Merge pull request #4003 from areeshatariq/areesha-reset-password

Reset Password Templatization
openfoodfacts · Aug 18, 2020 · 57fdec2 · 57fdec2
2 parents 8311ba6 + 1db089b
commit 57fdec2
Show file tree

Hide file tree

Showing 2 changed files with 97 additions and 78 deletions.
diff --git a/cgi/reset_password.pl b/cgi/reset_password.pl
@@ -42,6 +42,10 @@
 
 ProductOpener::Display::init();
 
+my $template_data_ref = {
+	lang => \&lang,
+};
+
 my $type = param('type') || 'send_email';
 my $action = param('action') || 'display';
 
@@ -107,113 +111,81 @@
 	}
 }
 
+$template_data_ref->{action} = $action;
+$template_data_ref->{error_count} = $#errors;
+$template_data_ref->{type} = $type;
+
 
 if ($action eq 'display') {
+	push @{$template_data_ref->{errors}}, @errors;
+}
 
+elsif ($action eq 'process') {
 
-	$html .= $Lang{"reset_password_${type}_msg"}{$lang};
+	if ($type eq 'send_email') {
 
-	if ($#errors >= 0) {
-		$html .= "<p><b>$Lang{correct_the_following_errors}{$lang}</b></p><ul>\n";
-		foreach my $error (@errors) {
-			$html .= "<li class=\"error\">$error</li>\n";
+		my @userids = ();
+		if (defined $email_ref) {
+			@userids = @{$email_ref};
+		}
+		elsif (defined $userid) {
+			@userids = ($userid);
 		}
-		$html .= "</ul>\n";
-	}
 
-	$html .= start_form('POST', '/cgi/reset_password.pl');
+		my $i = 0;
 
-	if ($type eq 'send_email') {
+		foreach my $userid (@userids) {
 
-		$html .= '<label>'
-		. "$Lang{userid_or_email}{$lang}"
-		. textfield(-name=>'userid_or_email', -value=>'',-override=>1)
-		. "</label>";
-	}
-	elsif ($type eq 'reset') {
-		$html .= "<table>"
-		. "\n<tr><td>$Lang{password}{$lang}</td><td>"
-		. password_field(-name=>'password', -value=>'', -override=>1) . "</td></tr>"
-		. "\n<tr><td>$Lang{password_confirm}{$lang}</td><td>"
-		. password_field(-name=>'confirm_password', -value=>'', -override=>1) . "</td></tr>"
-		. "</table>"
-		. hidden(-name=>'resetid', -value=>param('resetid'), -override=>1)
-		. hidden(-name=>'token', -value=>param('token'), -override=>1)
-	}
+			my $user_ref = retrieve("$data_root/users/$userid.sto");
+			if (defined $user_ref) {
 
+				$user_ref->{token_t} = time();
+				$user_ref->{token} = generate_token(64);
+				$user_ref->{token_ip} = remote_addr();
 
-	$html .= "\n"
-	. hidden(-name=>'action', -value=>'process', -override=>1)
-	. hidden(-name=>'type', -value=>$type, -override=>1)
-	. submit(-class=>'button')
-	. end_form();
+				store("$data_root/users/$userid.sto", $user_ref);
 
-}
-elsif ($action eq 'process') {
+				my $url = format_subdomain($subdomain) . "/cgi/reset_password.pl?type=reset&resetid=$userid&token=" . $user_ref->{token};
 
-if ($type eq 'send_email') {
+				my $email = lang("reset_password_email_body");
+				$email =~ s/<USERID>/$userid/g;
+				$email =~ s/<RESET_URL>/$url/g;
+				send_email($user_ref, lang("reset_password_email_subject"), $email);
 
-	my @userids = ();
-	if (defined $email_ref) {
-		@userids = @{$email_ref};
-	}
-	elsif (defined $userid) {
-		@userids = ($userid);
-	}
-
-	my $i = 0;
+				$i++;
+			}
+		}
 
-	foreach my $userid (@userids) {
+		$template_data_ref->{i} = $i;
 
+	}
+	elsif ($type eq 'reset') {
+		my $userid = get_string_id_for_lang("no_language", param('resetid'));
 		my $user_ref = retrieve("$data_root/users/$userid.sto");
 		if (defined $user_ref) {
 
-			$user_ref->{token_t} = time();
-			$user_ref->{token} = generate_token(64);
-			$user_ref->{token_ip} = remote_addr();
-
-			store("$data_root/users/$userid.sto", $user_ref);
-
-			my $url = format_subdomain($subdomain) . "/cgi/reset_password.pl?type=reset&resetid=$userid&token=" . $user_ref->{token};
-
-			my $email = lang("reset_password_email_body");
-			$email =~ s/<USERID>/$userid/g;
-			$email =~ s/<RESET_URL>/$url/g;
-			send_email($user_ref, lang("reset_password_email_subject"), $email);
+			if ((param('token') eq $user_ref->{token}) and (time() < ($user_ref->{token_t} + 86400*3))) {
+
+				$template_data_ref->{user_token} = "defined";
 
-			$i++;
-		}
-	}
+				$user_ref->{encrypted_password} = create_password_hash( encode_utf8 (decode utf8=>param('password')) );
 
-	if ($i > 0) {
-		$html .= $Lang{reset_password_send_email}{$lang};
-	}
-
-}
-elsif ($type eq 'reset') {
-	my $userid = get_string_id_for_lang("no_language", param('resetid'));
-	my $user_ref = retrieve("$data_root/users/$userid.sto");
-	if (defined $user_ref) {
+				delete $user_ref->{token};
 
-		if ((param('token') eq $user_ref->{token}) and (time() < ($user_ref->{token_t} + 86400*3))) {
+				store("$data_root/users/$userid.sto", $user_ref);
 
-			$user_ref->{encrypted_password} = create_password_hash( encode_utf8 (decode utf8=>param('password')) );
-
-			delete $user_ref->{token};
-
-			store("$data_root/users/$userid.sto", $user_ref);
-
-			$html .= $Lang{reset_password_reset}{$lang};
-		}
-		else {
-			display_error($Lang{error_reset_invalid_token}{$lang}, undef);
+			}
+			else {
+				display_error($Lang{error_reset_invalid_token}{$lang}, undef);
+			}
 		}
 	}
-}
 
 
 }
 
+$tt->process('reset_password.tt.html', $template_data_ref, \$html);
+$html .= "<p>" . $tt->error() . "</p>";
 
 display_new( {
 

diff --git a/templates/reset_password.tt.html b/templates/reset_password.tt.html
@@ -0,0 +1,47 @@
+[% IF action == 'display' %]
+    [% lang("reset_password_${type}_msg") %]
+    [% IF error_count >= 0 %]
+        <div data-alert class="alert-box alert">
+            <p><strong>[% lang("correct_the_following_errors") %]</strong></p>
+            <ul>
+                [% FOREACH error IN errors %]
+                    <li class="error">[% error %]</li>
+                [% END %]
+            </ul>
+        </div>
+    [% END %]
+    <form method="post" action="/cgi/reset_password.pl" enctype="multipart/form-data">
+        [% IF type == 'send_email' %]
+            <label>
+                [% lang('userid_or_email') %]
+                <input type="text" name="userid_or_email"/>
+            </label>
+        [% ELSIF type == 'reset' %]
+            <table role="presentation">
+                <tr>
+                    <td>[% lang('password') %]</td>
+                    <td><input type='password' name='password'/></td>
+                </tr>
+                <tr>
+                    <td>[% lang('password_confirm') %]</td>
+                    <td><input type='password' name='confirm_password'/></td>
+                </tr>
+            </table>
+            <input type='hidden' name='resetid' value=param('resetid') />
+            <input type='hidden' name='token' value=param('token') />
+        [% END %]
+        <input type='hidden' name='action' value='process' />
+        <input type='hidden' name='type' value=[% type %] />
+        <input type='submit' name='.submit' class='button' />
+    </form>
+[% ELSIF action == 'process' %]
+    [% IF type == 'send_email' %]
+        [% IF i > 0 %]
+            [% lang('reset_password_send_email') %]
+        [% END %]
+    [% ELSIF type == 'reset' %]
+        [% IF user_token == 'defined' %]
+            [% lang('reset_password_reset') %]
+        [% END %]
+    [% END %]
+[% END %]