From 6a2817e944eb7ca01575e4a72dd01f82d66fb2c1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?=
Date: Fri, 29 Jul 2016 23:20:46 +0200
Subject: [PATCH] Send link to set new password in SendNewPasswordWorker
---
.../templates/email_sendNewPassword.tpl | 19 ++++++
.../worker/SendNewPasswordWorker.class.php | 64 ++++++++++++++-----
wcfsetup/install/lang/de.xml | 21 ++++++
wcfsetup/install/lang/en.xml | 21 ++++--
4 files changed, 105 insertions(+), 20 deletions(-)
create mode 100644 com.woltlab.wcf/templates/email_sendNewPassword.tpl
diff --git a/com.woltlab.wcf/templates/email_sendNewPassword.tpl b/com.woltlab.wcf/templates/email_sendNewPassword.tpl
new file mode 100644
index 0000000000..5a3a139e56
--- /dev/null
+++ b/com.woltlab.wcf/templates/email_sendNewPassword.tpl
@@ -0,0 +1,19 @@
+{if $mimeType === 'text/plain'}
+{capture assign='content'}{lang}wcf.acp.user.sendNewPassword.mail.plaintext{/lang}{/capture}
+{include file='email_plaintext'}
+{else}
+ {capture assign='content'}
+ {lang}wcf.acp.user.sendNewPassword.mail.html.headline{/lang}
+ {lang}wcf.acp.user.sendNewPassword.mail.html.intro{/lang}
+
+ {capture assign=button}
+
+ {lang}wcf.acp.user.sendNewPassword.mail.html.reset{/lang}
+
+ {/capture}
+ {include file='email_paddingHelper' class='button' content=$button sandbox=true}
+
+ {lang}wcf.acp.user.sendNewPassword.mail.html.outro{/lang}
+ {/capture}
+ {include file='email_html'}
+{/if}
diff --git a/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php b/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php
index 7e53f2e2d9..b455fe730e 100644
--- a/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php
+++ b/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php
@@ -1,14 +1,19 @@
sendNewPassword($userEditor);
+ $this->resetPassword($userEditor);
+ }
+
+ $userList = new UserList();
+ $userList->getConditionBuilder()->add('user_table.userID IN (?)', [$this->parameters['userIDs']]);
+ $userList->sqlLimit = $this->limit;
+ $userList->sqlOffset = $this->limit * $this->loopCount;
+ $userList->readObjects();
+
+ /** @var User $user */
+ foreach ($userList as $user) {
+ $this->sendLink($user);
}
}
@@ -73,25 +89,43 @@ class SendNewPasswordWorker extends AbstractWorker {
}
/**
- * Sends a new password to the given user.
+ * Resets the password of the given user.
*
- * @param \wcf\data\user\UserEditor $userEditor
+ * @param UserEditor $userEditor
*/
- protected function sendNewPassword(UserEditor $userEditor) {
+ protected function resetPassword(UserEditor $userEditor) {
+ try {
+ $lostPasswordKey = bin2hex(CryptoUtil::randomBytes(20));
+ $lastLostPasswordRequestTime = TIME_NOW;
+ }
+ catch (CryptoException $e) {
+ $lostPasswordKey = null;
+ $lastLostPasswordRequestTime = 0;
+ }
$userAction = new UserAction([$userEditor], 'update', [
'data' => [
- 'password' => null
+ 'password' => null,
+ 'lostPasswordKey' => $lostPasswordKey,
+ 'lastLostPasswordRequestTime' => $lastLostPasswordRequestTime
]
]);
$userAction->executeAction();
-
- // send mail
- // TODO: Send link
- $mail = new Mail([$userEditor->username => $userEditor->email], $userEditor->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail.subject'), $userEditor->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail', [
- 'password' => $newPassword,
- 'username' => $userEditor->username
+ }
+
+ /**
+ * Send links.
+ *
+ * @param User $user
+ */
+ protected function sendLink(User $user) {
+ $email = new Email();
+ $email->addRecipient(new UserMailbox($user));
+ $email->setSubject($user->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail.subject'));
+ $email->setBody(new MimePartFacade([
+ new RecipientAwareTextMimePart('text/html', 'email_sendNewPassword'),
+ new RecipientAwareTextMimePart('text/plain', 'email_sendNewPassword')
]));
- $mail->send();
+ $email->send();
}
/**
diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 22f1496b89..9dc3b5e3c5 100644
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1795,6 +1795,27 @@ Wenn {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} unter System -> O
{if LANGUAGE_USE_INFORMAL_VARIANT}Klicke hier, um dich mit deinem{else}Klicken Sie hier, um sich mit Ihrem{/if} neuen Kennwort anzumelden: {link controller='Login' isEmail=true}{/link}]]>
+ - getUser()->username},
+
+ein Administrator hat {if LANGUAGE_USE_INFORMAL_VARIANT}dein{else}Ihr{/if} Kennwort zurück gesetzt. Es ist nun
+erforderlich, dass {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} nun ein neues Kennwort setzen, damit {if LANGUAGE_USE_INFORMAL_VARIANT}du dein {else}Sie ihr {/if}
+Benutzerkonto {@$mailbox->getUser()->username} auf der Seite {@PAGE_TITLE|language} [URL:{link isEmail=true}{/link}]
+weiterhin verwenden {if LANGUAGE_USE_INFORMAL_VARIANT}kannst{else}können{/if}:
+
+ {link controller='NewPassword' object=$mailbox->getUser() isEmail=true}k={@$mailbox->getUser()->lostPasswordKey}{/link} {* this line ends with a space *}
+
+{if LANGUAGE_USE_INFORMAL_VARIANT}Solltest du{else}Sollten Sie{/if} diese Nachricht erst nach dem {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} lesen, ist es
+aus Sicherheitsgründen erforderlich, dass Sie die Kennwort vergessen-Funktion [URL:{link controller='LostPassword' isEmail=true}{/link}] nutzen.]]>
+ - getUser()->username},]]>
+ - ein Administrator hat {if LANGUAGE_USE_INFORMAL_VARIANT}dein{else}Ihr{/if} Kennwort zurück gesetzt. Es ist nun
+erforderlich, dass {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} nun ein neues Kennwort setzen, damit {if LANGUAGE_USE_INFORMAL_VARIANT}du dein{else}Sie ihr{/if}
+Benutzerkonto {@$mailbox->getUser()->username} auf der Seite {@PAGE_TITLE|language}
+weiterhin verwenden {if LANGUAGE_USE_INFORMAL_VARIANT}kannst{else}können{/if}:
]]>
+
+ - {if LANGUAGE_USE_INFORMAL_VARIANT}Solltest du{else}Sollten Sie{/if} diese Nachricht erst nach dem {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} lesen, ist es
+aus Sicherheitsgründen erforderlich, dass Sie die Kennwort vergessen-Funktion nutzen.]]>
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 6ed03af0cb..80ac2a37bf 100644
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1761,13 +1761,24 @@ You can define the default sender in System -> Options -> General ->
- {#$usersAwaitingApproval} User{if $usersAwaitingApproval != 1}s{/if} {if $usersAwaitingApproval == 1}is{else}are{/if} awaiting your approval.]]>
-
+ - getUser()->username},
-Your password has been changed by an administrator.
-Your new password is: {$password}
+an administrator resetted your password. You are now required to set a new password to be able to use your
+user account {@$mailbox->getUser()->username} on the website {@PAGE_TITLE|language} [URL:{link isEmail=true}{/link}] again:
-Login with your new password: {link controller='Login' isEmail=true}{/link}]]>
-
+ {link controller='NewPassword' object=$mailbox->getUser() isEmail=true}k={@$mailbox->getUser()->lostPasswordKey}{/link} {* this line ends with a space *}
+
+If you read this message after {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} youâll have to use
+the lost password form [URL:{link controller='LostPassword' isEmail=true}{/link}] for security reasons.]]>
+ - getUser()->username},]]>
+ - an administrator resetted your password. You are now required to set a new password to be able to use your
+user account {@$mailbox->getUser()->username} on the website {@PAGE_TITLE|language} again:]]>
+
+ - If you read this message after {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} youâll have to use
+the lost password form lost password form for security reasons.]]>
--
2.20.1