Wiki source code of Registration
Last modified by superadmin on 2019/11/08 17:48
Show last authors
author | version | line-number | content |
---|---|---|---|
1 | {{template name="register_macros.vm"/}} | ||
2 | |||
3 | {{velocity}} | ||
4 | ## The registration is enabled: | ||
5 | ## - on the main wiki | ||
6 | ## - on a subwiki if there is no service "$services.wiki.user" | ||
7 | ## - on a subwiki where the user scope allows local users | ||
8 | #if($xcontext.isMainWiki() || "$!services.wiki.user" == '' || $services.wiki.user.getUserScope() != "GLOBAL_ONLY") | ||
9 | ## These are defined in other places around XWiki, changing them here will result in undefined behavior. | ||
10 | #set($redirectParam = 'xredirect') | ||
11 | #set($userSpace = 'XWiki.') | ||
12 | #set($loginPage = 'XWiki.XWikiLogin') | ||
13 | #set($loginAction = 'loginsubmit') | ||
14 | ## | ||
15 | #set($documentName = 'XWiki.Registration') | ||
16 | ## | ||
17 | ## Security measure: | ||
18 | ## If this document is changed such that it must have programming permission in order to run, change this to false. | ||
19 | #set($sandbox = true) | ||
20 | ## | ||
21 | ## Load the configuration from a seperate document. | ||
22 | #loadConfig('XWiki.RegistrationConfig') | ||
23 | ## | ||
24 | #* | ||
25 | * You may include this document in other documents using {{include reference="XWiki.Registration"/}} | ||
26 | * To specify that the user is invited and should be allowed to register even if Guest does not have permission to | ||
27 | * register, set $invited to true. NOTE: The including script must have programming permission to do this. | ||
28 | * | ||
29 | * To specify some code which should run after registration is successfully completed, set | ||
30 | * $doAfterRegistration to a define block of velocity code like so: | ||
31 | * #define($doAfterRegistration) | ||
32 | * some code | ||
33 | * #end | ||
34 | * Output from running this code will not be printed. | ||
35 | * | ||
36 | * The fields which will be seen on the registration page are defined here. | ||
37 | * $fields is an array and each field is a Map. The names shown below are Map keys. | ||
38 | * | ||
39 | * Each field must have: | ||
40 | * name - this is the name of the field, it will be the value for "name" and "id" | ||
41 | * | ||
42 | * Each field may have: | ||
43 | * label - this String will be written above the field. | ||
44 | * | ||
45 | * tag - the HTML tag which will be created, default is <input>, may also be a non form tag such as <img> | ||
46 | * | ||
47 | * params - a Map, each key value pair will be in the html tag. eg: {"size" : "30"} becomes <input size=30... | ||
48 | * | ||
49 | * validate a Map describing how to validate the field, validation is done in javascript then redone in velocity | ||
50 | * | for security and because not everyone has javascript. | ||
51 | * | | ||
52 | * +-mandatory (Optional) - Will fail if the field is not filled in. | ||
53 | * | +-failureMessage (Required) - The message to display if the field is not filled in. | ||
54 | * | +-noscript (Optional) - will not be checked by javascript | ||
55 | * | | ||
56 | * +-regex (Optional) - Will validate the field using a regular expression. | ||
57 | * | | because of character escaping, you must provide a different expression for the | ||
58 | * | | javascript validation and the server side validation. Both javascript and server side | ||
59 | * | | validation are optional, but if you provide neither, then your field will not be validated. | ||
60 | * | | | ||
61 | * | +-failureMessage (Optional) - The message to display if the regex evaluation returns false. | ||
62 | * | +-jsFailureMessage (Optional) - The message for Javascript to display if regex fails. | ||
63 | * | | If jsFailureMessage is not defined Javascript uses failureMessage. | ||
64 | * | | NOTE: Javascript injects the failure message using createTextNode so < will | ||
65 | * | | be displayed as < | ||
66 | * | | | ||
67 | * | +-pattern (Optional) - The regular expression to test the input at the server side, it's important to use | ||
68 | * | | this if you need to validate the field for security reasons, also it is good because not | ||
69 | * | | all browsers use javascript or have it enabled. | ||
70 | * | | | ||
71 | * | +-jsPattern (Optional) - The regular expression to use for client side, you can use escaped characters to avoid | ||
72 | * | | them being parsed as HTML or javascript. To get javascript to unescape characters use: | ||
73 | * | | {"jsPattern" : "'+unescape('%5E%5B%24')+'"} | ||
74 | * | | NOTE: If no jsPattern is specified, the jsValidator will try to validate | ||
75 | * | | using the server pattern. | ||
76 | * | | | ||
77 | * | +-noscript (Optional) - will not be checked by javascript | ||
78 | * | | ||
79 | * +-mustMatch (Optional) - Will fail if the entry into the field is not the same as the entry in another field. | ||
80 | * | | Good for password confirmation. | ||
81 | * | | | ||
82 | * | +-failureMessage (Required) - The message to display if the field doesn't match the named field. | ||
83 | * | +-name (Required) - The name of the field which this field must match. | ||
84 | * | +-noscript (Optional) - will not be checked by javascript | ||
85 | * | | ||
86 | * +-programmaticValidation (Optional) - This form of validation executes a piece of code which you give it and | ||
87 | * | | if the code returns the word "failed" then it gives the error message. | ||
88 | * | | Remember to put the code in singel quotes ('') because you want the value | ||
89 | * | | of 'code' to equal the literal code, not the output from running it. | ||
90 | * | | | ||
91 | * | +-code (Required) - The code which will be executed to test whether the field is filled in correctly. | ||
92 | * | +-failureMessage (Required) - The message which will be displayed if evaluating the code returns "false" | ||
93 | * | | ||
94 | * +-fieldOkayMessage (Optional) - The message which is displayed by LiveValidation when a field is validated as okay. | ||
95 | * If not specified, will be $defaultFieldOkayMessage | ||
96 | * | ||
97 | * noReturn - If this is specified, the field will not be filled in if there is an error and the user has to fix their | ||
98 | * registration information. If you don't want a password to be passed back in html then set this true | ||
99 | * for the password fields. Used for the captcha because it makes no sense to pass back a captcha answer. | ||
100 | * | ||
101 | * doAfterRegistration - Some Velocity code which will be executed after a successfull registration. | ||
102 | * This is used in the favorite color example. | ||
103 | * Remember to put the code in singel quotes ('') because you want the 'code' entry to equal the literal | ||
104 | * code, not the output from running it. | ||
105 | * | ||
106 | * Each field may not have: (reserved names) | ||
107 | * error - This is used to pass back any error message from the server side code. | ||
108 | * | ||
109 | * NOTE: This template uses a registration method which requires: | ||
110 | * * register_first_name | ||
111 | * * register_last_name | ||
112 | * * xwikiname | ||
113 | * * register_password | ||
114 | * * register2_password | ||
115 | * * register_email | ||
116 | * * template | ||
117 | * Removing or renaming any of these fields will result in undefined behavior. | ||
118 | * | ||
119 | *### | ||
120 | #set($fields = []) | ||
121 | ## | ||
122 | ## The first name field, no checking. | ||
123 | #set($field = | ||
124 | {'name' : 'register_first_name', | ||
125 | 'label' : $services.localization.render('core.register.firstName'), | ||
126 | 'params' : { | ||
127 | 'type' : 'text', | ||
128 | 'size' : '60' | ||
129 | } | ||
130 | }) | ||
131 | #set($discard = $fields.add($field)) | ||
132 | ## | ||
133 | ## The last name field, no checking. | ||
134 | #set($field = | ||
135 | {'name' : 'register_last_name', | ||
136 | 'label' : $services.localization.render('core.register.lastName'), | ||
137 | 'params' : { | ||
138 | 'type' : 'text', | ||
139 | 'size' : '60' | ||
140 | } | ||
141 | }) | ||
142 | #set($discard = $fields.add($field)) | ||
143 | ## | ||
144 | ## The user name field, mandatory and programmatically checked to make sure the username doesn't exist. | ||
145 | #set($field = | ||
146 | {'name' : 'xwikiname', | ||
147 | 'label' : $services.localization.render('core.register.username'), | ||
148 | 'params' : { | ||
149 | 'type' : 'text', | ||
150 | 'onfocus' : 'prepareName(document.forms.register);', | ||
151 | 'size' : '60' | ||
152 | }, | ||
153 | 'validate' : { | ||
154 | 'mandatory' : { | ||
155 | 'failureMessage' : $services.localization.render('core.validation.required.message') | ||
156 | }, | ||
157 | 'programmaticValidation' : { | ||
158 | 'code' : '#nameAvailable($request.get("xwikiname"))', | ||
159 | 'failureMessage' : $services.localization.render('core.register.userAlreadyExists') | ||
160 | } | ||
161 | } | ||
162 | }) | ||
163 | #set($discard = $fields.add($field)) | ||
164 | ## Make sure the chosen user name is not already taken | ||
165 | ## This macro is called by programmaticValidation for xwikiname (above) | ||
166 | #macro (nameAvailable, $name) | ||
167 | #if ($xwiki.exists("$userSpace$name")) | ||
168 | failed | ||
169 | #end | ||
170 | #end | ||
171 | ## | ||
172 | ##The password field, mandatory and must be at least 6 characters long. | ||
173 | ##The confirm password field, mandatory, must match password field, and must also be 6+ characters long. | ||
174 | #definePasswordFields($fields, 'register_password', 'register2_password', $passwordOptions) | ||
175 | ## | ||
176 | ## The email address field, regex checked with an email pattern. Mandatory if registration uses email verification | ||
177 | #set($field = | ||
178 | {'name' : 'register_email', | ||
179 | 'label' : $services.localization.render('core.register.email'), | ||
180 | 'params' : { | ||
181 | 'type' : 'text', | ||
182 | 'size' : '60' | ||
183 | }, | ||
184 | 'validate' : { | ||
185 | 'regex' : { | ||
186 | 'pattern' : '/^([^@\s]+)@((?:[-a-zA-Z0-9]+\.)+[a-zA-Z]{2,})$/', | ||
187 | 'failureMessage' : $services.localization.render('xe.admin.registration.invalidEmail') | ||
188 | } | ||
189 | } | ||
190 | }) | ||
191 | #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1) | ||
192 | #set($field.validate.mandatory = {'failureMessage' : $services.localization.render('core.validation.required.message')}) | ||
193 | #end | ||
194 | #set($discard = $fields.add($field)) | ||
195 | ## | ||
196 | #********* | ||
197 | ## Uncomment this code to see an example of how you can easily add a field to the registration page | ||
198 | ## NOTE: In order to save the favorite color in the "doAfterRegistration" hook, this page must be | ||
199 | ## saved by an administrator and can not self sandboxing. | ||
200 | #set($sandbox = false) | ||
201 | #set($field = | ||
202 | {'name' : 'favorite_color', | ||
203 | 'label' : 'What is your favorite color', | ||
204 | 'params' : { | ||
205 | 'type' : 'text', | ||
206 | 'size' : '60' | ||
207 | }, | ||
208 | 'validate' : { | ||
209 | 'mandatory' : { | ||
210 | 'failureMessage' : $services.localization.render('core.validation.required.message') | ||
211 | }, | ||
212 | 'regex' : { | ||
213 | 'pattern' : '/^green$/', | ||
214 | 'failureMessage' : 'You are not cool enough to register here.' | ||
215 | }, | ||
216 | 'fieldOkayMessage' : 'You are awesome.' | ||
217 | }, | ||
218 | 'doAfterRegistration' : '#saveFavoriteColor()' | ||
219 | }) | ||
220 | #set($discard = $fields.add($field)) | ||
221 | ## Save the user's favorite color on their user page. | ||
222 | #macro(saveFavoriteColor) | ||
223 | #set($xwikiname = $request.get('xwikiname')) | ||
224 | #set($userDoc = $xwiki.getDocument("$userSpace$xwikiname")) | ||
225 | $userDoc.setContent("$userDoc.getContent() ${xwikiname}'s favorite color is $request.get('favorite_color')!") | ||
226 | ## The user (who is not yet logged in) can't save documents so saveWithProgrammingRights | ||
227 | ## will save the document as long as the user who last saved this registration page has programming rights. | ||
228 | $userDoc.saveWithProgrammingRights("Saved favorite color from registration form.") | ||
229 | #end | ||
230 | *********### | ||
231 | ## | ||
232 | ## To disable the CAPTCHA on this page, comment out the next entry. | ||
233 | ## The CAPTCHA, not really an input field but still defined the same way. | ||
234 | #if($services.captcha | ||
235 | && !$invited | ||
236 | && $xcontext.getUser() == "XWiki.XWikiGuest" | ||
237 | && $requireCaptcha) | ||
238 | ## The CAPTCHA field, programmatically checked to make sure the CAPTCHA is right. | ||
239 | ## Not checked by javascript because javascript can't check the CAPTCHA and the Ok message because it passes the | ||
240 | ## mandatory test is misleading. | ||
241 | ## Also, not filled back in if there is an error ('noReturn'). | ||
242 | #set($field = | ||
243 | {'name' : 'captcha_placeholder', | ||
244 | 'label' : $services.localization.render('core.captcha.instruction'), | ||
245 | 'skipLabelFor' : true, | ||
246 | 'type' : 'html', | ||
247 | 'html' : "$!{services.captcha.default.display()}", | ||
248 | 'validate' : { | ||
249 | 'programmaticValidation' : { | ||
250 | 'code' : '#if (!$services.captcha.default.isValid())failed#end', | ||
251 | 'failureMessage' : $services.localization.render('core.captcha.captchaAnswerIsWrong') | ||
252 | } | ||
253 | }, | ||
254 | 'noReturn' : true | ||
255 | }) | ||
256 | #set($discard = $fields.add($field)) | ||
257 | #end | ||
258 | ## | ||
259 | ## Pass the name of the template to $xwiki.createUser so any contained information will be passed in. | ||
260 | #set($field = | ||
261 | {'name' : 'template', | ||
262 | 'params' : { | ||
263 | 'type' : 'hidden', | ||
264 | 'value' : 'XWiki.XWikiUserTemplate' | ||
265 | } | ||
266 | }) | ||
267 | #set($discard = $fields.add($field)) | ||
268 | ## | ||
269 | ## Pass the redirect parameter on so that the login page may redirect to the right place. | ||
270 | ## Not necessary in Firefox 3.0.10 or Opera 9.64, I don't know about IE or Safari. | ||
271 | #set($field = | ||
272 | {'name' : $redirectParam, | ||
273 | 'params' : { | ||
274 | 'type' : 'hidden' | ||
275 | } | ||
276 | }) | ||
277 | #set($discard = $fields.add($field)) | ||
278 | ## | ||
279 | ####################################################################### | ||
280 | ## The Code. | ||
281 | ####################################################################### | ||
282 | ## | ||
283 | ## This application's HTML is dynamically generated and editing in WYSIWYG would not work | ||
284 | #if($xcontext.getAction() == 'edit') | ||
285 | $response.sendRedirect("$xwiki.getURL($doc.getFullName(), 'edit')?editor=wiki") | ||
286 | #end | ||
287 | ## | ||
288 | ## If this document has PR and is not included from another document then it's author should be set to Guest | ||
289 | ## for the duration of it's execution in order to improve security. | ||
290 | ## Note we compare document ids because | ||
291 | #if($sandbox | ||
292 | && $xcontext.hasProgrammingRights() | ||
293 | && $xcontext.getDoc().getDocumentReference().equals($xwiki.getDocument($documentName).getDocumentReference())) | ||
294 | ## | ||
295 | $xcontext.dropPermissions()## | ||
296 | #end | ||
297 | ## | ||
298 | ## Access level to register must be explicitly checked because it is only checked in XWiki.prepareDocuments | ||
299 | ## and this page is accessible through view action. | ||
300 | #if(!$xcontext.hasAccessLevel('register', 'XWiki.XWikiPreferences')) | ||
301 | ## Make an exception if another document with programming permission (Invitation app) has included this | ||
302 | ## document and set $invited to true. | ||
303 | #if(!$invited || !$xcontext.hasProgrammingRights()) | ||
304 | $response.sendRedirect("$xwiki.getURL($doc.getFullName(), 'login')") | ||
305 | #end | ||
306 | #end | ||
307 | ## | ||
308 | ## Display the heading | ||
309 | $heading | ||
310 | ## If the submit button has been pressed, then we test the input and maybe create the user. | ||
311 | #if($request.getParameter('xwikiname')) | ||
312 | ## Do server side validation of input fields. | ||
313 | ## This must not be in a #set directive as it will output messages if something goes wrong. | ||
314 | #validateFields($fields, $request) | ||
315 | ## If server side validation was successfull, create the user | ||
316 | #if($allFieldsValid) | ||
317 | #createUser($fields, $request, $response, $doAfterRegistration) | ||
318 | #end | ||
319 | #end | ||
320 | ## If the registration was not successful or if the user hasn't submitted the info yet | ||
321 | ## Then we display the registration form. | ||
322 | #if(!$registrationDone) | ||
323 | $welcomeMessage | ||
324 | |||
325 | {{html clean="false"}} | ||
326 | <form id="register" action="$xwiki.relativeRequestURL" method="post" class="xform half"> | ||
327 | <div class="hidden"> | ||
328 | #if ($request.xpage == 'registerinline') | ||
329 | #skinExtensionHooks | ||
330 | #end | ||
331 | <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> | ||
332 | #set ($userDirectoryReference = $services.model.createDocumentReference('', 'Main', 'UserDirectory')) | ||
333 | #if ($xwiki.exists($userDirectoryReference)) | ||
334 | <input type="hidden" name="parent" value="$!{services.model.serialize($userDirectoryReference, 'default')}" /> | ||
335 | #end | ||
336 | </div> | ||
337 | #generateHtml($fields, $request) | ||
338 | <p class="buttons"> | ||
339 | <span class="buttonwrapper"> | ||
340 | <input type="submit" value="$services.localization.render('core.register.submit')" class="button"/> | ||
341 | </span> | ||
342 | </p> | ||
343 | </form> | ||
344 | {{/html}} | ||
345 | |||
346 | ## | ||
347 | ## Allow permitted users to configure this application. | ||
348 | #if($xcontext.getUser() != 'XWiki.XWikiGuest' && $xcontext.hasAccessLevel("edit", $documentName)) | ||
349 | [[{{translation key="xe.admin.registration.youCanConfigureRegistrationHere"/}}>>XWiki.XWikiPreferences?section=Registration&editor=globaladmin#HCustomizeXWikiRegistration]] | ||
350 | {{html}}<a href="$xwiki.getURL($documentName, 'edit', 'editor=wiki')">$services.localization.render('xe.admin.registration.youCanConfigureRegistrationFieldsHere')</a>{{/html}} | ||
351 | #end | ||
352 | #end | ||
353 | #else | ||
354 | ## The registration is not allowed on the subwiki | ||
355 | ## Redirecting to main wiki's registration page since local user registration is not allowed. | ||
356 | #set($mainWikiRegisterPageReference = $services.model.createDocumentReference($services.wiki.mainWikiId, 'XWiki', 'Register')) | ||
357 | #set($temp = $response.sendRedirect($xwiki.getURL($mainWikiRegisterPageReference, 'register', $request.queryString))) | ||
358 | #end | ||
359 | ## | ||
360 | #* | ||
361 | * Create the user. | ||
362 | * Calls $xwiki.createUser to create a new user. | ||
363 | * | ||
364 | * @param $request An XWikiRequest object which made the register request. | ||
365 | * @param $response The XWikiResponse object to send any redirects to. | ||
366 | * @param $doAfterRegistration code block to run after registration completes successfully. | ||
367 | *### | ||
368 | #macro(createUser, $fields, $request, $response, $doAfterRegistration) | ||
369 | ## CSRF check | ||
370 | #if(${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")}) | ||
371 | ## See if email verification is required and register the user. | ||
372 | #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1) | ||
373 | #set($reg = $xwiki.createUser(true)) | ||
374 | #else | ||
375 | #set($reg = $xwiki.createUser(false)) | ||
376 | #end | ||
377 | #else | ||
378 | $response.sendRedirect("$!{services.csrf.getResubmissionURL()}") | ||
379 | #end | ||
380 | ## | ||
381 | ## Handle output from the registration. | ||
382 | #if($reg && $reg <= 0) | ||
383 | {{error}} | ||
384 | #if($reg == -2) | ||
385 | {{translation key="core.register.passwordMismatch"/}} | ||
386 | ## -3 means username taken, -8 means username is superadmin name | ||
387 | #elseif($reg == -3 || $reg == -8) | ||
388 | {{translation key="core.register.userAlreadyExists"/}} | ||
389 | #elseif($reg == -4) | ||
390 | {{translation key="core.register.invalidUsername"/}} | ||
391 | #elseif($reg == -11) | ||
392 | {{translation key="core.register.mailSenderWronglyConfigured"/}} | ||
393 | #else | ||
394 | {{translation key="core.register.registerFailed" parameters="$reg"/}} | ||
395 | #end | ||
396 | {{/error}} | ||
397 | #elseif($reg) | ||
398 | ## Registration was successful | ||
399 | #set($registrationDone = true) | ||
400 | ## | ||
401 | ## If there is any thing to "doAfterRegistration" then do it. | ||
402 | #foreach($field in $fields) | ||
403 | #if($field.get('doAfterRegistration')) | ||
404 | #evaluate($field.get('doAfterRegistration')) | ||
405 | #end | ||
406 | #end | ||
407 | ## If there is a "global" doAfterRegistration, do that as well. | ||
408 | ## Calling toString() on a #define block will execute it and we discard the result. | ||
409 | #set($discard = $doAfterRegistration.toString()) | ||
410 | ## | ||
411 | ## Define some strings which may be used by autoLogin or loginButton | ||
412 | #set($userName = $!request.get('xwikiname')) | ||
413 | #set($password = $!request.get('register_password')) | ||
414 | #set($loginURL = $xwiki.getURL($loginPage, $loginAction)) | ||
415 | #if("$!request.getParameter($redirectParam)" != '') | ||
416 | #set($redirect = $request.getParameter($redirectParam)) | ||
417 | #else | ||
418 | #set($redirect = $defaultRedirect) | ||
419 | #end | ||
420 | ## Display a "registration successful" message | ||
421 | |||
422 | #evaluate($registrationSuccessMessage) | ||
423 | |||
424 | ## Empty line prevents message from being forced into a <p> block. | ||
425 | |||
426 | ## Give the user a login button which posts their username and password to loginsubmit | ||
427 | #if($loginButton) | ||
428 | |||
429 | {{html clean=false wiki=false}} | ||
430 | <form id="loginForm" action="$loginURL" method="post"> | ||
431 | <div class="centered"> | ||
432 | <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /> | ||
433 | <input id="j_username" name="j_username" type="hidden" value="$escapetool.xml($!userName)" /> | ||
434 | <input id="j_password" name="j_password" type="hidden" value="$escapetool.xml($!password)" /> | ||
435 | <input id="$redirectParam" name="$redirectParam" type="hidden" value="$escapetool.xml($redirect)" /> | ||
436 | <span class="buttonwrapper"> | ||
437 | <input type="submit" value="$services.localization.render('login')" class="button"/> | ||
438 | </span> | ||
439 | </div> | ||
440 | </form> | ||
441 | ## We don't want autoLogin if we are administrators adding users... | ||
442 | #if ($autoLogin && $request.xpage != 'registerinline') | ||
443 | <script type='text/javascript'> | ||
444 | document.observe('xwiki:dom:loaded', function() { | ||
445 | document.forms['loginForm'].submit(); | ||
446 | }); | ||
447 | </script> | ||
448 | #end | ||
449 | {{/html}} | ||
450 | |||
451 | #end | ||
452 | #end | ||
453 | ## | ||
454 | #end## createUser Macro | ||
455 | {{/velocity}} |