General Actions:
Log-in
Wiki:
L3D's Wiki
▼
:
Document Index
»
Space:
XWiki
▼
:
Document Index
»
Page:
ResetPassword
Search
Page Actions:
Export
▼
:
Export as PDF
Export as RTF
Export as HTML
More actions
▼
:
Print preview
View Source
Welcome to your wiki
»
Forgot your password?
Wiki source code of
Forgot your password?
Last modified by
Administrator
on 2011/03/02 17:34
Content
·
Comments
(0)
·
Attachments
(0)
·
History
·
Information
Hide line numbers
1: {{velocity}} 2: #** 3: This page starts the password reset procedure. It works according to the next algorithm: 4: 1. Display a form requesting the username 5: 2. When receiving the username via form submission, generate a random verification string which is stored (as a hash) inside a ResetPasswordRequestClass object attached to the user's profile page. If no such object exists, it is created, but an existing object will be reused, meaning that at most one password reset request can be active at a moment. 6: 3. Send an email to the address configured in the user's profile, containing a link to the second step of the password reset procedure. 7: 8: URL parameters: 9: 10: u = user account sent in the form 11: *### 12: ## 13: ## 14: ## The name of the class used for storing password reset verification data. 15: #set ($verifClass = 'XWiki.ResetPasswordRequestClass') 16: #set ($userName = "$!request.get('u')") 17: #if ($userName == '')## First step, display the form requesting the username 18: $msg.get('xe.admin.passwordReset.instructions') 19: 20: {{html}} 21: <form method="post" action="" class="xformInline"> 22: <div> 23: <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> 24: <label for="u">$msg.get('xe.admin.passwordReset.username.label')</label> <input type="text" id="u" name="u"/> <span class="buttonwrapper"><input type="submit" value="$msg.get('xe.admin.passwordReset.submit')" class="button"/></span> 25: </div> 26: </form> 27: {{/html}} 28: #else## Second step, generate the verification string, store it, and send the email 29: ## TODO: Once the usernames are not bound to the XWiki space, revisit this code 30: #if ($userName.indexOf('.') != -1) 31: #set ($userDoc = $xwiki.getDocumentAsAuthor(${userName})) 32: #else 33: #set ($userDoc = $xwiki.getDocumentAsAuthor("XWiki.${userName}")) 34: #end 35: ## Check if the user exists and has a valid email address configured in his profile 36: #set ($userObj = '') 37: #set ($userObj = $userDoc.getObject('XWiki.XWikiUsers')) 38: #if (!$userObj) 39: 40: {{warning}}$msg.get('xe.admin.passwordReset.error.noUser', ["//${escapetool.xml($userName)}//"]){{/warning}} 41: 42: #elseif ($userDoc.getObject('XWiki.LDAPProfileClass')) 43: 44: {{warning}}$msg.get('xe.admin.passwordReset.error.ldapUser', ["//${escapetool.xml($userName)}//"]){{/warning}} 45: 46: #else 47: #set ($userEmail = $userObj.getProperty('email').value) 48: #if ("$!userEmail" == '') 49: 50: {{error}}$msg.get('xe.admin.passwordReset.error.noEmail'){{/error}} 51: 52: #else 53: ## Find the object that will hold the verification string 54: #set ($verifObj = '') 55: #set ($verifObj = $userDoc.getObject($verifClass, true)) 56: ## Generate a random string 57: #set ($verifStr = $xwiki.generateRandomString(30)) 58: ## If the class is correctly configured, the string should automatically be stored as a hash 59: #set ($discard = $verifObj.set('verification', $verifStr)) 60: #set ($discard = $userDoc.saveAsAuthor($msg.get('xe.admin.passwordReset.versionComment'), true)) 61: ## Compose the verification URL 62: #set ($passwordResetURL = $xwiki.getDocument('XWiki.ResetPasswordComplete').getExternalURL('view', "u=${userName}&v=${verifStr}")) 63: ## Send an email; the variables will be retrieved from the velocity context 64: #set ($mailResult = $xwiki.mailsender.sendMessageFromTemplate($xwiki.getXWikiPreference('admin_email', 'no-reply@xwiki.org'), $userEmail, $util.null, $util.null, $xcontext.language, 'XWiki.ResetPasswordMailContent', $util.null)) 65: #if ($mailResult == 0) 66: 67: {{info}}$msg.get('xe.admin.passwordReset.emailSent', ["${escapetool.h}#${escapetool.xml($userEmail)}${escapetool.h}#"]){{/info}} 68: 69: #else 70: 71: {{error}}$msg.get('xe.admin.passwordReset.error.emailFailed'){{/error}} 72: 73: #end 74: #end 75: #end 76: [[$msg.get('xe.admin.passwordReset.error.retry')>>$doc.fullName]] | [[$msg.get('xe.admin.passwordReset.error.recoverUsername')>>ForgotUsername]] | [[$msg.get('xe.admin.passwordReset.login')>>path:$xwiki.getURL('XWiki.XWikiLogin', 'login')]] 77: #end 78: ## Clear private variables, so that they cannot be accessed from the rest of the page (comments, panels...) 79: #set ($verifStr = '') 80: #set ($passwordResetURL = '') 81: {{/velocity}}
Quick Links
L3D Calendar
Wiki Dashboard
Document Index
Blog
Sandbox
