params => [
{ desc => 'user_id_type', type => 'string' },
{ desc => 'user_id', type => 'string' },
+ { desc => 'optional (based on library setting) matching email address for authorizing request', type => 'string' },
],
return => {desc => '1 on success, Event on error'}
}
);
sub request_password_reset {
- my($self, $conn, $user_id_type, $user_id) = @_;
+ my($self, $conn, $user_id_type, $user_id, $email) = @_;
# Check to see if password reset requests are already being throttled:
# 0. Check cache to see if we're in throttle mode (avoid hitting database)
}
$user = $card->usr;
}
-
+
# If the user doesn't have an email address, we can't help them
if (!$user->email) {
$e->die_event;
return OpenILS::Event->new('PATRON_NO_EMAIL_ADDRESS');
}
+
+ my $email_must_match = $U->ou_ancestor_setting_value($user->home_ou, 'circ.password_reset_request_requires_matching_email');
+ if ($email_must_match) {
+ if ($user->email ne $email) {
+ return OpenILS::Event->new('EMAIL_VERIFICATION_FAILED');
+ }
+ }
+
_reset_password_request($conn, $e, $user);
}
install_date TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW()
);
-INSERT INTO config.upgrade_log (version) VALUES ('0289'); -- phasefx
+INSERT INTO config.upgrade_log (version) VALUES ('0290'); -- phasefx
CREATE TABLE config.bib_source (
id SERIAL PRIMARY KEY,
'bool'
);
+-- 0290.data.org-setting-password-reset-request.sql
+INSERT INTO config.org_unit_setting_type ( name, label, description, datatype ) VALUES (
+ 'circ.password_reset_request_requires_matching_email',
+ oils_i18n_gettext(
+ 'circ.password_reset_request_requires_matching_email',
+ 'Circulation: Require matching email address for password reset requests',
+ 'coust',
+ 'label'),
+ oils_i18n_gettext(
+ 'circ.password_reset_request_requires_matching_email',
+ 'Circulation: Require matching email address for password reset requests',
+ 'coust',
+ 'description'),
+ 'bool'
+);
+
-- Org_unit_setting_type(s) that need an fm_class:
INSERT into config.org_unit_setting_type
( name, label, description, datatype, fm_class ) VALUES
--- /dev/null
+BEGIN;
+
+INSERT INTO config.upgrade_log (version) VALUES ('0290'); -- phasefx
+
+INSERT INTO config.org_unit_setting_type ( name, label, description, datatype ) VALUES (
+ 'circ.password_reset_request_requires_matching_email',
+ oils_i18n_gettext(
+ 'circ.password_reset_request_requires_matching_email',
+ 'Circulation: Require matching email address for password reset requests',
+ 'coust',
+ 'label'),
+ oils_i18n_gettext(
+ 'circ.password_reset_request_requires_matching_email',
+ 'Circulation: Require matching email address for password reset requests',
+ 'coust',
+ 'description'),
+ 'bool'
+);
+
+COMMIT;
projects / Evergreen.git / commitdiff