add: password-reset with assurance from support side

[gigi.git] / src / org / cacert / gigi / pages / admin / support / SupportUserDetailsForm.java

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
index b49eaad9154413977e153145d4e1fcc6e131e563..685adf3d7ce2398141f00b35438c2dad06f1587f 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
@@ -1,6 +1,8 @@
 package org.cacert.gigi.pages.admin.support;
 
+import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.URLEncoder;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -10,10 +12,15 @@ import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.Name;
 import org.cacert.gigi.dbObjects.SupportedUser;
 import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.email.Sendmail;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.DateSelector;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.PasswordResetPage;
+import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.ServerConstants;
 
 public class SupportUserDetailsForm extends Form {
 
@@ -38,6 +45,35 @@ public class SupportUserDetailsForm extends Form {
         if (user.getTicket() == null) {
             return false;
         }
+        if (req.getParameter("resetPass") != null) {
+            String aword = req.getParameter("aword");
+            if (aword == null || aword.equals("")) {
+                throw new GigiApiException("An A-Word is required to perform a password reset.");
+            }
+            String ptok = RandomToken.generateToken(32);
+            int id = user.getTargetUser().generatePasswordResetTicket(Page.getUser(req), ptok, aword);
+            try {
+                Language l = Language.getInstance(user.getTargetUser().getPreferredLocale());
+                StringBuffer body = new StringBuffer();
+                body.append(l.getTranslation("Hi,") + "\n\n");
+                body.append(l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page: \nhttps://"));
+                body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
+                body.append("?id=");
+                body.append(id);
+                body.append("&token=");
+                body.append(URLEncoder.encode(ptok, "UTF-8"));
+                body.append("\n");
+                body.append("\n");
+                body.append(l.getTranslation("Best regards"));
+                body.append("\n");
+                body.append(l.getTranslation("CAcert.org Support!"));
+                Sendmail.getInstance().sendmail(user.getTargetUser().getEmail(), "[CAcert.org] " + l.getTranslation("Password reset by support."), body.toString(), "support@cacert.org", null, null, null, null, false);
+                out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+            return true;
+        }
         dobSelector.update(req);
         String fname = req.getParameter("fname");
         String mname = req.getParameter("mname");