PasswordAssistance: Add access checks (handle them gracefully) re-int…

…roduce permanent links See: https://mantis.ilias.de/view.php?id=32290
mjansenDatabay · Oct 25, 2023 · 458fb09 · 458fb09
1 parent 94459e7
commit 458fb09
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/Services/Init/classes/class.ilPasswordAssistanceGUI.php b/Services/Init/classes/class.ilPasswordAssistanceGUI.php
@@ -25,6 +25,7 @@ class ilPasswordAssistanceGUI
 {
     private const PERMANENT_LINK_TARGET_PW = 'pwassist';
     private const PERMANENT_LINK_TARGET_NAME = 'nameassist';
+
     private const PROP_USERNAME = 'username';
     private const PROP_EMAIL = 'email';
     private const PROP_PASSWORD = 'password';
@@ -55,10 +56,10 @@ public function __construct()
         $this->ilErr = $DIC['ilErr'];
         $this->help = $DIC->help();
         $this->http = $DIC->http();
-        $this->actor = $DIC->user();
         $this->refinery = $DIC->refinery();
         $this->ui_factory = $DIC->ui()->factory();
         $this->ui_renderer = $DIC->ui()->renderer();
+        $this->actor = $DIC->user();
 
         $this->help->setScreenIdComponent('init');
     }
@@ -70,10 +71,12 @@ private function getClientId(): string
 
     public function executeCommand(): void
     {
+        // check correct setup
         if (!$this->settings->get('setup_ok')) {
             $this->ilErr->raiseError('Setup is not completed. Please run setup routine again.', $this->ilErr->FATAL);
         }
 
+        // check hack attempts
         if (!$this->settings->get('password_assistance')) {
             $this->ilErr->raiseError($this->lng->txt('permission_denied'), $this->ilErr->MESSAGE);
         }
@@ -316,10 +319,7 @@ private function submitAssistanceForm(): void
             $status = $assistance_callback();
         }
 
-        $this->showMessageForm(
-            sprintf($this->lng->txt('pwassist_mail_sent'), $email),
-            self::PERMANENT_LINK_TARGET_PW
-        );
+        $this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email), self::PERMANENT_LINK_TARGET_PW);
     }
 
     /**
@@ -762,6 +762,6 @@ private function showMessageForm(string $text, string $permanent_link_context):
 
     private function fillPermanentLink(string $context): void
     {
-        $this->tpl->setPermanentLink('usr', 0, $context);
+        $this->tpl->setPermanentLink('usr', null, $context);
     }
 }