X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FPasswordResetPage.java;h=45abb59c8978ba1d29c5b844217cface94673124;hp=8faaf8263ecc5a4c066d8aa0ec6738d5efdd6cd7;hb=f0409c63fad3833d4a2d4d8c3fd60f0ab829b299;hpb=6857b65a9147a61ef0e4c1286beb6d6c3f2f5404 diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index 8faaf826..45abb59c 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -2,6 +2,7 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; +import java.net.URLEncoder; import java.util.HashMap; import java.util.Map; @@ -9,14 +10,20 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.MailTemplate; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class PasswordResetPage extends Page { + public static final int HOUR_MAX = 96; + public static final String PATH = "/passwordReset"; public PasswordResetPage() { @@ -25,7 +32,7 @@ public class PasswordResetPage extends Page { public static class PasswordResetForm extends Form { - private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); + private static final Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); private User u; @@ -33,8 +40,17 @@ public class PasswordResetPage extends Page { public PasswordResetForm(HttpServletRequest hsr) throws GigiApiException { super(hsr, PATH); - id = Integer.parseInt(hsr.getParameter("id")); - u = User.getResetWithToken(id, hsr.getParameter("token")); + String idS = hsr.getParameter("id"); + String tokS = hsr.getParameter("token"); + if (idS == null || tokS == null) { + throw new GigiApiException("requires id and token"); + } + try { + id = Integer.parseInt(idS); + } catch (NumberFormatException e) { + throw new GigiApiException("requires id to be integer"); + } + u = User.getResetWithToken(id, tokS); if (u == null) { throw new GigiApiException("User missing or token invalid"); } @@ -43,6 +59,11 @@ public class PasswordResetPage extends Page { @Override public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { + passwordReset.setInt(1, HOUR_MAX); + passwordReset.execute(); + } + String p1 = req.getParameter("pword1"); String p2 = req.getParameter("pword2"); String tok = req.getParameter("private_token"); @@ -90,4 +111,25 @@ public class PasswordResetPage extends Page { public boolean isPermitted(AuthorizationContext ac) { return true; } + + private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ")); + + public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) { + String ptok = RandomToken.generateToken(32); + int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword); + try { + HashMap vars = new HashMap<>(); + vars.put("subject", subject); + vars.put("method", method); + vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH // + + "?id=" + id + "&token=" + URLEncoder.encode(ptok, "UTF-8")); + vars.put("hour_max", HOUR_MAX); + + passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail()); + out.println(Page.getLanguage(req).getTranslation("Password reset successful.")); + } catch (IOException e) { + e.printStackTrace(); + } + + } }