1 files changed, 37 insertions, 7 deletions

diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index aa26ed0406..a340368d41 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -9,6 +9,8 @@
 namespace Piwik\Plugins\Login;
 
 use Exception;
+use Piwik\Access;
+use Piwik\Auth\Password;
 use Piwik\Common;
 use Piwik\Config;
 use Piwik\Container\StaticContainer;
@@ -18,6 +20,7 @@ use Piwik\Nonce;
 use Piwik\Piwik;
 use Piwik\Plugins\Login\Security\BruteForceDetection;
 use Piwik\Plugins\UsersManager\Model AS UsersModel;
+use Piwik\Plugins\UsersManager\UserUpdater;
 use Piwik\QuickForm2;
 use Piwik\Session;
 use Piwik\Url;
@@ -30,6 +33,8 @@ use Piwik\View;
  */
 class Controller extends \Piwik\Plugin\ControllerAdmin
 {
+    const NONCE_CONFIRMRESETPASSWORD = 'loginConfirmResetPassword';
+
     /**
      * @var PasswordResetter
      */
@@ -424,25 +429,49 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
      */
     public function confirmResetPassword()
     {
+        if (!Url::isValidHost()) {
+            throw new Exception("Cannot confirm reset password with untrusted hostname!");
+        }
+
         $errorMessage = null;
+        $passwordHash = null;
 
-        $login = Common::getRequestVar('login', '');
-        $resetToken = Common::getRequestVar('resetToken', '');
+        $login = Common::getRequestVar('login');
+        $resetToken = Common::getRequestVar('resetToken');
 
         try {
-            $this->passwordResetter->confirmNewPassword($login, $resetToken);
+            $passwordHash = $this->passwordResetter->checkValidConfirmPasswordToken($login, $resetToken);
         } catch (Exception $ex) {
             Log::debug($ex);
 
             $errorMessage = $ex->getMessage();
         }
 
-        if (is_null($errorMessage)) { // if success, show login w/ success message
-            return $this->resetPasswordSuccess();
-        } else {
-            // show login page w/ error. this will keep the token in the URL
+        if (!empty($errorMessage)) {
             return $this->login($errorMessage);
         }
+
+        if (!empty($_POST['nonce'])
+            && !empty($_POST['mtmpasswordconfirm'])
+            && !empty($resetToken)
+            && !empty($login)
+            && !empty($passwordHash)
+            && empty($errorMessage)) {
+            Nonce::checkNonce(self::NONCE_CONFIRMRESETPASSWORD, $_POST['nonce']);
+            if ($this->passwordResetter->doesResetPasswordHashMatchesPassword($_POST['mtmpasswordconfirm'], $passwordHash)) {
+                $this->passwordResetter->setHashedPasswordForLogin($login, $passwordHash);
+                return $this->resetPasswordSuccess();
+            } else {
+                $errorMessage = Piwik::translate('Login_ConfirmPasswordResetWrongPassword');
+            }
+        }
+
+        $nonce = Nonce::getNonce(self::NONCE_CONFIRMRESETPASSWORD);
+
+        return $this->renderTemplateAs('confirmResetPassword', array(
+            'nonce' => $nonce,
+            'errorMessage' => $errorMessage
+        ), 'basic');
     }
 
     /**
@@ -452,6 +481,7 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
      */
     public function resetPasswordSuccess()
     {
+        $_POST = array(); // prevent showing error message username and password is missing
         return $this->login($errorMessage = null, $infoMessage = Piwik::translate('Login_PasswordChanged'));
     }