--- loncom/interface/resetpw.pm 2010/12/01 23:15:47 1.22.2.4 +++ loncom/interface/resetpw.pm 2016/09/12 16:02:16 1.38 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.22.2.4 2010/12/01 23:15:47 raeburn Exp $ +# $Id: resetpw.pm,v 1.38 2016/09/12 16:02:16 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -57,6 +57,7 @@ use Apache::lonnet; use Apache::loncommon; use Apache::lonlocal; use LONCAPA; +use HTML::Entities; sub handler { my $r = shift; @@ -66,9 +67,13 @@ sub handler { return OK; } my $contact_name = &mt('LON-CAPA helpdesk'); - my $contact_email = $r->dir_config('lonSupportEMail'); + my $origmail = $r->dir_config('lonSupportEMail'); my $server = $r->dir_config('lonHostID'); my $defdom = &Apache::lonnet::default_login_domain(); + my $contacts = + &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', + $defdom,$origmail); + my ($contact_email) = split(',',$contacts); my $handle = &Apache::lonnet::check_for_valid_session($r); my $lonidsdir=$r->dir_config('lonIDsDir'); if ($handle ne '') { @@ -80,23 +85,29 @@ sub handler { } &Apache::lonacc::get_posted_cgi($r); &Apache::lonlocal::get_language_handle($r); - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token', - 'uname','useremail','referrer']); + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token']); my @emailtypes = ('permanentemail','critnotification','notification'); my $uname = $env{'form.uname'}; - my $useremail = $env{'form.useremail'}; - my $udom = $env{'form.udom'}; + $uname =~ s/^\s+|\s+$//g; + $uname = &LONCAPA::clean_username($uname); + my $udom = &LONCAPA::clean_domain($env{'form.udom'}); + my ($domdesc,$otherinst); + if ($udom) { + $domdesc = &Apache::lonnet::domain($udom,'description'); + if ($domdesc) { + my %servers = &Apache::lonnet::internet_dom_servers($udom); + unless (exists($servers{$server})) { + $otherinst = 1; + } + } + } my $token = $env{'form.token'}; - my $case_change; my $brcrum = []; - my $bread_crumbs_component = 'Forgotten Password'; if ($token) { push (@{$brcrum}, {href => '/adm/resetpw', text => 'Update Password'}); - - $bread_crumbs_component = 'Reset Password'; } else { push (@{$brcrum}, {href => '/adm/resetpw', @@ -107,124 +118,200 @@ sub handler { text => 'Result'}); } } - my $args = {no_inline_link => 1, - bread_crumbs => $brcrum, - bread_crumbs_component => $bread_crumbs_component}; - $r->print(&Apache::loncommon::start_page('Reset password','',$args)); - $r->print('

'.&mt('Reset forgotten LON-CAPA password').'

'); - my $output; - if ($token) { - $output = &reset_passwd($r,$token,$contact_name,$contact_email); - } elsif ($uname && $udom && ($env{'form.referrer'} ne 'createaccount')) { - my $domdesc = &Apache::lonnet::domain($udom,'description'); - my $homeserver = &Apache::lonnet::homeserver($uname,$udom); - if ($homeserver eq 'no_host') { - my $lc_uname = lc($uname); - if ($lc_uname ne $uname) { - $homeserver = &Apache::lonnet::homeserver($lc_uname,$udom); - unless ($homeserver eq 'no_host') { - $uname = $lc_uname; - $useremail = lc($env{'form.useremail'}); - $case_change = 1; + my $args = {bread_crumbs => $brcrum}; + my $js; + unless ($token || $otherinst || ($uname && $udom)) { + my (@intdoms,@instdoms); + my $internet_names = &Apache::lonnet::get_internet_names($server); + if (ref($internet_names) eq 'ARRAY') { + @intdoms = @{$internet_names}; + } + if (@intdoms) { + my %iphost = &Apache::lonnet::get_iphost(); + foreach my $ip (keys(%iphost)) { + if (ref($iphost{$ip}) eq 'ARRAY') { + foreach my $id (@{$iphost{$ip}}) { + my $location = &Apache::lonnet::internet_dom($id); + if ($location) { + if (grep(/^\Q$location\E$/,@intdoms)) { + my $dom = &Apache::lonnet::host_domain($id); + unless (grep(/^\Q$dom\E/,@instdoms)) { + push(@instdoms,$dom); + } + } + } + } } } } - my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom); - if ($authtype =~ /^internal/) { - if ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { - $output = &invalid_state('baduseremail',$domdesc, - $contact_name,$contact_email); - } else { - my %userinfo = - &Apache::lonnet::get('environment',\@emailtypes, - $udom,$uname); - my @allemails; - foreach my $type (@emailtypes) { - my $email = $userinfo{$type}; - my @items; - if ($email =~ /,/) { - @items = split(',',$userinfo{$type}); - } else { - @items = ($email); - } - foreach my $item (@items) { - if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { - if ($case_change) { - my $lcitem = lc($item); - unless(grep(/^\Q$lcitem\E$/,@allemails)) { - push(@allemails,$lcitem); - } - } else { + my $instdomstr; + if (@instdoms > 0) { + $instdomstr = "'".join("','",@instdoms)."'"; + } + my %js_lt = &Apache::lonlocal::texthash( + thdo => 'The domain you have selected is for another institution.', + yowi => 'You will be switched to the Forgot Password utility at that institution.', + unam => 'You must enter a username.', + mail => 'You must enter an e-mail address.' + ); + &js_escape(\%js_lt); + $js = <<"END"; + +END + } + my $header = &Apache::loncommon::start_page('Reset password',$js,$args). + '

'.&mt('Reset forgotten LON-CAPA password').'

'; + my $output; + if ($token) { + $output = &reset_passwd($r,$token,$contact_name,$contact_email); + } elsif ($udom) { + if (!$domdesc) { + $output = &invalid_state('baddomain',$domdesc, + $contact_name,$contact_email); + } elsif ($otherinst) { + ($header,$output) = &homeserver_redirect($uname,$udom,$domdesc,$brcrum); + } elsif ($uname) { + my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom); + if ($authtype =~ /^internal/) { + my $useremail = $env{'form.useremail'}; + my ($blocked,$blocktext) = + &Apache::loncommon::blocking_status('passwd',$uname,$udom); + if ($blocked) { + $output = '

'.$blocktext.'

' + .&display_actions($contact_email,$domdesc); + } elsif ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { + $output = &invalid_state('baduseremail',$domdesc, + $contact_name,$contact_email); + } else { + my %userinfo = + &Apache::lonnet::get('environment',\@emailtypes, + $udom,$uname); + my @allemails; + foreach my $type (@emailtypes) { + my $email = $userinfo{$type}; + my @items; + if ($email =~ /,/) { + @items = split(',',$userinfo{$type}); + } else { + @items = ($email); + } + foreach my $item (@items) { + if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { unless(grep(/^\Q$item\E$/,@allemails)) { push(@allemails,$item); } } } } - } - if (@allemails > 0) { - if (grep(/^\Q$useremail\E$/,@allemails)) { - $output = &send_token($uname,$udom,$useremail,$server, - $domdesc,$contact_name, - $contact_email); + if (@allemails > 0) { + if (grep(/^\Q$useremail\E$/,@allemails)) { + $output = &send_token($uname,$udom,$useremail,$server, + $domdesc,$contact_name, + $contact_email); + } else { + $output = &invalid_state('mismatch',$domdesc, + $contact_name, + $contact_email); + } } else { - $output = &invalid_state('mismatch',$domdesc, - $contact_name, - $contact_email); + $output = &invalid_state('missing',$domdesc, + $contact_name,$contact_email); } - } else { - $output = &invalid_state('missing',$domdesc, - $contact_name,$contact_email); } + } elsif ($authtype =~ /^(krb|unix|local)/) { + $output = &invalid_state('authentication',$domdesc, + $contact_name,$contact_email); + } else { + $output = &invalid_state('invalid',$domdesc, + $contact_name,$contact_email); } - } elsif ($authtype =~ /^(krb|unix|local)/) { - $output = &invalid_state('authentication',$domdesc, - $contact_name,$contact_email); } else { - $output = &invalid_state('invalid',$domdesc, - $contact_name,$contact_email); + $output = &get_uname($defdom); } } else { - $output = &get_uname($defdom,$uname,$useremail); + $output = &get_uname($defdom); } - $r->print($output); + $r->print($header.$output); $r->print(&Apache::loncommon::end_page()); return OK; } sub get_uname { - my ($defdom,$uname,$useremail) = @_; + my ($defdom) = @_; my %lt = &Apache::lonlocal::texthash( unam => 'LON-CAPA username', udom => 'LON-CAPA domain', uemail => 'E-mail address in LON-CAPA', proc => 'Proceed'); - my %value; - if ($env{'form.referrer'} eq 'createaccount') { - $value{'uname'} = $uname; - $value{'useremail'} = $useremail; - } - my $msg = '
'.&mt('To be able to reset a forgotten password:') + + my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.'); + $msg .= '

'.&mt('Three conditions must be met:') .'
' - .&mt('In most cases the GCI WebCenter username is the same as your e-mail address, in which case you will enter the same information twice. ').'

'; - $msg .= '
'. - &Apache::lonhtmlcommon::start_pick_box(). + .'
  • '.&mt('You must be able to access e-mail sent to that address.').'
    • ' + .'
  • '.&mt('Your LON-CAPA account must be of a type for which LON-CAPA can reset a password.') + .''; + my $mobileargs; + (undef,undef,undef,undef,undef,undef,my $clientmobile) = + &Apache::loncommon::decode_user_agent(); + if ($clientmobile) { + $mobileargs = 'autocapitalize="off" autocorrect="off" '; + } + my $onchange = 'javascript:verifyDomain(this,this.form);'; + $msg .= ''. + &Apache::lonhtmlcommon::start_pick_box(). &Apache::lonhtmlcommon::row_title($lt{'unam'}). - ''. - ''. + ''. + &Apache::lonhtmlcommon::row_closure(1). + &Apache::lonhtmlcommon::row_title($lt{'udom'}). + &Apache::loncommon::select_dom_form($defdom,'udom',undef,undef,$onchange). &Apache::lonhtmlcommon::row_closure(1). &Apache::lonhtmlcommon::row_title($lt{'uemail'}). - ''. + ''. &Apache::lonhtmlcommon::end_pick_box(). - '

    • '."\n"; + '

    '; return $msg; } sub send_token { my ($uname,$udom,$email,$server,$domdesc,$contact_name, $contact_email) = @_; - my $msg = &mt('Thank you for your request to reset the password for your LON-CAPA account.').'

    '; + my $msg = + '

    ' + .&mt('Thank you for your request to reset the password for your LON-CAPA account.') + .'

    '; my $now = time; my $temppasswd = &create_passwd(); @@ -244,12 +331,25 @@ sub send_token { my $result = &send_mail($domdesc,$email,$mailmsg,$contact_name, $contact_email); if ($result eq 'ok') { - $msg .= &mt('An e-mail sent to the e-mail address associated with your LON-CAPA account includes the web address for the link you should use to complete the reset process.').'

    '.&mt('The link included in the message will be valid for the next [_1]two[_2] hours.','',''); + $msg .= + &mt('An e-mail sent to the e-mail address associated with your LON-CAPA account includes the web address for the link you should use to complete the reset process.') + .'

    ' + .&mt('The link included in the message will be valid for the next [_1]two[_2] hours.','',''); } else { - $msg .= &mt('An error occurred when sending a message to the e-mail address associated with your LON-CAPA account. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= + '

    ' + .&mt('An error occurred when sending a message to the e-mail address' + .' associated with your LON-CAPA account.') + .'

    ' + .&display_actions($contact_email,$domdesc); } } else { - $msg .= &mt('An error occurred creating a token required for the password reset process. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= + '

    ' + .&mt('An error occurred creating a token required for the' + .' password reset process.') + .'

    ' + .&display_actions($contact_email,$domdesc); } return $msg; } @@ -260,6 +360,7 @@ sub send_mail { my $requestmail = "To: $email\n". "From: $contact_name <$contact_email>\n". "Subject: ".&mt('Your LON-CAPA account')."\n". + "Content-type: text/plain\;charset=UTF-8\n". "\n\n".$mailmsg."\n\n". &mt('[_1] LON-CAPA support team',$domdesc)."\n". "$contact_email\n"; @@ -277,8 +378,12 @@ sub invalid_state { my ($error,$domdesc,$contact_name,$contact_email) = @_; my $msg; if ($error eq 'invalid') { - $msg = '

    '.&mt('The username you provided was not verified as a valid username in the LON-CAPA system for the [_1] domain.',$domdesc) - .'

    '.&mt('Please [_1]go back[_2] and try again.','',''); + $msg = + '

    ' + .&mt('The username you provided was not verified as a valid username' + .' in the LON-CAPA system for the [_1] domain.',''.$domdesc.'') + .'

    '; + $msg .= &display_actions($contact_email,$domdesc); } else { if ($error eq 'baduseremail') { $msg = &mt('The e-mail address you provided does not appear to be a valid address.'); @@ -288,19 +393,34 @@ sub invalid_state { $msg = &mt('A valid e-mail address was not located in the LON-CAPA system for the username and domain you provided.'); } elsif ($error eq 'authentication') { $msg = &mt('The username you provided uses an authentication type which can not be reset directly via LON-CAPA.'); + } elsif ($error eq 'baddomain') { + $msg = &mt('The domain you provided was not verified as a valid domain in the LON-CAPA system.'); } - $msg = '

    '.$msg.'

    '; - if ($contact_email ne '') { - my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"'); - $msg .= '
    '.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for the [_3] domain.' - ,'','',$domdesc); - } else { - $msg .= '
    '.&mt('You may wish to send an e-mail to the server administrator: [_1] for the [_2] domain.',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc); - } + $msg = '

    '.$msg.'

    ' + .&display_actions($contact_email,$domdesc); } return $msg; } +sub homeserver_redirect { + my ($uname,$udom,$domdesc,$brcrum) = @_; + my $uhome = &Apache::lonnet::homeserver(); + if ($uhome eq 'no_host') { + $uhome = &Apache::lonnet::domain($udom,'primary'); + } + my $protocol = $Apache::lonnet::protocol{$uhome}; + $protocol = 'http' if ($protocol ne 'https'); + my $url = $protocol.'://'.&Apache::lonnet::hostname($uhome).'/adm/resetpw'; + # Breadcrumbs + my $start_page = &Apache::loncommon::start_page('Switching Server',undef, + {'redirect' => [0,$url], + 'bread_crumbs' => $brcrum,}); + my $output = '

    '.&mt('This LON-CAPA server belongs to a different domain.').' '. + &mt('You are being switched to your domain ([_1]), to use the "Forgot Password" tool.',$domdesc). + '

    '; + return ($start_page,$output); +} + sub reset_passwd { my ($r,$token,$contact_name,$contact_email) = @_; my $msg; @@ -317,21 +437,13 @@ sub reset_passwd { ($data{'email'} =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) && ($data{'temppasswd'} =~/^\w+$/)) { my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'}); - if ($now - $data{'time'} < 7200) { + my ($blocked,$blocktext) = + &Apache::loncommon::blocking_status('passwd',$data{'username'},$data{'domain'}); + if ($blocked) { + $msg = '

    '.$blocktext.'

    '; + return $msg; + } elsif ($now - $data{'time'} < 7200) { if ($env{'form.action'} eq 'verify_and_change_pass') { - my $homeserver = &Apache::lonnet::homeserver($env{'form.uname'},$env{'form.udom'}); - if ($homeserver eq 'no_host') { - my $lc_uname = lc($env{'form.uname'}); - if ($lc_uname ne $env{'form.uname'}) { - $homeserver = &Apache::lonnet::homeserver($lc_uname,$env{'form.udom'}); - unless ($homeserver eq 'no_host') { - if ($env{'form.uname'} eq $env{'form.email'}) { - $env{'form.email'} = $lc_uname; - } - $env{'form.uname'} = $lc_uname; - } - } - } unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) { $msg = &generic_failure_msg($contact_name,$contact_email); return $msg; @@ -346,13 +458,24 @@ sub reset_passwd { my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3]. If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; my $result = &send_mail($domdesc,$data{'email'},$mailmsg, $contact_name,$contact_email); + my $confirm_msg; if ($result eq 'ok') { - $msg .= &mt('An e-mail confirming setting of the password for your LON-CAPA account has been sent to [_1].',$data{'email'}); + $confirm_msg = + &Apache::lonhtmlcommon::confirm_success( + &mt('An e-mail confirming setting of the password' + .' for your LON-CAPA account has been sent to [_1].' + ,''.$data{'email'}.'')); } else { - $msg .= &mt('An error occurred when sending e-mail to [_1] confirming setting of your new password.',$data{'email'}); + $confirm_msg = + &Apache::lonhtmlcommon::confirm_success( + &mt('An error occurred when sending e-mail to [_1]' + .' confirming setting of your new password.' + ,''.$data{'email'}.''),1); } - $msg .= '

    ' - .''.&mt('Go to the login page').'.'; + $msg .= + &Apache::loncommon::confirmwrapper($confirm_msg) + .&Apache::lonhtmlcommon::actionbox([ + ''.&mt('Go to the login page').'']); } elsif ($change_failed eq 'invalid_client') { my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'}); if ($homeserver eq 'no_host') { @@ -367,34 +490,48 @@ sub reset_passwd { $opentag = ''; $closetag = ''; } - $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag); + $msg .= + '

    ' + .&mt('A problem occurred when attempting to reset' + .' the password for your account.' + .' Please try again from your [_1]home server[_2].' + ,$opentag,$closetag) + .'

    '; } } else { $msg .= &generic_failure_msg($contact_name,$contact_email); } } else { - $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'
    '. - '

    '.&mt('Please enter the username and domain of the LON-CAPA account, and the associated e-mail address, for which you are setting a password.').'
    '. - &mt('In most cases the GCI WebCenter username is the same as your e-mail address, in which case you will enter the same information twice.').'

    '. - '

    '.&mt('The new password must contain at least 7 characters.').' '. - &mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'

    '); + $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'

    '); + $r->print(&mt('Please enter the username and domain of the LON-CAPA account, and the associated e-mail address, for which you are setting a password. The new password must contain at least 7 characters.').' '.&mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'
    '); &Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token); } } else { - $msg = &mt('Sorry, the token generated when you requested a password reset has expired. Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.' - ,'',''); + $msg = + '

    ' + .&mt('Sorry, the token generated when you requested a password reset has expired. Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.' + ,'','') + .'

    '; } } else { - $msg .= &mt('Sorry, the URL generated when you requested reset of your password contained incomplete information. Please submit a [_1]new request[_2] for a password reset, and use the new URL that will be sent to your e-mail account to complete the process.' - ,'',''); + $msg .= + '

    ' + .&mt('Sorry, the URL generated when you requested reset of your password contained incomplete information. Please submit a [_1]new request[_2] for a password reset, and use the new URL that will be sent to your e-mail account to complete the process.' + ,'','') + .'

    '; } return $msg; } sub generic_failure_msg { my ($contact_name,$contact_email) = @_; - return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.', - $contact_name,''.$contact_email.''); + return + '

    ' + .&mt('A problem occurred when attempting to reset the password for your account.') + .'
    ' + .&mt('Please contact the [_1] ([_2]) for assistance.', + $contact_name,''.$contact_email.'') + .'

    '; } sub create_passwd { @@ -417,4 +554,28 @@ sub create_passwd { return ($passwd); } +sub display_actions { + my ($contact_email, $domdesc) = @_; + my @msg = (&mt('[_1]Go back[_2] and try again', + '','')); + my $msg2 = ''; + if ($contact_email ne '') { + my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"'); + push(@msg, &mt('Contact the [_1]LON-CAPA helpdesk[_2] for the institution: [_3]', + '', + '',''.$domdesc.'')); + } else { + $msg2 = + '

    ' + .&mt('You may wish to send an e-mail to the' + .' server administrator: [_1] for the [_2] domain.', + ''.$Apache::lonnet::perlvar{'AdmEMail'}.'', + ''.$domdesc.'') + .'

    '; + } + + return &Apache::lonhtmlcommon::actionbox(\@msg).$msg2; + +} + 1;