Skip to content

Commit 4df4c17

Browse files
authored
Merge pull request #1053 from waiterZen/SERVER-1445-2
[core] improve countly user password change experience
2 parents 4012137 + ab107d6 commit 4df4c17

File tree

5 files changed

+32
-7
lines changed

5 files changed

+32
-7
lines changed

api/parts/mgmt/mail.js

+14-2
Original file line numberDiff line numberDiff line change
@@ -98,16 +98,27 @@ mail.sendLocalizedMessage = function(lang, to, subject, message, callback) {
9898
});
9999
};
100100

101+
/**
102+
* encode string to escape html code
103+
* @param {string} s inputed string
104+
* @return {string} newString new string escaped html code
105+
*/
106+
mail.escapedHTMLString = function(s) {
107+
const newString = s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
108+
return newString;
109+
};
110+
101111
/**
102112
* Email to send to new members
103113
* @param {object} member - member document
104114
* @param {string} memberPassword - OTP for member to authorize
105115
**/
106116
mail.sendToNewMember = function(member, memberPassword) {
107117
member.lang = member.lang || "en";
118+
const password = mail.escapedHTMLString(memberPassword);
108119
mail.lookup(function(err, host) {
109120
localize.getProperties(member.lang, function(err2, properties) {
110-
var message = localize.format(properties["mail.new-member"], mail.getUserFirstName(member), host, member.username, memberPassword);
121+
var message = localize.format(properties["mail.new-member"], mail.getUserFirstName(member), host, member.username, password);
111122
mail.sendMessage(member.email, properties["mail.new-member-subject"], message);
112123
});
113124
});
@@ -120,9 +131,10 @@ mail.sendToNewMember = function(member, memberPassword) {
120131
**/
121132
mail.sendToUpdatedMember = function(member, memberPassword) {
122133
member.lang = member.lang || "en";
134+
const password = mail.escapedHTMLString(memberPassword);
123135
mail.lookup(function(err, host) {
124136
localize.getProperties(member.lang, function(err2, properties) {
125-
var message = localize.format(properties["mail.password-change"], mail.getUserFirstName(member), host, member.username, memberPassword);
137+
var message = localize.format(properties["mail.password-change"], mail.getUserFirstName(member), host, member.username, password);
126138
mail.sendMessage(member.email, properties["mail.password-change-subject"], message);
127139
});
128140
});

api/parts/mgmt/users.js

-1
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,6 @@ usersApi.createUser = function(params) {
259259

260260
member[0].api_key = common.md5Hash(member[0]._id + (new Date().getTime()));
261261
common.db.collection('members').update({ '_id': member[0]._id }, { $set: { api_key: member[0].api_key } }, function() { });
262-
263262
mail.sendToNewMember(member[0], passwordNoHash);
264263
plugins.dispatch("/i/users/create", {
265264
params: params,

extend/aws_ses.example.js

+6-2
Original file line numberDiff line numberDiff line change
@@ -47,20 +47,24 @@ module.exports = function(mail) {
4747
};
4848

4949
mail.sendToNewMember = function(member, memberPassword) {
50+
const password = mail.escapedHTMLString(memberPassword);
51+
5052
mail.lookup(function(err, host) {
5153
mail.sendMessage(member.email, "Your " + company + " Account",
5254
"Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
5355
"Your " + company + " account on <a href='" + host + "'>" + host + "</a> is created with the following details;<br/><br/>\n" +
54-
"Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
56+
"Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
5557
"Enjoy,<br/>A fellow " + company + " Admin");
5658
});
5759
};
5860

5961
mail.sendToUpdatedMember = function(member, memberPassword) {
62+
const password = mail.escapedHTMLString(memberPassword);
63+
6064
mail.lookup(function(err, host) {
6165
mail.sendMessage(member.email, "" + company + " Account - Password Change", "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
6266
"Your password for your " + company + " account on <a href='" + host + "'>" + host + "</a> has been changed. Below you can find your updated account details;<br/><br/>\n" +
63-
"Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
67+
"Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
6468
"Best,<br/>A fellow " + company + " Admin");
6569
});
6670
};

extend/mail.example.js

+6-2
Original file line numberDiff line numberDiff line change
@@ -42,20 +42,24 @@ module.exports = function(mail) {
4242
};
4343

4444
mail.sendToNewMember = function(member, memberPassword) {
45+
const password = mail.escapedHTMLString(memberPassword);
46+
4547
mail.lookup(function(err, host) {
4648
mail.sendMessage(member.email, "Your " + company + " Account",
4749
"Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
4850
"Your " + company + " account on <a href='" + host + "'>" + host + "</a> is created with the following details;<br/><br/>\n" +
49-
"Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
51+
"Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
5052
"Enjoy,<br/>A fellow " + company + " Admin");
5153
});
5254
};
5355

5456
mail.sendToUpdatedMember = function(member, memberPassword) {
57+
const password = mail.escapedHTMLString(memberPassword);
58+
5559
mail.lookup(function(err, host) {
5660
mail.sendMessage(member.email, "" + company + " Account - Password Change", "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
5761
"Your password for your " + company + " account on <a href='" + host + "'>" + host + "</a> has been changed. Below you can find your updated account details;<br/><br/>\n" +
58-
"Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
62+
"Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
5963
"Best,<br/>A fellow " + company + " Admin");
6064
});
6165
};

frontend/express/public/javascripts/countly/countly.views.js

+6
Original file line numberDiff line numberDiff line change
@@ -3541,6 +3541,9 @@ window.ManageUsersView = countlyView.extend({
35413541
$("#listof-apps").hide();
35423542
$(".row").removeClass("selected");
35433543
});
3544+
$(".manage-users-table .detail .password-text").off("focus").on("focus", function() {
3545+
$(this).select();
3546+
});
35443547
},
35453548
renderCommon: function() {
35463549
var url = countlyCommon.API_PARTS.users.r + '/all';
@@ -3945,6 +3948,9 @@ window.ManageUsersView = countlyView.extend({
39453948

39463949
$(".change-password").off("click").on('click', function() {
39473950
$(this).parents(".row").next().toggle();
3951+
$(".manage-users-table .detail .password-text").off("focus").on("focus", function() {
3952+
$(this).select();
3953+
});
39483954
});
39493955

39503956
$('body').off('change', '.pp-uploader').on('change', '.pp-uploader', function() {

0 commit comments

Comments
 (0)