ($login) {
throw Foswiki::OopsException(
'register',
web => $webName,
topic => $topic,
my $user = Foswiki::Func::getCanonicalUserID($login);
unless ( $user && $session->{users}->userExists($user) ) {
throw Foswiki::OopEexception(
'password',
status => 200,
topic => $Foswiki::cfg{hometopicname},
def => 'not_a_user',
params => [$login]
params => [$user],
);
}

Expand Down Expand Up @@ -273,9 +275,6 @@ sub _RESTchangePassword {
);
}

# Parameters have been checked, check the validation key
Foswiki::UI::checkValidationKey($session);

# OK - password may be changed
unless ( $users->setPassword( $cUID, $passwordA, $oldpassword ) ) {
throw Foswiki::OopsException(
Expand Down

0 comments on commit 09bc84c

Please sign in to comment.