X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=inline;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FPasswordResetPage.java;h=4090bdd49b140822e7d516a879acdf0c6f9df9e1;hb=d7faeb9059063a213bfb0dad5d91f5732c3c6a48;hp=a2641db10736f5e553aeaa13e9cf80e9b97679f3;hpb=78e9a8cba5bf9f8734a64a974c4817368f2918d6;p=gigi.git diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index a2641db1..4090bdd4 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -2,6 +2,7 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; +import java.net.URLEncoder; import java.util.HashMap; import java.util.Map; @@ -13,11 +14,17 @@ import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.MailTemplate; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.HTMLEncoder; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class PasswordResetPage extends Page { + public static final int HOUR_MAX = 96; + public static final String PATH = "/passwordReset"; public PasswordResetPage() { @@ -26,7 +33,7 @@ public class PasswordResetPage extends Page { public static class PasswordResetForm extends Form { - private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); + private static final Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); private User u; @@ -53,7 +60,8 @@ public class PasswordResetPage extends Page { @Override public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { - try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '96 hours';")) { + try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { + passwordReset.setInt(1, HOUR_MAX); passwordReset.execute(); } @@ -81,14 +89,13 @@ public class PasswordResetPage extends Page { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { PasswordResetForm form = Form.getForm(req, PasswordResetForm.class); - try { - form.submit(resp.getWriter(), req); - resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful.")); + PrintWriter w = resp.getWriter(); + if (form.submitProtected(w, req)) { + w.println("