n°524 - password policy

- "password reset" workflow now handle gracefully the policy enforcement.
2026-03-12 12:34:12 +01:00 · 2019-11-28 08:51:42 +01:00
parent fe0bd1a4b8
commit 267cdd2aee
3 changed files with 44 additions and 28 deletions
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -245,7 +245,7 @@ class LoginWebPage extends NiceWebPage
 		}
 	}

-	public function DisplayResetPwdForm()
+	public function DisplayResetPwdForm($sErrorMessage = null)
 	{
 		$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
 		$sToken = utils::ReadParam('token', '', false, 'raw_data');
@@ -258,6 +258,8 @@ class LoginWebPage extends NiceWebPage

 		$aVars['sAuthUser'] = $sAuthUser;
 		$aVars['sToken'] = $sToken;
+		$aVars['sErrorMessage'] = $sErrorMessage;
+
 		if (($oUser == null))
 		{
 			$aVars['bNoUser'] = true;
@@ -288,6 +290,7 @@ class LoginWebPage extends NiceWebPage
 		$sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data');

 		UserRights::Login($sAuthUser); // Set the user's language
+		/** @var \UserLocal $oUser */
 		$oUser = UserRights::GetUserObject();

 		$oTwigContext = new LoginTwigRenderer();
@@ -1032,8 +1035,17 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'do_reset_pwd')
 		{
-			$oPage = self::NewLoginWebPage();
-			$oPage->DoResetPassword();
+
+			try {
+				$oPage = self::NewLoginWebPage();
+				$oPage->DoResetPassword();
+			}
+			catch (CoreCannotSaveObjectException $e)
+			{
+				$oPage = self::NewLoginWebPage();
+				$oPage->DisplayResetPwdForm($e->getIssue());
+			}
+
 			$oPage->output();
 			exit;
 		}
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -837,6 +837,7 @@ class UserRights
 		}
 	}

+	/** User */
 	public static function GetUserObject()
 	{
 		if (is_null(self::$m_oUser))
--- a/templates/login/password/resetpwdform.html.twig
+++ b/templates/login/password/resetpwdform.html.twig
@@ -7,36 +7,39 @@
 	<div id="login-content">
 		<div id="login-title">
 			<h1>{{ 'UI:ResetPwd-Title'|dict_s }}</h1>
-			{% if bNoUser %}
+			{% if bNoUser and sErrorMessage is null %}
 				<p>{{ 'UI:ResetPwd-Error-WrongLogin'|dict_format(sAuthUser) }}</p>
-			{% elseif bBadToken %}
+			{% elseif bBadToken and sErrorMessage is null %}
 				<p>{{ 'UI:ResetPwd-Error-InvalidToken'|dict_s }}</p>
 			{% else %}
-			<p>{{ 'UI:ResetPwd-Error-EnterPassword'|dict_format(sUserName) }}</p>
-		</div>
-		<div id="login-form">
-				<form method="post">
-					<div id="login-form-content">
-						<div id="login-input">
-							<div>
-								<label for="new_pwd">{{ 'UI:Login:NewPasswordPrompt'|dict_s }}:</label>
-								<input type="password" id="new_pwd" name="new_pwd" value="" />
+				{% if sErrorMessage is not null %}
+					<p class="hilite">{{ sErrorMessage|raw }}</p>
+				{% endif %}
+				<p>{{ 'UI:ResetPwd-Error-EnterPassword'|dict_format(sUserName) }}</p>
+			</div>
+			<div id="login-form">
+					<form method="post">
+						<div id="login-form-content">
+							<div id="login-input">
+								<div>
+									<label for="new_pwd">{{ 'UI:Login:NewPasswordPrompt'|dict_s }}:</label>
+									<input type="password" id="new_pwd" name="new_pwd" value="" />
+								</div>
+								<div>
+									<label for="retype_new_pwd">{{ 'UI:Login:RetypeNewPasswordPrompt'|dict_s }}:</label>
+									<input type="password" id="retype_new_pwd" name="retype_new_pwd" value="" />
+								</div>
 							</div>
-							<div>
-								<label for="retype_new_pwd">{{ 'UI:Login:RetypeNewPasswordPrompt'|dict_s }}:</label>
-								<input type="password" id="retype_new_pwd" name="retype_new_pwd" value="" />
+							<div id="login-submit">
+								<div>
+									<input type="submit" onClick="return DoCheckPwd();" value="{{ 'UI:Button:ChangePassword'|dict_s }}" />
+								</div>
 							</div>
-						</div>
-						<div id="login-submit">
-							<div>
-								<input type="submit" onClick="return DoCheckPwd();" value="{{ 'UI:Button:ChangePassword'|dict_s }}" />
-							</div>
-						</div>
-				</div>
-				<input type="hidden" name="loginop" value="do_reset_pwd" />
-				<input type="hidden" name="auth_user" value="{{ sAuthUser }}" />
-				<input type="hidden" name="token" value="{{ sToken }}" />
-			</form>
+					</div>
+					<input type="hidden" name="loginop" value="do_reset_pwd" />
+					<input type="hidden" name="auth_user" value="{{ sAuthUser }}" />
+					<input type="hidden" name="token" value="{{ sToken }}" />
+				</form>
 			{% endif %}
 		</div>
 	</div>