kalipso/racalmas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

request-password.cgi: write access to clear tokens

Browse Source
This commit is contained in:
Milan
2024-02-02 14:18:04 +01:00
parent 0a906b3e37
commit b72362faca
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/agenda/planung/request-password.cgi
View File

@@ -56,7 +56,9 @@ if ( defined $params->{user} ) {
sub sendToken { sub sendToken {
my $config = shift; my $config = shift;
my $params = shift; my $params = shift;
$config->{access}->{write} = 1;
my $entry = password_requests::sendToken( $config, { user => $params->{user} } ); my $entry = password_requests::sendToken( $config, { user => $params->{user} } );
$config->{access}->{write} = 0;
if ( defined $entry ) { if ( defined $entry ) {
info "Please check you mails."; info "Please check you mails.";
} else { } else {
@@ -83,7 +85,9 @@ sub checkToken {
my $age = time() - time::datetime_to_time($created_at); my $age = time() - time::datetime_to_time($created_at);
if ( $age > 600 ) { if ( $age > 600 ) {
error "The token is too old."; error "The token is too old.";
$config->{access}->{write} = 1;
password_requests::delete( $config, { token => $token } ); password_requests::delete( $config, { token => $token } );
$config->{access}->{write} = 0;
return undef; return undef;
} }
@@ -94,7 +98,9 @@ sub checkToken {
if ( $entry->{max_attempts} > 10 ) { if ( $entry->{max_attempts} > 10 ) {
error "Too many failed attempts. Please request a new token by mail."; error "Too many failed attempts. Please request a new token by mail.";
$config->{access}->{write} = 1;
password_requests::delete( $config, { token => $token } ); password_requests::delete( $config, { token => $token } );
$config->{access}->{write} = 0;
return undef; return undef;
} }
@@ -117,7 +123,9 @@ sub checkToken {
if ( defined $result->{success} ) { if ( defined $result->{success} ) {
info $result->{success}; info $result->{success};
$config->{access}->{write} = 1;
password_requests::delete( $config, { user => $user } ); password_requests::delete( $config, { user => $user } );
$config->{access}->{write} = 0;
my $url = $config->{locations}->{editor_base_url}; my $url = $config->{locations}->{editor_base_url};
print qq{ print qq{
<script type="text/javascript"> <script type="text/javascript">