Enable password recovery when using ILS Authentication

module/VuFind/src/VuFind/Auth/ILS.php

@@ -113,6 +113,23 @@ public function authenticate($request)
         return $this->handleLogin($username, $password, $loginMethod, $rememberMe);
     }
 
+    /**
+     * Does this authentication method support password recovery
+     *
+     * @return bool
+     */
+    public function supportsPasswordRecovery()
+    {
+        $driver = $this->getCatalog()->getDriver();
+        if (
+            method_exists($driver, 'changePassword')
+            && ($this->config['Authentication']['recover_password'] ?? false)
+        ) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Does this authentication method support password changing
      *
@@ -166,8 +183,13 @@ public function updatePassword($request)
         foreach (['oldpwd', 'password', 'password2'] as $param) {
             $params[$param] = $request->getPost()->get($param, '');
         }
-
         // Connect to catalog:
+        if ($hash = $request->getPost('hash') ?? false) {
+            if ($user = $this->getDbService(UserServiceInterface::class)->getUserByVerifyHash($hash)) {
+                $username = $user->getUsername();
+            }
+        }
+
         if (!($patron = $this->authenticator->storedCatalogLogin())) {
             throw new AuthException('authentication_error_technical');
         }
@@ -178,6 +200,7 @@ public function updatePassword($request)
         $result = $this->getCatalog()->changePassword(
             [
                 'patron' => $patron,
+                'username' => $patron['cat_username'],
                 'oldPassword' => $params['oldpwd'],
                 'newPassword' => $params['password'],
             ]

module/VuFind/src/VuFind/Auth/ILSAuthenticator.php

@@ -151,7 +151,7 @@ public function encrypt(?string $text)
      *
      * @param ?string $text    The text to be encrypted or decrypted
      * @param bool    $encrypt True if we wish to encrypt text, False if we wish to
-     * decrypt text.
+     *                         decrypt text.
      *
      * @return ?string|bool    The encrypted/decrypted string (null = empty input; false = error)
      * @throws \VuFind\Exception\PasswordSecurity
@@ -309,11 +309,13 @@ public function getStoredCatalogCredentials()
      * fails, clear the user's stored credentials so they can enter new, corrected
      * ones.
      *
-     * Returns associative array of patron data on success, false on failure.
+     * @param $user_name - the username/barcode for ILS password reset
+     *
+     *                   Returns associative array of patron data on success, false on failure.
      *
      * @return array|bool
      */
-    public function storedCatalogLogin()
+    public function storedCatalogLogin($user_name = null)
     {
         // Fail if no username is found, but allow a missing password (not every ILS
         // requires a password to connect).
@@ -336,8 +338,19 @@ public function storedCatalogLogin()
                 $this->ilsAccount[$username] = $patron;
                 return $patron;
             }
+        } elseif (!empty($user_name)) {
+            $user = $this->getDbService(UserServiceInterface::class)->getUserByUsername($user_name);
+            if (isset($this->ilsAccount[$user_name])) {
+                return $this->ilsAccount[$user_name];
+            }
+            $patron = $this->catalog->patronLogin($user_name, $this->getCatPasswordForUser($user));
+            if (empty($patron)) {
+                $user->setCatUsername(null)->setRawCatPassword(null)->setCatPassEnc(null);
+            } else {
+                $this->ilsAccount[$user_name] = $patron;
+                return $patron;
+            }
         }
-
         return false;
     }
 
@@ -347,7 +360,7 @@ public function storedCatalogLogin()
      * @param string $username Catalog username
      * @param string $password Catalog password
      *
-     * Returns associative array of patron data on success, false on failure.
+     *                         Returns associative array of patron data on success, false on failure.
      *
      * @return array|bool
      * @throws ILSException

module/VuFind/src/VuFind/Controller/MyResearchController.php

@@ -186,6 +186,35 @@ protected function processAuthenticationException(AuthException $e)
         $this->flashMessenger()->addMessage($msg, 'error');
     }
 
+    /**
+     * Store a referer (if appropriate) to keep post-login redirect pointing
+     * to an appropriate location. This is used when the user clicks the
+     * log in link from an arbitrary page or when a password is mistyped;
+     * separate logic is used for storing followup information when VuFind
+     * forces the user to log in from another context.
+     *
+     * @param bool  $allowCurrentUrl Whether the current URL is valid for followup
+     * @param array $extras          Extra data for the followup
+     *
+     * @return void
+     */
+    protected function setFollowupUrlToReferer(bool $allowCurrentUrl = true, array $extras = [])
+    {
+        // lbreferer is the stored current url of the lightbox
+        // which overrides the url from the server request when present
+        $refer = $this->getRequest()->getQuery()->get(
+            'lbreferer',
+            $this->getRequest()->getServer()->get('HTTP_REFERER', null)
+        );
+        $normReferer = $this->normalizeUrlForComparison($refer);
+        $myUserReset = $this->getServerUrl('myresearch-verify');
+        $murNorm = $this->normalizeUrlForComparison($myUserReset);
+        if (str_starts_with($normReferer, $murNorm)) {
+            return;
+        }
+        parent::setFollowupUrlToReferer($allowCurrentUrl, $extras);
+    }
+
     /**
      * Maintaining this method for backwards compatibility;
      * logic moved to parent and method re-named
@@ -937,7 +966,7 @@ public function performDeleteFavorite($id, $source)
      * @param UserEntityInterface               $user   Logged-in user
      * @param \VuFind\RecordDriver\AbstractBase $driver Record driver for favorite
      * @param int                               $listID List being edited (null
-     * if editing all favorites)
+     *                                                  if editing all favorites)
      *
      * @return object
      */
@@ -1729,6 +1758,23 @@ public function recoverAction()
         } elseif ($username = $this->params()->fromPost('username')) {
             $user = $userService->getUserByUsername($username);
         }
+        //ILS Driver:
+        //if the user hasn't logged in yet, but is found by the ILS, call function
+        //getPatronFromBarcode
+        if (!$user && $this->formWasSubmitted() && !empty($username)) {
+            $dbService = $this->getDbService(UserServiceInterface::class);
+            $entity = $dbService->createEntityForUsername($username);
+            $catalog = $this->getILS()->getDriver();
+            if ($catalog->supportsMethod('getPatronFromBarcode', $username)) {
+                $patron = $catalog->getPatronFromBarcode($username);
+                $entity->setEmail($patron['email']);
+                $entity->setCatPassEnc($patron['password']);
+                $entity->setFirstname($patron['firstname']);
+                $entity->setLastname($patron['lastname']);
+                $dbService->persistEntity($entity);
+            }
+            $user = $dbService->getUserByUsername($username);
+        }
         $view = $this->createViewModel();
         $view->useCaptcha = $this->captcha()->active('passwordRecovery');
         // If we have a submitted form
@@ -1854,7 +1900,7 @@ protected function sendChangeNotificationEmail($user, $newEmail)
      *
      * @param ?UserEntityInterface $user   User object we're recovering
      * @param bool                 $change Is the user changing their email (true)
-     * or setting up a new account (false).
+     *                                     or setting up a new account (false).
      *
      * @return void (sends email or adds error message)
      */
@@ -2079,9 +2125,12 @@ public function newPasswordAction()
         }
         // Update hash to prevent reusing hash
         $this->getAuthManager()->updateUserVerifyHash($user);
-        // Login
+        if ($followUp = $this->followup()->retrieve('url')) {
+            $newUrl = strstr($followUp, 'Verify', true) . 'Home';
+            $this->followup()->clear('url');
+            $this->followup()->store([], $newUrl);
+        }
         $this->getAuthManager()->login($this->request);
-        // Return to account home
         $this->flashMessenger()->addMessage('new_password_success', 'success');
         return $this->redirect()->toRoute('myresearch-home');
     }

themes/bootstrap3/templates/Auth/ILS/recovery.phtml

@@ -0,0 +1,8 @@
+<div class="form-group">
+  <label class="control-label" for="recovery_username"><?=$this->transEsc('recovery_by_username') ?>:</label>
+  <input type="text" name="username" class="form-control" id="recovery_username" autocomplete="username">
+</div>
+<?=$this->captcha()->html($this->useCaptcha) ?>
+<div class="form-group">
+  <input class="btn btn-primary" name="submitButton" type="submit" value="<?=$this->transEscAttr('Recover Account') ?>">
+</div>

themes/bootstrap5/templates/Auth/ILS/recovery.phtml

@@ -0,0 +1,8 @@
+<div class="form-group">
+  <label class="control-label" for="recovery_username"><?=$this->transEsc('recovery_by_username') ?>:</label>
+  <input type="text" name="username" class="form-control" id="recovery_username" autocomplete="username">
+</div>
+<?=$this->captcha()->html($this->useCaptcha) ?>
+<div class="form-group">
+  <input class="btn btn-primary" name="submitButton" type="submit" value="<?=$this->transEscAttr('Recover Account') ?>">
+</div>