Index: openacs-4/packages/acs-authentication/tcl/apm-callback-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/apm-callback-procs.tcl,v diff -u -r1.1 -r1.2 --- openacs-4/packages/acs-authentication/tcl/apm-callback-procs.tcl 22 Aug 2003 10:55:00 -0000 1.1 +++ openacs-4/packages/acs-authentication/tcl/apm-callback-procs.tcl 22 Aug 2003 15:10:54 -0000 1.2 @@ -58,7 +58,10 @@ Validate this username/password combination, and return the result. Valid auth_status codes are 'ok', 'no_account', 'bad_password', 'auth_error', 'failed_to_connect'. The last, 'failed_to_connect', is reserved for communications or implementation errors. + auth_message is a human-readable explanation of what went wrong, may contain HTML. + Only checked if auth_status is not ok. Valid account_status codes are 'ok' and 'closed'. + account_message may be supplied regardless of account_status, and may contain HTML. } input { username:string @@ -84,11 +87,6 @@ } acs_sc::contract::new_from_spec -spec $spec - - # LARS: - # If we do the configurator package, this proc should register the parameters as well, - # and GetParameters should return parameter_set_id. - # Hm. But it'll be up to the specific implementation which parameters it takes ... yeah, above won't work. } ad_proc -private auth::authentication::delete_contract {} { @@ -134,8 +132,8 @@ parameters:string,multiple } output { - successful_p:boolean - message:string + password_status:string + password_message:string } } CanRetrievePassword { @@ -162,8 +160,8 @@ parameters:string,multiple } output { - successful_p:boolean - message:string + password_status:string + password_message:string password:string } } @@ -176,7 +174,7 @@ parameters:string,multiple } output { - retrievable_p:boolean + resettable_p:boolean } iscachable_p "t" } @@ -192,8 +190,8 @@ parameters:string,multiple } output { - successful_p:boolean - message:string + password_status:string + password_message:string password:string } } @@ -283,10 +281,6 @@ } acs_sc::contract::new_from_spec -spec $spec - - # LARS: - # If we do the configurator package, this proc should register the parameters as well, - # and GetParameters should return parameter_set_id. } Index: openacs-4/packages/acs-authentication/tcl/local-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-authentication/tcl/local-procs.tcl,v diff -u -r1.1 -r1.2 --- openacs-4/packages/acs-authentication/tcl/local-procs.tcl 22 Aug 2003 10:55:00 -0000 1.1 +++ openacs-4/packages/acs-authentication/tcl/local-procs.tcl 22 Aug 2003 15:10:54 -0000 1.2 @@ -107,24 +107,18 @@ } { array set auth_info [list] - # TODO: username = email parameter ... - + # usernames are case insensitive set username [string tolower $username] set authority_id [auth::authority::local] - set account_exists_p [db_0or1row select_user_info { - select user_id - from cc_users - where username = :username - and authority_id = :authority_id - }] - - if { !$account_exists_p } { - set auth_info(auth_status) "no_account" - return [array get auth_info] + + set user_id [acs_user::get_by_username -username $username] + if { [empty_string_p $user_id] } { + set result(auth_status) "no_account" + return [array get result] } - + if { [ad_check_password $user_id $password] } { set auth_info(auth_status) "ok" } else { @@ -133,7 +127,7 @@ } # We set 'external' account status to 'ok', because the - # local account status will be checked anyways + # local account status will be checked anyways by the framework set auth_info(account_status) ok return [array get auth_info] @@ -173,6 +167,7 @@ RetrievePassword auth::local::password::RetrievePassword CanResetPassword auth::local::password::CanResetPassword ResetPassword auth::local::password::ResetPassword + GetParameters auth::local::password::GetParameters } } return [acs_sc::impl::new_from_spec -spec $spec] @@ -219,21 +214,28 @@ service contract for the local account implementation. } { array set result { - successful_p 0 - message {} + password_status {} + password_message {} } + + set user_id [acs_user::get_by_username -username $username] + if { [empty_string_p $user_id] } { + set result(password_status) "no_account" + return [array get result] + } if { ![ad_check_password $user_id $old_password] } { - set result(message) "Old password is incorrect." + set result(password_status) "old_password_bad" return [array get result] } - if { [catch { ad_change_password $user_id $password_1 } errmsg] } { - ns_log Warning "Error changing local password: $errmsg" - set result(message) "We experienced an error changing your password." + if { [catch { ad_change_password $user_id $new_password } errmsg] } { + set result(password_status) "change_error" + global errorInfo + ns_log Error "Error changing local password for username $username, user_id $user_id: \n$errorInfo" return [array get result] } - set result(successful_p) 1 + set result(password_status) "ok" return [array get result] } @@ -245,9 +247,7 @@ Implements the RetrievePassword operation of the auth_password service contract for the local account implementation. } { - set result(successful_p) 0 - set result(message) "Cannot retrieve your password." - + set result(password_status) "not_supported" return [array get result] } @@ -258,22 +258,40 @@ Implements the ResetPassword operation of the auth_password service contract for the local account implementation. } { - set result(successful_p) 0 - set result(message) {} + array set result { + password_status {} + password_message {} + } - # TODO: - # What about security question/answer? Who should ask for those? + set user_id [acs_user::get_by_username -username $username] + if { [empty_string_p $user_id] } { + set result(password_status) "no_account" + return [array get result] + } - # Change the password + # Reset the password set password [ad_generate_random_string] - ad_change_password $user_id $password + if { [catch { ad_change_password $user_id $password } errmsg] } { + set result(password_status) "reset_error" + global errorInfo + ns_log Error "Error resetting local password for username $username, user_id $user_id: \n$errorInfo" + return [array get result] + } + # We return the new passowrd here and let the OpenACS framework send the email with the new password set result(password) $password return [array get result] } +ad_proc -private auth::local::password::GetParameters {} { + Implements the GetParameters operation of the auth_password + service contract for the local account implementation. +} { + # No parameters + return [list] +} #####