]> WPIA git - gigi.git/blob - src/org/cacert/gigi/pages/PasswordResetPage.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add: internal api for password reset (with assurance)
[gigi.git] / src / org / cacert / gigi / pages / PasswordResetPage.java
1 package org.cacert.gigi.pages;
2
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.util.HashMap;
6 import java.util.Map;
7
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10
11 import org.cacert.gigi.GigiApiException;
12 import org.cacert.gigi.dbObjects.User;
13 import org.cacert.gigi.localisation.Language;
14 import org.cacert.gigi.output.template.Form;
15 import org.cacert.gigi.output.template.Template;
16 import org.cacert.gigi.util.AuthorizationContext;
17
18 public class PasswordResetPage extends Page {
19
20     public static final String PATH = "/passwordReset";
21
22     public PasswordResetPage() {
23         super("Password Reset");
24     }
25
26     public static class PasswordResetForm extends Form {
27
28         private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ"));
29
30         private User u;
31
32         private int id;
33
34         public PasswordResetForm(HttpServletRequest hsr) throws GigiApiException {
35             super(hsr, PATH);
36             id = Integer.parseInt(hsr.getParameter("id"));
37             u = User.getResetWithToken(id, hsr.getParameter("token"));
38             if (u == null) {
39                 throw new GigiApiException("User missing or token invalid");
40             }
41
42         }
43
44         @Override
45         public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
46             String p1 = req.getParameter("pword1");
47             String p2 = req.getParameter("pword2");
48             String tok = req.getParameter("private_token");
49             if (p1 == null || p2 == null || tok == null) {
50                 throw new GigiApiException("Missing form parameter.");
51             }
52             if ( !p1.equals(p2)) {
53                 throw new GigiApiException("New passwords differ.");
54             }
55             u.consumePasswordResetTicket(id, tok, p1);
56             return true;
57         }
58
59         @Override
60         protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
61
62             t.output(out, l, vars);
63         }
64
65     }
66
67     @Override
68     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
69         PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
70         try {
71             form.submit(resp.getWriter(), req);
72             resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
73             return;
74         } catch (GigiApiException e) {
75             e.format(resp.getWriter(), getLanguage(req));
76         }
77         form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
78     }
79
80     @Override
81     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
82         try {
83             new PasswordResetForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
84         } catch (GigiApiException e) {
85             e.format(resp.getWriter(), getLanguage(req));
86         }
87     }
88
89     @Override
90     public boolean isPermitted(AuthorizationContext ac) {
91         return true;
92     }
93 }
WPIA Certificate Web Issuance Platform