Skip to content

Commit

Permalink
dev: changes for massive action (Reset login data): no password will …
Browse files Browse the repository at this point in the history 
…be send, only a link to reset the password
  • Loading branch information
@Trischi80
Trischi80 committed Apr 23, 2021
1 parent 0d69b68 commit a7fffe2
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 195 deletions.
161 changes: 4 additions & 157 deletions application/controllers/UserManagementController.php
View file
Expand Up @@ -875,11 +875,10 @@ public function actionBatchSendAndResetLoginData()
if ($oUser->uid == 1) {
$aResults[$user]['error'] = gT("Error! You do not have the permission to edit this user.");
} else {
$success = $this->resetLoginData($oUser, true)['success'];
if ($success) {
$oUser->modified = date('Y-m-d H:i:s');
$aResults[$user]['result'] = $oUser->save();
}
$passwordManagement = new \LimeSurvey\Models\Services\PasswordManagement($oUser);
$successData = $passwordManagement->sendPasswordLinkViaEmail(\LimeSurvey\Models\Services\PasswordManagement::EMAIL_TYPE_RESET_PW);
$success = $successData['success'];
$aResults[$user]['result'] = $success;
}
}
}
Expand Down Expand Up @@ -1112,24 +1111,6 @@ public function loadModel($id)
return $model;
}

/**
* Creates a random password through the core plugin
*
* @param int $length Length of the password
* @return string
*/
/*
* --> moved to service class PasswordManagement
protected function getRandomPassword($length = 8)
{
$oGetPasswordEvent = new PluginEvent('createRandomPassword');
$oGetPasswordEvent->set('targetSize', $length);
Yii::app()->getPluginManager()->dispatchEvent($oGetPasswordEvent);
return $oGetPasswordEvent->get('password');
}
*/

/**
* Update admin-user
*
Expand Down Expand Up @@ -1276,91 +1257,6 @@ public function createNewUser($aUser)
return User::model()->findByPk($iNewUID)->attributes;
}

/**
* Send the registration email to a new survey administrator
*
* REFACTORED moved to service class PasswordManagement
*
* @param string $type two types are available 'resetPassword' or 'registration', default is 'registration'
* @param array $aUser
* @param null $newPassword
* @return LimeMailer if send is successfull
* @throws \PHPMailer\PHPMailer\Exception
*/
/*
public function sendAdminMail($aUser, $type = 'registration')
{
switch ($type) {
case "resetPassword":
$renderArray = [
'surveyapplicationname' => Yii::app()->getConfig("sitename"),
'emailMessage' => sprintf(gT("Hello %s,"), $aUser['full_name']) . "<br />"
. sprintf(gT("This is an automated email to notify you that your login credentials for '%s' have been reset."), Yii::app()->getConfig("sitename")),
'credentialsText' => gT("Here are your new credentials."),
'siteadminemail' => Yii::app()->getConfig("siteadminemail"),
'linkToAdminpanel' => $this->createAbsoluteUrl("/admin"),
'username' => $aUser['users_name'],
'password' => $aUser['rawPassword'],
'mainLogoFile' => LOGO_URL,
'showPasswordSection' => Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $aUser['uid']),
'showPassword' => (Yii::app()->getConfig("display_user_password_in_email") === true),
];
$subject = "[" . Yii::app()->getConfig("sitename") . "] " . gT("Your login credentials have been reset");
$body = Yii::app()->getController()->renderPartial('partial/usernotificationemail', $renderArray, true);
break;
case 'registration':
default:
//Get email template from globalSettings
$aAdminEmail = $this->generateAdminCreationEmail($aUser['full_name'], $aUser['users_name'], $aUser['password'], $aUser['uid']);
$subject = $aAdminEmail["subject"];
$body = $aAdminEmail["body"];
break;
}
$emailType = "addadminuser";
$oCurrentlyLoggedInUser = User::model()->findByPk(Yii::app()->user->id);
$mailer = new LimeMailer();
$mailer->addAddress($aUser['email'], $aUser['full_name']);
$mailer->Subject = $subject;
$mailer->setFrom($oCurrentlyLoggedInUser->email, $oCurrentlyLoggedInUser->users_name);
$mailer->Body = $body;
$mailer->isHtml(true);
$mailer->emailType = $emailType;
$mailer->sendMessage();
return $mailer;
}
*/

/**
* Resets the password for one user
*
* REFACTORED moved to service class PasswordManagement
*
* @param User $oUser User model
* @param bool $sendMail Send a mail to the user
* @return array [success, uid, username, password]
* @throws CException
* @throws \PHPMailer\PHPMailer\Exception
*/
/*
public function resetLoginData(&$oUser, $sendMail = false)
{
$newPassword = $this->getRandomPassword(8);
$oUser->setPassword($newPassword);
$success = true;
if ($sendMail === true) {
$aUser = $oUser->attributes;
$aUser['rawPassword'] = $newPassword;
$success = $this->sendAdminMail($aUser, 'resetPassword');
}
return [
'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword,
];
}*/

/**
* todo this should not be in a controller, find a better place for it (view)
*
Expand Down Expand Up @@ -1416,55 +1312,6 @@ protected function getRandomString()
return hash('sha256', bin2hex($uiq));
}


/**
*
* This function prepare the email template to send to the new created user
*
* REFACTORED NOW IN service class PasswordManagement
*
*
* @param string $fullname
* @param string $username
* @param string $password
* @return mixed $aAdminEmail array with subject and email nody
*/
/*
public function generateAdminCreationEmail($fullname, $username, $password, $iNewUID)
{
$aAdminEmail = [];
$siteName = Yii::app()->getConfig("sitename");
//todo instead of login url it should be link for setting a password
//$loginUrl = $this->createAbsoluteUrl("/admin");
$siteAdminEmail = Yii::app()->getConfig("siteadminemail");
$emailSubject = Yii::app()->getConfig("admincreationemailsubject");
$emailTemplate = Yii::app()->getConfig("admincreationemailtemplate");
// authent is not delegated to web server or LDAP server
if (Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $iNewUID)) {
// send password (if authorized by config)
if (!Yii::app()->getConfig("display_user_password_in_email") === true) {
$password = "<p>" . gT("Please contact your LimeSurvey administrator for your password.") . "</p>";
}
}
//Replace placeholder in Email subject
$emailSubject = str_replace("{SITENAME}", $siteName, $emailSubject);
$emailSubject = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailSubject);
//Replace placeholder in Email body
$emailTemplate = str_replace("{SITENAME}", $siteName, $emailTemplate);
$emailTemplate = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailTemplate);
$emailTemplate = str_replace("{FULLNAME}", $fullname, $emailTemplate);
$emailTemplate = str_replace("{USERNAME}", $username, $emailTemplate);
// $emailTemplate = str_replace("{LOGINURL}", $loginUrl, $emailTemplate);
$aAdminEmail['subject'] = $emailSubject;
$aAdminEmail['body'] = $emailTemplate;
return $aAdminEmail;
} */

/**
* Adds permission to a users
* Needs an array in the form of [PERMISSIONID][PERMISSION]
Expand Down
9 changes: 1 addition & 8 deletions application/controllers/admin/authentication.php
View file
Expand Up @@ -195,6 +195,7 @@ public static function prepareLogin()
/**
* This action sets a password for new user or resets a password for an existing user.
* If validation time is expired, no password will be changed.
* After password has been changed successfully it redirects to LogIn-Page.
*
*/
public function newPassword(){
Expand Down Expand Up @@ -258,15 +259,7 @@ public function newPassword(){
'validationKey'=> $user->validation_key
];


$this->_renderWrappedTemplate('authentication', 'newPassword', $aData);

/*
$this->getController()->render('newPassword',[
'errorExists' => $errorExists,
'errorMasg' => $errorMsg,
'randomPassword', $randomPassword
]);*/
}

/**
Expand Down
41 changes: 11 additions & 30 deletions application/models/services/PasswordManagement.php
View file
Expand Up @@ -5,7 +5,7 @@

/**
* This class contains all functions for the process of password reset and creating new administration users
* and sending email to those.
* and sending email to those with a link to set the password.
*
* All this functions were implemented in UserManagementController before.
*
Expand Down Expand Up @@ -75,16 +75,18 @@ public function generateAdminCreationEmail()
* Sets the validationKey and the validationKey expiration and
* sends email to the user, containing the link to set/reset password.
*
* @param string $emailType this could be 'registration' or 'resetPassword' (see const in this class)
*
* @return array message if sending email to user was successful
*
* @throws \PHPMailer\PHPMailer\Exception
*/
public function sendPasswordLinkViaEmail(){
public function sendPasswordLinkViaEmail($emailType){

$success = true;
$this->user->setValidationKey();
$this->user->setValidationExpiration();
$mailer = $this->sendAdminMail('registration');
$mailer = $this->sendAdminMail($emailType);

if ($mailer->getError()) {
$sReturnMessage = \CHtml::tag("h4", array(), gT("Error"));
Expand All @@ -107,7 +109,7 @@ public function sendPasswordLinkViaEmail(){
}

/**
* Send a link for the user to set a new password (forgot password functionality)
* Send a link to email of the user to set a new password (forgot password functionality)
*
* @return string message for user
*/
Expand Down Expand Up @@ -145,6 +147,8 @@ public function sendForgotPasswordEmailLink()
/**
* Creates a random password through the core plugin
*
* @todo it's fine to use static functions, until it is used only in controllers ...
*
* @param int $length Length of the password
* @return string
*/
Expand All @@ -157,36 +161,13 @@ public static function getRandomPassword($length = self::MIN_PASSWORD_LENGTH)
return $oGetPasswordEvent->get('password');
}

/**
* Resets the password for one user
*
* @param User $oUser User model
* @param bool $sendMail Send a mail to the user
* @return array [success, uid, username, password]
* @throws CException
* @throws \PHPMailer\PHPMailer\Exception
*/
public function resetLoginData(&$oUser, $sendMail = false)
{
$newPassword = $this->getRandomPassword(8);
$oUser->setPassword($newPassword);
$success = true;
if ($sendMail === true) {
$aUser = $oUser->attributes;
$aUser['rawPassword'] = $newPassword;
$success = $this->sendAdminMail($aUser, 'resetPassword');
}
return [
'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword,
];
}

/**
* Send the registration email to a new survey administrator
*
* @param string $type two types are available 'resetPassword' or 'registration', default is 'registration'
* @param null $newPassword
*
* @return \LimeMailer if send is successfull
*
* @throws \PHPMailer\PHPMailer\Exception
*/
private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION)
Expand All @@ -203,7 +184,7 @@ private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION)
'siteadminemail' => \Yii::app()->getConfig("siteadminemail"),
'linkToAdminpanel' => $absolutUrl,
'username' => $this->user->users_name,
//'password' => $this->user->ra$aUser['rawPassword'],
'password' => gT('Click the following link to reset your password') . ': ' . \Yii::app()->getController()->createAbsoluteUrl('admin/authentication/sa/newPassword/param/' . $this->user->validation_key),
'mainLogoFile' => LOGO_URL,
'showPasswordSection' => \Yii::app()->getConfig("auth_webserver") === false && \Permission::model()->hasGlobalPermission('auth_db', 'read', $this->user->uid),
'showPassword' => (\Yii::app()->getConfig("display_user_password_in_email") === true),
Expand Down

0 comments on commit a7fffe2

Please sign in to comment.