1 package org.cacert.gigi.pages;
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.io.StringWriter;
6 import java.net.URLEncoder;
7 import java.util.HashMap;
10 import javax.servlet.http.HttpServletRequest;
11 import javax.servlet.http.HttpServletResponse;
13 import org.cacert.gigi.GigiApiException;
14 import org.cacert.gigi.database.GigiPreparedStatement;
15 import org.cacert.gigi.dbObjects.User;
16 import org.cacert.gigi.email.Sendmail;
17 import org.cacert.gigi.localisation.Language;
18 import org.cacert.gigi.output.template.Form;
19 import org.cacert.gigi.output.template.SprintfCommand;
20 import org.cacert.gigi.output.template.Template;
21 import org.cacert.gigi.util.AuthorizationContext;
22 import org.cacert.gigi.util.RandomToken;
23 import org.cacert.gigi.util.ServerConstants;
25 public class PasswordResetPage extends Page {
27 public static final int HOUR_MAX = 96;
29 public static final String PATH = "/passwordReset";
31 public PasswordResetPage() {
32 super("Password Reset");
35 public static class PasswordResetForm extends Form {
37 private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ"));
43 public PasswordResetForm(HttpServletRequest hsr) throws GigiApiException {
45 String idS = hsr.getParameter("id");
46 String tokS = hsr.getParameter("token");
47 if (idS == null || tokS == null) {
48 throw new GigiApiException("requires id and token");
51 id = Integer.parseInt(idS);
52 } catch (NumberFormatException e) {
53 throw new GigiApiException("requires id to be integer");
55 u = User.getResetWithToken(id, tokS);
57 throw new GigiApiException("User missing or token invalid");
63 public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
64 try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
65 passwordReset.setInt(1, HOUR_MAX);
66 passwordReset.execute();
69 String p1 = req.getParameter("pword1");
70 String p2 = req.getParameter("pword2");
71 String tok = req.getParameter("private_token");
72 if (p1 == null || p2 == null || tok == null) {
73 throw new GigiApiException("Missing form parameter.");
75 if ( !p1.equals(p2)) {
76 throw new GigiApiException("New passwords differ.");
78 u.consumePasswordResetTicket(id, tok, p1);
83 protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
85 t.output(out, l, vars);
91 public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
92 PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
94 form.submit(resp.getWriter(), req);
95 resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
97 } catch (GigiApiException e) {
98 e.format(resp.getWriter(), getLanguage(req));
100 form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
104 public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
106 new PasswordResetForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
107 } catch (GigiApiException e) {
108 e.format(resp.getWriter(), getLanguage(req));
113 public boolean isPermitted(AuthorizationContext ac) {
117 public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
118 String ptok = RandomToken.generateToken(32);
119 int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
121 StringWriter sw = new StringWriter();
122 PrintWriter outMail = new PrintWriter(sw);
123 outMail.print(l.getTranslation("Hi,") + "\n\n");
124 outMail.print(method);
125 outMail.print("\n\nhttps://");
126 outMail.print(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
127 outMail.print("?id=");
129 outMail.print("&token=");
130 outMail.print(URLEncoder.encode(ptok, "UTF-8"));
133 SprintfCommand.createSimple("This process will expire in {0} hours.", Integer.toString(HOUR_MAX)).output(outMail, l, new HashMap<String, Object>());
136 outMail.print(l.getTranslation("Best regards"));
138 outMail.print(l.getTranslation("SomeCA.org Support!"));
140 Sendmail.getInstance().sendmail(Page.getUser(req).getEmail(), "[SomeCA.org] " + subject, sw.toString(), "support@cacert.org", null, null, null, null, false);
141 out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
142 } catch (IOException e) {