From 563688050cf590a3a136d3644256192d37265b7c Mon Sep 17 00:00:00 2001 From: Liz Rea Date: Wed, 7 Oct 2015 15:08:10 +1300 Subject: [PATCH] Bug 8753 - Various little things - removing new dependency, changes to errors, textual updates Koha already has a sub that creates salts, so lets use that instead of math::Random::secure, so as not to add a new dependency. Made the references to "Forgotten password" consistent, including adding it to the title of the page. Also removed the individual error for "this email doesn't belong to this account" as that could expose the existence of a login, which I think we'd rather not do. Made some of the text more grammatically correct, and more library specific. To test: Apply on top of all of the other patches. All the usual checks, plus make sure there are no typos in any text references. Signed-off-by: Marc Veron Signed-off-by: Marcel de Rooy --- C4/Passwordrecovery.pm | 5 +-- .../en/modules/opac-password-recovery.tt | 42 +++++++------------ opac/opac-password-recovery.pl | 10 ++--- 3 files changed, 21 insertions(+), 36 deletions(-) diff --git a/C4/Passwordrecovery.pm b/C4/Passwordrecovery.pm index 8090eeb190..d8420dbda0 100644 --- a/C4/Passwordrecovery.pm +++ b/C4/Passwordrecovery.pm @@ -19,7 +19,7 @@ package C4::Passwordrecovery; use Modern::Perl; use C4::Context; -use Math::Random::Secure; +use Crypt::Eksblowfish::Bcrypt qw(en_base64); use vars qw($VERSION @ISA @EXPORT); @@ -111,8 +111,7 @@ sub SendPasswordRecoveryEmail { # generate UUID my @chars = ( "A" .. "Z", "a" .. "z", "0" .. "9" ); - my $uuid_str; - $uuid_str .= $chars[ rand @chars ] for 1 .. 32; + my $uuid_str = '$2a$08$'.en_base64(Koha::AuthUtils::generate_salt('weak', 16)); # insert into database my $expirydate = diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt index 8ffb3e3945..91ac94d854 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt @@ -1,6 +1,6 @@ [% USE Koha %] [% INCLUDE 'doc-head-open.inc' %] -[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %][% ELSE %]Koha online[% END %] catalog +[% IF ( LibraryNameTitle ) %][% LibraryNameTitle %] - Forgotten password recovery[% ELSE %]Koha online[% END %] catalog - Forgotten password recovery [% INCLUDE 'doc-head-close.inc' %] [% BLOCK cssinclude %][% END %] [% BLOCK jsinclude %] @@ -30,7 +30,7 @@
@@ -44,40 +44,31 @@ [% END %]
-

Password recovery

+

Forgotten password recovery

[% IF (hasError) %]
-

An error occurred

+

Oops!

[% IF (sendmailError) %] An error has occurred while sending you the password recovery link.
Please try again later. [% ELSIF (errNoBorrowerFound) %] No account was found with the provided information. -
Check if you typed it correctly. - [% ELSIF (errBadEmail) %] - The provided email address is not tied to this account. - [% ELSIF (errTooManyEmailFound) %] - More than one account has been found for the email address: "[% email %]" -
Try to use your username or an alternative email if you have one. - [% ELSIF (errNoBorrowerEmail) %] - This account has no email address we can send the email to. [% ELSIF (errAlreadyStartRecovery) %] - The process of password recovery has already started for this account ("[% username %]") -
Check your emails; you should receive the link to reset your password. -
If you did not receive it, click here to get a new password recovery link. + The process of password recovery has already been started for this account ("[% username %]") +
You should have received an email with a link to reset your password. +
If you did not receive this email, you can request a new password recovery link. [% ELSIF (errPassNotMatch) %] - The passwords entered does not match. -
Please try again. + Oops! The passwords must match. [% ELSIF (errPassTooShort) %] - The password is too short. + Your chosen password is too short.
The password must contain at least [% minPassLength %] characters. [% ELSIF (errLinkNotValid) %] - We could not authenticate you as the account owner. -
Be sure to use the link you received in your email. + The link you clicked is either invalid, or expired. +
Be sure you used the link from the email, or contact library staff for assistance. [% END %]

-

Please contact the staff if you need further assistance.

+

Please contact the library if you need further assistance.

[% END %]
@@ -87,8 +78,7 @@
-

To reset your password, enter your username or email address. -
A link to reset your password will be sent at this address.

+

To reset your password, enter your login and email address. @@ -118,10 +108,10 @@

An email has been sent to "[% email %]". -
It contains a link to create a new password. -
This link will be valid for 2 days starting now. +
Please click the link in this email to finish the process of resetting your password. +
This link is valid for 2 days starting now.

- Click here to return to the main page. + Return to the main page
[% ELSIF (password_reset_done) %]
diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index 1cef3edf8d..6cfc4144c5 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -64,14 +64,10 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { elsif ($email) { $search_results = [ Koha::Borrowers->search( { -or => { email => $email, emailpro => $email, B_email => $email } } ) ]; } - if ( not $search_results ) { + if ( not $search_results || scalar @$search_results > 1 ) { $hasError = 1; $errNoBorrowerFound = 1; } - elsif ( scalar @$search_results > 1 ) { # Many matching borrowers - $hasError = 1; - $errTooManyEmailFound = 1; - } elsif ( $borrower = shift @$search_results ) { # One matching borrower $username ||= $borrower->userid; my @emails = ( $borrower->email, $borrower->emailpro, $borrower->B_email ); @@ -79,7 +75,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { # Is the given email one of the borrower's ? if ( $email && !( grep { $_ eq $email } @emails ) ) { $hasError = 1; - $errBadEmail = 1; + $errNoBorrowerFound = 1; } # If we dont have an email yet. Get one of the borrower's email or raise an error. @@ -88,7 +84,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { # It's supposed to get a non-empty string from the @emails array. There's surely a simpler way elsif ( !$email && !( $email = shift [ grep { length() } @emails ] ) ) { $hasError = 1; - $errNoBorrowerEmail = 1; + $errNoBorrowerFound = 1; } # Check if a password reset already issued for this borrower AND we are not asking for a new email -- 2.39.5