Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
6.2.3
-
Integration
-
Unknown
-
N/A
-
N/A
-
Description
The resetpassword feature has been broken by the salting of passwords implemented in XWIKI-5261
The verification of the string passed in the email is not working anymore.
The following velocity macro works instead:
#**
* Verify that the request parameters are valid.
* @param userName The user name (full document name) received in the URL.
* @param validationString The unencrypted key that is stored in the ResetPasswordRequestClass object.
* @param result A boolean where the validation result is returned. True if the request is valid, false otherwise.
*#
#macro(verifyRequest $userName $validationString $isValid)
#set ($isValid = false)
#if ($validationString != '' && $userName != '')
##encrypt($validationString $result)
##set ($encryptedValidationString = $result)
#set ($currentString = $!xwiki.getDocumentAsAuthor($userName).getObject($verifClass).getProperty('verification').getValue())
#set ($field = $xwiki.getClass($verifClass).getXWikiClass().get('verification'))
#set ($encryptedValidationString = $field.getEquivalentPassword($currentString, $validationString))
#if ($currentString == $encryptedValidationString)
#set ($isValid = true)
#end
#end
#end
The encrypt macro is not needed anymore
Attachments
Issue Links
- is related to
-
-
- Closed
-