Implement alternative for mail verification (manual token)

Sixto Martin · Sixto Martin · commit 8eac55304f99 · 2014-01-09T17:58:57.000+01:00
diff --git a/dictionaries/userregistration.definition.json b/dictionaries/userregistration.definition.json
@@ -148,7 +148,13 @@
 		"en": "To reset your password at %SNAME%, use the following URL:"
 	},
 	"mail_tokeninfo": {
-		"en": "This URL contains a secret token that validates your e-mail address. This token is valid for only %DAYS% days. If this token expires, you have to request a new token by starting the process over again."
+		"en": "That secret token validates your e-mail address. This token is valid for only %DAYS% days. If this token expires, you have to request a new token by starting the process over again."
+	},
+	"mail_manualtoken_url": {
+		"en": "If you experience problems with the previous link, try to manually copy the following link in a browser"
+	},
+	"mail_manualtoken_token": {
+		"en": "And add the following token to the field that will appear when accessing this view"
 	},
 	"mail1_signature": {
 		"en": "Kind regards\n%SNAME%"
@@ -159,6 +165,12 @@
 	"s1_sent_head": {
 		"en": "Verification email sent"
 	},
+	"s1_readtoken_head": {
+		"en": "Set the token"
+	},
+	"s1_readtoken_info": {
+		"en": "Copy the token that appears on the mail"
+	},
 	"s1_para1": {
 		"en": "The first step is to register and verify your e-mail address. Make sure that you fill in an e-mail address where you can receive e-mail. Notice that some servers could mark this email as SPAM."
 	},
diff --git a/dictionaries/userregistration.translation.json b/dictionaries/userregistration.translation.json
@@ -162,9 +162,15 @@
 	},
 	"mail_tokeninfo": {
 		"no": "Denne URL-en inneholder en billett som validerer epostadressen din. Denne billetten er gyldig i %DAYS% dager. Dersom den utl\u00f8per blir du n\u00f8dt til \u00e5 be om en ny billett og starte registreringen om igjen.",
-		"es": "Esta URL contiene un token secreto que valida tu direcci\u00f3n de correo. Este token es v\u00e1lido s\u00f3lo durante %DAYS% d\u00edas. Si el token expira deber\u00e1s repetir la solicitud.",
+		"es": "El token secreto valida tu direcci\u00f3n de correo. Este token es v\u00e1lido s\u00f3lo durante %DAYS% d\u00edas. Si el token expira deber\u00e1s repetir la solicitud.",
 		"de": "Dieser URL enth\u00e4lt einen Code, um Ihre E-Mail-Adresse zu best\u00e4tigen. Dieser Code gilt f\u00fcnf Tage lang. Danach m\u00fcssten Sie die Registrierung von Neuem beginnen (und erhalten dann auch einen neuen Code)."
 	},
+	"mail_manualtoken_url": {
+		"es": "Si experimenta problemas con el enlace anterior, intente copiar manualmente el siguiente enlace en un navegador"
+	},
+	"mail_manualtoken_token": {
+		"es": "Y añada el siguiente token al formulario que le aparecerá al acceder a dicha dirección"
+	},
 	"mail1_signature": {
 		"no": "Vennlig hilsen %SNAME%",
 		"es": "Muchas gracias %SNAME%",
@@ -178,6 +184,12 @@
 	"s1_sent_head": {
 		"es": "Correo de confirmación enviado"
 	},
+	"s1_readtoken_head": {
+		"es": "Inserta el token"
+	},
+	"s1_readtoken_info": {
+		"es": "Copia el token que te fue enviado al correo"
+	},
 	"s3_head": {
 		"no": "Data for ny bruker",
 		"es": "Escoja una contraseña para su cuenta",
diff --git a/lib/Registration.php b/lib/Registration.php
@@ -113,8 +113,10 @@ public function step1($error = null)
 
 		// Are we coming from an error?
 		if ($error !== null) {
-			$values = $this->validator->getRawInput();
-			$formGen->setValues($values);
+			if (isset($this->validator)) {
+				$values = $this->validator->getRawInput();
+				$formGen->setValues($values);
+			}
 
 			if(method_exists($error, 'getMesgId')) {
 
@@ -212,19 +214,29 @@ public function step2($refresh_token = FALSE)
 			}
 
 			$url = SimpleSAML_Utilities::selfURL();
-
+			$token_string = $token_struct->getKey();
+			
 			$registerurl = SimpleSAML_Utilities::addURLparameter(
 				$url,
 				array(
-					'token' => $token_struct->getKey()
+					'token' => $token_string
+				)
+			);
+
+			$registerManualTokenUrl = SimpleSAML_Utilities::addURLparameter(
+				$url,
+				array(
+					'manualtoken' => '1'
 				)
 			);
 
 			$tokenExpiration = $this->mailoptions['token.lifetime'];
 			$mail_data = array(
 				'email' => $email,
 				'tokenLifetime' => $tokenExpiration,
+				'tokenValue' => $token_string,
 				'registerurl' => $registerurl,
+				'registerManualTokenUrl' => $registerManualTokenUrl,
 				'systemName' => $this->systemName,
 			);
 
@@ -259,6 +271,27 @@ public function step2($refresh_token = FALSE)
 	}
 
 
+	// Stage 2c: User copies a URL and manually set the token.
+	public function step2c()
+	{
+		try {
+			$this->steps->setCurrent(2);
+
+			$html = new SimpleSAML_XHTML_Template(
+				$this->config,
+				'userregistration:step2c_readtoken.tpl.php',
+				'userregistration:userregistration');
+			$html->data['stepsHtml'] = $this->steps->generate();
+			$html->data['url'] = SimpleSAML_Utilities::selfURLNoQuery();
+			$html->data['customNavigation'] = $this->customNavigation;
+
+			$html->show();
+		} catch (Exception $e) {
+			return $e;
+		}
+	}
+
+
 	// Stage 3: User clicked on verification URL in email
 	public function step3($error = null)
 	{
@@ -338,7 +371,7 @@ public function step3($error = null)
 		}
 	}
 
-
+	
 	public function step4()
 	{
 		try {
diff --git a/templates/lostPasswordMail_token.tpl.php b/templates/lostPasswordMail_token.tpl.php
@@ -2,7 +2,12 @@
 <h1><?php echo $this->t('mailLost_header', $this->data['systemName']);?></h1>
 
 <p><?php echo $this->t('mailLost_urlintro', $this->data['systemName']);?></p>
-<p><tt><a href="<?php echo $this->data['registerurl']; ?>"><?php echo $this->data['registerurl']; ?></a></tt></p>
+<p><tt><a href="<?php echo $this->data['pwResetUrl']; ?>"><?php echo $this->data['pwResetUrl']; ?></a></tt></p>
+
+<p><?php echo $this->t('mail_manualtoken_url');?>:</p>
+<p><?php echo $this->data['pwManualResetUrl'];?></p>
+<p><?php echo $this->t('mail_manualtoken_token');?>:</p>
+<p><?php echo $this->data['tokenValue'];?></p>
 
 <p><?php echo $this->t('mail_tokeninfo', array('%DAYS%' => $this->data['tokenLifetime']/(3600*24)));?></p>
 
diff --git a/templates/mail1_ch_token.tpl.php b/templates/mail1_ch_token.tpl.php
@@ -6,6 +6,11 @@
 <p><?php echo $this->t('mailChange_urlintro', $this->data['systemName']);?></p>
 <p><tt><a href="<?php echo $this->data['changemailurl']; ?>"><?php echo $this->data['changemailurl']; ?></a></tt></p>
 
+<p><?php echo $this->t('mail_manualtoken_url');?>:</p>
+<p><?php echo $this->data['mailChangeManualUrl'];?></p>
+<p><?php echo $this->t('mail_manualtoken_token');?>:</p>
+<p><?php echo $this->data['tokenValue'];?></p>
+
 <p><?php echo $this->t('mail_tokeninfo', array('%DAYS%' => $this->data['tokenLifetime']/(3600*24)));?></p>
 
-<p><?php echo $this->t('mail1_signature', $this->data['systemName']);?></p>
+<p><?php echo $this->t('mail1_signature', $this->data['systemName']);?></p>
diff --git a/templates/mail1_token.tpl.php b/templates/mail1_token.tpl.php
@@ -6,6 +6,11 @@
 <p><?php echo $this->t('mailNew_urlintro', $this->data['systemName']);?></p>
 <p><tt><a href="<?php echo $this->data['registerurl']; ?>"><?php echo $this->data['registerurl']; ?></a></tt></p>
 
+<p><?php echo $this->t('mail_manualtoken_url');?>:</p>
+<p><?php echo $this->data['registerManualTokenUrl'];?></p>
+<p><?php echo $this->t('mail_manualtoken_token');?>:</p>
+<p><?php echo $this->data['tokenValue'];?></p>
+
 <p><?php echo $this->t('mail_tokeninfo', array('%DAYS%' => $this->data['tokenLifetime']/(3600*24)));?></p>
 
 <p><?php echo $this->t('mail1_signature', $this->data['systemName']);?></p>
diff --git a/templates/step2c_readtoken.tpl.php b/templates/step2c_readtoken.tpl.php
@@ -0,0 +1,42 @@
+<?php 
+
+$this->data['header'] = $this->t('{userregistration:userregistration:link_newuser}');
+$this->data['head'] = '<link rel="stylesheet" href="resources/userregistration.css" type="text/css">';
+
+$this->includeAtTemplateBase('includes/header.php'); ?>
+
+<?php
+if (isset($this->data['stepsHtml'])) {
+	echo $this->data['stepsHtml'];
+}
+?>
+
+<div style="margin: 1em">
+	  <h1><?php echo $this->t('s1_readtoken_head'); ?></h1>
+	  <p><?php echo $this->t('s1_readtoken_info'); ?></p>
+</div>
+
+
+<div style="margin: 1em">
+	<form method="POST" action="<?php echo $this->data['url'];?>">
+
+		<label>Token</label>: <input class="inputelement" type="text" value="" name="token" id="token" size="50">
+		<input type="submit" value="<?php echo $this->t('save');?>" name="savetoken">
+	</form>
+</div>
+
+<?php
+	if (!$this->data['customNavigation']) {
+?>
+
+<p>
+<ul>
+	<li><a href="index.php"><?php echo $this->t('return'); ?></a></li>
+</ul>
+</p>
+
+<?php
+}
+?>
+
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
diff --git a/www/changeMail.php b/www/changeMail.php
@@ -147,7 +147,7 @@
 		$terr->data['customNavigation'] = $customNavigation;
 		$terr->show();
 	}
-} elseif(array_key_exists('refreshtoken', $_POST)){
+} else if(array_key_exists('refreshtoken', $_POST)){
 	// Resend token
 
     try {
@@ -202,7 +202,6 @@
 	    $html->data['systemName'] = $systemName;
 	    $html->data['customNavigation'] = $customNavigation;
 	    $html->show();
-        exit();
 
 	} catch(sspmod_userregistration_Error_UserException $e) {
 		// Some user error detected
@@ -240,7 +239,21 @@
 		$terr->data['customNavigation'] = $customNavigation;
 		$terr->show();
 	}
+} else if(array_key_exists('manualtoken', $_REQUEST)) {
+	// Stage 2c: User copies a URL and manually set the token.
+	try {
 
+		$html = new SimpleSAML_XHTML_Template(
+			$config,
+			'userregistration:step2c_readtoken.tpl.php',
+			'userregistration:userregistration');
+		$html->data['url'] = SimpleSAML_Utilities::selfURLNoQuery();
+		$html->data['customNavigation'] = $customNavigation;
+
+		$html->show();
+	} catch (Exception $e) {
+		return $e;
+	}
 } else if (array_key_exists('sender', $_REQUEST) && array_key_exists('newmail', $_REQUEST) && !empty($_REQUEST['newmail'])) {
 
     try {
@@ -279,11 +292,20 @@
 			)
 		);
 
+		$changemailmanualurl = SimpleSAML_Utilities::addURLparameter(
+			$url,
+			array(
+				'manualtoken' => '1'
+			)
+		);
+
 		$mail_data = array(
 			'newmail' => $newmail,
 			'tokenLifetime' => $mailoptions['token.lifetime'],
 			'changemailurl' => $changemailurl,
 			'systemName' => $systemName,
+			'mailChangeManualUrl' => $changemailmanualurl,
+			'tokenValue' => $token_string,
 		);
 
 		sspmod_userregistration_Util::sendEmail(
@@ -340,7 +362,7 @@
 		$terr->show();
 	}
 
-} elseif (array_key_exists('logout', $_GET)) {
+} else if (array_key_exists('logout', $_GET)) {
 	if ($customNavigation) {
 		$as->logout($as->getLoginURL());
 	}
diff --git a/www/lostPassword.php b/www/lostPassword.php
@@ -53,16 +53,27 @@
 
 		$url = SimpleSAML_Utilities::selfURL();
 
-		$registerurl = SimpleSAML_Utilities::addURLparameter(
+		$pw_reset_url = SimpleSAML_Utilities::addURLparameter(
 			$url,
 			array(
-				'token' => $token_string));
+				'token' => $token_string)
+		);
+
+		$pw_manual_reset_url = SimpleSAML_Utilities::addURLparameter(
+			$url,
+			array(
+				'manualtoken' => '1'
+			)
+		);
+
 
 		$systemName = array('%SNAME%' => $uregconf->getString('system.name') );
 		$mail_data = array(
-			'registerurl' => $registerurl,
+			'pwResetUrl' => $pw_reset_url,
 			'systemName' => $systemName,
 			'tokenLifetime' => $mailoptions['token.lifetime'],
+			'pwManualResetUrl' => $pw_manual_reset_url,
+			'tokenValue' => $token_string,
 		);
 
 		$emailto = $email;
@@ -96,12 +107,27 @@
 		$terr->data['customNavigation'] = $customNavigation;
 		$terr->show();
 	}
+} elseif(array_key_exists('manualtoken', $_REQUEST)) {
+	// Stage 2c: User copies a URL and manually set the token.
+	try {
+
+		$html = new SimpleSAML_XHTML_Template(
+			$config,
+			'userregistration:step2c_readtoken.tpl.php',
+			'userregistration:userregistration');
+		$html->data['url'] = SimpleSAML_Utilities::selfURLNoQuery();
+		$html->data['customNavigation'] = $customNavigation;
+
+		$html->show();
+	} catch (Exception $e) {
+		return $e;
+	}
 
-} elseif(array_key_exists('token', $_GET)) {
+} elseif(array_key_exists('token', $_REQUEST) && ! array_key_exists('emailconfirmed', $_REQUEST)) {
 	// Stage 3: User access page from url in e-mail
 	try{
 
-		$token_string = $_GET['token'];
+		$token_string = $_REQUEST['token'];
 		$token_struct = $extraStorage->retrieve($token_string, 'sspmod_userregistration_ExtraData_PasswordChangeToken');
 
 		if ($token_struct === false) {
diff --git a/www/newUser.php b/www/newUser.php
@@ -45,6 +45,14 @@
 		$registration->step3($result_step_3);
 	}
 
+} elseif(array_key_exists('manualtoken', $_REQUEST) && !array_key_exists('refreshtoken', $_REQUEST)){
+	// Stage 2 (c): User access page from alternative url in e-mail
+	$result_step_2c = $registration->step2c();
+
+	if (is_a($result_step_2c, 'Exception')) {
+		$registration->step1($result_step_2c);
+	}
+
 } elseif(array_key_exists('refreshtoken', $_POST)){
 	// Stage 2 (b): Resend email token
 	$registration->step2(TRUE);
