#!/usr/bin/perl use Modern::Perl; use CGI; use C4::Auth; use C4::Koha; use C4::Output; use C4::Context; use Koha::Patron::Password::Recovery qw(SendPasswordRecoveryEmail ValidateBorrowernumber GetValidLinkInfo CompletePasswordRecovery DeleteExpiredPasswordRecovery); use Koha::Patrons; my $query = CGI->new; use HTML::Entities; use Try::Tiny; use List::Util qw/any/; my ( $template, $dummy, $cookie ) = get_template_and_user( { template_name => "opac-password-recovery.tt", query => $query, type => "opac", authnotrequired => 1, } ); my $email = $query->param('email') // q{}; my $password = $query->param('newPassword'); my $repeatPassword = $query->param('repeatPassword'); my $id = $query->param('id'); my $uniqueKey = $query->param('uniqueKey'); my $username = $query->param('username') // q{}; my $borrower_number; #errors my $hasError; #email form error my $errNoBorrowerFound; my $errNoBorrowerEmail; my $errMultipleAccountsForEmail; my $errAlreadyStartRecovery; my $errResetForbidden; #new password form error my $errLinkNotValid; if ( $query->param('sendEmail') || $query->param('resendEmail') ) { #try with the main email my $borrower; my $search_results; # Find the borrower by userid, card number, or email if ($username) { $search_results = Koha::Patrons->search( { -or => { userid => $username, cardnumber => $username }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } ); } elsif ($email) { $search_results = Koha::Patrons->search( { -or => { email => $email, emailpro => $email, B_email => $email }, login_attempts => { '!=', Koha::Patron::ADMINISTRATIVE_LOCKOUT } } ); } if ( !defined $search_results || $search_results->count < 1) { $hasError = 1; $errNoBorrowerFound = 1; } elsif ( $username && $search_results->count > 1) { # Multiple accounts for username $hasError = 1; $errNoBorrowerFound = 1; } elsif ( $email && $search_results->count > 1) { # Muliple accounts for E-Mail $hasError = 1; $errMultipleAccountsForEmail = 1; } elsif ( $borrower = $search_results->next() ) { # One matching borrower if ( $borrower->category->effective_reset_password ) { my @emails = grep { $_ } ( $borrower->email, $borrower->emailpro, $borrower->B_email ); my $firstNonEmptyEmail; $firstNonEmptyEmail = $emails[0] if @emails; # Is the given email one of the borrower's ? if ( $email && !( any { lc($_) eq lc($email) } @emails ) ) { $hasError = 1; $errNoBorrowerFound = 1; } # If there is no given email, and there is no email on record elsif ( !$email && !$firstNonEmptyEmail ) { $hasError = 1; $errNoBorrowerEmail = 1; } # Check if a password reset already issued for this # borrower AND we are not asking for a new email elsif ( not $query->param('resendEmail') ) { if ( ValidateBorrowernumber( $borrower->borrowernumber ) ) { $hasError = 1; $errAlreadyStartRecovery = 1; } else { DeleteExpiredPasswordRecovery( $borrower->borrowernumber ); } } # Set the $email, if we don't have one. if ( !$hasError && !$email ) { $email = $firstNonEmptyEmail; } } else { $hasError = 1; $errResetForbidden = 1; } } else { # 0 matching borrower $hasError = 1; $errNoBorrowerFound = 1; } if ($hasError) { $template->param( hasError => 1, errNoBorrowerFound => $errNoBorrowerFound, errAlreadyStartRecovery => $errAlreadyStartRecovery, errNoBorrowerEmail => $errNoBorrowerEmail, errMultipleAccountsForEmail => $errMultipleAccountsForEmail, errResetForbidden => $errResetForbidden, password_recovery => 1, email => HTML::Entities::encode($email), username => $username ); } elsif ( SendPasswordRecoveryEmail( $borrower, $email, scalar $query->param('resendEmail') ) ) { # generate uuid and send recovery email $template->param( mail_sent => 1, email => $email ); } else { # if it doesn't work.... $template->param( hasError => 1, password_recovery => 1, sendmailError => 1 ); } } elsif ( $query->param('passwordReset') ) { ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); my $error; my $min_password_length = C4::Context->preference('minPasswordPreference'); my $require_strong_password = C4::Context->preference('RequireStrongPassword'); if ( not $borrower_number ) { $error = 'errLinkNotValid'; } elsif ( $password ne $repeatPassword ) { $error = 'errPassNotMatch'; } else { my $borrower = Koha::Patrons->find($borrower_number); $min_password_length = $borrower->category->effective_min_password_length; $require_strong_password = $borrower->category->effective_require_strong_password; try { $borrower->set_password({ password => $password }); CompletePasswordRecovery($uniqueKey); $template->param( password_reset_done => 1, username => $username ); } catch { if ( $_->isa('Koha::Exceptions::Password::TooShort') ) { $error = 'password_too_short'; } elsif ( $_->isa('Koha::Exceptions::Password::WhitespaceCharacters') ) { $error = 'password_has_whitespaces'; } elsif ( $_->isa('Koha::Exceptions::Password::TooWeak') ) { $error = 'password_too_weak'; } }; } if ( $error ) { $template->param( new_password => 1, email => $email, uniqueKey => $uniqueKey, hasError => 1, $error => 1, minPasswordLength => $min_password_length, RequireStrongPassword => $require_strong_password ); } } elsif ($uniqueKey) { #reset password form #check if the link is valid ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); if ( !$borrower_number ) { $errLinkNotValid = 1; } my $borrower = Koha::Patrons->find($borrower_number); $template->param( new_password => 1, email => $email, uniqueKey => $uniqueKey, username => $username, errLinkNotValid => $errLinkNotValid, hasError => ( $errLinkNotValid ? 1 : 0 ), minPasswordLength => $borrower->category->effective_min_password_length, RequireStrongPassword => $borrower->category->effective_require_strong_password ); } else { #password recovery form (to send email) $template->param( password_recovery => 1 ); } output_html_with_http_headers $query, $cookie, $template->output;