Enable password recovery when using ILS Authentication

module/VuFind/src/VuFind/Auth/ILS.php

@@ -113,6 +113,23 @@ public function authenticate($request)
         return $this->handleLogin($username, $password, $loginMethod, $rememberMe);
     }
 
+    /**
+     * Does this authentication method support password recovery
+     *
+     * @return bool
+     */
+    public function supportsPasswordRecovery()
+    {
+        $driver = $this->getCatalog()->getDriver();
+        if (
+            method_exists($driver, 'recoverPassword')
+            && ($this->config['Authentication']['recover_password'] ?? false)
+        ) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Does this authentication method support password changing
      *
@@ -166,8 +183,13 @@ public function updatePassword($request)
         foreach (['oldpwd', 'password', 'password2'] as $param) {
             $params[$param] = $request->getPost()->get($param, '');
         }
-
         // Connect to catalog:
+        if ($hash = $request->getPost('hash') ?? false) {
+            if ($user = $this->getDbService(UserServiceInterface::class)->getUserByVerifyHash($hash)) {
+                $username = $user->getUsername();
+            }
+        }
+
         if (!($patron = $this->authenticator->storedCatalogLogin())) {
             throw new AuthException('authentication_error_technical');
         }
@@ -178,6 +200,55 @@ public function updatePassword($request)
         $result = $this->getCatalog()->changePassword(
             [
                 'patron' => $patron,
+                'username' => $patron['cat_username'],
+                'oldPassword' => $params['oldpwd'],
+                'newPassword' => $params['password'],
+            ]
+        );
+        if (!$result['success']) {
+            throw new AuthException($result['status']);
+        }
+
+        // Update the user and send it back to the caller:
+        $username = $patron[$this->getUsernameField()];
+        $user = $this->getOrCreateUserByUsername($username);
+        $this->authenticator->saveUserCatalogCredentials($user, $patron['cat_username'], $params['password']);
+        return $user;
+    }
+
+    /**
+     * Change/Reset a user's password when they've forgotten.
+     *
+     * @param Request $request Request object containing new account details.
+     *
+     * @return UserEntityInterface Updated user entity.
+     *
+     * @throws PasswordSecurity
+     * @throws AuthException
+     * @throws \Exception
+     */
+    public function newPassword($request)
+    {
+        foreach (['oldpwd', 'password', 'password2'] as $param) {
+            $params[$param] = $request->getPost()->get($param, '');
+        }
+        // Connect to catalog:
+        if ($hash = $request->getPost('hash') ?? false) {
+            if ($user = $this->getDbService(UserServiceInterface::class)->getUserByVerifyHash($hash)) {
+                $username = $user->getUsername();
+            }
+        }
+        if (!($patron = $this->authenticator->storedCatalogLogin($username ?? null))) {
+            throw new AuthException('authentication_error_technical');
+        }
+        $this->validatePasswordUpdate($params);
+        if (empty($params['oldpwd'])) {
+            $params['oldpwd'] = $patron['cat_password'];
+        }
+        $result = $this->getCatalog()->recoverPassword(
+            [
+                'patron' => $patron,
+                'username' => $patron['cat_username'],
                 'oldPassword' => $params['oldpwd'],
                 'newPassword' => $params['password'],
             ]

module/VuFind/src/VuFind/Auth/ILSAuthenticator.php

@@ -302,11 +302,12 @@ public function getStoredCatalogCredentials()
      * fails, clear the user's stored credentials so they can enter new, corrected
      * ones.
      *
-     * Returns associative array of patron data on success, false on failure.
+     * @param $userName - the username/barcode for ILS password reset
      *
-     * @return array|bool
+     * @return array|bool Returns associative array of patron data on success,
+     * false on failure.
      */
-    public function storedCatalogLogin()
+    public function storedCatalogLogin($userName = null)
     {
         // Fail if no username is found, but allow a missing password (not every ILS
         // requires a password to connect).
@@ -329,8 +330,22 @@ public function storedCatalogLogin()
                 $this->ilsAccount[$username] = $patron;
                 return $patron;
             }
+        } elseif (!empty($userName)) {
+            if (isset($this->ilsAccount[$userName])) {
+                return $this->ilsAccount[$userName];
+            }
+            $user = $this->getDbService(UserServiceInterface::class)->getUserByUsername($userName);
+            if (empty($user)) {
+                return false;
+            }
+            $patron = $this->catalog->patronLogin($userName, $this->getCatPasswordForUser($user));
+            if (empty($patron)) {
+                $user->setCatUsername(null)->setRawCatPassword(null)->setCatPassEnc(null);
+            } else {
+                $this->ilsAccount[$userName] = $patron;
+                return $patron;
+            }
         }
-
         return false;
     }
 
@@ -340,9 +355,9 @@ public function storedCatalogLogin()
      * @param string $username Catalog username
      * @param string $password Catalog password
      *
-     * Returns associative array of patron data on success, false on failure.
+     * @return array|bool Returns associative array of patron data on success,
+     * false on failure.
      *
-     * @return array|bool
      * @throws ILSException
      */
     public function newCatalogLogin($username, $password)

module/VuFind/src/VuFind/Auth/Manager.php

@@ -204,6 +204,19 @@ public function supportsRecovery($authMethod = null)
             && $this->getAuth($authMethod)->supportsPasswordRecovery();
     }
 
+    /**
+     * Multi-ILS Only, Does the target Auth Method support password Recovery?
+     *
+     * @param $target string the target to check against
+     *
+     * @return bool
+     */
+    public function multiSupportsPasswordRecovery($target)
+    {
+        return ($this->config->Authentication->recover_password ?? false)
+            && $this->getAuth()->supportsPasswordRecovery($target);
+    }
+
     /**
      * Is email changing currently allowed?
      *
@@ -670,6 +683,22 @@ public function updatePassword($request)
         return $user;
     }
 
+    /**
+     * Reset a user's password from the request.
+     *
+     * @param \Laminas\Http\PhpEnvironment\Request $request Request object containing
+     * password change details.
+     *
+     * @throws AuthException
+     * @return UserEntityInterface Updated user entity.
+     */
+    public function newPassword($request)
+    {
+        $user = $this->getAuth()->newPassword($request);
+        $this->updateSession($user);
+        return $user;
+    }
+
     /**
      * Update a user's email from the request.
      *

module/VuFind/src/VuFind/Auth/MultiILS.php

@@ -34,6 +34,7 @@
 
 use VuFind\Db\Entity\UserEntityInterface;
 use VuFind\Exception\Auth as AuthException;
+use VuFind\ILS\Connection;
 use VuFind\ILS\Driver\MultiBackend;
 
 use function in_array;
@@ -123,4 +124,24 @@ public function setCatalog(\VuFind\ILS\Connection $connection)
         }
         parent::setCatalog($connection);
     }
+
+    /**
+     * Test to see if the target ILS supports password Recovery
+     *
+     * @param string $target The ILS we are checking
+     *
+     * @return bool
+     *
+     * @throws \Exception
+     */
+    public function supportsPasswordRecovery($target = null)
+    {
+        $catalog = $this->getCatalog();
+        $driver = $catalog->getDriver();
+        $targetDriver = $driver;
+        if ($target != null) {
+            $targetDriver = $driver->getDriverFromTarget($target);
+        }
+        return $targetDriver->supportsMethod('recoverPassword', []) ?? false;
+    }
 }

module/VuFind/src/VuFind/Controller/AbstractBase.php

@@ -712,6 +712,14 @@ protected function setFollowupUrlToReferer(bool $allowCurrentUrl = true, array $
         if ($mrhuNorm === $refererNorm) {
             return;
         }
+        // if  is the stored current url of the lightbox
+        // which overrides the url from the server request when present
+        $normReferer = $this->normalizeUrlForComparison($referer);
+        $myUserReset = $this->getServerUrl('myresearch-verify');
+        $murNorm = $this->normalizeUrlForComparison($myUserReset);
+        if (str_starts_with($normReferer, $murNorm)) {
+            return;
+        }
 
         // If the referer is the MyResearch/UserLogin action, it probably means
         // that the user is repeatedly mistyping their password. We should

module/VuFind/src/VuFind/Controller/MyResearchController.php

@@ -1725,6 +1725,23 @@ public function recoverAction()
         } elseif ($username = $this->params()->fromPost('username')) {
             $user = $userService->getUserByUsername($username);
         }
+        //ILS Driver:
+        //if the user hasn't logged in yet, but is found by the ILS, call function
+        //getPatronFromUsername
+        if (!$user && $this->formWasSubmitted() && !empty($username)) {
+            $dbService = $this->getDbService(UserServiceInterface::class);
+            $entity = $dbService->createEntityForUsername($username);
+            $catalog = $this->getILS()->getDriver();
+            if ($catalog->supportsMethod('getPatronFromUsername', $username)) {
+                $patron = $catalog->getPatronFromUsername($username);
+                $entity->setEmail($patron['email']);
+                $entity->setCatPassEnc($patron['password']);
+                $entity->setFirstname($patron['firstname']);
+                $entity->setLastname($patron['lastname']);
+                $dbService->persistEntity($entity);
+            }
+            $user = $dbService->getUserByUsername($username);
+        }
         $view = $this->createViewModel();
         $view->useCaptcha = $this->captcha()->active('passwordRecovery');
         // If we have a submitted form
@@ -1766,14 +1783,18 @@ protected function sendRecoveryEmail(UserEntityInterface $user, $config)
                     $config = $this->getConfig();
                     $renderer = $this->getViewRenderer();
                     $method = $this->getAuthManager()->getAuthMethod();
+                    // If target exists create query string to include it as part of reset url
+                    $target = $this->getRequest()->getQuery('target') ? '&target='
+                        . $this->getRequest()->getQuery('target') : null;
                     // Custom template for emails (text-only)
                     $message = $renderer->render(
                         'Email/recover-password.phtml',
                         [
                             'library' => $config->Site->title,
                             'url' => $this->getServerUrl('myresearch-verify')
                                 . '?hash='
-                                . $user->getVerifyHash() . '&auth_method=' . $method,
+                                . $user->getVerifyHash() . '&auth_method=' . $method
+                                . $target,
                         ]
                     );
                     $this->getService(Mailer::class)->send(
@@ -1938,6 +1959,7 @@ public function verifyAction()
                     $view->auth_method = $this->getAuthManager()->getAuthMethod();
                     $view->hash = $hash;
                     $view->username = $user->getUsername();
+                    $view->target = $this->getRequest()->getQuery('target') ?? null;
                     $view->useCaptcha = $this->captcha()->active('changePassword');
                     $view->passwordPolicy = $this->getAuthManager()
                         ->getPasswordPolicy();
@@ -2066,18 +2088,23 @@ public function newPasswordAction()
                 return $view;
             }
         }
-        // Update password
+        // Set/Reset password
         try {
-            $user = $this->getAuthManager()->updatePassword($this->getRequest());
+            $user = $this->getAuthManager()->newPassword($this->getRequest());
         } catch (AuthException $e) {
             $this->flashMessenger()->addMessage($e->getMessage(), 'error');
             return $view;
         }
         // Update hash to prevent reusing hash
         $this->getAuthManager()->updateUserVerifyHash($user);
-        // Login
+        if ($followUp = $this->followup()->retrieve('url')) {
+            //This exists because the followupURL gets set to Verify which returns
+            //an error message due to trying to check the hash a second time
+            $followUpUrl = str_contains($followUp, 'Verify') ? $this->url()->fromRoute('home') : $followUp;
+            $this->followup()->clear('url');
+            $this->followup()->store([], $followUpUrl);
+        }
         $this->getAuthManager()->login($this->request);
-        // Return to account home
         $this->flashMessenger()->addMessage('new_password_success', 'success');
         return $this->redirect()->toRoute('myresearch-home');
     }
@@ -2238,9 +2265,9 @@ protected function setUpAuthenticationFromRequest()
                 $this->params()->fromPost('auth_method')
             )
         );
+
         if (!empty($method)) {
-            $this->getAuthManager()->setAuthMethod($method);
-        }
+        }    $this->getAuthManager()->setAuthMethod($method);
     }
 
     /**

module/VuFind/src/VuFind/ILS/Driver/Demo.php

@@ -254,6 +254,23 @@ public function init()
         $this->checkIntermittentFailure();
     }
 
+    /**
+     * Helper method to determine whether or not a certain method can be
+     * called on this driver. Required method for any smart drivers.
+     *
+     * @param string $method The name of the called method.
+     * @param array  $params Array of passed parameters
+     *
+     * @return bool True if the method can be called with the given parameters,
+     * false otherwise.
+     *
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function supportsMethod($method, $params)
+    {
+        return is_callable([$this, $method]);
+    }
+
     /**
      * Check for a simulated failure. Returns true for failure, false for
      * success.

module/VuFind/src/VuFind/ILS/Driver/MultiBackend.php

@@ -306,6 +306,18 @@ public function getLoginDrivers()
         return $this->config['Login']['drivers'] ?? [];
     }
 
+    /**
+     * Retrieve the name of the ILS when provided the alias
+     *
+     * @param $target string the alias of the driver
+     *
+     * @return mixed
+     */
+    public function getDriverFromTarget($target)
+    {
+        return $this->getDriver($target);
+    }
+
     /**
      * Get default login driver
      *