-
-
Notifications
You must be signed in to change notification settings - Fork 528
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let user specify a new password (#13973) #15461
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,6 +12,7 @@ | |
|
||
|
||
use Exception; | ||
use MODX\Revolution\Hashing\modHashing; | ||
use MODX\Revolution\Processors\Model\CreateProcessor; | ||
use MODX\Revolution\Processors\Processor; | ||
use MODX\Revolution\modUser; | ||
|
@@ -232,6 +233,52 @@ public function sendNotificationEmail() { | |
'html' => true, | ||
]); | ||
} | ||
|
||
if ($this->getProperty('passwordgenmethod') === 'user_email_specify' && $this->modx->getService('hashing', modHashing::class)) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It should be refactored, to move this implementation into a method to avoid such long if statement. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @sdrenth Please make changes to promote PR |
||
$activationHash = $this->modx->hashing->getHash('md5', 'hashing.modMD5', [])->hash($this->object->get('email') . '/' . $this->object->get('id')); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not a secure hash/tokens and introduces a potential vulnerability. The scope would be limited because the "tokens" have a limited lifetime after manually being created by an admin, however it makes the hash very predictable. In 3.x we can use
for a 64-character secure random token. |
||
|
||
/** @var modRegistry $registry */ | ||
$registry = $this->modx->getService('registry', 'registry.modRegistry'); | ||
/** @var modRegister $register */ | ||
$register = $registry->getRegister('user', 'registry.modDbRegister'); | ||
$register->connect(); | ||
$register->subscribe('/pwd/change/'); | ||
$register->send('/pwd/change/', [$activationHash => $this->object->get('username')], ['ttl' => 86400]); | ||
|
||
// Send activation email | ||
$message = $this->modx->lexicon('user_password_email'); | ||
$placeholders = array_merge($this->modx->config, $this->object->toArray()); | ||
$placeholders['hash'] = $activationHash; | ||
|
||
// Store previous placeholders | ||
$ph = $this->modx->placeholders; | ||
// now set those useful for modParser | ||
$this->modx->setPlaceholders($placeholders); | ||
$this->modx->getParser()->processElementTags('', $message, true, false, '[[', ']]', [], 10); | ||
$this->modx->getParser()->processElementTags('', $message, true, true, '[[', ']]', [], 10); | ||
// Then restore previous placeholders to prevent any breakage | ||
$this->modx->placeholders = $ph; | ||
|
||
$this->modx->getService('smarty', 'smarty.modSmarty', '', ['template_dir' => $this->modx->getOption('manager_path') . 'templates/default/']); | ||
|
||
$this->modx->smarty->assign('_config', $this->modx->config); | ||
$this->modx->smarty->assign('content', $message, true); | ||
|
||
$sent = $this->object->sendEmail( | ||
$this->modx->smarty->fetch('email/default.tpl'), | ||
[ | ||
'from' => $this->modx->getOption('emailsender'), | ||
'fromName' => $this->modx->getOption('site_name'), | ||
'sender' => $this->modx->getOption('emailsender'), | ||
'subject' => $this->modx->lexicon('user_password_email_subject'), | ||
'html' => true, | ||
] | ||
); | ||
|
||
if (!$sent) { | ||
return $this->failure($this->modx->lexicon('error_sending_email_to') . $this->object->get('email')); | ||
} | ||
} | ||
} | ||
|
||
/** | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's avoid using HTML tags inside lexicons. It becomes a hell while translating such stuff.