[LON-CAPA-cvs] cvs: loncom / lond /auth lonlogin.pm /interface resetpw.pm /lonnet/perl lonnet.pm
raeburn
lon-capa-cvs@mail.lon-capa.org
Fri, 10 Nov 2006 02:04:32 -0000
This is a MIME encoded message
--raeburn1163124272
Content-Type: text/plain
raeburn Thu Nov 9 21:04:32 2006 EDT
Modified files:
/loncom lond
/loncom/auth lonlogin.pm
/loncom/interface resetpw.pm
/loncom/lonnet/perl lonnet.pm
Log:
Modify tmpput handler in lond to use md5_hash of random items when creating token for password resets to provide less deterministic token.
Add an extra argument to lonnet::tmpput() so context is included when request sent to lond (if context argument was supplied). It appears some uses of lond::tmpput make use of the number_IP_number structure of current token.
Add Forgot Password link to log-in page.
Some wording changes in reset password page.
More comprehensive check of e-mail for valid format.
Require user to provide e-mail address when requesting password change, and compare with e-mail in record associated with LON-CAPA user account.
--raeburn1163124272
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20061109210432.txt"
Index: loncom/lond
diff -u loncom/lond:1.346 loncom/lond:1.347
--- loncom/lond:1.346 Mon Oct 23 17:22:38 2006
+++ loncom/lond Thu Nov 9 21:01:55 2006
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.346 2006/10/23 21:22:38 raeburn Exp $
+# $Id: lond,v 1.347 2006/11/10 02:01:55 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -40,6 +40,7 @@
use POSIX;
use Crypt::IDEA;
use LWP::UserAgent();
+use Digest::MD5 qw(md5_hex);
use GDBM_File;
use Authen::Krb4;
use Authen::Krb5;
@@ -59,7 +60,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.346 $'; #' stupid emacs
+my $VERSION='$Revision: 1.347 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -3879,15 +3880,23 @@
my $userinput = "$cmd:$what"; # Reconstruct for logging.
-
- my $store;
+ my ($record,$context) = split(/:/,$what);
+ if ($context ne '') {
+ chomp($context);
+ $context = &unescape($context);
+ }
+ my ($id,$store);
$tmpsnum++;
- my $id=$$.'_'.$clientip.'_'.$tmpsnum;
+ if ($context eq 'resetpw') {
+ $id = &md5_hex(&md5_hex(time.{}.rand().$$));
+ } else {
+ $id = $$.'_'.$clientip.'_'.$tmpsnum;
+ }
$id=~s/\W/\_/g;
- $what=~s/\n//g;
+ $record=~s/\n//g;
my $execdir=$perlvar{'lonDaemons'};
if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
- print $store $what;
+ print $store $record;
close $store;
&Reply($client, "$id\n", $userinput);
} else {
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.82 loncom/auth/lonlogin.pm:1.83
--- loncom/auth/lonlogin.pm:1.82 Wed Nov 1 16:27:50 2006
+++ loncom/auth/lonlogin.pm Thu Nov 9 21:02:57 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.82 2006/11/01 21:27:50 www Exp $
+# $Id: lonlogin.pm,v 1.83 2006/11/10 02:02:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -308,9 +308,11 @@
'log' => 'Log in',
'help' => 'Help',
'serv' => 'Server',
- 'helpdesk' => 'Contact Helpdesk');
+ 'helpdesk' => 'Contact Helpdesk',
+ 'forgotpw' => 'Forgot password?');
# -------------------------------------------------- Change password field name
my $now=time;
+ my $forgotpw = &forgotpwdisplay(\%lt);
# ---------------------------------------------------------- Serve rest of page
$r->print(<<ENDSCRIPT);
@@ -493,6 +495,11 @@
<input type="submit" value="$lt{'log'}" />
</td>
</tr>
+ <tr>
+ <td bgcolor="$mainbg" valign="bottom" align="left" colspan="2">
+ $forgotpw
+ </td>
+ </tr>
</table>
<!-- End sub-table -->
</form>
@@ -624,6 +631,15 @@
ENDBLOCK
return $contactblock;
}
+
+sub forgotpwdisplay {
+ my ($lt) = @_;
+ my $prompt_for_resetpw = 1;
+ if ($prompt_for_resetpw) {
+ return '<br /> <a href="/adm/resetpw">'.$lt->{'forgotpw'}.'</a></b><br /><br />';
+ }
+ return;
+}
1;
Index: loncom/interface/resetpw.pm
diff -u loncom/interface/resetpw.pm:1.2 loncom/interface/resetpw.pm:1.3
--- loncom/interface/resetpw.pm:1.2 Mon Oct 23 17:40:31 2006
+++ loncom/interface/resetpw.pm Thu Nov 9 21:03:49 2006
@@ -66,23 +66,36 @@
my $domdesc = $Apache::lonnet::domaindescription{$udom};
my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
if ($authtype =~ /^internal/) {
- my %userinfo =
+ my $useremail = $env{'form.useremail'};
+ if ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
+ $output = &invalid_state('baduseremail',$domdesc,
+ $contact_name,$contact_email);
+ } else {
+ my %userinfo =
&Apache::lonnet::get('environment',\@emailtypes,$udom,$uname);
- my $email = '';
- my $emailtarget;
- foreach my $type (@emailtypes) {
- $email = $userinfo{$type};
- if ($email =~ /[^\@]+\@[^\@]+/) {
- $emailtarget = $type;
- last;
+ my $email = '';
+ my $emailtarget;
+ foreach my $type (@emailtypes) {
+ $email = $userinfo{$type};
+ if ($email =~ /[^\@]+\@[^\@]+/) {
+ $emailtarget = $type;
+ last;
+ }
+ }
+ if ($email =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
+ if ($useremail eq $email) {
+ $output = &send_token($uname,$udom,$email,$server,
+ $domdesc,$contact_name,
+ $contact_email);
+ } else {
+ $output = &invalid_state('mismatch',$domdesc,
+ $contact_name,
+ $contact_email);
+ }
+ } else {
+ $output = &invalid_state('missing',$domdesc,
+ $contact_name,$contact_email);
}
- }
- if ($email =~ /[^\@]+\@[^\@]+/) {
- $output = &send_token($uname,$udom,$email,$server,$domdesc,
- $contact_name,$contact_email);
- } else {
- $output = &invalid_state('missing',$domdesc,
- $contact_name,$contact_email);
}
} elsif ($authtype =~ /^(krb|unix|local)/) {
$output = &invalid_state('authentication',$domdesc,
@@ -104,6 +117,7 @@
my %lt = &Apache::lonlocal::texthash(
unam => 'username',
udom => 'domain',
+ uemail => 'Email address in LON-CAPA',
proc => 'Proceed');
my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
@@ -118,6 +132,8 @@
<td>|;
$msg .= &Apache::loncommon::select_dom_form($defdom,'udom');
$msg .= qq|</td></tr>
+<tr><td align="left">$lt{'uemail'}: </td>
+ <td><input type="text" name="useremail" size="20" /></td></tr>
<tr><td colspan="2" align="left"><br />
<input type="button" value="$lt{'proc'}" onClick="document.forgotpw.submit()"></td></tr>
</table>
@@ -129,7 +145,6 @@
sub send_token {
my ($uname,$udom,$email,$server,$domdesc,$contact_name,
$contact_email) = @_;
-# my $token = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
my $msg = &mt('Thank you for your request to reset the password for your
LON-CAPA account.').'<br /><br />';
@@ -142,8 +157,8 @@
'email' => $email,
'temppasswd' => $temppasswd);
- my $token = &Apache::lonnet::tmpput(\%info,$server);
- if ($token !~ /^error/) {
+ my $token = &Apache::lonnet::tmpput(\%info,$server,'resetpw');
+ if ($token !~ /^error/ && $token ne 'no_such_host') {
my $esc_token = &escape($token);
my $mailmsg = "A request was submitted on ".localtime(time)." for a reset of the ".
"password for your LON-CAPA account.".
@@ -152,9 +167,9 @@
my $result = &send_mail($domdesc,$email,$mailmsg,$contact_name,
$contact_email);
if ($result eq 'ok') {
- $msg .= &mt("An e-mail message sent to <b>$email</b> includes the web address for the link you should use to complete the reset process.<br /><br />The link included in the message will be valid for the next <b>two</b> hours.");
+ $msg .= &mt("An e-mail message sent to the e-mail address associated with your LON-CAPA account includes the web address for the link you should use to complete the reset process.<br /><br />The link included in the message will be valid for the next <b>two</b> hours.");
} else {
- $msg .= ("An error occurred when sending e-mail to $email with information about the reset process. Please contact the $contact_name ($contact_email) for assistance.");
+ $msg .= ("An error occurred when sending a message to the e-mail address associated with your LON-CAPA account. Please contact the $contact_name ($contact_email) for assistance.");
}
} else {
$msg .= &mt("An error occurred creating a token required for the password reset process. Please contact the $contact_name ($contact_email) for assistance.");
@@ -187,16 +202,20 @@
if ($error eq 'invalid') {
$msg = &mt('The username you provided was not verified as a valid username in the LON-CAPA system for the [_1] domain.',$domdesc).&mt(' Please <a href="javascript:history.go(-1)"><u>go back</u></a> and try again.');
} else {
- if ($error eq 'missing') {
+ if ($error eq 'baduseremail') {
+ $msg = &mt('The e-mail address you provided does not appear to be a valid address.');
+ } elsif ($error eq 'mismatch') {
+ $msg = &mt('The e-mail address you provided does not match the address recorded in the LON-CAPA system for the username and domain you provided.');
+ } elsif ($error eq 'missing') {
$msg = &mt('A valid e-mail address was not located in the LON-CAPA system for the username and domain you provided.');
} elsif ($error eq 'authentication') {
$msg = &mt('The username you provided uses an authentication type which can not be reset directly via LON-CAPA.');
}
if ($contact_email ne '') {
my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"');
- $msg .= &mt(' You may wish to contact the <a href="/adm/helpdesk?origurl=[_1]">LON-CAPA helpdesk</a> for the [_2] domain.',$escuri,$domdesc);
+ $msg .= '<br />'.&mt(' You may wish to contact the <a href="/adm/helpdesk?origurl=[_1]">LON-CAPA helpdesk</a> for the [_2] domain.',$escuri,$domdesc);
} else {
- $msg .= &mt(' You may wish to send an e-mail to the server administrator: [_1] for the [_2] domain.',Apache::lonnet::perlvar{'AdminEmail'},$domdesc);
+ $msg .= '<br />'.&mt(' You may wish to send an e-mail to the server administrator: [_1] for the [_2] domain.',Apache::lonnet::perlvar{'AdminEmail'},$domdesc);
}
}
return $msg;
@@ -214,7 +233,7 @@
if (($data{'time'} =~ /^\d+$/) &&
($data{'username'} ne '') &&
($data{'domain'} ne '') &&
- ($data{'email'} =~ /^[^\@]+\@[^\@]+$/) &&
+ ($data{'email'} =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) &&
($data{'temppasswd'} =~/^\w+$/)) {
my $reqtime = localtime($data{'time'});
if ($now - $data{'time'} < 7200) {
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.801 loncom/lonnet/perl/lonnet.pm:1.802
--- loncom/lonnet/perl/lonnet.pm:1.801 Mon Oct 30 06:10:51 2006
+++ loncom/lonnet/perl/lonnet.pm Thu Nov 9 21:04:31 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.801 2006/10/30 11:10:51 foxr Exp $
+# $Id: lonnet.pm,v 1.802 2006/11/10 02:04:31 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3219,12 +3219,15 @@
# ------------------------------------------------------------ tmpput interface
sub tmpput {
- my ($storehash,$server)=@_;
+ my ($storehash,$server,$context)=@_;
my $items='';
foreach my $item (keys(%$storehash)) {
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
+ if (defined($context)) {
+ $items .= ':'.&escape($context);
+ }
return &reply("tmpput:$items",$server);
}
--raeburn1163124272--