upd: enforce a more strict Form call pattern.

[gigi.git] / src / org / cacert / gigi / pages / PasswordResetPage.java

diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java
index 1be5643c30d08e1ee16cd5e5e62f6df388c6f103..580d0e54235da0c4e0305200f853fd1800ba86be 100644 (file)
--- a/src/org/cacert/gigi/pages/PasswordResetPage.java
+++ b/src/org/cacert/gigi/pages/PasswordResetPage.java
@@ -2,7 +2,6 @@ package org.cacert.gigi.pages;
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.io.StringWriter;
 import java.net.URLEncoder;
 import java.util.HashMap;
 import java.util.Map;
@@ -13,11 +12,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.email.SendMail;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
-import org.cacert.gigi.output.template.SprintfCommand;
+import org.cacert.gigi.output.template.MailTemplate;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
 import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.RandomToken;
 import org.cacert.gigi.util.ServerConstants;
@@ -60,7 +59,7 @@ public class PasswordResetPage extends Page {
         }
 
         @Override
-        public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+        public SuccessMessageResult submit(HttpServletRequest req) throws GigiApiException {
             try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
                 passwordReset.setInt(1, HOUR_MAX);
                 passwordReset.execute();
@@ -76,28 +75,27 @@ public class PasswordResetPage extends Page {
                 throw new GigiApiException("New passwords differ.");
             }
             u.consumePasswordResetTicket(id, tok, p1);
-            return true;
+            return new SuccessMessageResult(new TranslateCommand("Password reset successful."));
         }
 
         @Override
         protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
-
             t.output(out, l, vars);
         }
 
     }
 
+    @Override
+    public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        return Form.getForm(req, PasswordResetForm.class).submitExceptionProtected(req, resp);
+    }
+
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
-        try {
-            form.submit(resp.getWriter(), req);
-            resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful."));
-            return;
-        } catch (GigiApiException e) {
-            e.format(resp.getWriter(), getLanguage(req));
+        if (Form.printFormErrors(req, resp.getWriter())) {
+            PasswordResetForm form = Form.getForm(req, PasswordResetForm.class);
+            form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
         }
-        form.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
@@ -114,31 +112,20 @@ public class PasswordResetPage extends Page {
         return true;
     }
 
-    public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
+    private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ"));
+
+    public static void initPasswordResetProcess(User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
         String ptok = RandomToken.generateToken(32);
         int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
         try {
-            StringWriter sw = new StringWriter();
-            PrintWriter outMail = new PrintWriter(sw);
-            outMail.print(l.getTranslation("Hi,") + "\n\n");
-            outMail.print(method);
-            outMail.print("\n\nhttps://");
-            outMail.print(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
-            outMail.print("?id=");
-            outMail.print(id);
-            outMail.print("&token=");
-            outMail.print(URLEncoder.encode(ptok, "UTF-8"));
-            outMail.print("\n");
-            outMail.print("\n");
-            SprintfCommand.createSimple("This process will expire in {0} hours.", Integer.toString(HOUR_MAX)).output(outMail, l, new HashMap<String, Object>());
-            outMail.print("\n");
-            outMail.print("\n");
-            outMail.print(l.getTranslation("Best regards"));
-            outMail.print("\n");
-            outMail.print(l.getTranslation("SomeCA.org Support!"));
-            outMail.close();
-            SendMail.getInstance().sendMail(Page.getUser(req).getEmail(), "[SomeCA.org] " + subject, sw.toString(), "support@cacert.org", null, null, null, null, false);
-            out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
+            HashMap<String, Object> vars = new HashMap<>();
+            vars.put("subject", subject);
+            vars.put("method", method);
+            vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH //
+                    + "?id=" + id + "&token=" + URLEncoder.encode(ptok, "UTF-8"));
+            vars.put("hour_max", HOUR_MAX);
+
+            passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail());
         } catch (IOException e) {
             e.printStackTrace();
         }