1 package org.cacert.gigi.pages;
3 import java.io.IOException;
4 import java.io.PrintWriter;
5 import java.util.HashMap;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
11 import org.cacert.gigi.GigiApiException;
12 import org.cacert.gigi.database.GigiPreparedStatement;
13 import org.cacert.gigi.dbObjects.User;
14 import org.cacert.gigi.localisation.Language;
15 import org.cacert.gigi.output.template.Form;
16 import org.cacert.gigi.output.template.Template;
17 import org.cacert.gigi.util.AuthorizationContext;
19 public class PasswordResetPage extends Page {
21 public static final String PATH = "/passwordReset";
23 public PasswordResetPage() {
24 super("Password Reset");
27 public static class PasswordResetForm extends Form {
29 private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ"));
35 public PasswordResetForm(HttpServletRequest hsr) throws GigiApiException {
37 String idS = hsr.getParameter("id");
38 String tokS = hsr.getParameter("token");
39 if (idS == null || tokS == null) {
40 throw new GigiApiException("requires id and token");
43 id = Integer.parseInt(idS);
44 } catch (NumberFormatException e) {
45 throw new GigiApiException("requires id to be integer");
47 u = User.getResetWithToken(id, tokS);
49 throw new GigiApiException("User missing or token invalid");
55 public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
56 try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '96 hours';")) {
57 passwordReset.execute();
60 String p1 = req.getParameter("pword1");
61 String p2 = req.getParameter("pword2");
62 String tok = req.getParameter("private_token");
63 if (p1 == null || p2 == null || tok == null) {
64 throw new GigiApiException("Missing form parameter.");
66 if ( !p1.equals(p2)) {
67 throw new GigiApiException("New passwords differ.");
69 u.consumePasswordResetTicket(id, tok, p1);
74 protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
76 t.output(out, l, vars);
82 public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
83 PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
85 form.submit(resp.getWriter(), req);
86 resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
88 } catch (GigiApiException e) {
89 e.format(resp.getWriter(), getLanguage(req));
91 form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
95 public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
97 new PasswordResetForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
98 } catch (GigiApiException e) {
99 e.format(resp.getWriter(), getLanguage(req));
104 public boolean isPermitted(AuthorizationContext ac) {