diff --git a/C4/Passwordrecovery.pm b/C4/Passwordrecovery.pm index 8090eeb190..d8420dbda0 100644 --- a/C4/Passwordrecovery.pm +++ b/C4/Passwordrecovery.pm @@ -19,7 +19,7 @@ package C4::Passwordrecovery; use Modern::Perl; use C4::Context; -use Math::Random::Secure; +use Crypt::Eksblowfish::Bcrypt qw(en_base64); use vars qw($VERSION @ISA @EXPORT); @@ -111,8 +111,7 @@ sub SendPasswordRecoveryEmail { # generate UUID my @chars = ( "A" .. "Z", "a" .. "z", "0" .. "9" ); - my $uuid_str; - $uuid_str .= $chars[ rand @chars ] for 1 .. 32; + my $uuid_str = '$2a$08$'.en_base64(Koha::AuthUtils::generate_salt('weak', 16)); # insert into database my $expirydate = diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt index 8ffb3e3945..91ac94d854 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt @@ -1,6 +1,6 @@ [% USE Koha %] [% INCLUDE 'doc-head-open.inc' %] -[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog +[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %] - Forgotten password recovery[% ELSE %]Koha online[% END %] catalog - Forgotten password recovery [% INCLUDE 'doc-head-close.inc' %] [% BLOCK cssinclude %][% END %] [% BLOCK jsinclude %] @@ -30,7 +30,7 @@
@@ -44,40 +44,31 @@ [% END %]
-

Password recovery

+

Forgotten password recovery

[% IF (hasError) %]
-

An error occurred

+

Oops!

[% IF (sendmailError) %] An error has occurred while sending you the password recovery link.
Please try again later. [% ELSIF (errNoBorrowerFound) %] No account was found with the provided information. -
Check if you typed it correctly. - [% ELSIF (errBadEmail) %] - The provided email address is not tied to this account. - [% ELSIF (errTooManyEmailFound) %] - More than one account has been found for the email address: "[% email %]" -
Try to use your username or an alternative email if you have one. - [% ELSIF (errNoBorrowerEmail) %] - This account has no email address we can send the email to. [% ELSIF (errAlreadyStartRecovery) %] - The process of password recovery has already started for this account ("[% username %]") -
Check your emails; you should receive the link to reset your password. -
If you did not receive it, click here to get a new password recovery link. + The process of password recovery has already been started for this account ("[% username %]") +
You should have received an email with a link to reset your password. +
If you did not receive this email, you can request a new password recovery link. [% ELSIF (errPassNotMatch) %] - The passwords entered does not match. -
Please try again. + Oops! The passwords must match. [% ELSIF (errPassTooShort) %] - The password is too short. + Your chosen password is too short.
The password must contain at least [% minPassLength %] characters. [% ELSIF (errLinkNotValid) %] - We could not authenticate you as the account owner. -
Be sure to use the link you received in your email. + The link you clicked is either invalid, or expired. +
Be sure you used the link from the email, or contact library staff for assistance. [% END %]

-

Please contact the staff if you need further assistance.

+

Please contact the library if you need further assistance.

[% END %]
@@ -87,8 +78,7 @@
-

To reset your password, enter your username or email address. -
A link to reset your password will be sent at this address.

+

To reset your password, enter your login and email address. @@ -118,10 +108,10 @@

An email has been sent to "[% email %]". -
It contains a link to create a new password. -
This link will be valid for 2 days starting now. +
Please click the link in this email to finish the process of resetting your password. +
This link is valid for 2 days starting now.

- Click here to return to the main page. + Return to the main page
[% ELSIF (password_reset_done) %]
diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index 1cef3edf8d..6cfc4144c5 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -64,14 +64,10 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { elsif ($email) { $search_results = [ Koha::Borrowers->search( { -or => { email => $email, emailpro => $email, B_email => $email } } ) ]; } - if ( not $search_results ) { + if ( not $search_results || scalar @$search_results > 1 ) { $hasError = 1; $errNoBorrowerFound = 1; } - elsif ( scalar @$search_results > 1 ) { # Many matching borrowers - $hasError = 1; - $errTooManyEmailFound = 1; - } elsif ( $borrower = shift @$search_results ) { # One matching borrower $username ||= $borrower->userid; my @emails = ( $borrower->email, $borrower->emailpro, $borrower->B_email ); @@ -79,7 +75,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { # Is the given email one of the borrower's ? if ( $email && !( grep { $_ eq $email } @emails ) ) { $hasError = 1; - $errBadEmail = 1; + $errNoBorrowerFound = 1; } # If we dont have an email yet. Get one of the borrower's email or raise an error. @@ -88,7 +84,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { # It's supposed to get a non-empty string from the @emails array. There's surely a simpler way elsif ( !$email && !( $email = shift [ grep { length() } @emails ] ) ) { $hasError = 1; - $errNoBorrowerEmail = 1; + $errNoBorrowerFound = 1; } # Check if a password reset already issued for this borrower AND we are not asking for a new email