1 # ===================================================================== 2 # sendAuthInfo: W-TW password retrieval service. 3 # 4 # Copyright (c) 2007,2009,2010,2011,2012 Carlo Strozzi 5 # 6 # This program is free software; you can redistribute it and/or modify 7 # it under the terms of the GNU General Public License as published by 8 # the Free Software Foundation; version 2 dated June, 1991. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 # 19 # ===================================================================== 20 21 # ===================================================================== 22 # Local variables and functions 23 # ===================================================================== 24 25 cgi.group = () 26 cgi.group.literal = () 27 cgi.email = () 28 29 # ===================================================================== 30 # Main program 31 # ===================================================================== 32 33 # Load call arguments. 34 csaGetArgs GET 35 36 . $CSA_ROOT/lib/group-stuff.rc 37 38 . $CSA_ROOT/lib/group-editor.rc 39 40 # Check other mandatory args. Note that I do not provide any "back" 41 # buttons on errors caused by idempotent requests (i.e. GET here), 42 # as they would possibly mislead the user by taking her to an 43 # unappropriate page. 44 45 ~ $'cgi.email' *'@'*.* || csaExit.fault 1015 46 47 # Set template vars to provisional values. 48 tpl.var.tw.page = tw-password-email 49 tpl.var.tw.page.object = $'tpl.var.tw.page' 50 tpl.var.html.title = $'tpl.var.tw.group'/$'tpl.var.tw.page' 51 52 # If no custom email template exists then use default. 53 if (!csaIsFullPath --exists --quiet $CSA_TPL_ROOT/tw-password-email.txt) { 54 tpl_file = (--file-root $tw_dstem tw-password-email.txt) 55 } else tpl_file = tw-password-email.txt 56 57 ~ $#TNS_GROUP_HOME 1 2 || csaExit.fault 0041 TNS_GROUP_HOME 58 59 # It is the sysadmin responsibility to ensure that a single 60 # value specified for TNS_GROUP_HOME is usable also as a 61 # valid URL component. 62 63 ~ $TNS_GROUP_HOME(2) () && 64 TNS_GROUP_HOME = ($TNS_GROUP_HOME $TNS_GROUP_HOME) 65 66 csaConceal tbl_tmp.u_passwd TNS_EMAIL_PASSWORD # Security. 67 68 # Read the relevant user record. The unusual shape of the following 69 # 'awktable' script is because the same e-mail address can be associated 70 # with multiple accounts and I need to process all of them in turn. 71 # To protect privacy, however, multiple accounts should not share 72 # a common e-mail address, because the "password forgotten" dialog 73 # will be sending to said address all credentials it is associated 74 # with. That is, to us one e-mail address always means *one* person, 75 # no matter how many accouns she may have registered with us. 76 # Ensuring that this is the case is up to users, and no enforcement 77 # is done by the system in that respect. This is intentional, and it 78 # may come handy in certain cases, but users must be warned about 79 # it, for instance in the self-registration dialogue. 80 81 awktable -i $CSA_ROOT/var/pages/auth+dat -- ' 82 BEGIN{ cmd_ = "csa-tbl2rc --prefix tbl_tmp." } 83 $u_email=='"$'cgi.email'"'{ 84 print "\001k_user\t\001u_passwd\t\001u_email\t\001k_node\n" \ 85 $k_user,$u_passwd,$u_email,$k_node | cmd_ 86 close(cmd_) 87 }' > $tmp1 88 89 csaStatus || csaExit.fault 0003 awktable/csa-tbl2rc 90 91 * = ``$nl{cat $tmp1} 92 93 if (!~ $1 ()) { 94 csaLoadLib csaEmaillib.rc || csaExit.fault 95 ~ $TNS_EMAIL_ORG () && TNS_EMAIL_ORG = TypeWriter 96 TNS_EMAIL_URL = \ 97 $CSA_RPC_URI/$CSA_LANG/$'cgi.group'/$TNS_GROUP_HOME(2) 98 } 99 100 #~ $REMOTE_ADDR 192.168.1.2 && csaExit.env 101 102 while (!~ $1 ()) { 103 eval $1 104 if (~ $'tbl_tmp.u_email' *'@'*.*) { 105 ~ $TNS_EMAIL_FROM () && TNS_EMAIL_FROM = $'tbl_tmp.u_email' 106 TNS_EMAIL_TO = $'tbl_tmp.u_email' 107 TNS_EMAIL_USERID = $'tbl_tmp.k_user' 108 TNS_EMAIL_PASSWD = $'tbl_tmp.u_passwd' 109 TNS_EMAIL_PIN = $'tbl_tmp.k_node' 110 csaSendMail $tpl_file 111 } 112 shift 113 } 114 115 # Static views do not correspond to actual pages on disk, 116 # so we need to toggle unapplicable sections in templates. 117 118 tpl.if.tw.ispage = '(::DEL:)' 119 tpl.fi.tw.ispage = '(:DEL::)' 120 tpl.if.tw.printable = '(::DEL:)' 121 tpl.fi.tw.printable = '(:DEL::)' 122 tpl.if.tw.isview = () 123 tpl.fi.tw.isview = () 124 125 csaExit.ok 1021 126 127 # End of program.