mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-25 10:49:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #2281 add two default conf for reset and activation link

Browse source 
When a password activation or reset link is generated, the link expiry time is now defined in two conf: $conf[’password_reset_duration‘] with a default time of one hour and $conf[’password_activation_duration‘] with a default time of 72 hours.
This commit is contained in:
Linty 2024-11-20 17:09:26 +01:00
parent 431cb4b7b4
commit 34296598d4
10 changed files with 72 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

12
admin/themes/default/js/user_list.js
View file

@ -2215,8 +2215,9 @@ function send_new_user_password(user_id, mail) {
$.ajax({
url: "ws.php?format=json",
dataType: "json",
type: "POST",
data:{
method: 'pwg.users.generateResetPasswordLink',
method: 'pwg.users.generatePasswordLink',
user_id: user_id,
send_by_mail: send_by_mail,
pwg_token: pwg_token
@ -2228,12 +2229,14 @@ function send_new_user_password(user_id, mail) {
$('#AddUserFieldContainer').hide();
$('#AddUserSuccessContainer').fadeIn();
$('#AddUserPasswordLink').val(response.result.generated_link).trigger('focus');
$('#AddUserTextField').html(send_by_mail ? sprintf(validLinkMail, `<b>${mail}</b>`) : validLinkWithoutMail);
$('#AddUserTextField').html(send_by_mail
? sprintf(validLinkMail, response.result.time_validation, `<b>${mail}</b>`)
: sprintf(validLinkWithoutMail, response.result.time_validation));
if(send_by_mail && !response.result.send_by_mail) {
$('#AddUserUpdated').removeClass('icon-green border-green icon-ok').addClass('icon-red-error icon-cancel');
$('#AddUserUpdatedText').html(errorMailSent);
$('#AddUserTextField').html(errorMailSentMsg);
$('#AddUserTextField').html(sprintf(errorMailSentMsg, response.result.time_validation));
} else if (send_by_mail && response.result.send_by_mail) {
password_container.hide();
}
@ -2316,8 +2319,9 @@ function send_link_password(email, username, user_id, send_by_mail) {
$.ajax({
url: "ws.php?format=json",
dataType: "json",
type: "POST",
data: {
method: 'pwg.users.generateResetPasswordLink',
method: 'pwg.users.generatePasswordLink',
user_id: user_id,
send_by_mail: send_by_mail,
pwg_token: pwg_token

4
admin/themes/default/template/user_list.tpl
View file

@ -45,9 +45,9 @@ const mainUserUpgradeWebmaster = "{'This user must first be defined as the webma
const errorStr = "{'an error happened'|@translate|escape:javascript}";
const copyLinkStr = "{'Copied link'|@translate|escape:javascript}";
const cantCopy = "{'You cannot copy the password if the connection to this site is not secure.'|@translate|escape:javascript}";
const validLinkMail = "{'An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'|@translate|escape:javascript}";
const validLinkMail = "{'An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'|@translate|escape:javascript}";
const validLinkWithoutMail = "{'Copy the link below and send it to the user so the password can be set.'|@translate|escape:javascript}";
const errorMailSentMsg = "{'An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'|@translate|escape:javascript}";
const errorMailSentMsg = "{'An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'|@translate|escape:javascript}";
const registered_str = '{"Registered"|@translate|escape:javascript}';
const last_visit_str = '{"Last visit"|@translate|escape:javascript}';

8
include/config_default.inc.php
View file

@ -599,6 +599,14 @@ $conf['browser_language'] = true;
// If false it'll be redirected from index.php to identification.php
$conf['guest_access'] = true;
// password_reset_duration : defines the validity duration (in seconds) of a
// password reset link. Default value is one hour (3600 seconds).
$conf['password_reset_duration'] = 60*60;
// password_activation_duration : defines the validity duration (in seconds)
// of an password activation link. Default value is 72 hours (259200 seconds).
$conf['password_activation_duration'] = 3*24*60*60;
// +-----------------------------------------------------------------------+
// | history |
// +-----------------------------------------------------------------------+

20
include/functions_mail.inc.php
View file

@ -1010,11 +1010,12 @@ function pwg_send_mail_test($success, $mail, $args)
* Return the content mail to send
* @since 15
* @param string $username
* @param string $reset_password_link
* @param string $password_link
* @param string $gallery_title
* @return string mail content
* @param string $remaining_time
* @return array mail content
*/
function pwg_generate_reset_password_mail($username, $reset_password_link, $gallery_title)
function pwg_generate_reset_password_mail($username, $password_link, $gallery_title, $remaining_time)
{
set_make_full_url();
@ -1026,7 +1027,8 @@ function pwg_generate_reset_password_mail($username, $reset_password_link, $gall
);
$message.= "\r\n\r\n";
$message.= l10n('To reset your password, visit the following address:') . "\r\n";
$message.= $reset_password_link;
$message.= $password_link . "\r\n";
$message.= l10n('This link is valid for %s. After this time, you will need to request a new link.', $remaining_time);
$message.= "\r\n\r\n";
$message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n";
@ -1047,11 +1049,12 @@ function pwg_generate_reset_password_mail($username, $reset_password_link, $gall
* Return the content mail to send
* @since 15
* @param string $username
* @param string $reset_password_link
* @param string $password_link
* @param string $gallery_title
* @return string mail content
* @param string $remaining_time
* @return array mail content
*/
function pwg_generate_set_password_mail($username, $set_password_link, $gallery_title)
function pwg_generate_set_password_mail($username, $set_password_link, $gallery_title, $remaining_time)
{
set_make_full_url();
@ -1063,7 +1066,8 @@ function pwg_generate_set_password_mail($username, $set_password_link, $gallery_
);
$message.= "\r\n\r\n";
$message.= l10n('To set your password, visit the following address:') . "\r\n";
$message.= $set_password_link;
$message.= $set_password_link . "\r\n";
$message.= l10n('This link is valid for %s. After this time, you will need to request a new link.', $remaining_time);
$message.= "\r\n\r\n";
$message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n";

26
include/functions_user.inc.php
View file

@ -1740,14 +1740,19 @@ function deactivate_password_reset_key($user_id)
*
* @since 15
* @param int $user_id
* @param string $user_email
* @return array activation_key and reset password link
* @param boolean $first_login
* @return array time_validation and password link
*/
function generate_reset_password_link($user_id)
function generate_password_link($user_id, $first_login=false)
{
global $conf;
$activation_key = generate_key(20);
list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));
$duration = $first_login
? $conf['password_activation_duration']
: $conf['password_reset_duration'];
list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL '. $duration .' SECOND)'));
single_update(
USER_INFOS_TABLE,
@ -1760,13 +1765,20 @@ function generate_reset_password_link($user_id)
set_make_full_url();
$reset_password_link = get_root_url().'password.php?key='.$activation_key;
$password_link = get_root_url().'password.php?key='.$activation_key;
unset_make_full_url();
$time_validation = time_since(
strtotime('now -'.$duration.' second'),
'second',
null,
false
);
return array(
'activation_key' => $activation_key,
'reset_password_link' => $reset_password_link,
'time_validation' => $time_validation,
'password_link' => $password_link,
);
}

13
include/ws_functions/pwg.users.php
View file

@ -989,7 +989,7 @@ SELECT
* @option string pwg_token
* @option boolean send_by_mail
*/
function ws_users_generate_reset_password_link($params, &$service)
function ws_users_generate_password_link($params, &$service)
{
global $user, $conf;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
@ -1020,19 +1020,19 @@ function ws_users_generate_reset_password_link($params, &$service)
return new PwgError(403, 'You cannot perform this action');
}
$generate_link = generate_reset_password_link($params['user_id']);
$first_login = first_connexion($params['user_id']);
$generate_link = generate_password_link($params['user_id'], $first_login);
$send_by_mail_response = null;
if ($params['send_by_mail'] and !empty($user_lost['email']))
{
$first_login = first_connexion($params['user_id']);
if ($first_login)
{
$email_params = pwg_generate_set_password_mail($user_lost['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
$email_params = pwg_generate_set_password_mail($user_lost['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
}
else
{
$email_params = pwg_generate_reset_password_mail($user_lost['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
$email_params = pwg_generate_reset_password_mail($user_lost['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
}
// Here we remove the display of errors because they prevent the response from being parsed
if (@pwg_mail($user_lost['email'], $email_params))
@ -1046,8 +1046,9 @@ function ws_users_generate_reset_password_link($params, &$service)
}
return array(
'generated_link' => $generate_link['reset_password_link'],
'generated_link' => $generate_link['password_link'],
'send_by_mail' => $send_by_mail_response,
'time_validation' => $generate_link['time_validation'],
);
}

7
language/en_UK/admin.lang.php
View file

@ -1392,9 +1392,9 @@ $lang['Set as main user'] = 'Set as main user';
$lang['This user must first be defined as the webmaster before it can be upgraded to the main user'] = 'This user must first be defined as the webmaster before it can be upgraded to the main user';
$lang['Copied link'] = 'Copied link';
$lang['You cannot copy the password if the connection to this site is not secure.'] = 'You cannot copy the password if the connection to this site is not secure.';
$lang['An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.';
$lang['An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.';
$lang['Copy the link below and send it to the user so the password can be set.'] = 'Copy the link below and send it to the user so the password can be set.';
$lang['An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'] = 'An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.';
$lang['An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'] = 'An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.';
$lang['Copy the password link'] = 'Copy the password link';
$lang['Resend password link'] = 'Resend password link';
$lang['Username successfully modified'] = 'Username successfully modified';
@ -1403,4 +1403,7 @@ $lang['Yes, let\'s proceed'] = 'Yes, let\'s proceed';
$lang['What\'s new in version %s'] = 'What\'s new in version %s?';
$lang['Read the release note'] = 'Read the release note';
$lang['Ok, got it!'] = 'Ok, got it!';
$lang['This link is valid for %s. After this time, you will need to request a new link.'] = 'This link is valid for %s. After this time, you will need to request a new link.';
$lang['To set your password, visit the following address:'] = 'To set your password, visit the following address:';
$lang['Someone requested that the password be set for the following user account:'] = 'Someone requested that the password be set for the following user account:';
// Leave this line empty

7
language/fr_FR/admin.lang.php
View file

@ -1394,9 +1394,9 @@ $lang['Set as main user'] = 'Définir comme utilisateur principal';
$lang['This user must first be defined as the webmaster before it can be upgraded to the main user'] = 'Cet utilisateur doit d\'abord être défini en tant que webmaster avant de pouvoir devenir l\'utilisateur principal';
$lang['Copied link'] = 'Lien copié';
$lang['You cannot copy the password if the connection to this site is not secure.'] = 'Vous ne pouvez pas copier le mot de passe si la connexion à ce site n\'est pas sécurisée.';
$lang['An activation link valid for 1 hour has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'Un lien d\'activation valable 1 heure a été envoyé à « %s ». Si l\'utilisateur ne reçoit pas le lien, vous pouvez en générer et en copier un nouveau en éditant l\'utilisateur et en gérant son mot de passe.';
$lang['An activation link valid for %s has been sent to "%s". If the user doesn\'t receive the link, you can generate and copy a new one by editing the user and managing her password.'] = 'Un lien d\'activation valable %s a été envoyé à « %s ». Si l\'utilisateur ne reçoit pas le lien, vous pouvez en générer et en copier un nouveau en éditant l\'utilisateur et en gérant son mot de passe.';
$lang['Copy the link below and send it to the user so the password can be set.'] = 'Copiez le lien ci-dessous et envoyez-le à l\'utilisateur pour qu\'il définisse son mot de passe.';
$lang['An activation link valid for 1 hour was created but could not be sent. You can now copy the link below and send it to the user.'] = 'Un lien d\'activation valable 1 heure a été créé mais n\'a pas pu être envoyé. Vous pouvez maintenant copier le lien ci-dessous et l\'envoyer à l\'utilisateur.';
$lang['An activation link valid for %s was created but could not be sent. You can now copy the link below and send it to the user.'] = 'Un lien d\'activation valable %s a été créé mais n\'a pas pu être envoyé. Vous pouvez maintenant copier le lien ci-dessous et l\'envoyer à l\'utilisateur.';
$lang['Copy the password link'] = 'Copier le lien du mot de passe';
$lang['Resend password link'] = 'Renvoyer le lien du mot de passe';
$lang['Username successfully modified'] = 'Nom d\'utilisateur modifié avec succès';
@ -1405,4 +1405,7 @@ $lang['Yes, let\'s proceed'] = 'Oui, continuons';
$lang['What\'s new in version %s'] = 'Quoi de neuf dans Piwigo %s ?';
$lang['Read the release note'] = 'Lire la note de version';
$lang['Ok, got it!'] = 'Ok, j\'ai compris!';
$lang['This link is valid for %s. After this time, you will need to request a new link.'] = 'Ce lien est valide pendant %s. Passé ce délai, vous devrez demander un nouveau lien.';
$lang['To set your password, visit the following address:'] = 'Pour définir votre mot de passe, rendez-vous à l\'adresse suivante:';
$lang['Someone requested that the password be set for the following user account:'] = 'Quelqu\'un a demandé que le mot de passe soit défini pour l\'utilisateur suivant:';
// Leave this line empty

6
password.php
View file

@ -76,11 +76,11 @@ function process_password_request()
return false;
}
$generate_link = generate_reset_password_link($user_id);
$generate_link = generate_password_link($user_id);
$userdata['activation_key'] = $generate_link['activation_key'];
// $userdata['activation_key'] = $generate_link['activation_key'];
$email_params = pwg_generate_reset_password_mail($userdata['username'], $generate_link['reset_password_link'], $conf['gallery_title']);
$email_params = pwg_generate_reset_password_mail($userdata['username'], $generate_link['password_link'], $conf['gallery_title'], $generate_link['time_validation']);
if (pwg_mail($userdata['email'], $email_params))
{

6
ws.php
View file

@ -1506,8 +1506,8 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
);
$service->addMethod(
'pwg.users.generateResetPasswordLink',
'ws_users_generate_reset_password_link',
'pwg.users.generatePasswordLink',
'ws_users_generate_password_link',
array(
'user_id' => array(
'type'=>WS_TYPE_ID
@ -1522,7 +1522,7 @@ enabled_high, registration_date, registration_date_string, registration_date_sin
'Return the reset password link <br />
(Only webmaster can perform this action for another webmaster)',
$ws_functions_root . 'pwg.users.php',
array('admin_only'=>true)
array('admin_only'=>true, 'post_only'=>true)
);
$service->addMethod(