From: Tim Düsterhus Date: Thu, 29 Apr 2021 07:39:33 +0000 (+0200) Subject: Merge branch '5.3' X-Git-Tag: 5.4.0_Alpha_1~28 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9586241778847805e012da2997d14b3cf20b486e;p=GitHub%2FWoltLab%2FWCF.git Merge branch '5.3' --- 9586241778847805e012da2997d14b3cf20b486e diff --cc wcfsetup/install/files/lib/form/NewPasswordForm.class.php index 871530154d,0df3a42a04..11567b0dd6 --- a/wcfsetup/install/files/lib/form/NewPasswordForm.class.php +++ b/wcfsetup/install/files/lib/form/NewPasswordForm.class.php @@@ -18,192 -16,171 +18,192 @@@ use wcf\util\UserRegistrationUtil /** * Shows the new password form. - * - * @author Marcel Werk - * @copyright 2001-2019 WoltLab GmbH - * @license GNU Lesser General Public License - * @package WoltLabSuite\Core\Form + * + * @author Marcel Werk + * @copyright 2001-2019 WoltLab GmbH + * @license GNU Lesser General Public License + * @package WoltLabSuite\Core\Form */ -class NewPasswordForm extends AbstractForm { - const AVAILABLE_DURING_OFFLINE_MODE = true; - - /** - * user id - * @var integer - */ - public $userID = 0; - - /** - * lost password key - * @var string - */ - public $lostPasswordKey = ''; - - /** - * User object - * @var User - */ - public $user; - - /** - * new password - * @var string - */ - public $newPassword = ''; - - /** - * @var mixed[] - */ - public $newPasswordStrengthVerdict = []; - - /** - * confirmed new password - * @var string - */ - public $confirmNewPassword = ''; - - /** - * @inheritDoc - */ - public function readParameters() { - parent::readParameters(); - - if (isset($_GET['id']) && isset($_GET['k'])) { - $this->userID = intval($_GET['id']); - $this->lostPasswordKey = StringUtil::trim($_GET['k']); - if (!$this->userID || !$this->lostPasswordKey) throw new IllegalLinkException(); - - $this->user = new User($this->userID); - if (!$this->user->userID) throw new IllegalLinkException(); - - if (!$this->user->lostPasswordKey) { - $this->throwInvalidLinkException(); - } - if (!\hash_equals($this->user->lostPasswordKey, $this->lostPasswordKey)) { - $this->throwInvalidLinkException(); - } - // expire lost password requests after a day - if ($this->user->lastLostPasswordRequestTime < TIME_NOW - 86400) { - $this->throwInvalidLinkException(); - } - - WCF::getSession()->register('lostPasswordRequest', [ - 'userID' => $this->user->userID, - 'key' => $this->user->lostPasswordKey - ]); - } - else { - if (!is_array(WCF::getSession()->getVar('lostPasswordRequest'))) throw new PermissionDeniedException(); - $this->userID = intval(WCF::getSession()->getVar('lostPasswordRequest')['userID']); - - $this->user = new User($this->userID); - if (!$this->user->userID) throw new IllegalLinkException(); - if (!\hash_equals($this->user->lostPasswordKey, WCF::getSession()->getVar('lostPasswordRequest')['key'])) { - $this->throwInvalidLinkException(); - } - } - } - - /** - * @inheritDoc - */ - public function readFormParameters() { - parent::readFormParameters(); - - if (isset($_POST['newPassword'])) $this->newPassword = $_POST['newPassword']; - if (isset($_POST['newPassword_passwordStrengthVerdict'])) { - try { - $this->newPasswordStrengthVerdict = JSON::decode($_POST['newPassword_passwordStrengthVerdict']); - } - catch (SystemException $e) { - // ignore - } - } - if (isset($_POST['confirmNewPassword'])) $this->confirmNewPassword = $_POST['confirmNewPassword']; - } - - /** - * @inheritDoc - */ - public function validate() { - parent::validate(); - - if (empty($this->newPassword)) { - throw new UserInputException('newPassword'); - } - - if (empty($this->confirmNewPassword)) { - throw new UserInputException('confirmNewPassword'); - } - - if (($this->newPasswordStrengthVerdict['score'] ?? 4) < PASSWORD_MIN_SCORE) { - throw new UserInputException('newPassword', 'notSecure'); - } - - if ($this->newPassword != $this->confirmNewPassword) { - throw new UserInputException('confirmNewPassword', 'notEqual'); - } - } - - /** - * @inheritDoc - */ - public function save() { - parent::save(); - - WCF::getSession()->unregister('lostPasswordRequest'); - - // update user - $this->objectAction = new UserAction([$this->user], 'update', [ - 'data' => array_merge($this->additionalFields, [ - 'password' => $this->newPassword, - 'lastLostPasswordRequestTime' => 0, - 'lostPasswordKey' => '' - ]) - ]); - $this->objectAction->executeAction(); - - // forward to index page - HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->getDynamicVariable('wcf.user.newPassword.success', ['user' => $this->user])); - exit; - } - - /** - * @inheritDoc - */ - public function assignVariables() { - parent::assignVariables(); - - WCF::getTPL()->assign([ - 'user' => $this->user, - 'newPassword' => $this->newPassword, - 'confirmNewPassword' => $this->confirmNewPassword, - 'passwordRulesAttributeValue' => UserRegistrationUtil::getPasswordRulesAttributeValue() - ]); - } - - private function throwInvalidLinkException() { - throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.newPassword.error.invalidLink')); - } +class NewPasswordForm extends AbstractForm +{ + const AVAILABLE_DURING_OFFLINE_MODE = true; + + /** + * user id + * @var int + */ + public $userID = 0; + + /** + * lost password key + * @var string + */ + public $lostPasswordKey = ''; + + /** + * User object + * @var User + */ + public $user; + + /** + * new password + * @var string + */ + public $newPassword = ''; + + /** + * @var mixed[] + */ - public $newPasswordStrengtVerdict = []; ++ public $newPasswordStrengthVerdict = []; + + /** + * confirmed new password + * @var string + */ + public $confirmNewPassword = ''; + + /** + * @inheritDoc + */ + public function readParameters() + { + parent::readParameters(); + + if (isset($_GET['id']) && isset($_GET['k'])) { + $this->userID = \intval($_GET['id']); + $this->lostPasswordKey = StringUtil::trim($_GET['k']); + if (!$this->userID || !$this->lostPasswordKey) { + throw new IllegalLinkException(); + } + + $this->user = new User($this->userID); + if (!$this->user->userID) { + throw new IllegalLinkException(); + } + + if (!$this->user->lostPasswordKey) { + $this->throwInvalidLinkException(); + } + if (!\hash_equals($this->user->lostPasswordKey, $this->lostPasswordKey)) { + $this->throwInvalidLinkException(); + } + // expire lost password requests after a day + if ($this->user->lastLostPasswordRequestTime < TIME_NOW - 86400) { + $this->throwInvalidLinkException(); + } + + WCF::getSession()->register('lostPasswordRequest', [ + 'userID' => $this->user->userID, + 'key' => $this->user->lostPasswordKey, + ]); + } else { + if (!\is_array(WCF::getSession()->getVar('lostPasswordRequest'))) { + throw new PermissionDeniedException(); + } + $this->userID = \intval(WCF::getSession()->getVar('lostPasswordRequest')['userID']); + + $this->user = new User($this->userID); + if (!$this->user->userID) { + throw new IllegalLinkException(); + } + if (!\hash_equals($this->user->lostPasswordKey, WCF::getSession()->getVar('lostPasswordRequest')['key'])) { + $this->throwInvalidLinkException(); + } + } + } + + /** + * @inheritDoc + */ + public function readFormParameters() + { + parent::readFormParameters(); + + if (isset($_POST['newPassword'])) { + $this->newPassword = $_POST['newPassword']; + } + if (isset($_POST['newPassword_passwordStrengthVerdict'])) { + try { + $this->newPasswordStrengthVerdict = JSON::decode($_POST['newPassword_passwordStrengthVerdict']); + } catch (SystemException $e) { + // ignore + } + } + if (isset($_POST['confirmNewPassword'])) { + $this->confirmNewPassword = $_POST['confirmNewPassword']; + } + } + + /** + * @inheritDoc + */ + public function validate() + { + parent::validate(); + + if (empty($this->newPassword)) { + throw new UserInputException('newPassword'); + } + + if (empty($this->confirmNewPassword)) { + throw new UserInputException('confirmNewPassword'); + } + + if (($this->newPasswordStrengthVerdict['score'] ?? 4) < PASSWORD_MIN_SCORE) { + throw new UserInputException('newPassword', 'notSecure'); + } + + if ($this->newPassword != $this->confirmNewPassword) { + throw new UserInputException('confirmNewPassword', 'notEqual'); + } + } + + /** + * @inheritDoc + */ + public function save() + { + parent::save(); + + WCF::getSession()->unregister('lostPasswordRequest'); + + // update user + $this->objectAction = new UserAction([$this->user], 'update', [ + 'data' => \array_merge($this->additionalFields, [ + 'password' => $this->newPassword, + 'lastLostPasswordRequestTime' => 0, + 'lostPasswordKey' => '', + ]), + ]); + $this->objectAction->executeAction(); + + // forward to index page + HeaderUtil::delayedRedirect( + LinkHandler::getInstance()->getLink(), + WCF::getLanguage()->getDynamicVariable('wcf.user.newPassword.success', ['user' => $this->user]) + ); + + exit; + } + + /** + * @inheritDoc + */ + public function assignVariables() + { + parent::assignVariables(); + + WCF::getTPL()->assign([ + 'user' => $this->user, + 'newPassword' => $this->newPassword, + 'confirmNewPassword' => $this->confirmNewPassword, + 'passwordRulesAttributeValue' => UserRegistrationUtil::getPasswordRulesAttributeValue(), + ]); + } + + private function throwInvalidLinkException() + { + throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.newPassword.error.invalidLink')); + } }