fix: WebGUI/Auth.pm -- Required fields on Create Account show up with HASH(0xblah) as their value
fix: Added some i18n for password security measures that was neglected. Fixed some coding standards with some subs.
This commit is contained in:
Doug Bell
parent
2a39d6a828
commit
32c2091360
4 changed files with 139 additions and 80 deletions
|
|
@ -56,6 +56,7 @@
|
||||||
filters can now be created in HttpProxy wobject properties.
|
filters can now be created in HttpProxy wobject properties.
|
||||||
- Collaboration System wobjects can now be subclassed and still work with the
|
- Collaboration System wobjects can now be subclassed and still work with the
|
||||||
existing Thread and Post assets.
|
existing Thread and Post assets.
|
||||||
|
- fix: Added some additional i18n that was missing.
|
||||||
|
|
||||||
7.3.20
|
7.3.20
|
||||||
- fix: Deactivated Users Subscriptions (perlDreamer Consulting, LLC)
|
- fix: Deactivated Users Subscriptions (perlDreamer Consulting, LLC)
|
||||||
|
|
|
||||||
|
|
@ -183,7 +183,7 @@ sub createAccount {
|
||||||
foreach my $field (@{WebGUI::ProfileField->getRegistrationFields($self->session)}) {
|
foreach my $field (@{WebGUI::ProfileField->getRegistrationFields($self->session)}) {
|
||||||
my $id = $field->getId;
|
my $id = $field->getId;
|
||||||
my $label = $field->getLabel;
|
my $label = $field->getLabel;
|
||||||
my $emailAddress = {};
|
my $emailAddress = '';
|
||||||
if ($field->get('fieldName') eq "email" && $userInvitation ) {
|
if ($field->get('fieldName') eq "email" && $userInvitation ) {
|
||||||
my $code = $self->session->form->get('code')
|
my $code = $self->session->form->get('code')
|
||||||
|| $self->session->form->get('uniqueUserInvitationCode');
|
|| $self->session->form->get('uniqueUserInvitationCode');
|
||||||
|
|
@ -195,7 +195,7 @@ sub createAccount {
|
||||||
|
|
||||||
# Old-style field loop.
|
# Old-style field loop.
|
||||||
push @{$vars->{'create.form.profile'}},
|
push @{$vars->{'create.form.profile'}},
|
||||||
+{ 'profile.formElement' => $formField,
|
{ 'profile.formElement' => $formField,
|
||||||
'profile.formElement.label' => $label,
|
'profile.formElement.label' => $label,
|
||||||
'profile.required' => $required };
|
'profile.required' => $required };
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -81,15 +81,15 @@ sub _isValidPassword {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($self->getSetting("requiredDigits") && !$self->_hasNumberCharacters($password, $self->getSetting("requiredDigits"))) {
|
if ($self->getSetting("requiredDigits") && !$self->_hasNumberCharacters($password, $self->getSetting("requiredDigits"))) {
|
||||||
$error .= '<li>'.sprintf($i18n->echo("Password must conatain at least %s numeric characters."), $self->getSetting("requiredDigits")).'</li>';
|
$error .= '<li>'.sprintf($i18n->get('error password requiredDigits'), $self->getSetting("requiredDigits")).'</li>';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($self->getSetting("nonWordCharacters") && !$self->_hasNonWordCharacters($password, $self->getSetting("nonWordCharacters"))) {
|
if ($self->getSetting("nonWordCharacters") && !$self->_hasNonWordCharacters($password, $self->getSetting("nonWordCharacters"))) {
|
||||||
$error .= '<li>'.sprintf($i18n->echo("Password must contain at least %s non-word characters such as , ! @ etc."), $self->getSetting("nonWordCharacters")).'</li>';
|
$error .= '<li>'.sprintf($i18n->get('error password nonWordCharacters'), $self->getSetting("nonWordCharacters")).'</li>';
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($self->getSetting("requiredMixedCase") && !$self->_hasMixedCaseCharacters($password, $self->getSetting("requiredMixedCase"))) {
|
if ($self->getSetting("requiredMixedCase") && !$self->_hasMixedCaseCharacters($password, $self->getSetting("requiredMixedCase"))) {
|
||||||
$error .= '<li>'.sprintf($i18n->echo("Password must contain at least %s upper case characters and at least one lowercase character (mixed case)."), $self->getSetting("requiredMixedCase")).'</li>';
|
$error .= '<li>'. sprintf($i18n->get('error password requiredMixedCase'), $self->getSetting("requiredMixedCase")).'</li>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->error($error);
|
$self->error($error);
|
||||||
|
|
@ -130,12 +130,12 @@ sub authenticate {
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub createAccount {
|
sub createAccount {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $message = shift;
|
my $message = shift;
|
||||||
my $confirm = shift || $self->session->form->process("confirm");
|
my $confirm = shift || $self->session->form->process("confirm");
|
||||||
my $vars = shift || {};
|
my $vars = shift || {};
|
||||||
|
|
||||||
$self->session->errorHandler->warn('WebGUI::Auth::createAccount called');
|
#$self->session->errorHandler->warn('WebGUI::Auth::createAccount called');
|
||||||
if ($self->session->user->userId ne "1") {
|
if ($self->session->user->userId ne "1") {
|
||||||
return $self->displayAccount;
|
return $self->displayAccount;
|
||||||
}
|
}
|
||||||
|
|
@ -143,86 +143,114 @@ sub createAccount {
|
||||||
return $self->displayLogin;
|
return $self->displayLogin;
|
||||||
}
|
}
|
||||||
my $i18n = WebGUI::International->new($self->session);
|
my $i18n = WebGUI::International->new($self->session);
|
||||||
$vars->{'create.message'} = $message if ($message);
|
$vars->{'create.message'} = $message if ($message);
|
||||||
$vars->{useCaptcha} = $self->session->setting->get("webguiUseCaptcha");
|
$vars->{useCaptcha} = $self->session->setting->get("webguiUseCaptcha");
|
||||||
if ($vars->{useCaptcha}) {
|
if ($vars->{useCaptcha}) {
|
||||||
use WebGUI::Form::Captcha;
|
use WebGUI::Form::Captcha;
|
||||||
my $captcha = WebGUI::Form::Captcha->new($self->session,{"name"=>"authWebGUI.captcha"});
|
my $captcha = WebGUI::Form::Captcha->new($self->session,{"name"=>"authWebGUI.captcha"});
|
||||||
$vars->{'create.form.captcha'} = $captcha->toHtml.'<span class="formSubtext">'.$captcha->get('subtext').'</span>';
|
$vars->{'create.form.captcha'}
|
||||||
|
= $captcha->toHtml . '<span class="formSubtext">' . $captcha->get('subtext').'</span>';
|
||||||
$vars->{'create.form.captcha.label'} = $i18n->get("captcha label","AuthWebGUI");
|
$vars->{'create.form.captcha.label'} = $i18n->get("captcha label","AuthWebGUI");
|
||||||
}
|
}
|
||||||
$vars->{'create.form.username'} = WebGUI::Form::text($self->session,{"name"=>"authWebGUI.username","value"=>$self->session->form->process("authWebGUI.username")});
|
$vars->{'create.form.username'}
|
||||||
$vars->{'create.form.username.label'} = $i18n->get(50);
|
= WebGUI::Form::text($self->session, {
|
||||||
$vars->{'create.form.password'} = WebGUI::Form::password($self->session,{"name"=>"authWebGUI.identifier"});
|
"name" => "authWebGUI.username",
|
||||||
$vars->{'create.form.password.label'} = $i18n->get(51);
|
"value" => $self->session->form->process("authWebGUI.username"),
|
||||||
$vars->{'create.form.passwordConfirm'} = WebGUI::Form::password($self->session,{"name"=>"authWebGUI.identifierConfirm"});
|
});
|
||||||
$vars->{'create.form.passwordConfirm.label'} = $i18n->get(2,'AuthWebGUI');
|
$vars->{'create.form.username.label'} = $i18n->get(50);
|
||||||
$vars->{'create.form.hidden'} = WebGUI::Form::hidden($self->session,{"name"=>"confirm","value"=>$confirm});
|
$vars->{'create.form.password'}
|
||||||
$vars->{'recoverPassword.isAllowed'} = $self->getSetting("passwordRecovery");
|
= WebGUI::Form::password($self->session, {
|
||||||
$vars->{'recoverPassword.url'} = $self->session->url->page('op=auth;method=recoverPassword');
|
"name" => "authWebGUI.identifier"
|
||||||
$vars->{'recoverPassword.label'} = $i18n->get(59);
|
});
|
||||||
return $self->SUPER::createAccount("createAccountSave",$vars);
|
$vars->{'create.form.password.label'} = $i18n->get(51);
|
||||||
|
$vars->{'create.form.passwordConfirm'}
|
||||||
|
= WebGUI::Form::password($self->session, {
|
||||||
|
"name" => "authWebGUI.identifierConfirm"
|
||||||
|
});
|
||||||
|
$vars->{'create.form.passwordConfirm.label'} = $i18n->get(2,'AuthWebGUI');
|
||||||
|
$vars->{'create.form.hidden'}
|
||||||
|
= WebGUI::Form::hidden($self->session, {
|
||||||
|
"name" => "confirm",
|
||||||
|
"value" => $confirm
|
||||||
|
});
|
||||||
|
$vars->{'recoverPassword.isAllowed' } = $self->getSetting("passwordRecovery");
|
||||||
|
$vars->{'recoverPassword.url' } = $self->session->url->page('op=auth;method=recoverPassword');
|
||||||
|
$vars->{'recoverPassword.label' } = $i18n->get(59);
|
||||||
|
return $self->SUPER::createAccount("createAccountSave",$vars);
|
||||||
}
|
}
|
||||||
|
|
||||||
#-------------------------------------------------------------------
|
#-------------------------------------------------------------------
|
||||||
sub createAccountSave {
|
sub createAccountSave {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $i18n = WebGUI::International->new($self->session);
|
my $session = $self->session;
|
||||||
|
my $form = $self->session->form;
|
||||||
|
my $setting = $self->session->setting;
|
||||||
|
my $i18n = WebGUI::International->new($session);
|
||||||
|
|
||||||
return $self->displayAccount if ($self->session->user->userId ne "1");
|
# Logged in users cannot see this page
|
||||||
|
return $self->displayAccount if ($session->user->userId ne "1");
|
||||||
|
|
||||||
#Make sure anonymous registration is enabled
|
# Make sure anonymous registration is enabled
|
||||||
unless ($self->session->setting->get("anonymousRegistration") || $self->session->setting->get("userInvitationsEnabled")) {
|
if (!$setting->get("anonymousRegistration") && !$setting->get("userInvitationsEnabled")) {
|
||||||
$self->session->errorHandler->security($i18n->get("no registration hack", "AuthWebGUI"));
|
$session->errorHandler->security($i18n->get("no registration hack", "AuthWebGUI"));
|
||||||
return $self->displayLogin;
|
return $self->displayLogin;
|
||||||
}
|
}
|
||||||
my $username = $self->session->form->process('authWebGUI.username');
|
my $username = $form->process('authWebGUI.username');
|
||||||
my $password = $self->session->form->process('authWebGUI.identifier');
|
my $password = $form->process('authWebGUI.identifier');
|
||||||
my $passConfirm = $self->session->form->process('authWebGUI.identifierConfirm');
|
my $passConfirm = $form->process('authWebGUI.identifierConfirm');
|
||||||
|
|
||||||
my $error;
|
# Validate input
|
||||||
$error = $self->error unless($self->validUsername($username));
|
my $error;
|
||||||
if ($self->session->setting->get("webguiUseCaptcha")) {
|
$error = $self->error unless($self->validUsername($username));
|
||||||
unless ($self->session->form->process('authWebGUI.captcha', "Captcha")) {
|
if ($setting->get("webguiUseCaptcha")) {
|
||||||
$error .= $i18n->get("captcha failure","AuthWebGUI");
|
unless ($form->process('authWebGUI.captcha', "Captcha")) {
|
||||||
}
|
$error .= $i18n->get("captcha failure","AuthWebGUI");
|
||||||
}
|
}
|
||||||
$error .= $self->error unless($self->_isValidPassword($password,$passConfirm));
|
}
|
||||||
my ($profile, $temp, $warning) = WebGUI::Operation::Profile::validateProfileData($self->session);
|
$error .= $self->error unless($self->_isValidPassword($password,$passConfirm));
|
||||||
$error .= $temp;
|
my ($profile, $temp, $warning) = WebGUI::Operation::Profile::validateProfileData($self->session);
|
||||||
|
$error .= $temp;
|
||||||
|
|
||||||
return $self->createAccount($error) unless ($error eq "");
|
return $self->createAccount($error) unless ($error eq "");
|
||||||
# If Email address is not unique, a warning is displayed
|
|
||||||
if ($warning ne "" && !$self->session->form->process("confirm")) {
|
|
||||||
return $self->createAccount('<li>'.$i18n->get(1078).'</li>', 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
my $properties;
|
# If Email address is not unique, a warning is displayed
|
||||||
$properties->{changeUsername} = $self->session->setting->get("webguiChangeUsername");
|
if ($warning ne "" && !$self->session->form->process("confirm")) {
|
||||||
$properties->{changePassword} = $self->session->setting->get("webguiChangePassword");
|
return $self->createAccount('<li>'.$i18n->get(1078).'</li>', 1);
|
||||||
$properties->{identifier} = Digest::MD5::md5_base64($password);
|
}
|
||||||
$properties->{passwordLastUpdated} =$self->session->datetime->time();
|
|
||||||
$properties->{passwordTimeout} = $self->session->setting->get("webguiPasswordTimeout");
|
# Create the new account
|
||||||
$properties->{status} = 'Deactivated' if ($self->session->setting->get("webguiValidateEmail"));
|
my $properties;
|
||||||
$self->SUPER::createAccountSave($username,$properties,$password,$profile);
|
$properties->{ changeUsername } = $setting->get("webguiChangeUsername");
|
||||||
if ($self->session->setting->get("webguiValidateEmail")) {
|
$properties->{ changePassword } = $setting->get("webguiChangePassword");
|
||||||
my $key = $self->session->id->generate();
|
$properties->{ identifier } = Digest::MD5::md5_base64($password);
|
||||||
$self->saveParams($self->userId,"WebGUI",{emailValidationKey=>$key});
|
$properties->{ passwordLastUpdated } = $session->datetime->time();
|
||||||
my $mail = WebGUI::Mail::Send->create($self->session,{
|
$properties->{ passwordTimeout } = $setting->get("webguiPasswordTimeout");
|
||||||
to=>$profile->{email},
|
$properties->{ status } = 'Deactivated' if ($setting->get("webguiValidateEmail"));
|
||||||
subject=>$i18n->get('email address validation email subject','AuthWebGUI')
|
$self->SUPER::createAccountSave($username,$properties,$password,$profile);
|
||||||
});
|
|
||||||
$mail->addText($i18n->get('email address validation email body','AuthWebGUI')."\n\n".$self->session->url->getSiteURL().$self->session->url->page("op=auth;method=validateEmail;key=".$key));
|
# Send validation e-mail if required
|
||||||
$mail->addFooter;
|
if ($setting->get("webguiValidateEmail")) {
|
||||||
$mail->send;
|
my $key = $session->id->generate();
|
||||||
$self->user->status("Deactivated");
|
$self->saveParams($self->userId,"WebGUI",{emailValidationKey=>$key});
|
||||||
$self->session->var->end($self->session->var->get("sessionId"));
|
my $mail = WebGUI::Mail::Send->create($self->session,{
|
||||||
$self->session->var->start(1,$self->session->getId);
|
to => $profile->{email},
|
||||||
my $u = WebGUI::User->new($self->session,1);
|
subject => $i18n->get('email address validation email subject','AuthWebGUI')
|
||||||
$self->{user} = $u;
|
});
|
||||||
$self->logout;
|
$mail->addText(
|
||||||
return $self->displayLogin($i18n->get('check email for validation','AuthWebGUI'));
|
$i18n->get('email address validation email body','AuthWebGUI') . "\n\n"
|
||||||
}
|
. $session->url->getSiteURL()
|
||||||
|
. $session->url->page("op=auth;method=validateEmail;key=".$key)
|
||||||
|
);
|
||||||
|
$mail->addFooter;
|
||||||
|
$mail->send;
|
||||||
|
$self->user->status("Deactivated");
|
||||||
|
$session->var->end($session->var->get("sessionId"));
|
||||||
|
$session->var->start(1,$session->getId);
|
||||||
|
my $u = WebGUI::User->new($session,1);
|
||||||
|
$self->{user} = $u;
|
||||||
|
$self->logout;
|
||||||
|
return $self->displayLogin($i18n->get('check email for validation','AuthWebGUI'));
|
||||||
|
}
|
||||||
return undef;
|
return undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -382,17 +410,17 @@ sub editUserSettingsForm {
|
||||||
);
|
);
|
||||||
$f->integer(
|
$f->integer(
|
||||||
-name => "webguiRequiredDigits",
|
-name => "webguiRequiredDigits",
|
||||||
-label => $i18n->echo("Number of digits required in password"),
|
-label => $i18n->get('setting webguiRequiredDigits'),
|
||||||
-value => $self->session->setting->get("webguiRequiredDigits")
|
-value => $self->session->setting->get("webguiRequiredDigits")
|
||||||
);
|
);
|
||||||
$f->integer(
|
$f->integer(
|
||||||
-name => "webguiNonWordCharacters",
|
-name => "webguiNonWordCharacters",
|
||||||
-label => $i18n->echo("Number of non-word characters required in password"),
|
-label => $i18n->get('setting webguiNonWordCharacters'),
|
||||||
-value => $self->session->setting->get("webguiNonWordCharacters")
|
-value => $self->session->setting->get("webguiNonWordCharacters")
|
||||||
);
|
);
|
||||||
$f->integer(
|
$f->integer(
|
||||||
-name => "webguiRequiredMixedCase",
|
-name => "webguiRequiredMixedCase",
|
||||||
-label => $i18n->echo("Number of upper case case characters required in password"),
|
-label => $i18n->get('setting webguiRequiredMixedCase'),
|
||||||
-value => $self->session->setting->get("webguiRequiredMixedCase")
|
-value => $self->session->setting->get("webguiRequiredMixedCase")
|
||||||
);
|
);
|
||||||
$f->interval(
|
$f->interval(
|
||||||
|
|
|
||||||
|
|
@ -543,6 +543,36 @@ our $I18N = {
|
||||||
lastUpdated => 1165402566,
|
lastUpdated => 1165402566,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
'error password requiredDigits' => {
|
||||||
|
message => q{Password must contain at least %s numeric characters.},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
|
|
||||||
|
'error password nonWordCharacters' => {
|
||||||
|
message => q{Password must contain at least %s non-word characters (such as '!', '@', or '$').},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
|
|
||||||
|
'error password requiredMixedCase' => {
|
||||||
|
message => q{Password must contain at least %s upper case characters and at least
|
||||||
|
one lowercase character (mixed case)."},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
|
|
||||||
|
'setting webguiRequiredDigits' => {
|
||||||
|
message => q{Number of digits required in password},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
|
|
||||||
|
'setting webguiNonWordCharacters' => {
|
||||||
|
message => q{Number of non-word characters required in password},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
|
|
||||||
|
'setting webguiRequiredMixedCase' => {
|
||||||
|
message => q{Number of upper-case characters required in password},
|
||||||
|
lastUpdated => 0,
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue