From 7db6c3e6e5c3e7163ec85beebed55f226157b0e0 Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Thu, 1 Feb 2024 15:17:38 +0000
Subject: [PATCH] Bug 34478: Changes for opac-password-recovery

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 .../bootstrap/en/modules/opac-password-recovery.tt  | 13 ++++++++++++-
 opac/opac-password-recovery.pl                      |  5 +++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
index 1163ccf916..a9e2716d8a 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt
@@ -29,6 +29,9 @@
                 $("fieldset#serial, fieldset#book, fieldset#chapter").hide()
                 $("fieldset#" + $(this).val() ).show();
             });
+            $("#resendmail").click(function() {
+                $("#resendform").get(0).submit();
+            });
         [% IF (new_password) %]
             $("#mainform").validate({
                 rules: {
@@ -93,7 +96,14 @@
                                 ("<strong>[% email | html %]</strong>")
                             [% END %]
                             <br/>You should have received an email with a link to reset your password.
-                            <br/>If you did not receive this email, you can request a new one: <a href="/cgi-bin/koha/opac-password-recovery.pl?resendEmail=true&email=[% email | uri %]&username=[% username | uri %]">Get new password recovery link</a>
+                            <br/>If you did not receive this email, you can request a new one:
+                            <form style="display:inline-block;" method="post" id="resendform" action="/cgi-bin/koha/opac-password-recovery.pl">
+                                [% INCLUDE 'csrf-token.inc' %]
+                                <a href="#" id="resendmail">Get new password recovery link</a>
+                                <input type="hidden" name="op" value="cud-resendEmail" />
+                                <input type="hidden" name="email" value="[% email | uri %]" />
+                                <input type="hidden" name="username" value="[% username | uri %]" />
+                            </form>
                         [% ELSIF (errPassNotMatch) %]
                             The passwords do not match.
                         [% ELSIF password_too_short %]
@@ -132,6 +142,7 @@
                                 </div>
 
                                 <fieldset class="action">
+                                    <input type="hidden" name="op" value="cud-sendEmail" />
                                     <input type="submit" value="Submit" class="btn btn-primary" name="sendEmail" />
                                 </fieldset>
                             </fieldset>
diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl
index 0c0824c674..437ec121af 100755
--- a/opac/opac-password-recovery.pl
+++ b/opac/opac-password-recovery.pl
@@ -28,6 +28,7 @@ my ( $template, $dummy, $cookie ) = get_template_and_user(
     }
 );
 
+my $op             = $query->param('op') // q{};
 my $email          = $query->param('email') // q{};
 my $password       = $query->param('newPassword');
 my $repeatPassword = $query->param('repeatPassword');
@@ -49,7 +50,7 @@ my $errResetForbidden;
 #new password form error
 my $errLinkNotValid;
 
-if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
+if ( $op eq 'cud-sendEmail' || $op eq 'cud-resendEmail' ) {
 
     #try with the main email
     my $borrower;
@@ -97,7 +98,7 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
 
             # Check if a password reset already issued for this
             # borrower AND we are not asking for a new email
-            elsif ( not $query->param('resendEmail') ) {
+            elsif ( $op ne 'cud-resendEmail' ) {
                 if ( ValidateBorrowernumber( $borrower->borrowernumber ) ) {
                     $hasError                = 1;
                     $errAlreadyStartRecovery = 1;
-- 
2.39.5