X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FPasswordResetPage.java;h=4090bdd49b140822e7d516a879acdf0c6f9df9e1;hb=d7faeb9059063a213bfb0dad5d91f5732c3c6a48;hp=a2641db10736f5e553aeaa13e9cf80e9b97679f3;hpb=78e9a8cba5bf9f8734a64a974c4817368f2918d6;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java
index a2641db1..4090bdd4 100644
--- a/src/org/cacert/gigi/pages/PasswordResetPage.java
+++ b/src/org/cacert/gigi/pages/PasswordResetPage.java
@@ -2,6 +2,7 @@ package org.cacert.gigi.pages;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.URLEncoder;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -13,11 +14,17 @@ import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.MailTemplate;
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.HTMLEncoder;
+import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.ServerConstants;
 
 public class PasswordResetPage extends Page {
 
+    public static final int HOUR_MAX = 96;
+
     public static final String PATH = "/passwordReset";
 
     public PasswordResetPage() {
@@ -26,7 +33,7 @@ public class PasswordResetPage extends Page {
 
     public static class PasswordResetForm extends Form {
 
-        private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ"));
+        private static final Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ"));
 
         private User u;
 
@@ -53,7 +60,8 @@ public class PasswordResetPage extends Page {
 
         @Override
         public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-            try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '96 hours';")) {
+            try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
+                passwordReset.setInt(1, HOUR_MAX);
                 passwordReset.execute();
             }
 
@@ -81,14 +89,13 @@ public class PasswordResetPage extends Page {
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
-        try {
-            form.submit(resp.getWriter(), req);
-            resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
+        PrintWriter w = resp.getWriter();
+        if (form.submitProtected(w, req)) {
+            w.println("<div class='alert alert-success'>");
+            w.println(HTMLEncoder.encodeHTML(getLanguage(req).getTranslation("Password reset successful.")));
+            w.println("</div>");
             return;
-        } catch (GigiApiException e) {
-            e.format(resp.getWriter(), getLanguage(req));
         }
-        form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
@@ -104,4 +111,25 @@ public class PasswordResetPage extends Page {
     public boolean isPermitted(AuthorizationContext ac) {
         return true;
     }
+
+    private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ"));
+
+    public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
+        String ptok = RandomToken.generateToken(32);
+        int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
+        try {
+            HashMap<String, Object> vars = new HashMap<>();
+            vars.put("subject", subject);
+            vars.put("method", method);
+            vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH //
+                    + "?id=" + id + "&token=" + URLEncoder.encode(ptok, "UTF-8"));
+            vars.put("hour_max", HOUR_MAX);
+
+            passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail());
+            out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+    }
 }
