diff --git a/application/controllers/UserManagementController.php b/application/controllers/UserManagementController.php
index b87eddc6d26..2c8924230d2 100644
--- a/application/controllers/UserManagementController.php
+++ b/application/controllers/UserManagementController.php
@@ -875,11 +875,10 @@ public function actionBatchSendAndResetLoginData()
if ($oUser->uid == 1) {
$aResults[$user]['error'] = gT("Error! You do not have the permission to edit this user.");
} else {
- $success = $this->resetLoginData($oUser, true)['success'];
- if ($success) {
- $oUser->modified = date('Y-m-d H:i:s');
- $aResults[$user]['result'] = $oUser->save();
- }
+ $passwordManagement = new \LimeSurvey\Models\Services\PasswordManagement($oUser);
+ $successData = $passwordManagement->sendPasswordLinkViaEmail(\LimeSurvey\Models\Services\PasswordManagement::EMAIL_TYPE_RESET_PW);
+ $success = $successData['success'];
+ $aResults[$user]['result'] = $success;
}
}
}
@@ -1112,24 +1111,6 @@ public function loadModel($id)
return $model;
}
- /**
- * Creates a random password through the core plugin
- *
- * @param int $length Length of the password
- * @return string
- */
- /*
- * --> moved to service class PasswordManagement
- protected function getRandomPassword($length = 8)
- {
- $oGetPasswordEvent = new PluginEvent('createRandomPassword');
- $oGetPasswordEvent->set('targetSize', $length);
- Yii::app()->getPluginManager()->dispatchEvent($oGetPasswordEvent);
-
- return $oGetPasswordEvent->get('password');
- }
- */
-
/**
* Update admin-user
*
@@ -1276,91 +1257,6 @@ public function createNewUser($aUser)
return User::model()->findByPk($iNewUID)->attributes;
}
- /**
- * Send the registration email to a new survey administrator
- *
- * REFACTORED moved to service class PasswordManagement
- *
- * @param string $type two types are available 'resetPassword' or 'registration', default is 'registration'
- * @param array $aUser
- * @param null $newPassword
- * @return LimeMailer if send is successfull
- * @throws \PHPMailer\PHPMailer\Exception
- */
- /*
- public function sendAdminMail($aUser, $type = 'registration')
- {
-
- switch ($type) {
- case "resetPassword":
- $renderArray = [
- 'surveyapplicationname' => Yii::app()->getConfig("sitename"),
- 'emailMessage' => sprintf(gT("Hello %s,"), $aUser['full_name']) . "
"
- . sprintf(gT("This is an automated email to notify you that your login credentials for '%s' have been reset."), Yii::app()->getConfig("sitename")),
- 'credentialsText' => gT("Here are your new credentials."),
- 'siteadminemail' => Yii::app()->getConfig("siteadminemail"),
- 'linkToAdminpanel' => $this->createAbsoluteUrl("/admin"),
- 'username' => $aUser['users_name'],
- 'password' => $aUser['rawPassword'],
- 'mainLogoFile' => LOGO_URL,
- 'showPasswordSection' => Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $aUser['uid']),
- 'showPassword' => (Yii::app()->getConfig("display_user_password_in_email") === true),
- ];
- $subject = "[" . Yii::app()->getConfig("sitename") . "] " . gT("Your login credentials have been reset");
- $body = Yii::app()->getController()->renderPartial('partial/usernotificationemail', $renderArray, true);
- break;
- case 'registration':
- default:
- //Get email template from globalSettings
- $aAdminEmail = $this->generateAdminCreationEmail($aUser['full_name'], $aUser['users_name'], $aUser['password'], $aUser['uid']);
- $subject = $aAdminEmail["subject"];
- $body = $aAdminEmail["body"];
- break;
- }
-
- $emailType = "addadminuser";
-
- $oCurrentlyLoggedInUser = User::model()->findByPk(Yii::app()->user->id);
-
- $mailer = new LimeMailer();
- $mailer->addAddress($aUser['email'], $aUser['full_name']);
- $mailer->Subject = $subject;
- $mailer->setFrom($oCurrentlyLoggedInUser->email, $oCurrentlyLoggedInUser->users_name);
- $mailer->Body = $body;
- $mailer->isHtml(true);
- $mailer->emailType = $emailType;
- $mailer->sendMessage();
- return $mailer;
- }
- */
-
- /**
- * Resets the password for one user
- *
- * REFACTORED moved to service class PasswordManagement
- *
- * @param User $oUser User model
- * @param bool $sendMail Send a mail to the user
- * @return array [success, uid, username, password]
- * @throws CException
- * @throws \PHPMailer\PHPMailer\Exception
- */
- /*
- public function resetLoginData(&$oUser, $sendMail = false)
- {
- $newPassword = $this->getRandomPassword(8);
- $oUser->setPassword($newPassword);
- $success = true;
- if ($sendMail === true) {
- $aUser = $oUser->attributes;
- $aUser['rawPassword'] = $newPassword;
- $success = $this->sendAdminMail($aUser, 'resetPassword');
- }
- return [
- 'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword,
- ];
- }*/
-
/**
* todo this should not be in a controller, find a better place for it (view)
*
@@ -1416,55 +1312,6 @@ protected function getRandomString()
return hash('sha256', bin2hex($uiq));
}
-
- /**
- *
- * This function prepare the email template to send to the new created user
- *
- * REFACTORED NOW IN service class PasswordManagement
- *
- *
- * @param string $fullname
- * @param string $username
- * @param string $password
- * @return mixed $aAdminEmail array with subject and email nody
- */
- /*
- public function generateAdminCreationEmail($fullname, $username, $password, $iNewUID)
- {
- $aAdminEmail = [];
- $siteName = Yii::app()->getConfig("sitename");
- //todo instead of login url it should be link for setting a password
- //$loginUrl = $this->createAbsoluteUrl("/admin");
- $siteAdminEmail = Yii::app()->getConfig("siteadminemail");
- $emailSubject = Yii::app()->getConfig("admincreationemailsubject");
- $emailTemplate = Yii::app()->getConfig("admincreationemailtemplate");
-
- // authent is not delegated to web server or LDAP server
- if (Yii::app()->getConfig("auth_webserver") === false && Permission::model()->hasGlobalPermission('auth_db', 'read', $iNewUID)) {
- // send password (if authorized by config)
- if (!Yii::app()->getConfig("display_user_password_in_email") === true) {
- $password = "" . gT("Please contact your LimeSurvey administrator for your password.") . "
";
- }
- }
-
- //Replace placeholder in Email subject
- $emailSubject = str_replace("{SITENAME}", $siteName, $emailSubject);
- $emailSubject = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailSubject);
-
- //Replace placeholder in Email body
- $emailTemplate = str_replace("{SITENAME}", $siteName, $emailTemplate);
- $emailTemplate = str_replace("{SITEADMINEMAIL}", $siteAdminEmail, $emailTemplate);
- $emailTemplate = str_replace("{FULLNAME}", $fullname, $emailTemplate);
- $emailTemplate = str_replace("{USERNAME}", $username, $emailTemplate);
- // $emailTemplate = str_replace("{LOGINURL}", $loginUrl, $emailTemplate);
-
- $aAdminEmail['subject'] = $emailSubject;
- $aAdminEmail['body'] = $emailTemplate;
-
- return $aAdminEmail;
- } */
-
/**
* Adds permission to a users
* Needs an array in the form of [PERMISSIONID][PERMISSION]
diff --git a/application/controllers/admin/authentication.php b/application/controllers/admin/authentication.php
index 98c4dc42672..54bb94f1b1b 100644
--- a/application/controllers/admin/authentication.php
+++ b/application/controllers/admin/authentication.php
@@ -195,6 +195,7 @@ public static function prepareLogin()
/**
* This action sets a password for new user or resets a password for an existing user.
* If validation time is expired, no password will be changed.
+ * After password has been changed successfully it redirects to LogIn-Page.
*
*/
public function newPassword(){
@@ -258,15 +259,7 @@ public function newPassword(){
'validationKey'=> $user->validation_key
];
-
$this->_renderWrappedTemplate('authentication', 'newPassword', $aData);
-
- /*
- $this->getController()->render('newPassword',[
- 'errorExists' => $errorExists,
- 'errorMasg' => $errorMsg,
- 'randomPassword', $randomPassword
- ]);*/
}
/**
diff --git a/application/models/services/PasswordManagement.php b/application/models/services/PasswordManagement.php
index 52167557031..a3a3fd655c8 100644
--- a/application/models/services/PasswordManagement.php
+++ b/application/models/services/PasswordManagement.php
@@ -5,7 +5,7 @@
/**
* This class contains all functions for the process of password reset and creating new administration users
- * and sending email to those.
+ * and sending email to those with a link to set the password.
*
* All this functions were implemented in UserManagementController before.
*
@@ -75,16 +75,18 @@ public function generateAdminCreationEmail()
* Sets the validationKey and the validationKey expiration and
* sends email to the user, containing the link to set/reset password.
*
+ * @param string $emailType this could be 'registration' or 'resetPassword' (see const in this class)
+ *
* @return array message if sending email to user was successful
*
* @throws \PHPMailer\PHPMailer\Exception
*/
- public function sendPasswordLinkViaEmail(){
+ public function sendPasswordLinkViaEmail($emailType){
$success = true;
$this->user->setValidationKey();
$this->user->setValidationExpiration();
- $mailer = $this->sendAdminMail('registration');
+ $mailer = $this->sendAdminMail($emailType);
if ($mailer->getError()) {
$sReturnMessage = \CHtml::tag("h4", array(), gT("Error"));
@@ -107,7 +109,7 @@ public function sendPasswordLinkViaEmail(){
}
/**
- * Send a link for the user to set a new password (forgot password functionality)
+ * Send a link to email of the user to set a new password (forgot password functionality)
*
* @return string message for user
*/
@@ -145,6 +147,8 @@ public function sendForgotPasswordEmailLink()
/**
* Creates a random password through the core plugin
*
+ * @todo it's fine to use static functions, until it is used only in controllers ...
+ *
* @param int $length Length of the password
* @return string
*/
@@ -157,36 +161,13 @@ public static function getRandomPassword($length = self::MIN_PASSWORD_LENGTH)
return $oGetPasswordEvent->get('password');
}
- /**
- * Resets the password for one user
- *
- * @param User $oUser User model
- * @param bool $sendMail Send a mail to the user
- * @return array [success, uid, username, password]
- * @throws CException
- * @throws \PHPMailer\PHPMailer\Exception
- */
- public function resetLoginData(&$oUser, $sendMail = false)
- {
- $newPassword = $this->getRandomPassword(8);
- $oUser->setPassword($newPassword);
- $success = true;
- if ($sendMail === true) {
- $aUser = $oUser->attributes;
- $aUser['rawPassword'] = $newPassword;
- $success = $this->sendAdminMail($aUser, 'resetPassword');
- }
- return [
- 'success' => $success, 'uid' => $oUser->uid, 'username' => $oUser->users_name, 'password' => $newPassword,
- ];
- }
-
/**
* Send the registration email to a new survey administrator
*
* @param string $type two types are available 'resetPassword' or 'registration', default is 'registration'
- * @param null $newPassword
+ *
* @return \LimeMailer if send is successfull
+ *
* @throws \PHPMailer\PHPMailer\Exception
*/
private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION)
@@ -203,7 +184,7 @@ private function sendAdminMail($type = self::EMAIL_TYPE_REGISTRATION)
'siteadminemail' => \Yii::app()->getConfig("siteadminemail"),
'linkToAdminpanel' => $absolutUrl,
'username' => $this->user->users_name,
- //'password' => $this->user->ra$aUser['rawPassword'],
+ 'password' => gT('Click the following link to reset your password') . ': ' . \Yii::app()->getController()->createAbsoluteUrl('admin/authentication/sa/newPassword/param/' . $this->user->validation_key),
'mainLogoFile' => LOGO_URL,
'showPasswordSection' => \Yii::app()->getConfig("auth_webserver") === false && \Permission::model()->hasGlobalPermission('auth_db', 'read', $this->user->uid),
'showPassword' => (\Yii::app()->getConfig("display_user_password_in_email") === true),