首页 发现 帮助
登录
mirrors
/
mailcow-dockerized
镜像自地址 https://github.com/mailcow/mailcow-dockerized
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

[Web] improve error handling for user password resets

FreddleSpl0it 1 年之前
父节点
2208d7e6fb
当前提交
c37bf0bb32
共有 4 个文件被更改,包括 20 次插入30 次删除
合并视图 显示文件统计
  1. 14 26
      data/web/inc/functions.inc.php
  2. 1 0
      data/web/lang/lang.de-de.json
  3. 1 0
      data/web/lang/lang.en-gb.json
  4. 4 4
      data/web/templates/admin/tab-config-password-settings.twig

+ 14 - 26
data/web/inc/functions.inc.php
查看文件 

@@ -1137,7 +1137,7 @@ function edit_user_account($_data) {
 
       );

       );

       return false;

       return false;

     }

     }

-    

+

     $pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;

     $pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;

     $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)

     $stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)

       WHERE `username` = :username");

       WHERE `username` = :username");

@@ -2329,6 +2329,17 @@ function reset_password($action, $data = null) {
 
         return false;

         return false;

       }

       }

 

 

+      $pw_reset_notification = reset_password('get_notification', 'raw');

+      if (!$pw_reset_notification) return false;

+      if (empty($pw_reset_notification['from']) || empty($pw_reset_notification['subject'])) {

+        $_SESSION['return'][] = array(

+          'type' => 'danger',

+          'log' => array(__FUNCTION__, $action, $_data_log),

+          'msg' => 'password_reset_na'

+        );

+        return false;

+      }

+

       $stmt = $pdo->prepare("SELECT * FROM `mailbox`

       $stmt = $pdo->prepare("SELECT * FROM `mailbox`

         WHERE `username` = :username");

         WHERE `username` = :username");

       $stmt->execute(array(':username' => $username));

       $stmt->execute(array(':username' => $username));

@@ -2381,9 +2392,6 @@ function reset_password($action, $data = null) {
 
         ':token' => $token

         ':token' => $token

       ));

       ));

 

 

-      $pw_reset_notification = reset_password('get_notification', 'raw');

-      if (!$pw_reset_notification) return false;

-

       $reset_link = getBaseURL() . "/reset-password?token=" . $token;

       $reset_link = getBaseURL() . "/reset-password?token=" . $token;

 

 

       $request_date = new DateTime();

       $request_date = new DateTime();

@@ -2633,30 +2641,10 @@ function reset_password($action, $data = null) {
 
       $subject = $data['subject'];

       $subject = $data['subject'];

       $from = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $data['from']);

       $from = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $data['from']);

 

 

-      if (filter_var($from, FILTER_VALIDATE_EMAIL) === false) {

-        $_SESSION['return'][] = array(

-          'type' => 'danger',

-          'log' => array(__FUNCTION__, $action, $_data_log),

-          'msg' => '???'

-        );

-        $_SESSION['return'][] = array(

-          'type' => 'danger',

-          'log' => array(__FUNCTION__, $action, $_data_log),

-          'msg' => 'access_denied'

-        );

-        return false;

-      }

-

+      $from = (!filter_var($from, FILTER_VALIDATE_EMAIL)) ? "" : $from;

+      $subject = (empty($subject)) ? "" : $subject;

       $text = (empty($data['text_tmpl'])) ? "" : $data['text_tmpl'];

       $text = (empty($data['text_tmpl'])) ? "" : $data['text_tmpl'];

       $html = (empty($data['html_tmpl'])) ? "" : $data['html_tmpl'];

       $html = (empty($data['html_tmpl'])) ? "" : $data['html_tmpl'];

-      if (empty($text) && empty($html)) {

-        $_SESSION['return'][] = array(

-          'type' => 'danger',

-          'log' => array(__FUNCTION__, $action, $_data_log),

-          'msg' => 'access_denied'

-        );

-        return false;

-      }

 

 

       try {

       try {

         $redis->Set('PW_RESET_FROM', $from);

         $redis->Set('PW_RESET_FROM', $from);

+ 1 - 0
data/web/lang/lang.de-de.json
查看文件 

@@ -446,6 +446,7 @@
 
         "password_empty": "Passwort darf nicht leer sein",
 
         "password_empty": "Passwort darf nicht leer sein",
 
         "password_mismatch": "Passwort-Wiederholung stimmt nicht überein",
 
         "password_mismatch": "Passwort-Wiederholung stimmt nicht überein",
 
         "password_reset_invalid_user": "Benutzer nicht gefunden oder keine E-Mail-Adresse zur Wiederherstellung eingerichtet",
 
         "password_reset_invalid_user": "Benutzer nicht gefunden oder keine E-Mail-Adresse zur Wiederherstellung eingerichtet",
 
+        "password_reset_na": "Die Passwortwiederherstellung ist momentan nicht verfügbar. Bitte wenden Sie sich an Ihren Administrator.",
 
         "policy_list_from_exists": "Ein Eintrag mit diesem Wert existiert bereits",
 
         "policy_list_from_exists": "Ein Eintrag mit diesem Wert existiert bereits",
 
         "policy_list_from_invalid": "Eintrag hat ein ungültiges Format",
 
         "policy_list_from_invalid": "Eintrag hat ein ungültiges Format",
 
         "private_key_error": "Schlüsselfehler: %s",
 
         "private_key_error": "Schlüsselfehler: %s",

+ 1 - 0
data/web/lang/lang.en-gb.json
查看文件 

@@ -446,6 +446,7 @@
 
         "password_empty": "Password must not be empty",
 
         "password_empty": "Password must not be empty",
 
         "password_mismatch": "Confirmation password does not match",
 
         "password_mismatch": "Confirmation password does not match",
 
         "password_reset_invalid_user": "Mailbox not found or no recovery email is set",
 
         "password_reset_invalid_user": "Mailbox not found or no recovery email is set",
 
+        "password_reset_na": "The password recovery is currently unavailable. Please contact your administrator.",
 
         "policy_list_from_exists": "A record with given name exists",
 
         "policy_list_from_exists": "A record with given name exists",
 
         "policy_list_from_invalid": "Record has invalid format",
 
         "policy_list_from_invalid": "Record has invalid format",
 
         "private_key_error": "Private key error: %s",
 
         "private_key_error": "Private key error: %s",

+ 4 - 4
data/web/templates/admin/tab-config-password-settings.twig
查看文件 

@@ -57,14 +57,14 @@
 
         <div class="row mb-4">
 
         <div class="row mb-4">
 
           <div class="col-sm-6">
 
           <div class="col-sm-6">
 
             <div>
 
             <div>
 
-              <label for="quota_notification_sender">{{ lang.admin.quota_notification_sender }}:</label>
 
-              <input type="email" class="form-control" id="quota_notification_sender" name="from" value="{{ pw_reset_data.from }}" placeholder="quota-warning@localhost">
 
+              <label for="pw_reset_from">{{ lang.admin.quota_notification_sender }}:</label>
 
+              <input type="email" class="form-control" id="pw_reset_from" name="from" value="{{ pw_reset_data.from }}">
 
             </div>
 
             </div>
 
           </div>
 
           </div>
 
           <div class="col-sm-6">
 
           <div class="col-sm-6">
 
             <div>
 
             <div>
 
-              <label for="quota_notification_subject">{{ lang.admin.quota_notification_subject }}:</label>
 
-              <input type="text" class="form-control" id="quota_notification_subject" name="subject" value="{{ pw_reset_data.subject }}" placeholder="Quota warning">
 
+              <label for="pw_reset_subject">{{ lang.admin.quota_notification_subject }}:</label>
 
+              <input type="text" class="form-control" id="pw_reset_subject" name="subject" value="{{ pw_reset_data.subject }}">
 
             </div>
 
             </div>
 
           </div>
 
           </div>
 
         </div>
 
         </div>