Koha/Patron/Password/Recovery.pm

   1 package Koha::Patron::Password::Recovery;
   2
   3 # Copyright 2014 Solutions InLibro inc.
   4 #
   5 # This file is part of Koha.
   6 #
   7 # Koha is free software; you can redistribute it and/or modify it
   8 # under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation; either version 3 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # Koha is distributed in the hope that it will be useful, but
  13 # WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
  19
  20 use Modern::Perl;
  21 use C4::Context;
  22 use Crypt::Eksblowfish::Bcrypt qw(en_base64);
  23
  24 use vars qw(@ISA @EXPORT);
  25
  26 BEGIN {
  27     # set the version for version checking
  28     require Exporter;
  29     @ISA = qw(Exporter);
  30     push @EXPORT, qw(
  31       &ValidateBorrowernumber
  32       &SendPasswordRecoveryEmail
  33       &GetValidLinkInfo
  34       &CompletePasswordRecovery
  35     );
  36 }
  37
  38 =head1 NAME
  39
  40 Koha::Patron::Password::Recovery - Koha password recovery module
  41
  42 =head1 SYNOPSIS
  43
  44 use Koha::Patron::Password::Recovery;
  45
  46 =head1 FUNCTIONS
  47
  48 =head2 ValidateBorrowernumber
  49
  50 $alread = ValidateBorrowernumber( $borrower_number );
  51
  52 Check if the system already start recovery
  53
  54 Returns true false
  55
  56 =cut
  57
  58 sub ValidateBorrowernumber {
  59     my ($borrower_number) = @_;
  60     my $schema = Koha::Database->new->schema;
  61
  62     my $rs = $schema->resultset('BorrowerPasswordRecovery')->search(
  63         {
  64             borrowernumber => $borrower_number,
  65             valid_until    => \'> NOW()'
  66         },
  67         { columns => 'borrowernumber' }
  68     );
  69
  70     if ( $rs->next ) {
  71         return 1;
  72     }
  73
  74     return 0;
  75 }
  76
  77 =head2 GetValidLinkInfo
  78
  79     Check if the link is still valid and return some info.
  80
  81 =cut
  82
  83 sub GetValidLinkInfo {
  84     my ($uniqueKey) = @_;
  85     my $dbh         = C4::Context->dbh;
  86     my $query       = '
  87     SELECT borrower_password_recovery.borrowernumber, userid
  88     FROM borrower_password_recovery, borrowers
  89     WHERE borrowers.borrowernumber = borrower_password_recovery.borrowernumber
  90     AND NOW() < valid_until
  91     AND uuid = ?
  92     ';
  93     my $sth = $dbh->prepare($query);
  94     $sth->execute($uniqueKey);
  95     return $sth->fetchrow;
  96 }
  97
  98 =head2 SendPasswordRecoveryEmail
  99
 100  It creates an email using the templates and sends it to the user, using the specified email
 101
 102 =cut
 103
 104 sub SendPasswordRecoveryEmail {
 105     my $borrower  = shift;    # Koha::Patron
 106     my $userEmail = shift;    #to_address (the one specified in the request)
 107     my $update    = shift;
 108
 109     my $schema = Koha::Database->new->schema;
 110
 111     # generate UUID
 112     my $uuid_str;
 113     do {
 114         $uuid_str = '$2a$08$'.en_base64(Koha::AuthUtils::generate_salt('weak', 16));
 115     } while ( substr ( $uuid_str, -1, 1 ) eq '.' );
 116
 117     # insert into database
 118     my $expirydate =
 119       DateTime->now( time_zone => C4::Context->tz() )->add( days => 2 );
 120     if ($update) {
 121         my $rs =
 122           $schema->resultset('BorrowerPasswordRecovery')
 123           ->search( { borrowernumber => $borrower->borrowernumber, } );
 124         $rs->update(
 125             { uuid => $uuid_str, valid_until => $expirydate->datetime() } );
 126     }
 127     else {
 128         my $rs = $schema->resultset('BorrowerPasswordRecovery')->create(
 129             {
 130                 borrowernumber => $borrower->borrowernumber,
 131                 uuid           => $uuid_str,
 132                 valid_until    => $expirydate->datetime()
 133             }
 134         );
 135     }
 136
 137     # create link
 138     my $opacbase = C4::Context->preference('OPACBaseURL') || '';
 139     my $uuidLink = $opacbase
 140       . "/cgi-bin/koha/opac-password-recovery.pl?uniqueKey=$uuid_str";
 141
 142     # prepare the email
 143     my $letter = C4::Letters::GetPreparedLetter(
 144         module      => 'members',
 145         letter_code => 'PASSWORD_RESET',
 146         branchcode  => $borrower->branchcode,
 147         substitute =>
 148           { passwordreseturl => $uuidLink, user => $borrower->userid },
 149     );
 150
 151     # define to/from emails
 152     my $kohaEmail = C4::Context->preference('KohaAdminEmailAddress');    # from
 153
 154     C4::Letters::EnqueueLetter(
 155         {
 156             letter                 => $letter,
 157             borrowernumber         => $borrower->borrowernumber,
 158             to_address             => $userEmail,
 159             from_address           => $kohaEmail,
 160             message_transport_type => 'email',
 161         }
 162     );
 163
 164     return 1;
 165 }
 166
 167 =head2 CompletePasswordRecovery
 168
 169     $bool = CompletePasswordRecovery($uuid);
 170
 171     Deletes a password recovery entry.
 172
 173 =cut
 174
 175 sub CompletePasswordRecovery {
 176     my $uniqueKey = shift;
 177     my $model =
 178       Koha::Database->new->schema->resultset('BorrowerPasswordRecovery');
 179     my $entry = $model->search(
 180         { -or => [ uuid => $uniqueKey, valid_until => \'< NOW()' ] } );
 181     return $entry->delete();
 182 }
 183
 184 END { }    # module clean-up code here (global destructor)
 185
 186 1;