-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Eamils for user actions #2137
Eamils for user actions #2137
Conversation
Ready for review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor things that won't block the merge. #2158
protected $password; | ||
|
||
public function __construct($user, $password) { | ||
$this->password = $password; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this need password?
we're informing of a deleted account.
was this a copy/paste from the new account template?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not blocking merge - tracking in #2158
protected function buildMessageBody() | ||
{ | ||
$msg = array(); | ||
array_push($msg, gettext("Your CRM Account was Deleted, if you think this is an error, please contact your admin")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not blocking merge for this, but it'd be nice to list the admin contact. Opened separate issue #2157
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ya we need a html email wrapper around all these emails that has all the info.
|
||
protected function buildMessageHeader() | ||
{ | ||
return gettext("Dear") ." " . $this->user->getFullName(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done now SystemConfig::getValue('sDear')
|
||
protected function getLink() | ||
{ | ||
return SystemURLs::getURL() . "Login.php?username=" . $this->user->getUserName(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm..... I like the convenience of pre-populating their username field.
However, It's not common (in my experience), are we opening up any vulnerabilities by allowing that parameter in the Login page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all that it does is prefill the username...
|
||
protected function getSubSubject() | ||
{ | ||
return gettext("Your CRM Account"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"ChurchCRM"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
array_push($msg, gettext("A ChurchCRM account was created for you:")); | ||
array_push($msg, "<a href='" . $this->getLink() . "'>" . gettext("Login"). "</a>"); | ||
array_push($msg, gettext('Username') . ": " . $this->user->getUserName()); | ||
array_push($msg, gettext('New Password') . ": " . $this->password); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably just be "Password"
Let's reserve the use of "New Password" for instances where we are changing the password
Not blocking merge for this - tracking in #2158
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
|
||
protected function getSubSubject() | ||
{ | ||
return gettext("Your CRM New Password"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Your New ChurchCRM Password"
Not blocking merge for this - #2158
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
|
||
$this->post('/{userId:[0-9]+}/password/reset', function ($request, $response, $args) { | ||
if (!$_SESSION['user']->isAdmin()) { | ||
return $response->withStatus(401); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be an exception with a more descriptive error message since this will be displayed to the user via window.CRM.DisplayErrorMessage() as a result of $(document).ajaxError in https://github.com/ChurchCRM/CRM/blob/master/src/Include/Header-function.php#L153
See:
https://github.com/ChurchCRM/CRM/blob/master/src/api/routes/database.php#L18\
Not blocking merge for this - See #2163
} | ||
$user = UserQuery::create()->findPk($args['userId']); | ||
if (!is_null($user)) { | ||
$password = SystemConfig::getValue('sDefault_Pass'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this makes me cringe.
Not blocking merge - Let's explore in #2160
* added User APIs * added updatePassword * moved to ORM * setSearchLimit moved to ORM * Moved to ORM/APIs Moved List user to orm moved table to data-table moved delete user to model and APIs moved Reset failed login user to model and APIs moved reset passwrod user to model and APIs * added delete user null check * cleanup of Sunday School Session Settings removeing from the session to just reading the object * removed extra ; * isPasswordValid & hasReachedMaxFailedLogin * using hasReachedMaxFailedLogin * added missing SystemConfig * usr_UserName matching db * moved to new Logoff.php page * moved to Logoff.php * moved to Logoff.php * Refac - Moved logout to new page - moved password check into password - cleanned if bocks - cleanned browser check * renamed method to isLocked * added updatePasswordDefault * ORM and Select 2 * Apply fixes from StyleCI (#2050) * created hashPassword * removed unused user settings for mail * support passing username as a login.php param * fixed bug with isPasswordValid * cleanup * more function from person * User password reset email with password * fixed extra } * Apply fixes from StyleCI (#2132) * added a msg vs reload the page * fixed password reset ajax call * moved to ORM & sending emails * new system user emails all working * send an email when user is created * hashPassword is now public * sending emails for reset and unlock * Apply fixes from StyleCI (#2135) * send an email on account delete * added login link and username * extract password to a var * based on feedback from #2137 (#2168) * added emails when a user is locked... * moved lockedEmail to the correct block * Apply fixes from StyleCI (#2177) * remvoed extra user delete * removed extra title
Closes #614 #1200
Subset of #2042