Fixed style in style upon reuse of password recovery token
This commit is contained in:
parent
27769a9b68
commit
3f0b3b3e09
3 changed files with 14 additions and 4 deletions
|
|
@ -33,6 +33,7 @@
|
||||||
- fixed: Reoccurring transactions now update the correct user id
|
- fixed: Reoccurring transactions now update the correct user id
|
||||||
- fixed: I need a template for this display
|
- fixed: I need a template for this display
|
||||||
- fixed: If a user clicks on an unsubscribe link in an email and they are not logged into WebGUI, they are now prompted to log in so that they can then unsbscribe.
|
- fixed: If a user clicks on an unsubscribe link in an email and they are not logged into WebGUI, they are now prompted to log in so that they can then unsbscribe.
|
||||||
|
- fixed: Using a password recovery token a second time informs the user of the reuse instead of having a style inside a style with a login form.
|
||||||
|
|
||||||
7.5.22
|
7.5.22
|
||||||
- fixed: Layout template now gets prepared correctly
|
- fixed: Layout template now gets prepared correctly
|
||||||
|
|
|
||||||
|
|
@ -752,6 +752,7 @@ sub emailRecoverPassword {
|
||||||
);
|
);
|
||||||
|
|
||||||
$output .= $f->print;
|
$output .= $f->print;
|
||||||
|
$self->session->log->error($output);
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1004,8 +1005,9 @@ sub emailResetPassword {
|
||||||
$self->session->user({user=>$u});
|
$self->session->user({user=>$u});
|
||||||
|
|
||||||
# do not proceed unless we have an incoming guid from the email, and that guid corresponds to a valid user.
|
# do not proceed unless we have an incoming guid from the email, and that guid corresponds to a valid user.
|
||||||
unless ($passwordRecoveryToken && $userId) {
|
if(!defined $userId){
|
||||||
return $session->privilege->insufficient;
|
my $i18n = WebGUI::International->new($self->session,"AuthWebGUI");
|
||||||
|
return $i18n->get("token already used");
|
||||||
}
|
}
|
||||||
|
|
||||||
# login the user and take them to a page where they can change their password.
|
# login the user and take them to a page where they can change their password.
|
||||||
|
|
@ -1068,8 +1070,11 @@ sub emailResetPasswordFinish {
|
||||||
my $passwordRecoveryToken = $form->param('token');
|
my $passwordRecoveryToken = $form->param('token');
|
||||||
|
|
||||||
my $userId = $self->getUserIdByPasswordRecoveryToken($session, $passwordRecoveryToken);
|
my $userId = $self->getUserIdByPasswordRecoveryToken($session, $passwordRecoveryToken);
|
||||||
|
|
||||||
return $session->privilege->insufficient unless $userId;
|
if(!defined $userId){
|
||||||
|
my $i18n = WebGUI::International->new($self->session,"AuthWebGUI");
|
||||||
|
return $i18n->get("token already used");
|
||||||
|
}
|
||||||
|
|
||||||
if ($self->_isValidPassword($password, $passwordConfirm)) {
|
if ($self->_isValidPassword($password, $passwordConfirm)) {
|
||||||
$self->user(WebGUI::User->new($self->session, $userId));
|
$self->user(WebGUI::User->new($self->session, $userId));
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,10 @@ package WebGUI::i18n::English::AuthWebGUI;
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
our $I18N = {
|
our $I18N = {
|
||||||
|
'token already used' => {
|
||||||
|
message => q|This password recovery authentication token has already been used.|,
|
||||||
|
lastUpdated => 0
|
||||||
|
},
|
||||||
'no registration hack' => {
|
'no registration hack' => {
|
||||||
message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
|
message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
|
||||||
lastUpdated => 1078852836
|
lastUpdated => 1078852836
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue