From 856cf6200a623da948487f17d56ee4458918ef41 Mon Sep 17 00:00:00 2001 From: Zachary Schneider Date: Thu, 8 Apr 2021 19:46:39 -0700 Subject: [PATCH 1/6] add send password restore button for admins --- modules/backend/controllers/Users.php | 14 +++++++++++++ .../users/_btn_password_restore.htm | 14 +++++++++++++ modules/backend/lang/en/lang.php | 4 ++++ modules/backend/models/User.php | 21 +++++++++++++++++++ modules/backend/models/user/fields.yaml | 4 ++++ 5 files changed, 57 insertions(+) create mode 100644 modules/backend/controllers/users/_btn_password_restore.htm diff --git a/modules/backend/controllers/Users.php b/modules/backend/controllers/Users.php index 15bd175c6d..378924af47 100644 --- a/modules/backend/controllers/Users.php +++ b/modules/backend/controllers/Users.php @@ -149,6 +149,20 @@ public function update_onImpersonateUser($recordId) return Backend::redirect('backend/users/myaccount'); } + /** + * Send a password restore email to this user + */ + public function update_onSendPasswordRestore($recordId) + { + if (!$this->user->hasAccess('backend.manage_users')) { + return Response::make(Lang::get('backend::lang.page.access_denied.label'), 403); + } + + $this->formFindModelObject($recordId)->sendPasswordRestore(); + + Flash::success(Lang::get('backend::lang.account.send_password_restore_success')); + } + /** * Unsuspend this user */ diff --git a/modules/backend/controllers/users/_btn_password_restore.htm b/modules/backend/controllers/users/_btn_password_restore.htm new file mode 100644 index 0000000000..6eb5bf5e8c --- /dev/null +++ b/modules/backend/controllers/users/_btn_password_restore.htm @@ -0,0 +1,14 @@ +user->hasAccess('backend.manage_users')): ?> +
+ +
+ \ No newline at end of file diff --git a/modules/backend/lang/en/lang.php b/modules/backend/lang/en/lang.php index 46dee8b845..ee112a65ed 100644 --- a/modules/backend/lang/en/lang.php +++ b/modules/backend/lang/en/lang.php @@ -71,6 +71,10 @@ 'reset_success' => 'Password has been reset. You may now sign in.', 'reset_error' => 'Invalid password reset data supplied. Please try again!', 'reset_fail' => 'Unable to reset your password!', + 'send_password_restore' => 'Send Password Restore', + 'send_password_restore_confirm' => 'Are you sure you want to send this user a passowrd restore email?', + 'send_password_restore_success' => 'Password restore email sent', + 'send_password_restore_working' => 'Sending...', 'apply' => 'Apply', 'cancel' => 'Cancel', 'delete' => 'Delete', diff --git a/modules/backend/models/User.php b/modules/backend/models/User.php index f18977b6c0..a7c797525d 100644 --- a/modules/backend/models/User.php +++ b/modules/backend/models/User.php @@ -170,6 +170,27 @@ public function sendInvitation() }); } + + /** + * Sends a password restore link to the user using template "backend::mail.restore". + * @return void + */ + public function sendPasswordRestore() + { + $code = $this->getResetPasswordCode(); + + $link = Backend::url('backend/auth/reset/' . $this->id . '/' . $code); + + $data = [ + 'name' => $this->full_name, + 'link' => $link, + ]; + + Mail::send('backend::mail.restore', $data, function ($message) { + $message->to($this->email, $this->full_name)->subject(trans('backend::lang.account.password_reset')); + }); + } + public function getGroupsOptions() { $result = []; diff --git a/modules/backend/models/user/fields.yaml b/modules/backend/models/user/fields.yaml index bbfbae286f..65baea18bd 100644 --- a/modules/backend/models/user/fields.yaml +++ b/modules/backend/models/user/fields.yaml @@ -75,6 +75,10 @@ secondaryTabs: label: '' context: [update] type: partial + btn_password_restore: + label: '' + context: [update] + type: partial avatar: label: backend::lang.user.avatar type: fileupload From 7b2adcfc20cac69e6889e1f0a02e159b688d0333 Mon Sep 17 00:00:00 2001 From: Zachary Schneider Date: Thu, 8 Apr 2021 19:56:13 -0700 Subject: [PATCH 2/6] replace admin invite email password with reset link --- modules/backend/models/User.php | 21 +++++++++++++++++---- modules/backend/views/mail/invite.htm | 3 +-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/modules/backend/models/User.php b/modules/backend/models/User.php index a7c797525d..209400fe55 100644 --- a/modules/backend/models/User.php +++ b/modules/backend/models/User.php @@ -27,8 +27,8 @@ class User extends UserBase public $rules = [ 'email' => 'required|between:6,255|email|unique:backend_users', 'login' => 'required|between:2,255|unique:backend_users', - 'password' => 'required:create|min:4|confirmed', - 'password_confirmation' => 'required_with:password|min:4' + 'password' => 'sometimes|required:create|min:4|confirmed', + 'password_confirmation' => 'sometimes|required_with:password|min:4' ]; /** @@ -152,6 +152,20 @@ public function afterLogin() Event::fire('backend.user.login', [$this]); } + /** + * Generates a link to the backend, or a password reset link if no password was set on creation. + * @return void + */ + public function getInvitationLink() { + if (!$this->password) { + $code = $this->getResetPasswordCode(); + + return Backend::url('backend/auth/reset/' . $this->id . '/' . $code); + } + + return Backend::url('backend'); + } + /** * Sends an invitation to the user using template "backend::mail.invite". * @return void @@ -161,8 +175,7 @@ public function sendInvitation() $data = [ 'name' => $this->full_name, 'login' => $this->login, - 'password' => $this->getOriginalHashValue('password'), - 'link' => Backend::url('backend'), + 'link' => $this->getInvitationLink(), ]; Mail::send('backend::mail.invite', $data, function ($message) { diff --git a/modules/backend/views/mail/invite.htm b/modules/backend/views/mail/invite.htm index da43549e75..8fa7a4de20 100644 --- a/modules/backend/views/mail/invite.htm +++ b/modules/backend/views/mail/invite.htm @@ -8,7 +8,6 @@ {% partial 'panel' body %} - Login: `{{ login ?: 'sample' }}` -- Password: `{{ (password ?: '********') | raw }}` {% endpartial %} You can use the following link to sign in: @@ -17,4 +16,4 @@ Sign in to admin area {% endpartial %} -After signing in you should change your password by clicking your name on the top right corner of the administration area. +After signing in you will be asked to set a new password. From 97cf91db418c8cc85cc397fa159eb5a334ad3c4d Mon Sep 17 00:00:00 2001 From: Zachary Schneider Date: Fri, 9 Apr 2021 09:40:39 -0700 Subject: [PATCH 3/6] password not required on create, clarify email/input language --- modules/backend/lang/en/lang.php | 2 +- modules/backend/models/User.php | 2 +- modules/backend/views/mail/invite.htm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/backend/lang/en/lang.php b/modules/backend/lang/en/lang.php index ee112a65ed..bca9d94458 100644 --- a/modules/backend/lang/en/lang.php +++ b/modules/backend/lang/en/lang.php @@ -152,7 +152,7 @@ 'superuser' => 'Super User', 'superuser_comment' => 'Grants this account unlimited access to all areas of the system. Super users can add and manage other users. ', 'send_invite' => 'Send invitation by email', - 'send_invite_comment' => 'Sends a welcome message containing login and password information.', + 'send_invite_comment' => 'Sends a welcome message containing login and password information. If a password is not set, the message will include a password reset link.', 'delete_confirm' => 'Delete this administrator?', 'return' => 'Return to admin list', 'allow' => 'Allow', diff --git a/modules/backend/models/User.php b/modules/backend/models/User.php index 209400fe55..cfa75c0846 100644 --- a/modules/backend/models/User.php +++ b/modules/backend/models/User.php @@ -27,7 +27,7 @@ class User extends UserBase public $rules = [ 'email' => 'required|between:6,255|email|unique:backend_users', 'login' => 'required|between:2,255|unique:backend_users', - 'password' => 'sometimes|required:create|min:4|confirmed', + 'password' => 'sometimes|min:4|confirmed', 'password_confirmation' => 'sometimes|required_with:password|min:4' ]; diff --git a/modules/backend/views/mail/invite.htm b/modules/backend/views/mail/invite.htm index 8fa7a4de20..0789085f09 100644 --- a/modules/backend/views/mail/invite.htm +++ b/modules/backend/views/mail/invite.htm @@ -16,4 +16,4 @@ Sign in to admin area {% endpartial %} -After signing in you will be asked to set a new password. +After signing in, you may be asked to set a new password if one was not created for you. From 698bcfae4c1b8aa3daa0bb8bde5186819969f702 Mon Sep 17 00:00:00 2001 From: Zachary Schneider Date: Fri, 9 Apr 2021 09:45:11 -0700 Subject: [PATCH 4/6] update PHPdoc --- modules/backend/models/User.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backend/models/User.php b/modules/backend/models/User.php index cfa75c0846..ba731731d0 100644 --- a/modules/backend/models/User.php +++ b/modules/backend/models/User.php @@ -154,7 +154,7 @@ public function afterLogin() /** * Generates a link to the backend, or a password reset link if no password was set on creation. - * @return void + * @return string */ public function getInvitationLink() { if (!$this->password) { From 509a784f7c4896924ba96b8bdcf8e5f34db311c9 Mon Sep 17 00:00:00 2001 From: Zachary Schneider Date: Fri, 9 Apr 2021 09:45:11 -0700 Subject: [PATCH 5/6] update PHPdoc --- modules/backend/models/User.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/backend/models/User.php b/modules/backend/models/User.php index cfa75c0846..6e5941fcfe 100644 --- a/modules/backend/models/User.php +++ b/modules/backend/models/User.php @@ -154,9 +154,10 @@ public function afterLogin() /** * Generates a link to the backend, or a password reset link if no password was set on creation. - * @return void + * @return string */ - public function getInvitationLink() { + public function getInvitationLink() + { if (!$this->password) { $code = $this->getResetPasswordCode(); From 0455a98dbb10ed6a9fb5ffecee42603e59cef96c Mon Sep 17 00:00:00 2001 From: Ben Thomson Date: Thu, 30 Sep 2021 10:39:08 +0800 Subject: [PATCH 6/6] Minor tidy up --- modules/backend/controllers/Users.php | 2 ++ modules/backend/controllers/users/_btn_password_restore.htm | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/backend/controllers/Users.php b/modules/backend/controllers/Users.php index 378924af47..65040fbbcb 100644 --- a/modules/backend/controllers/Users.php +++ b/modules/backend/controllers/Users.php @@ -151,6 +151,8 @@ public function update_onImpersonateUser($recordId) /** * Send a password restore email to this user + * @param int $recordId + * @return Response|void */ public function update_onSendPasswordRestore($recordId) { diff --git a/modules/backend/controllers/users/_btn_password_restore.htm b/modules/backend/controllers/users/_btn_password_restore.htm index 6eb5bf5e8c..683d2d182c 100644 --- a/modules/backend/controllers/users/_btn_password_restore.htm +++ b/modules/backend/controllers/users/_btn_password_restore.htm @@ -11,4 +11,4 @@ - \ No newline at end of file +