Reset password (step 1)
Log-in
|
XWiki
:
WebHome
>
Reset password (step 1)
Top Menu
Show
:
Comments
Attachments
History
Information
Stampa
:
Stampa
Anteprima di stampa
Esporta come PDF
Esporta in formato RTF
Esporta come HTML
Esporta in formato XAR
Wiki source code of
Reset password (step 1)
Hide line numbers
1: #** 2: This page starts the password reset procedure. It works according to the next algorithm: 3: 1. Display a form requesting the username 4: 2. When receiving the username via form submission, generate a random verification string which is stored (as a hash) inside a ResetPasswordRequestClass object attached to the user’s profile page. If no such object exists, it is created, but an existing object will be reused, meaning that at most one password reset request can be active at a moment. 5: 3. Send an email to the address configured in the user’s profile, containing a link to the second step of the password reset procedure. 6: 7: URL parameters: 8: 9: u = user account sent in the form 10: 11: !!!!! IMPORTANT !!!!! 12: 13: This document requires programming rights, so always make sure 14: it is saved by a user with programming rights, and that 15: it is secured against unprivileged editing. 16: 17: *# 18: ## 19: ## 20: ## First, check if the page has programming rights, as nothing works otherwise 21: #if($xwiki.hasProgrammingRights()) 22: ## 23: ## 24: ## The name of the class used for storing password reset verification data. 25: #set($verifClass = "XWiki.ResetPasswordRequestClass") 26: #set($userName = "$!request.get(’u’)") 27: #if($userName == ’’) ## First step, display the form requesting the username 28: 1 $msg.get("xe.admin.passwordreset.forgotpassword") 29: 30: $msg.get("xe.admin.passwordreset.startprocess") 31: 32: <form method="post" action=""> 33: <div> $msg.get("xe.admin.passwordreset.username") <input type="text" name="u"/> <input type="submit" value="$msg.get("xe.admin.passwordreset.resetpassword")"/></div> 34: </form> 35: #else ## Second step, generate the verification string, store it, and send the email 36: ## TODO: Once the usernames are not bound to the XWiki space, revisit this code 37: #if($userName.indexOf(’.’) != -1) 38: #set($userDoc = $xwiki.getDocument(${userName})) 39: #else 40: #set($userDoc = $xwiki.getDocument("XWiki.${userName}")) 41: #end 42: ## Check if the user exists and has a valid email address configured in his profile 43: #set($userObj = "") 44: #set($userObj = $userDoc.getObject(’XWiki.XWikiUsers’)) 45: #if("$!userObj" == "") 46: #warning($msg.get("xe.admin.passwordreset.nouser", [$userName])) 47: #elseif ($userDoc.getObject(’XWiki.LDAPProfileClass’)) 48: #warning($msg.get("xe.admin.passwordreset.ldapuser", [$userName])) 49: #else 50: #set($userEmail = $userObj.getProperty("email").value) 51: #if("$!userEmail" == "") 52: #error($msg.get("xe.admin.passwordreset.cannotreset")) 53: #else 54: ## Find the object that will hold the verification string 55: #set($verifObj = "") 56: #set($verifObj = $userDoc.getObject($verifClass)) 57: #if("$!verifObj" == "") 58: #set($verifObj = $userDoc.newObject($verifClass)) 59: #end 60: ## Generate a random string 61: #set($verifStr = $xwiki.generateRandomString(30)) 62: ## If the class is correctly configured, the string should automatically be stored as a hash 63: $verifObj.set("verification", $verifStr) 64: $userDoc.saveWithProgrammingRights() 65: ## Compose the verification URL 66: #set($passwordResetURL = $xwiki.getDocument("XWiki.ResetPasswordComplete").getExternalURL("view", "u=${userName}&v=${verifStr}")) 67: ## Send an email; the variables will be retrieved from the velocity context 68: #set($mailResult = $xwiki.mailsender.sendMessageFromTemplate($xwiki.getXWikiPreference(’admin_email’, ’no-reply@xwiki.org’), $userEmail, $util.null, $util.null, $context.language, "XWiki.ResetPasswordMailContent", $context.vcontext)) 69: #if($mailResult == 0) 70: #info($msg.get("xe.admin.passwordreset.emailsent", [$userEmail])) 71: #else 72: #error($msg.get("xe.admin.passwordreset.reseterror")) 73: #end 74: #end 75: #end 76: <a href="$doc.getURL()">« $msg.get("xe.admin.passwordreset.retry")</a> | 77: <a href="$xwiki.getURL("XWiki.XWikiLogin", "login", "")">$msg.get("xe.admin.passwordreset.login") »</a> 78: #end 79: ## Clear private variables, so that they cannot be accessed from the rest of the page (comments, panels...) 80: #set($verifStr = "") 81: #set($passwordResetURL = "") 82: ## 83: ## 84: #else ## No programming rights, warn and exit 85: #error($msg.get("xe.admin.passwordreset.noprogrammingrights")) 86: #end
Search
Quick Links
Wiki Dashboard
Document Index
Blog
Sandbox
My Recent Modifications
dany
|
marco
