From 6a2817e944eb7ca01575e4a72dd01f82d66fb2c1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 29 Jul 2016 23:20:46 +0200 Subject: [PATCH] Send link to set new password in SendNewPasswordWorker --- .../templates/email_sendNewPassword.tpl | 19 ++++++ .../worker/SendNewPasswordWorker.class.php | 64 ++++++++++++++----- wcfsetup/install/lang/de.xml | 21 ++++++ wcfsetup/install/lang/en.xml | 21 ++++-- 4 files changed, 105 insertions(+), 20 deletions(-) create mode 100644 com.woltlab.wcf/templates/email_sendNewPassword.tpl diff --git a/com.woltlab.wcf/templates/email_sendNewPassword.tpl b/com.woltlab.wcf/templates/email_sendNewPassword.tpl new file mode 100644 index 0000000000..5a3a139e56 --- /dev/null +++ b/com.woltlab.wcf/templates/email_sendNewPassword.tpl @@ -0,0 +1,19 @@ +{if $mimeType === 'text/plain'} +{capture assign='content'}{lang}wcf.acp.user.sendNewPassword.mail.plaintext{/lang}{/capture} +{include file='email_plaintext'} +{else} + {capture assign='content'} +

{lang}wcf.acp.user.sendNewPassword.mail.html.headline{/lang}

+ {lang}wcf.acp.user.sendNewPassword.mail.html.intro{/lang} + + {capture assign=button} + + {lang}wcf.acp.user.sendNewPassword.mail.html.reset{/lang} + + {/capture} + {include file='email_paddingHelper' class='button' content=$button sandbox=true} + + {lang}wcf.acp.user.sendNewPassword.mail.html.outro{/lang} + {/capture} + {include file='email_html'} +{/if} diff --git a/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php b/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php index 7e53f2e2d9..b455fe730e 100644 --- a/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php +++ b/wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php @@ -1,14 +1,19 @@ sendNewPassword($userEditor); + $this->resetPassword($userEditor); + } + + $userList = new UserList(); + $userList->getConditionBuilder()->add('user_table.userID IN (?)', [$this->parameters['userIDs']]); + $userList->sqlLimit = $this->limit; + $userList->sqlOffset = $this->limit * $this->loopCount; + $userList->readObjects(); + + /** @var User $user */ + foreach ($userList as $user) { + $this->sendLink($user); } } @@ -73,25 +89,43 @@ class SendNewPasswordWorker extends AbstractWorker { } /** - * Sends a new password to the given user. + * Resets the password of the given user. * - * @param \wcf\data\user\UserEditor $userEditor + * @param UserEditor $userEditor */ - protected function sendNewPassword(UserEditor $userEditor) { + protected function resetPassword(UserEditor $userEditor) { + try { + $lostPasswordKey = bin2hex(CryptoUtil::randomBytes(20)); + $lastLostPasswordRequestTime = TIME_NOW; + } + catch (CryptoException $e) { + $lostPasswordKey = null; + $lastLostPasswordRequestTime = 0; + } $userAction = new UserAction([$userEditor], 'update', [ 'data' => [ - 'password' => null + 'password' => null, + 'lostPasswordKey' => $lostPasswordKey, + 'lastLostPasswordRequestTime' => $lastLostPasswordRequestTime ] ]); $userAction->executeAction(); - - // send mail - // TODO: Send link - $mail = new Mail([$userEditor->username => $userEditor->email], $userEditor->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail.subject'), $userEditor->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail', [ - 'password' => $newPassword, - 'username' => $userEditor->username + } + + /** + * Send links. + * + * @param User $user + */ + protected function sendLink(User $user) { + $email = new Email(); + $email->addRecipient(new UserMailbox($user)); + $email->setSubject($user->getLanguage()->getDynamicVariable('wcf.acp.user.sendNewPassword.mail.subject')); + $email->setBody(new MimePartFacade([ + new RecipientAwareTextMimePart('text/html', 'email_sendNewPassword'), + new RecipientAwareTextMimePart('text/plain', 'email_sendNewPassword') ])); - $mail->send(); + $email->send(); } /** diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index 22f1496b89..9dc3b5e3c5 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -1795,6 +1795,27 @@ Wenn {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} unter System -> O {if LANGUAGE_USE_INFORMAL_VARIANT}Klicke hier, um dich mit deinem{else}Klicken Sie hier, um sich mit Ihrem{/if} neuen Kennwort anzumelden: {link controller='Login' isEmail=true}{/link}]]> + getUser()->username}, + +ein Administrator hat {if LANGUAGE_USE_INFORMAL_VARIANT}dein{else}Ihr{/if} Kennwort zurück gesetzt. Es ist nun +erforderlich, dass {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} nun ein neues Kennwort setzen, damit {if LANGUAGE_USE_INFORMAL_VARIANT}du dein {else}Sie ihr {/if} +Benutzerkonto {@$mailbox->getUser()->username} auf der Seite {@PAGE_TITLE|language} [URL:{link isEmail=true}{/link}] +weiterhin verwenden {if LANGUAGE_USE_INFORMAL_VARIANT}kannst{else}können{/if}: + + {link controller='NewPassword' object=$mailbox->getUser() isEmail=true}k={@$mailbox->getUser()->lostPasswordKey}{/link} {* this line ends with a space *} + +{if LANGUAGE_USE_INFORMAL_VARIANT}Solltest du{else}Sollten Sie{/if} diese Nachricht erst nach dem {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} lesen, ist es +aus Sicherheitsgründen erforderlich, dass Sie die Kennwort vergessen-Funktion [URL:{link controller='LostPassword' isEmail=true}{/link}] nutzen.]]> + getUser()->username},]]> + ein Administrator hat {if LANGUAGE_USE_INFORMAL_VARIANT}dein{else}Ihr{/if} Kennwort zurück gesetzt. Es ist nun +erforderlich, dass {if LANGUAGE_USE_INFORMAL_VARIANT}du{else}Sie{/if} nun ein neues Kennwort setzen, damit {if LANGUAGE_USE_INFORMAL_VARIANT}du dein{else}Sie ihr{/if} +Benutzerkonto {@$mailbox->getUser()->username} auf der Seite {@PAGE_TITLE|language} +weiterhin verwenden {if LANGUAGE_USE_INFORMAL_VARIANT}kannst{else}können{/if}:

]]>
+ + {if LANGUAGE_USE_INFORMAL_VARIANT}Solltest du{else}Sollten Sie{/if} diese Nachricht erst nach dem {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} lesen, ist es +aus Sicherheitsgründen erforderlich, dass Sie die Kennwort vergessen-Funktion nutzen.

]]>
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 6ed03af0cb..80ac2a37bf 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -1761,13 +1761,24 @@ You can define the default sender in System -> Options -> General -> {#$usersAwaitingApproval} User{if $usersAwaitingApproval != 1}s{/if} {if $usersAwaitingApproval == 1}is{else}are{/if} awaiting your approval.]]> - + getUser()->username}, -Your password has been changed by an administrator. -Your new password is: {$password} +an administrator resetted your password. You are now required to set a new password to be able to use your +user account {@$mailbox->getUser()->username} on the website {@PAGE_TITLE|language} [URL:{link isEmail=true}{/link}] again: -Login with your new password: {link controller='Login' isEmail=true}{/link}]]> - + {link controller='NewPassword' object=$mailbox->getUser() isEmail=true}k={@$mailbox->getUser()->lostPasswordKey}{/link} {* this line ends with a space *} + +If you read this message after {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} you’ll have to use +the lost password form [URL:{link controller='LostPassword' isEmail=true}{/link}] for security reasons.]]> + getUser()->username},]]> + an administrator resetted your password. You are now required to set a new password to be able to use your +user account {@$mailbox->getUser()->username} on the website {@PAGE_TITLE|language} again:

]]>
+ + If you read this message after {$mailbox->getUser()->lastLostPasswordRequestTime+86400|plainTime} you’ll have to use +the lost password form lost password form for security reasons.

]]>
-- 2.20.1