Uploaded image for project: '{RETIRED} XWiki Administration Application'
  1. {RETIRED} XWiki Administration Application
  2. XAADMINISTRATION-204

ResetPassword can't be used when XWikiGuest doesn't have view rights on the XWiki space

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 1.43
    • Fix Version/s: None
    • Component/s: Users, Groups, Rights
    • Labels:
      None
    • Similar issues:

      Description

      Patches applied on xwiki-application-administration-1.43

      Index: XWiki/ResetPassword.xml
      ===================================================================
      --- XWiki/ResetPassword.xml   (original)
      +++ XWiki/ResetPassword.xml   (modified)
      @@ -262,6 +262,166 @@
       <levels>edit</levels>
       </property>
       </object>
      +<object>
      +<class>
      +<name>XWiki.XWikiRights</name>
      +<customClass></customClass>
      +<customMapping></customMapping>
      +<defaultViewSheet></defaultViewSheet>
      +<defaultEditSheet></defaultEditSheet>
      +<defaultWeb></defaultWeb>
      +<nameField></nameField>
      +<validationScript></validationScript>
      +<allow>
      +<defaultValue>1</defaultValue>
      +<disabled>0</disabled>
      +<displayFormType>select</displayFormType>
      +<displayType>allow</displayType>
      +<name>allow</name>
      +<number>4</number>
      +<prettyName>Allow/Deny</prettyName>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
      +</allow>
      +<groups>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>groups</name>
      +<number>1</number>
      +<prettyName>Groups</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.GroupsClass</classType>
      +</groups>
      +<levels>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>levels</name>
      +<number>2</number>
      +<prettyName>Levels</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>3</size>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.LevelsClass</classType>
      +</levels>
      +<users>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>users</name>
      +<number>3</number>
      +<prettyName>Users</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.UsersClass</classType>
      +</users>
      +</class>
      +<name>XWiki.ResetPassword</name>
      +<number>3</number>
      +<className>XWiki.XWikiRights</className>
      +<guid>427feb96-b285-4edb-b44e-f36f48bb9e1a</guid>
      +<property>
      +<allow>1</allow>
      +</property>
      +<property>
      +<groups>XWiki.XWikiAllGroup</groups>
      +</property>
      +<property>
      +<levels>view</levels>
      +</property>
      +</object>
      +<object>
      +<class>
      +<name>XWiki.XWikiRights</name>
      +<customClass></customClass>
      +<customMapping></customMapping>
      +<defaultViewSheet></defaultViewSheet>
      +<defaultEditSheet></defaultEditSheet>
      +<defaultWeb></defaultWeb>
      +<nameField></nameField>
      +<validationScript></validationScript>
      +<allow>
      +<defaultValue>1</defaultValue>
      +<disabled>0</disabled>
      +<displayFormType>select</displayFormType>
      +<displayType>allow</displayType>
      +<name>allow</name>
      +<number>4</number>
      +<prettyName>Allow/Deny</prettyName>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
      +</allow>
      +<groups>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>groups</name>
      +<number>1</number>
      +<prettyName>Groups</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.GroupsClass</classType>
      +</groups>
      +<levels>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>levels</name>
      +<number>2</number>
      +<prettyName>Levels</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>3</size>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.LevelsClass</classType>
      +</levels>
      +<users>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>users</name>
      +<number>3</number>
      +<prettyName>Users</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.UsersClass</classType>
      +</users>
      +</class>
      +<name>XWiki.ResetPassword</name>
      +<number>4</number>
      +<className>XWiki.XWikiRights</className>
      +<guid>ecd99938-527b-4fe1-807d-f11698cc1017</guid>
      +<property>
      +<allow>1</allow>
      +</property>
      +<property>
      +<levels>view</levels>
      +</property>
      +<property>
      +<users>XWiki.XWikiGuest</users>
      +</property>
      +</object>
       <content>{{velocity}}
       #**
       This page starts the password reset procedure. It works according to the next algorithm:
      @@ -305,9 +465,9 @@
       #else## Second step, generate the verification string, store it, and send the email
         ## TODO: Once the usernames are not bound to the XWiki space, revisit this code
         #if($userName.indexOf('.') != -1)
      -    #set($userDoc = $xwiki.getDocument(${userName}))
      +    #set($userDoc = $xwiki.getDocumentAsAuthor(${userName}))
         #else
      -    #set($userDoc = $xwiki.getDocument("XWiki.${userName}"))
      +    #set($userDoc = $xwiki.getDocumentAsAuthor("XWiki.${userName}"))
         #end
         ## Check if the user exists and has a valid email address configured in his profile
         #set($userObj = '')
      
      
      Index: XWiki/ResetPasswordComplete.xml
      ===================================================================
      --- XWiki/ResetPasswordComplete.xml   (original)
      +++ XWiki/ResetPasswordComplete.xml   (modified)
      @@ -262,6 +262,166 @@
       <users>XWiki.XWikiGuest</users>
       </property>
       </object>
      +<object>
      +<class>
      +<name>XWiki.XWikiRights</name>
      +<customClass></customClass>
      +<customMapping></customMapping>
      +<defaultViewSheet></defaultViewSheet>
      +<defaultEditSheet></defaultEditSheet>
      +<defaultWeb></defaultWeb>
      +<nameField></nameField>
      +<validationScript></validationScript>
      +<allow>
      +<defaultValue>1</defaultValue>
      +<disabled>0</disabled>
      +<displayFormType>select</displayFormType>
      +<displayType>allow</displayType>
      +<name>allow</name>
      +<number>4</number>
      +<prettyName>Allow/Deny</prettyName>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
      +</allow>
      +<groups>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>groups</name>
      +<number>1</number>
      +<prettyName>Groups</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.GroupsClass</classType>
      +</groups>
      +<levels>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>levels</name>
      +<number>2</number>
      +<prettyName>Levels</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>3</size>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.LevelsClass</classType>
      +</levels>
      +<users>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>users</name>
      +<number>3</number>
      +<prettyName>Users</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.UsersClass</classType>
      +</users>
      +</class>
      +<name>XWiki.ResetPasswordComplete</name>
      +<number>6</number>
      +<className>XWiki.XWikiRights</className>
      +<guid>bc02f273-7b5f-49a8-8989-95f8db65cf4f</guid>
      +<property>
      +<allow>1</allow>
      +</property>
      +<property>
      +<levels>view</levels>
      +</property>
      +<property>
      +<users>XWiki.XWikiGuest</users>
      +</property>
      +</object>
      +<object>
      +<class>
      +<name>XWiki.XWikiRights</name>
      +<customClass></customClass>
      +<customMapping></customMapping>
      +<defaultViewSheet></defaultViewSheet>
      +<defaultEditSheet></defaultEditSheet>
      +<defaultWeb></defaultWeb>
      +<nameField></nameField>
      +<validationScript></validationScript>
      +<allow>
      +<defaultValue>1</defaultValue>
      +<disabled>0</disabled>
      +<displayFormType>select</displayFormType>
      +<displayType>allow</displayType>
      +<name>allow</name>
      +<number>4</number>
      +<prettyName>Allow/Deny</prettyName>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
      +</allow>
      +<groups>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>groups</name>
      +<number>1</number>
      +<prettyName>Groups</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.GroupsClass</classType>
      +</groups>
      +<levels>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>levels</name>
      +<number>2</number>
      +<prettyName>Levels</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>3</size>
      +<unmodifiable>0</unmodifiable>
      +<classType>com.xpn.xwiki.objects.classes.LevelsClass</classType>
      +</levels>
      +<users>
      +<cache>0</cache>
      +<disabled>0</disabled>
      +<displayType>select</displayType>
      +<multiSelect>1</multiSelect>
      +<name>users</name>
      +<number>3</number>
      +<prettyName>Users</prettyName>
      +<relationalStorage>0</relationalStorage>
      +<separator> </separator>
      +<size>5</size>
      +<unmodifiable>0</unmodifiable>
      +<usesList>1</usesList>
      +<classType>com.xpn.xwiki.objects.classes.UsersClass</classType>
      +</users>
      +</class>
      +<name>XWiki.ResetPasswordComplete</name>
      +<number>7</number>
      +<className>XWiki.XWikiRights</className>
      +<guid>7e8ad447-e179-4d2a-8e8b-ce4c2c712a5c</guid>
      +<property>
      +<allow>1</allow>
      +</property>
      +<property>
      +<groups>XWiki.XWikiAllGroup</groups>
      +</property>
      +<property>
      +<levels>view</levels>
      +</property>
      +</object>
       <content>{{velocity output="false"}}
       #**
       This page completes the password reset procedure. It works according to the next algorithm:
      
      
      Index: XWiki/ResetPasswordMailContent.xml
      ===================================================================
      --- XWiki/ResetPasswordMailContent.xml   (original)
      +++ XWiki/ResetPasswordMailContent.xml   (modified)
      @@ -77,10 +77,8 @@
       <guid>e25eb86c-1b08-47f6-be43-bd3cabbe8fdc</guid>
       <property>
       <html>&lt;h2&gt;Hello $xwiki.getUserName($userName, false),&lt;/h2&gt;
      -#set($wikiurl = $xwiki.getDocument("Main.WebHome").getExternalURL())
      -#set($wikiname = $wikiurl.substring($wikiurl.indexOf("//")))
      -#set($wikiname = $wikiname.substring(2, $wikiname.indexOf("/", 3)))
      -&lt;p&gt;A password reset was requested for your accout ($userName) on &lt;a href="$wikiurl"&gt;$wikiname&lt;/a&gt;.
      +#set($wikiurl = $xwiki.getDocumentAsAuthor("Main.WebHome").getExternalURL())
      +&lt;p&gt;A password reset was requested for your accout ($userName) on &lt;a href="$wikiurl"&gt;$wikiName&lt;/a&gt;.
       If you did not make the request, please ignore this message.&lt;/p&gt;
       &lt;p&gt;In order to reset your password, please follow this link:&lt;br/&gt;
       &lt;a href="$passwordResetURL"&gt;$passwordResetURL&lt;/a&gt;&lt;/p&gt;
      @@ -95,7 +93,7 @@
       <property>
       <text>Hello $xwiki.getUserName($userName, false),
       
      -A password reset was requested for your account ($userName) on $xwiki.getDocument("Main.WebHome").getExternalURL() .
      +A password reset was requested for your account ($userName) on $xwiki.getDocumentAsAuthor("Main.WebHome").getExternalURL() .
       If you did not make the request, please ignore this message.
       
       In order to reset your password, please follow this link:
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sdumitriu Sergiu Dumitriu
                Reporter:
                jvdrean Jean-Vincent Drean
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: