Eamils for user actions #2137
Eamils for user actions #2137
Conversation
|
Ready for review |
| protected $password; | ||
|
|
||
| public function __construct($user, $password) { | ||
| $this->password = $password; |
There was a problem hiding this comment.
Why does this need password?
we're informing of a deleted account.
was this a copy/paste from the new account template?
There was a problem hiding this comment.
Not blocking merge - tracking in #2158
| protected function buildMessageBody() | ||
| { | ||
| $msg = array(); | ||
| array_push($msg, gettext("Your CRM Account was Deleted, if you think this is an error, please contact your admin")); |
There was a problem hiding this comment.
Not blocking merge for this, but it'd be nice to list the admin contact. Opened separate issue #2157
There was a problem hiding this comment.
ya we need a html email wrapper around all these emails that has all the info.
|
|
||
| protected function buildMessageHeader() | ||
| { | ||
| return gettext("Dear") ." " . $this->user->getFullName(); |
There was a problem hiding this comment.
done now SystemConfig::getValue('sDear')
|
|
||
| protected function getLink() | ||
| { | ||
| return SystemURLs::getURL() . "Login.php?username=" . $this->user->getUserName(); |
There was a problem hiding this comment.
hmm..... I like the convenience of pre-populating their username field.
However, It's not common (in my experience), are we opening up any vulnerabilities by allowing that parameter in the Login page?
There was a problem hiding this comment.
all that it does is prefill the username...
|
|
||
| protected function getSubSubject() | ||
| { | ||
| return gettext("Your CRM Account"); |
| array_push($msg, gettext("A ChurchCRM account was created for you:")); | ||
| array_push($msg, "<a href='" . $this->getLink() . "'>" . gettext("Login"). "</a>"); | ||
| array_push($msg, gettext('Username') . ": " . $this->user->getUserName()); | ||
| array_push($msg, gettext('New Password') . ": " . $this->password); |
There was a problem hiding this comment.
Should probably just be "Password"
Let's reserve the use of "New Password" for instances where we are changing the password
Not blocking merge for this - tracking in #2158
|
|
||
| protected function getSubSubject() | ||
| { | ||
| return gettext("Your CRM New Password"); |
There was a problem hiding this comment.
"Your New ChurchCRM Password"
Not blocking merge for this - #2158
|
|
||
| $this->post('/{userId:[0-9]+}/password/reset', function ($request, $response, $args) { | ||
| if (!$_SESSION['user']->isAdmin()) { | ||
| return $response->withStatus(401); |
There was a problem hiding this comment.
I think this should be an exception with a more descriptive error message since this will be displayed to the user via window.CRM.DisplayErrorMessage() as a result of $(document).ajaxError in https://github.com/ChurchCRM/CRM/blob/master/src/Include/Header-function.php#L153
See:
https://github.com/ChurchCRM/CRM/blob/master/src/api/routes/database.php#L18\
Not blocking merge for this - See #2163
| } | ||
| $user = UserQuery::create()->findPk($args['userId']); | ||
| if (!is_null($user)) { | ||
| $password = SystemConfig::getValue('sDefault_Pass'); |
There was a problem hiding this comment.
this makes me cringe.
Not blocking merge - Let's explore in #2160
* added User APIs * added updatePassword * moved to ORM * setSearchLimit moved to ORM * Moved to ORM/APIs Moved List user to orm moved table to data-table moved delete user to model and APIs moved Reset failed login user to model and APIs moved reset passwrod user to model and APIs * added delete user null check * cleanup of Sunday School Session Settings removeing from the session to just reading the object * removed extra ; * isPasswordValid & hasReachedMaxFailedLogin * using hasReachedMaxFailedLogin * added missing SystemConfig * usr_UserName matching db * moved to new Logoff.php page * moved to Logoff.php * moved to Logoff.php * Refac - Moved logout to new page - moved password check into password - cleanned if bocks - cleanned browser check * renamed method to isLocked * added updatePasswordDefault * ORM and Select 2 * Apply fixes from StyleCI (#2050) * created hashPassword * removed unused user settings for mail * support passing username as a login.php param * fixed bug with isPasswordValid * cleanup * more function from person * User password reset email with password * fixed extra } * Apply fixes from StyleCI (#2132) * added a msg vs reload the page * fixed password reset ajax call * moved to ORM & sending emails * new system user emails all working * send an email when user is created * hashPassword is now public * sending emails for reset and unlock * Apply fixes from StyleCI (#2135) * send an email on account delete * added login link and username * extract password to a var * based on feedback from #2137 (#2168) * added emails when a user is locked... * moved lockedEmail to the correct block * Apply fixes from StyleCI (#2177) * remvoed extra user delete * removed extra title
Closes #614 #1200
Subset of #2042