diff --git a/application/controllers/UserManagementController.php b/application/controllers/UserManagementController.php
index b87eddc6d26..2c8924230d2 100644
--- a/application/controllers/UserManagementController.php
+++ b/application/controllers/UserManagementController.php
@@ -875,11 +875,10 @@ public function actionBatchSendAndResetLoginData()
if ($oUser->uid == 1) {
$aResults[$user]['error'] = gT("Error! You do not have the permission to edit this user.");
} else {
- $success = $this->resetLoginData($oUser, true)['success'];
- if ($success) {
- $oUser->modified = date('Y-m-d H:i:s');
- $aResults[$user]['result'] = $oUser->save();
- }
+ $passwordManagement = new \LimeSurvey\Models\Services\PasswordManagement($oUser);
+ $successData = $passwordManagement->sendPasswordLinkViaEmail(\LimeSurvey\Models\Services\PasswordManagement::EMAIL_TYPE_RESET_PW);
+ $success = $successData['success'];
+ $aResults[$user]['result'] = $success;
}
}
}
@@ -1112,24 +1111,6 @@ public function loadModel($id)
return $model;
}
- /**
- * Creates a random password through the core plugin
- *
- * @param int $length Length of the password
- * @return string
- */
- /*
- * --> moved to service class PasswordManagement
- protected function getRandomPassword($length = 8)
- {
- $oGetPasswordEvent = new PluginEvent('createRandomPassword');
- $oGetPasswordEvent->set('targetSize', $length);
- Yii::app()->getPluginManager()->dispatchEvent($oGetPasswordEvent);
-
- return $oGetPasswordEvent->get('password');
- }
- */
-
/**
* Update admin-user
*
@@ -1276,91 +1257,6 @@ public function createNewUser($aUser)
return User::model()->findByPk($iNewUID)->attributes;
}
- /**
- * Send the registration email to a new survey administrator
- *
- * REFACTORED moved to service class PasswordManagement
- *
- * @param string $type two types are available 'resetPassword' or 'registration', default is 'registration'
- * @param array $aUser
- * @param null $newPassword
- * @return LimeMailer if send is successfull
- * @throws \PHPMailer\PHPMailer\Exception
- */
- /*
- public function sendAdminMail($aUser, $type = 'registration')
- {
-
- switch ($type) {
- case "resetPassword":
- $renderArray = [
- 'surveyapplicationname' => Yii::app()->getConfig("sitename"),
- 'emailMessage' => sprintf(gT("Hello %s,"), $aUser['full_name']) . "
"
- . sprintf(gT("This is an automated email to notify you that your login credentials for '%s' have been reset."), Yii::app()->getConfig("sitename")),
- 'credentialsText' => gT("Here are your new credentials."),
- 'siteadminemail' => Yii::app()->getConfig("siteadminemail"),
- 'linkToAdminpanel' => $this->createAbsoluteUrl("/admin"),
- 'username' => $aUser['users_name'],
- 'password' => $aUser['rawPassword'],
- 'mainLogoFile' => LOGO_URL,
- 'showPasswordSection' => Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $aUser['uid']),
- 'showPassword' => (Yii::app()->getConfig("display_user_password_in_email") === true),
- ];
- $subject = "[" . Yii::app()->getConfig("sitename") . "] " . gT("Your login credentials have been reset");
- $body = Yii::app()->getController()->renderPartial('partial/usernotificationemail', $renderArray, true);
- break;
- case 'registration':
- default:
- //Get email template from globalSettings
- $aAdminEmail = $this->generateAdminCreationEmail($aUser['full_name'], $aUser['users_name'], $aUser['password'], $aUser['uid']);
- $subject = $aAdminEmail["subject"];
- $body = $aAdminEmail["body"];
- break;
- }
-
- $emailType = "addadminuser";
-
- $oCurrentlyLoggedInUser = User::model()->findByPk(Yii::app()->user->id);
-
- $mailer = new LimeMailer();
- $mailer->addAddress($aUser['email'], $aUser['full_name']);
- $mailer->Subject = $subject;
- $mailer->setFrom($oCurrentlyLoggedInUser->email, $oCurrentlyLoggedInUser->users_name);
- $mailer->Body = $body;
- $mailer->isHtml(true);
- $mailer->emailType = $emailType;
- $mailer->sendMessage();
- return $mailer;
- }
- */
-
- /**
- * Resets the password for one user
- *
- * REFACTORED moved to service class PasswordManagement
- *
- * @param User $oUser User model
- * @param bool $sendMail Send a mail to the user
- * @return array [success, uid, username, password]
- * @throws CException
- * @throws \PHPMailer\PHPMailer\Exception
- */
- /*
- public function resetLoginData(&$oUser, $sendMail = false)
- {
- $newPassword = $this->getRandomPassword(8);
- $oUser->setPassword($newPassword);
- $success = true;
- if ($sendMail === true) {
- $aUser = $oUser->attributes;
- $aUser['rawPassword'] = $newPassword;
- $success = $this->sendAdminMail($aUser, 'resetPassword');
- }
- return [
- 'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword,
- ];
- }*/
-
/**
* todo this should not be in a controller, find a better place for it (view)
*
@@ -1416,55 +1312,6 @@ protected function getRandomString()
return hash('sha256', bin2hex($uiq));
}
-
- /**
- *
- * This function prepare the email template to send to the new created user
- *
- * REFACTORED NOW IN service class PasswordManagement
- *
- *
- * @param string $fullname
- * @param string $username
- * @param string $password
- * @return mixed $aAdminEmail array with subject and email nody
- */
- /*
- public function generateAdminCreationEmail($fullname, $username, $password, $iNewUID)
- {
- $aAdminEmail = [];
- $siteName = Yii::app()->getConfig("sitename");
- //todo instead of login url it should be link for setting a password
- //$loginUrl = $this->createAbsoluteUrl("/admin");
- $siteAdminEmail = Yii::app()->getConfig("siteadminemail");
- $emailSubject = Yii::app()->getConfig("admincreationemailsubject");
- $emailTemplate = Yii::app()->getConfig("admincreationemailtemplate");
-
- // authent is not delegated to web server or LDAP server
- if (Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $iNewUID)) {
- // send password (if authorized by config)
- if (!Yii::app()->getConfig("display_user_password_in_email") === true) {
- $password = "
" . gT("Please contact your LimeSurvey administrator for your password.") . "
"; - } - } - - //Replace placeholder in Email subject - $emailSubject = str_replace("{SITENAME}", $siteName, $emailSubject); - $emailSubject = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailSubject); - - //Replace placeholder in Email body - $emailTemplate = str_replace("{SITENAME}", $siteName, $emailTemplate); - $emailTemplate = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailTemplate); - $emailTemplate = str_replace("{FULLNAME}", $fullname, $emailTemplate); - $emailTemplate = str_replace("{USERNAME}", $username, $emailTemplate); - // $emailTemplate = str_replace("{LOGINURL}", $loginUrl, $emailTemplate); - - $aAdminEmail['subject'] = $emailSubject; - $aAdminEmail['body'] = $emailTemplate; - - return $aAdminEmail; - } */ - /** * Adds permission to a users * Needs an array in the form of [PERMISSIONID][PERMISSION] diff --git a/application/controllers/admin/authentication.php b/application/controllers/admin/authentication.php index 98c4dc42672..54bb94f1b1b 100644 --- a/application/controllers/admin/authentication.php +++ b/application/controllers/admin/authentication.php @@ -195,6 +195,7 @@ public static function prepareLogin() /** * This action sets a password for new user or resets a password for an existing user. * If validation time is expired, no password will be changed. + * After password has been changed successfully it redirects to LogIn-Page. * */ public function newPassword(){ @@ -258,15 +259,7 @@ public function newPassword(){ 'validationKey'=> $user->validation_key ]; - $this->_renderWrappedTemplate('authentication', 'newPassword', $aData); - - /* - $this->getController()->render('newPassword',[ - 'errorExists' => $errorExists, - 'errorMasg' => $errorMsg, - 'randomPassword', $randomPassword - ]);*/ } /** diff --git a/application/models/services/PasswordManagement.php b/application/models/services/PasswordManagement.php index 52167557031..a3a3fd655c8 100644 --- a/application/models/services/PasswordManagement.php +++ b/application/models/services/PasswordManagement.php @@ -5,7 +5,7 @@ /** * This class contains all functions for the process of password reset and creating new administration users - * and sending email to those. + * and sending email to those with a link to set the password. * * All this functions were implemented in UserManagementController before. * @@ -75,16 +75,18 @@ public function generateAdminCreationEmail() * Sets the validationKey and the validationKey expiration and * sends email to the user, containing the link to set/reset password. * + * @param string $emailType this could be 'registration' or 'resetPassword' (see const in this class) + * * @return array message if sending email to user was successful * * @throws \PHPMailer\PHPMailer\Exception */ - public function sendPasswordLinkViaEmail(){ + public function sendPasswordLinkViaEmail($emailType){ $success = true; $this->user->setValidationKey(); $this->user->setValidationExpiration(); - $mailer = $this->sendAdminMail('registration'); + $mailer = $this->sendAdminMail($emailType); if ($mailer->getError()) { $sReturnMessage = \CHtml::tag("h4", array(), gT("Error")); @@ -107,7 +109,7 @@ public function sendPasswordLinkViaEmail(){ } /** - * Send a link for the user to set a new password (forgot password functionality) + * Send a link to email of the user to set a new password (forgot password functionality) * * @return string message for user */ @@ -145,6 +147,8 @@ public function sendForgotPasswordEmailLink() /** * Creates a random password through the core plugin * + * @todo it's fine to use static functions, until it is used only in controllers ... + * * @param int $length Length of the password * @return string */ @@ -157,36 +161,13 @@ public static function getRandomPassword($length = self::MIN_PASSWORD_LENGTH) return $oGetPasswordEvent->get('password'); } - /** - * Resets the password for one user - * - * @param User $oUser User model - * @param bool $sendMail Send a mail to the user - * @return array [success, uid, username, password] - * @throws CException - * @throws \PHPMailer\PHPMailer\Exception - */ - public function resetLoginData(&$oUser, $sendMail = false) - { - $newPassword = $this->getRandomPassword(8); - $oUser->setPassword($newPassword); - $success = true; - if ($sendMail === true) { - $aUser = $oUser->attributes; - $aUser['rawPassword'] = $newPassword; - $success = $this->sendAdminMail($aUser, 'resetPassword'); - } - return [ - 'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword, - ]; - } - /** * Send the registration email to a new survey administrator * * @param string $type two types are available 'resetPassword' or 'registration', default is 'registration' - * @param null $newPassword + * * @return \LimeMailer if send is successfull + * * @throws \PHPMailer\PHPMailer\Exception */ private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION) @@ -203,7 +184,7 @@ private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION) 'siteadminemail' => \Yii::app()->getConfig("siteadminemail"), 'linkToAdminpanel' => $absolutUrl, 'username' => $this->user->users_name, - //'password' => $this->user->ra$aUser['rawPassword'], + 'password' => gT('Click the following link to reset your password') . ': ' . \Yii::app()->getController()->createAbsoluteUrl('admin/authentication/sa/newPassword/param/' . $this->user->validation_key), 'mainLogoFile' => LOGO_URL, 'showPasswordSection' => \Yii::app()->getConfig("auth_webserver") === false && \Permission::model()->hasGlobalPermission('auth_db', 'read', $this->user->uid), 'showPassword' => (\Yii::app()->getConfig("display_user_password_in_email") === true),