Modifié par Onet Admin le 2022/03/31 17:29

Afficher les derniers auteurs
1 {{velocity}}
2 #**
3 This page starts the password reset procedure. It works according to the next algorithm:
4 1. Display a form requesting the username
5 2. When receiving the username via form submission, generate a random verification string which is stored (as a hash) inside a ResetPasswordRequestClass object attached to the user's profile page. If no such object exists, it is created, but an existing object will be reused, meaning that at most one password reset request can be active at a moment.
6 3. Send an email to the address configured in the user's profile, containing a link to the second step of the password reset procedure.
7
8 URL parameters:
9
10 u = user account sent in the form
11 *###
12 ##
13 ##
14 ## The name of the class used for storing password reset verification data.
15 #set ($verifClass = 'XWiki.ResetPasswordRequestClass')
16 #set ($userName = "$!request.get('u')")
17 ## First step, display the form requesting the username
18 #if ($userName == '' || !$services.csrf.isTokenValid($request.form_token))
19 {{translation key="xe.admin.passwordReset.instructions"/}}
20
21 {{html}}
22 <form method="post" action="$doc.getURL()" class="xformInline">
23 <div>
24 <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
25 <label for="u">$services.localization.render('xe.admin.passwordReset.username.label')</label> <input type="text" id="u" name="u"/> <span class="buttonwrapper"><input type="submit" value="$services.localization.render('xe.admin.passwordReset.submit')" class="button"/></span>
26 </div>
27 </form>
28 {{/html}}
29 #else## Second step, generate the verification string, store it, and send the email
30 ## TODO: Once the usernames are not bound to the XWiki space, revisit this code
31 #if ($userName.indexOf('.') != -1)
32 #set ($userDoc = $xwiki.getDocumentAsAuthor(${userName}))
33 #else
34 #set ($userDoc = $xwiki.getDocumentAsAuthor("XWiki.${userName}"))
35 #end
36 ## Check if the user exists and has a valid email address configured in his profile
37 #set ($userObj = '')
38 #set ($userObj = $userDoc.getObject('XWiki.XWikiUsers'))
39 ## If local user does not exist check global user
40 #if (!$userObj && ${xcontext.database} != ${xcontext.mainWikiName})
41 #if ($userName.indexOf('.') != -1)
42 #set ($userDoc = $xwiki.getDocumentAsAuthor("${xcontext.mainWikiName}:${userName}"))
43 #else
44 #set ($userDoc = $xwiki.getDocumentAsAuthor("${xcontext.mainWikiName}:XWiki.${userName}"))
45 #end
46 #set ($userObj = $userDoc.getObject('XWiki.XWikiUsers'))
47 #end
48 #if (!$userObj)
49
50 {{warning}}$services.localization.render('xe.admin.passwordReset.error.noUser', ["//${escapetool.xml($userName)}//"]){{/warning}}
51
52 #elseif ($userDoc.getObject('XWiki.LDAPProfileClass'))
53
54 {{warning}}$services.localization.render('xe.admin.passwordReset.error.ldapUser', ["//${escapetool.xml($userName)}//"]){{/warning}}
55
56 #else
57 #set ($userEmail = $userObj.getProperty('email').value)
58 #if ("$!userEmail" == '')
59
60 {{error}}{{translation key="xe.admin.passwordReset.error.noEmail"/}}{{/error}}
61
62 #else
63 ## Find the object that will hold the verification string
64 #set ($verifObj = '')
65 #set ($verifObj = $userDoc.getObject($verifClass, true))
66 ## Generate a random string
67 #set ($verifStr = $util.generateRandomString(30))
68 ## If the class is correctly configured, the string should automatically be stored as a hash
69 #set ($discard = $verifObj.set('verification', $verifStr))
70 #set ($discard = $userDoc.saveAsAuthor($services.localization.render('xe.admin.passwordReset.versionComment'), true))
71 ## Compose the verification URL
72 #set ($userDocRef = $escapetool.url($services.model.serialize($userDoc.documentReference, 'default')))
73 #set ($passwordResetURL = $xwiki.getDocument("XWiki.ResetPasswordComplete").getExternalURL('view', "u=${userDocRef}&v=${verifStr}"))
74 ## Send the email
75 #set ($from = $services.mail.sender.configuration.fromAddress)
76 #if ("$!from" == '')
77 #set ($from = "no-reply@${request.serverName}")
78 #end
79 #set ($mailTemplateReference = $services.model.createDocumentReference('', 'XWiki', 'ResetPasswordMailContent'))
80 #set ($mailParameters = {'from' : $from, 'to' : $userEmail, 'language' : $xcontext.locale})
81 #set ($message = $services.mail.sender.createMessage('template', $mailTemplateReference, $mailParameters))
82 #set ($discard = $message.setType('Reset Password'))
83 #macro (displayError $text)
84
85 {{html}}
86 <div class="xwikirenderingerror" title="Click to get more details about the error" style="cursor: pointer;">
87 $services.localization.render('xe.admin.passwordReset.error.emailFailed')
88 </div>
89 <div class="xwikirenderingerrordescription hidden">
90 <pre>${text}</pre>
91 </div>
92 {{/html}}
93
94 #end
95 ## Check for an error constructing the message!
96 #if ($services.mail.sender.lastError)
97 #displayError($exceptiontool.getStackTrace($services.mail.sender.lastError))
98 #else
99 ## Send the message and wait for it to be sent or for any error to be raised.
100 #set ($mailResult = $services.mail.sender.send([$message], 'database'))
101 ## Check for errors during the send
102 #if ($services.mail.sender.lastError)
103 #displayError($exceptiontool.getStackTrace($services.mail.sender.lastError))
104 #else
105 #set ($failedMailStatuses = $mailResult.statusResult.getAllErrors())
106 #if ($failedMailStatuses.hasNext())
107 #set ($mailStatus = $failedMailStatuses.next())
108 #displayError($mailStatus.errorDescription)
109 #else
110
111 {{info}}$services.localization.render('xe.admin.passwordReset.emailSent', ["$userDoc.display('email', $userObj)"]){{/info}}
112
113 #end
114 #end
115 #end
116 #end
117 #end
118 [[{{translation key="xe.admin.passwordReset.error.retry"/}}>>$doc.fullName]] | [[{{translation key="xe.admin.passwordReset.error.recoverUsername"/}}>>ForgotUsername]] | [[{{translation key="xe.admin.passwordReset.login"/}}>>path:$xwiki.getURL('XWiki.XWikiLogin', 'login')]]
119 #end
120 ## Clear private variables, so that they cannot be accessed from the rest of the page (comments, panels...)
121 #set ($verifStr = '')
122 #set ($passwordResetURL = '')
123 {{/velocity}}