Commit 5edc45cc authored by Leigh Stoller's avatar Leigh Stoller

Add menu item to user dashboard admin menu, to send a password reset

link to user. This is a different then the Forgot Password link, in that
it does not require half the key to be in the browser cookies.
parent 3404f7b6
<?php
#
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -33,38 +33,49 @@ RedirectSecure();
# Verify page arguments.
#
$optargs = OptionalPageArguments("user", PAGEARG_USER,
"key", PAGEARG_STRING);
"key", PAGEARG_STRING,
"reset", PAGEARG_STRING);
#
# We use this page for both resetting a forgotten password, and for
# a logged in user to change their password. We use the "key" argument
# to tell us its a reset.
#
if (isset($key)) {
if (isset($key) || isset($reset)) {
if (!isset($user)) {
SPITUSERERROR("Missing user argument");
return;
}
# Half the key in the URL.
$keyB = $key;
# We also need the other half of the key from the browser.
$keyA = (isset($_COOKIE[$TBAUTHCOOKIE]) ? $_COOKIE[$TBAUTHCOOKIE] : "");
# If the browser part is missing, direct user to answer
if ((isset($keyB) && $keyB != "") && (!isset($keyA) || $keyA == "")) {
SPITUSERERROR("Oops, not able to proceed!<br>".
"Please read this ".
"<a href='$WIKIDOCURL/kb69'>Knowledge Base Entry</a> ".
"to see what the likely cause is.", 1);
return;
if (isset($reset)) {
if ($reset == "" || !preg_match("/^[\w]+$/", $reset)) {
SPITUSERERROR("Invalid reset hash in request");
return;
}
# The complete key.
$key = $reset;
}
if (!isset($keyA) || $keyA == "" || !preg_match("/^[\w]+$/", $keyA) ||
!isset($keyB) || $keyB == "" || !preg_match("/^[\w]+$/", $keyB)) {
SPITUSERERROR("Invalid keys in request");
return;
else {
# Half the key in the URL.
$keyB = $key;
# We also need the other half of the key from the browser.
$keyA = (isset($_COOKIE[$TBAUTHCOOKIE]) ? $_COOKIE[$TBAUTHCOOKIE] : "");
# If the browser part is missing, direct user to answer
if ((isset($keyB) && $keyB != "") && (!isset($keyA) || $keyA == "")) {
SPITUSERERROR("Oops, not able to proceed!<br>".
"Please read this ".
"<a href='$WIKIDOCURL/kb69'>Knowledge Base Entry</a>".
"to see what the likely cause is.", 1);
return;
}
if (!isset($keyA) || $keyA == "" || !preg_match("/^[\w]+$/", $keyA) ||
!isset($keyB) || $keyB == "" || !preg_match("/^[\w]+$/", $keyB)) {
SPITUSERERROR("Invalid keys in request");
return;
}
# The complete key.
$key = $keyA . $keyB;
}
# The complete key.
$key = $keyA . $keyB;
if (!$user->chpasswd_key() || !$user->chpasswd_expires()) {
SPITUSERERROR("Why are you here?");
......
......@@ -73,6 +73,9 @@ $(function ()
$('#sendtestmessage').click(function () {
SendTestMessage();
});
$('#sendpasswordreset').click(function () {
SendPasswordReset();
});
}
function LoadUsage()
......@@ -677,5 +680,21 @@ $(function ()
xmlthing.done(callback);
}
function SendPasswordReset()
{
var callback = function(json) {
if (json.code) {
alert("Password reset could not be sent!");
return;
}
alert("Password reset has has been sent");
}
var xmlthing = sup.CallServerMethod(null,
"user-dashboard",
"SendPasswordReset",
{"uid" : window.TARGET_USER});
xmlthing.done(callback);
}
$(document).ready(initialize);
});
......@@ -282,6 +282,8 @@ $routing = array("geni-login" =>
"Do_FreezeOrThaw",
"SendTestMessage" =>
"Do_SendTestMessage",
"SendPasswordReset" =>
"Do_SendPasswordReset",
"NagPI" =>
"Do_NagPI",
"AccountDetails" =>
......
......@@ -93,6 +93,8 @@
<li class='divider'></li>
<li><a role="button" id="sendtestmessage">
Send Test Message</a></li>
<li><a role="button" id="sendpasswordreset">
Send Password Reset</a></li>
<li><a href="suuser.php?user=<%= target_user %>">
<span class="text-danger">SU as User</span></a></li>
<li role="presentation">
......
......@@ -415,6 +415,56 @@ function Do_FreezeOrThaw()
SPITAJAX_RESPONSE(1);
}
#
# Send a reset password link, no cookie required.
#
function Do_SendPasswordReset()
{
global $this_user, $target_user;
global $ajax_args, $APTBASE, $APTMAIL, $TBMAIL_WWW, $TBMAIL_AUDIT;
if (CheckPageArgs()) {
return;
}
if (!ISADMIN()) {
SPITAJAX_ERROR(-1, "Not enough permission");
return;
}
if ($target_user->status() != TBDB_USERSTATUS_ACTIVE &&
$target_user->status() != TBDB_USERSTATUS_FROZEN) {
SPITAJAX_ERROR(-1, "User is not active or frozen!");
return;
}
$target_idx = $target_user->uid_idx();
$target_uid = $target_user->uid();
$target_name = $target_user->name();
$target_email= $target_user->email();
#
# Generate a random key and send the user an email message with a URL
# that will allow them to change their password.
#
$key = GENHASH();
$target_user->SetChangePassword($key, "UNIX_TIMESTAMP(now())+(60*10)");
TBMAIL("$target_name <$target_email>",
"Password reset for '$target_uid'",
"\n".
"Here is your password reset authorization URL. Click on this\n".
"link within the next 10 minutes, and you will be allowed to\n".
"reset your password.\n".
"\n".
" ${APTBASE}/changepswd.php?user=$target_uid&reset=$key\n".
"\n".
"\n".
"Thanks!\n",
"From: $APTMAIL\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
SPITAJAX_RESPONSE(1);
}
function Do_SendTestMessage()
{
global $this_user, $target_user;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment