--- loncom/interface/resetpw.pm 2019/04/24 01:44:30 1.44 +++ loncom/interface/resetpw.pm 2020/12/18 15:23:02 1.48 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.44 2019/04/24 01:44:30 raeburn Exp $ +# $Id: resetpw.pm,v 1.48 2020/12/18 15:23:02 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -305,7 +305,7 @@ END my $earlyout; unless ($passwdconf{'captcha'} eq 'unused') { my ($captcha_chk,$captcha_error) = - &Apache::loncommon::captcha_response('passwords',$server); + &Apache::loncommon::captcha_response('passwords',$server,$dom_in_effect); if ($captcha_chk != 1) { my $error = 'captcha'; if ($passwdconf{'captcha'} eq 'recaptcha') { @@ -359,7 +359,7 @@ END } foreach my $item (@items) { if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { - unless (grep(/^\Q$item\E$/i,@allemails)) { + unless (grep(/^\Q$item\E$/i,@allemails)) { push(@allemails,$item); } } @@ -482,7 +482,8 @@ sub send_token { my $now = time; my $temppasswd = &create_passwd(); - my %info = ('ip' => $ENV{'REMOTE_ADDR'}, + my $ip = &Apache::lonnet::get_requestor_ip(); + my %info = ('ip' => $ip, 'time' => $now, 'domain' => $udom, 'username' => $uname, @@ -639,7 +640,9 @@ sub reset_passwd { $invalidinfo = "||$env{'form.uname'}|| ||$env{'form.udom'}|| "; } } else { - unless ((lc($env{'form.uname'}) eq lc($data{'username'})) && (lc($env{'form.udom'}) eq lc($data{'domain'}))) { + if ((lc($env{'form.uname'}) eq lc($data{'username'})) && (lc($env{'form.udom'}) eq lc($data{'domain'}))) { + $env{'form.uname'} = $data{'username'}; + } else { $invalidinfo = "||$env{'form.uname'}|| ||$env{'form.udom'}|| "; } } @@ -661,7 +664,53 @@ sub reset_passwd { } if ($invalidinfo) { &Apache::lonnet::logthis("Forgot Password -- token data: ||$data{'username'}|| ||$data{'domain'}|| ||$data{'email'}|| differs from form: $invalidinfo"); - $r->print(&generic_failure_msg($contact_name,$contact_email)); + my $retry; + $r->print( + '

' + .&mt('A problem occurred when attempting to reset' + .' the password for your account.').'

'); + if (($formfields{'username'}) && ($formfields{'email'})) { + if ($needscase) { + $r->print('

' + .&mt('Please verify you entered the correct username and e-mail address, ' + .'including the correct lower and/or upper case letters') + .'

'); + } else { + $r->print('

' + .&mt('Please verify you entered the correct username and e-mail address.') + .'

'); + } + $retry = 1; + } elsif ($formfields{'username'}) { + if ($needscase) { + $r->print('

' + .&mt('Please verify you entered the correct username, ' + .'including the correct lower and/or upper case letters') + .'

'); + } else { + $r->print('

' + .&mt('Please verify you entered the correct username.') + .'

'); + } + $retry = 1; + } elsif ($formfields{'email'}) { + if ($needscase) { + $r->print('

' + .&mt('Please verify you entered the correct e-mail address, ' + .'including the correct lower and/or upper case letters') + .'

'); + } else { + $r->print('

' + .&mt('Please verify you entered the correct e-mail address.') + .'

'); + } + $retry = 1; + } + if ($retry) { + &Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token,$timelimit,\%formfields); + } else { + $r->print(&generic_failure_msg($contact_name,$contact_email)); + } unless ($formfields{'username'}) { delete($env{'form.uname'}); delete($env{'form.udom'}); @@ -669,13 +718,14 @@ sub reset_passwd { return; } my $change_failed = - &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token); + &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token,$timelimit,\%formfields); if (!$change_failed) { my $delete = &Apache::lonnet::tmpdel($token); my $now = &Apache::lonlocal::locallocaltime(time); my $domdesc = &Apache::lonnet::domain($data{'domain'},'description'); - my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3]. If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; + my $ip = &Apache::lonnet::get_requestor_ip(); + my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3]. If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ip,$contact_name,$contact_email)."\n"; my $result = &send_mail($domdesc,$data{'email'},$mailmsg, $contact_name,$contact_email); my $confirm_msg; @@ -720,7 +770,17 @@ sub reset_passwd { .'

' ); } - } else { + } elsif (($change_failed eq 'prioruse') && ($passwdconf->{'numsaved'})) { + my $domdesc = + &Apache::lonnet::domain($data{'domain'},'description'); + $r->print( + '

' + .&mt('Please enter a password that you have not used recently.') + .'

' + .&display_actions($contact_email,$domdesc,$token) + ); + } elsif (($change_failed eq 'internalerror') || ($change_failed eq 'missingtemp') || + ($change_failed eq 'error')) { $r->print(&generic_failure_msg($contact_name,$contact_email)); } unless ($formfields{'username'}) { @@ -740,7 +800,20 @@ sub reset_passwd { if ($needscase) { $r->print(' '.&mt('User data entered must match LON-CAPA account information (including case).')); } - $r->print(' '); + $r->print('
'); + } + my ($min,$max,$minrule,$maxrule); + if ($passwdconf->{min}) { + $min = $passwdconf->{min}; + } else { + $min = $Apache::lonnet::passwdmin; + } + if ($min) { + $minrule = &mt('Minimum password length: [_1]',$min); + } + if ($passwdconf->{max}) { + $max = $passwdconf->{max}; + $maxrule = &mt('Maximum password length: [_1]',$max); } if (ref($passwdconf->{chars}) eq 'ARRAY') { my %rules; @@ -757,9 +830,24 @@ sub reset_passwd { $r->print('
  • '.$rulenames{$poss}.'
    • '); } } + if ($min) { + $r->print('
  • '.$minrule.'
    • '); + } + if ($max) { + $r->print('
  • '.$maxrule.'
    • '); + } $r->print(''); } else { - $r->print(&mt('The new password must contain at least 7 characters.').' '); + if ($min && $max) { + $r->print(&mt('The new password must satisfy the following:').''."\n"); + } elsif ($min) { + $r->print($minrule.'
    '); + } elsif ($max) { + $r->print($maxrule.'
    '); + } } $r->print(&mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'
    '); &Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token,$timelimit,\%formfields); @@ -767,7 +855,8 @@ sub reset_passwd { } else { $r->print( '

    ' - .&mt('Sorry, the token generated when you requested a password reset has expired. Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.' + .&mt('Sorry, the token generated when you requested a password reset has expired.').'
    ' + .&mt('Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.' ,'','') .'

    ' ); @@ -815,9 +904,13 @@ sub create_passwd { } sub display_actions { - my ($contact_email, $domdesc) = @_; + my ($contact_email,$domdesc,$token) = @_; + my $url = '/adm/resetpw'; + if ($token) { + $url .= '?token='.&escape($token); + } my @msg = (&mt('[_1]Go back[_2] and try again', - '','')); + '','')); my $msg2 = ''; if ($contact_email ne '') { my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"');