Wiki source code of Registration

Last modified by superadmin on 2019/11/08 17:48
Show last authors
1 {{template name="register_macros.vm"/}}
2
3 {{velocity}}
4 ## The registration is enabled:
5 ## - on the main wiki
6 ## - on a subwiki if there is no service "$services.wiki.user"
7 ## - on a subwiki where the user scope allows local users
8 #if($xcontext.isMainWiki() || "$!services.wiki.user" == '' || $services.wiki.user.getUserScope() != "GLOBAL_ONLY")
9 ## These are defined in other places around XWiki, changing them here will result in undefined behavior.
10 #set($redirectParam = 'xredirect')
11 #set($userSpace = 'XWiki.')
12 #set($loginPage = 'XWiki.XWikiLogin')
13 #set($loginAction = 'loginsubmit')
14 ##
15 #set($documentName = 'XWiki.Registration')
16 ##
17 ## Security measure:
18 ## If this document is changed such that it must have programming permission in order to run, change this to false.
19 #set($sandbox = true)
20 ##
21 ## Load the configuration from a seperate document.
22 #loadConfig('XWiki.RegistrationConfig')
23 ##
24 #*
25 * You may include this document in other documents using {{include reference="XWiki.Registration"/}}
26 * To specify that the user is invited and should be allowed to register even if Guest does not have permission to
27 * register, set $invited to true. NOTE: The including script must have programming permission to do this.
28 *
29 * To specify some code which should run after registration is successfully completed, set
30 * $doAfterRegistration to a define block of velocity code like so:
31 * #define($doAfterRegistration)
32 * some code
33 * #end
34 * Output from running this code will not be printed.
35 *
36 * The fields which will be seen on the registration page are defined here.
37 * $fields is an array and each field is a Map. The names shown below are Map keys.
38 *
39 * Each field must have:
40 * name - this is the name of the field, it will be the value for "name" and "id"
41 *
42 * Each field may have:
43 * label - this String will be written above the field.
44 *
45 * tag - the HTML tag which will be created, default is <input>, may also be a non form tag such as <img>
46 *
47 * params - a Map, each key value pair will be in the html tag. eg: {"size" : "30"} becomes <input size=30...
48 *
49 * validate a Map describing how to validate the field, validation is done in javascript then redone in velocity
50 * | for security and because not everyone has javascript.
51 * |
52 * +-mandatory (Optional) - Will fail if the field is not filled in.
53 * | +-failureMessage (Required) - The message to display if the field is not filled in.
54 * | +-noscript (Optional) - will not be checked by javascript
55 * |
56 * +-regex (Optional) - Will validate the field using a regular expression.
57 * | | because of character escaping, you must provide a different expression for the
58 * | | javascript validation and the server side validation. Both javascript and server side
59 * | | validation are optional, but if you provide neither, then your field will not be validated.
60 * | |
61 * | +-failureMessage (Optional) - The message to display if the regex evaluation returns false.
62 * | +-jsFailureMessage (Optional) - The message for Javascript to display if regex fails.
63 * | | If jsFailureMessage is not defined Javascript uses failureMessage.
64 * | | NOTE: Javascript injects the failure message using createTextNode so &lt; will
65 * | | be displayed as &lt;
66 * | |
67 * | +-pattern (Optional) - The regular expression to test the input at the server side, it's important to use
68 * | | this if you need to validate the field for security reasons, also it is good because not
69 * | | all browsers use javascript or have it enabled.
70 * | |
71 * | +-jsPattern (Optional) - The regular expression to use for client side, you can use escaped characters to avoid
72 * | | them being parsed as HTML or javascript. To get javascript to unescape characters use:
73 * | | {"jsPattern" : "'+unescape('%5E%5B%24')+'"}
74 * | | NOTE: If no jsPattern is specified, the jsValidator will try to validate
75 * | | using the server pattern.
76 * | |
77 * | +-noscript (Optional) - will not be checked by javascript
78 * |
79 * +-mustMatch (Optional) - Will fail if the entry into the field is not the same as the entry in another field.
80 * | | Good for password confirmation.
81 * | |
82 * | +-failureMessage (Required) - The message to display if the field doesn't match the named field.
83 * | +-name (Required) - The name of the field which this field must match.
84 * | +-noscript (Optional) - will not be checked by javascript
85 * |
86 * +-programmaticValidation (Optional) - This form of validation executes a piece of code which you give it and
87 * | | if the code returns the word "failed" then it gives the error message.
88 * | | Remember to put the code in singel quotes ('') because you want the value
89 * | | of 'code' to equal the literal code, not the output from running it.
90 * | |
91 * | +-code (Required) - The code which will be executed to test whether the field is filled in correctly.
92 * | +-failureMessage (Required) - The message which will be displayed if evaluating the code returns "false"
93 * |
94 * +-fieldOkayMessage (Optional) - The message which is displayed by LiveValidation when a field is validated as okay.
95 * If not specified, will be $defaultFieldOkayMessage
96 *
97 * noReturn - If this is specified, the field will not be filled in if there is an error and the user has to fix their
98 * registration information. If you don't want a password to be passed back in html then set this true
99 * for the password fields. Used for the captcha because it makes no sense to pass back a captcha answer.
100 *
101 * doAfterRegistration - Some Velocity code which will be executed after a successfull registration.
102 * This is used in the favorite color example.
103 * Remember to put the code in singel quotes ('') because you want the 'code' entry to equal the literal
104 * code, not the output from running it.
105 *
106 * Each field may not have: (reserved names)
107 * error - This is used to pass back any error message from the server side code.
108 *
109 * NOTE: This template uses a registration method which requires:
110 * * register_first_name
111 * * register_last_name
112 * * xwikiname
113 * * register_password
114 * * register2_password
115 * * register_email
116 * * template
117 * Removing or renaming any of these fields will result in undefined behavior.
118 *
119 *###
120 #set($fields = [])
121 ##
122 ## The first name field, no checking.
123 #set($field =
124 {'name' : 'register_first_name',
125 'label' : $services.localization.render('core.register.firstName'),
126 'params' : {
127 'type' : 'text',
128 'size' : '60'
129 }
130 })
131 #set($discard = $fields.add($field))
132 ##
133 ## The last name field, no checking.
134 #set($field =
135 {'name' : 'register_last_name',
136 'label' : $services.localization.render('core.register.lastName'),
137 'params' : {
138 'type' : 'text',
139 'size' : '60'
140 }
141 })
142 #set($discard = $fields.add($field))
143 ##
144 ## The user name field, mandatory and programmatically checked to make sure the username doesn't exist.
145 #set($field =
146 {'name' : 'xwikiname',
147 'label' : $services.localization.render('core.register.username'),
148 'params' : {
149 'type' : 'text',
150 'onfocus' : 'prepareName(document.forms.register);',
151 'size' : '60'
152 },
153 'validate' : {
154 'mandatory' : {
155 'failureMessage' : $services.localization.render('core.validation.required.message')
156 },
157 'programmaticValidation' : {
158 'code' : '#nameAvailable($request.get("xwikiname"))',
159 'failureMessage' : $services.localization.render('core.register.userAlreadyExists')
160 }
161 }
162 })
163 #set($discard = $fields.add($field))
164 ## Make sure the chosen user name is not already taken
165 ## This macro is called by programmaticValidation for xwikiname (above)
166 #macro (nameAvailable, $name)
167 #if ($xwiki.exists("$userSpace$name"))
168 failed
169 #end
170 #end
171 ##
172 ##The password field, mandatory and must be at least 6 characters long.
173 ##The confirm password field, mandatory, must match password field, and must also be 6+ characters long.
174 #definePasswordFields($fields, 'register_password', 'register2_password', $passwordOptions)
175 ##
176 ## The email address field, regex checked with an email pattern. Mandatory if registration uses email verification
177 #set($field =
178 {'name' : 'register_email',
179 'label' : $services.localization.render('core.register.email'),
180 'params' : {
181 'type' : 'text',
182 'size' : '60'
183 },
184 'validate' : {
185 'regex' : {
186 'pattern' : '/^([^@\s]+)@((?:[-a-zA-Z0-9]+\.)+[a-zA-Z]{2,})$/',
187 'failureMessage' : $services.localization.render('xe.admin.registration.invalidEmail')
188 }
189 }
190 })
191 #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1)
192 #set($field.validate.mandatory = {'failureMessage' : $services.localization.render('core.validation.required.message')})
193 #end
194 #set($discard = $fields.add($field))
195 ##
196 #*********
197 ## Uncomment this code to see an example of how you can easily add a field to the registration page
198 ## NOTE: In order to save the favorite color in the "doAfterRegistration" hook, this page must be
199 ## saved by an administrator and can not self sandboxing.
200 #set($sandbox = false)
201 #set($field =
202 {'name' : 'favorite_color',
203 'label' : 'What is your favorite color',
204 'params' : {
205 'type' : 'text',
206 'size' : '60'
207 },
208 'validate' : {
209 'mandatory' : {
210 'failureMessage' : $services.localization.render('core.validation.required.message')
211 },
212 'regex' : {
213 'pattern' : '/^green$/',
214 'failureMessage' : 'You are not cool enough to register here.'
215 },
216 'fieldOkayMessage' : 'You are awesome.'
217 },
218 'doAfterRegistration' : '#saveFavoriteColor()'
219 })
220 #set($discard = $fields.add($field))
221 ## Save the user's favorite color on their user page.
222 #macro(saveFavoriteColor)
223 #set($xwikiname = $request.get('xwikiname'))
224 #set($userDoc = $xwiki.getDocument("$userSpace$xwikiname"))
225 $userDoc.setContent("$userDoc.getContent() ${xwikiname}'s favorite color is $request.get('favorite_color')!")
226 ## The user (who is not yet logged in) can't save documents so saveWithProgrammingRights
227 ## will save the document as long as the user who last saved this registration page has programming rights.
228 $userDoc.saveWithProgrammingRights("Saved favorite color from registration form.")
229 #end
230 *********###
231 ##
232 ## To disable the CAPTCHA on this page, comment out the next entry.
233 ## The CAPTCHA, not really an input field but still defined the same way.
234 #if($services.captcha
235 && !$invited
236 && $xcontext.getUser() == "XWiki.XWikiGuest"
237 && $requireCaptcha)
238 ## The CAPTCHA field, programmatically checked to make sure the CAPTCHA is right.
239 ## Not checked by javascript because javascript can't check the CAPTCHA and the Ok message because it passes the
240 ## mandatory test is misleading.
241 ## Also, not filled back in if there is an error ('noReturn').
242 #set($field =
243 {'name' : 'captcha_placeholder',
244 'label' : $services.localization.render('core.captcha.instruction'),
245 'skipLabelFor' : true,
246 'type' : 'html',
247 'html' : "$!{services.captcha.default.display()}",
248 'validate' : {
249 'programmaticValidation' : {
250 'code' : '#if (!$services.captcha.default.isValid())failed#end',
251 'failureMessage' : $services.localization.render('core.captcha.captchaAnswerIsWrong')
252 }
253 },
254 'noReturn' : true
255 })
256 #set($discard = $fields.add($field))
257 #end
258 ##
259 ## Pass the name of the template to $xwiki.createUser so any contained information will be passed in.
260 #set($field =
261 {'name' : 'template',
262 'params' : {
263 'type' : 'hidden',
264 'value' : 'XWiki.XWikiUserTemplate'
265 }
266 })
267 #set($discard = $fields.add($field))
268 ##
269 ## Pass the redirect parameter on so that the login page may redirect to the right place.
270 ## Not necessary in Firefox 3.0.10 or Opera 9.64, I don't know about IE or Safari.
271 #set($field =
272 {'name' : $redirectParam,
273 'params' : {
274 'type' : 'hidden'
275 }
276 })
277 #set($discard = $fields.add($field))
278 ##
279 #######################################################################
280 ## The Code.
281 #######################################################################
282 ##
283 ## This application's HTML is dynamically generated and editing in WYSIWYG would not work
284 #if($xcontext.getAction() == 'edit')
285 $response.sendRedirect("$xwiki.getURL($doc.getFullName(), 'edit')?editor=wiki")
286 #end
287 ##
288 ## If this document has PR and is not included from another document then it's author should be set to Guest
289 ## for the duration of it's execution in order to improve security.
290 ## Note we compare document ids because
291 #if($sandbox
292 && $xcontext.hasProgrammingRights()
293 && $xcontext.getDoc().getDocumentReference().equals($xwiki.getDocument($documentName).getDocumentReference()))
294 ##
295 $xcontext.dropPermissions()##
296 #end
297 ##
298 ## Access level to register must be explicitly checked because it is only checked in XWiki.prepareDocuments
299 ## and this page is accessible through view action.
300 #if(!$xcontext.hasAccessLevel('register', 'XWiki.XWikiPreferences'))
301 ## Make an exception if another document with programming permission (Invitation app) has included this
302 ## document and set $invited to true.
303 #if(!$invited || !$xcontext.hasProgrammingRights())
304 $response.sendRedirect("$xwiki.getURL($doc.getFullName(), 'login')")
305 #end
306 #end
307 ##
308 ## Display the heading
309 $heading
310 ## If the submit button has been pressed, then we test the input and maybe create the user.
311 #if($request.getParameter('xwikiname'))
312 ## Do server side validation of input fields.
313 ## This must not be in a #set directive as it will output messages if something goes wrong.
314 #validateFields($fields, $request)
315 ## If server side validation was successfull, create the user
316 #if($allFieldsValid)
317 #createUser($fields, $request, $response, $doAfterRegistration)
318 #end
319 #end
320 ## If the registration was not successful or if the user hasn't submitted the info yet
321 ## Then we display the registration form.
322 #if(!$registrationDone)
323 $welcomeMessage
324
325 {{html clean="false"}}
326 <form id="register" action="$xwiki.relativeRequestURL" method="post" class="xform half">
327 <div class="hidden">
328 #if ($request.xpage == 'registerinline')
329 #skinExtensionHooks
330 #end
331 <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
332 #set ($userDirectoryReference = $services.model.createDocumentReference('', 'Main', 'UserDirectory'))
333 #if ($xwiki.exists($userDirectoryReference))
334 <input type="hidden" name="parent" value="$!{services.model.serialize($userDirectoryReference, 'default')}" />
335 #end
336 </div>
337 #generateHtml($fields, $request)
338 <p class="buttons">
339 <span class="buttonwrapper">
340 <input type="submit" value="$services.localization.render('core.register.submit')" class="button"/>
341 </span>
342 </p>
343 </form>
344 {{/html}}
345
346 ##
347 ## Allow permitted users to configure this application.
348 #if($xcontext.getUser() != 'XWiki.XWikiGuest' && $xcontext.hasAccessLevel("edit", $documentName))
349 [[{{translation key="xe.admin.registration.youCanConfigureRegistrationHere"/}}>>XWiki.XWikiPreferences?section=Registration&editor=globaladmin#HCustomizeXWikiRegistration]]
350 {{html}}<a href="$xwiki.getURL($documentName, 'edit', 'editor=wiki')">$services.localization.render('xe.admin.registration.youCanConfigureRegistrationFieldsHere')</a>{{/html}}
351 #end
352 #end
353 #else
354 ## The registration is not allowed on the subwiki
355 ## Redirecting to main wiki's registration page since local user registration is not allowed.
356 #set($mainWikiRegisterPageReference = $services.model.createDocumentReference($services.wiki.mainWikiId, 'XWiki', 'Register'))
357 #set($temp = $response.sendRedirect($xwiki.getURL($mainWikiRegisterPageReference, 'register', $request.queryString)))
358 #end
359 ##
360 #*
361 * Create the user.
362 * Calls $xwiki.createUser to create a new user.
363 *
364 * @param $request An XWikiRequest object which made the register request.
365 * @param $response The XWikiResponse object to send any redirects to.
366 * @param $doAfterRegistration code block to run after registration completes successfully.
367 *###
368 #macro(createUser, $fields, $request, $response, $doAfterRegistration)
369 ## CSRF check
370 #if(${services.csrf.isTokenValid("$!{request.getParameter('form_token')}")})
371 ## See if email verification is required and register the user.
372 #if($xwiki.getXWikiPreferenceAsInt('use_email_verification', 0) == 1)
373 #set($reg = $xwiki.createUser(true))
374 #else
375 #set($reg = $xwiki.createUser(false))
376 #end
377 #else
378 $response.sendRedirect("$!{services.csrf.getResubmissionURL()}")
379 #end
380 ##
381 ## Handle output from the registration.
382 #if($reg && $reg <= 0)
383 {{error}}
384 #if($reg == -2)
385 {{translation key="core.register.passwordMismatch"/}}
386 ## -3 means username taken, -8 means username is superadmin name
387 #elseif($reg == -3 || $reg == -8)
388 {{translation key="core.register.userAlreadyExists"/}}
389 #elseif($reg == -4)
390 {{translation key="core.register.invalidUsername"/}}
391 #elseif($reg == -11)
392 {{translation key="core.register.mailSenderWronglyConfigured"/}}
393 #else
394 {{translation key="core.register.registerFailed" parameters="$reg"/}}
395 #end
396 {{/error}}
397 #elseif($reg)
398 ## Registration was successful
399 #set($registrationDone = true)
400 ##
401 ## If there is any thing to "doAfterRegistration" then do it.
402 #foreach($field in $fields)
403 #if($field.get('doAfterRegistration'))
404 #evaluate($field.get('doAfterRegistration'))
405 #end
406 #end
407 ## If there is a "global" doAfterRegistration, do that as well.
408 ## Calling toString() on a #define block will execute it and we discard the result.
409 #set($discard = $doAfterRegistration.toString())
410 ##
411 ## Define some strings which may be used by autoLogin or loginButton
412 #set($userName = $!request.get('xwikiname'))
413 #set($password = $!request.get('register_password'))
414 #set($loginURL = $xwiki.getURL($loginPage, $loginAction))
415 #if("$!request.getParameter($redirectParam)" != '')
416 #set($redirect = $request.getParameter($redirectParam))
417 #else
418 #set($redirect = $defaultRedirect)
419 #end
420 ## Display a "registration successful" message
421
422 #evaluate($registrationSuccessMessage)
423
424 ## Empty line prevents message from being forced into a <p> block.
425
426 ## Give the user a login button which posts their username and password to loginsubmit
427 #if($loginButton)
428
429 {{html clean=false wiki=false}}
430 <form id="loginForm" action="$loginURL" method="post">
431 <div class="centered">
432 <input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" />
433 <input id="j_username" name="j_username" type="hidden" value="$escapetool.xml($!userName)" />
434 <input id="j_password" name="j_password" type="hidden" value="$escapetool.xml($!password)" />
435 <input id="$redirectParam" name="$redirectParam" type="hidden" value="$escapetool.xml($redirect)" />
436 <span class="buttonwrapper">
437 <input type="submit" value="$services.localization.render('login')" class="button"/>
438 </span>
439 </div>
440 </form>
441 ## We don't want autoLogin if we are administrators adding users...
442 #if ($autoLogin && $request.xpage != 'registerinline')
443 <script type='text/javascript'>
444 document.observe('xwiki:dom:loaded', function() {
445 document.forms['loginForm'].submit();
446 });
447 </script>
448 #end
449 {{/html}}
450
451 #end
452 #end
453 ##
454 #end## createUser Macro
455 {{/velocity}}