Fixed style in style upon reuse of password recovery token
This commit is contained in:
Kaleb Murphy
parent
27769a9b68
commit
3f0b3b3e09
3 changed files with 14 additions and 4 deletions
|
|
@ -33,6 +33,7 @@
|
|||
- fixed: Reoccurring transactions now update the correct user id
|
||||
- fixed: I need a template for this display
|
||||
- fixed: If a user clicks on an unsubscribe link in an email and they are not logged into WebGUI, they are now prompted to log in so that they can then unsbscribe.
|
||||
- fixed: Using a password recovery token a second time informs the user of the reuse instead of having a style inside a style with a login form.
|
||||
|
||||
7.5.22
|
||||
- fixed: Layout template now gets prepared correctly
|
||||
|
|
|
|||
|
|
@ -752,6 +752,7 @@ sub emailRecoverPassword {
|
|||
);
|
||||
|
||||
$output .= $f->print;
|
||||
$self->session->log->error($output);
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
|
@ -1004,8 +1005,9 @@ sub emailResetPassword {
|
|||
$self->session->user({user=>$u});
|
||||
|
||||
# do not proceed unless we have an incoming guid from the email, and that guid corresponds to a valid user.
|
||||
unless ($passwordRecoveryToken && $userId) {
|
||||
return $session->privilege->insufficient;
|
||||
if(!defined $userId){
|
||||
my $i18n = WebGUI::International->new($self->session,"AuthWebGUI");
|
||||
return $i18n->get("token already used");
|
||||
}
|
||||
|
||||
# login the user and take them to a page where they can change their password.
|
||||
|
|
@ -1068,8 +1070,11 @@ sub emailResetPasswordFinish {
|
|||
my $passwordRecoveryToken = $form->param('token');
|
||||
|
||||
my $userId = $self->getUserIdByPasswordRecoveryToken($session, $passwordRecoveryToken);
|
||||
|
||||
return $session->privilege->insufficient unless $userId;
|
||||
|
||||
if(!defined $userId){
|
||||
my $i18n = WebGUI::International->new($self->session,"AuthWebGUI");
|
||||
return $i18n->get("token already used");
|
||||
}
|
||||
|
||||
if ($self->_isValidPassword($password, $passwordConfirm)) {
|
||||
$self->user(WebGUI::User->new($self->session, $userId));
|
||||
|
|
|
|||
|
|
@ -2,6 +2,10 @@ package WebGUI::i18n::English::AuthWebGUI;
|
|||
use strict;
|
||||
|
||||
our $I18N = {
|
||||
'token already used' => {
|
||||
message => q|This password recovery authentication token has already been used.|,
|
||||
lastUpdated => 0
|
||||
},
|
||||
'no registration hack' => {
|
||||
message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
|
||||
lastUpdated => 1078852836
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue