X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FPasswordResetPage.java;h=580d0e54235da0c4e0305200f853fd1800ba86be;hp=8faaf8263ecc5a4c066d8aa0ec6738d5efdd6cd7;hb=abff88a2bf173198fe55c35ead97c9c7cdb5924c;hpb=6857b65a9147a61ef0e4c1286beb6d6c3f2f5404 diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index 8faaf826..580d0e54 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -2,6 +2,7 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; +import java.net.URLEncoder; import java.util.HashMap; import java.util.Map; @@ -9,14 +10,21 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.GigiApiException; +import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.MailTemplate; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.output.template.TranslateCommand; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class PasswordResetPage extends Page { + public static final int HOUR_MAX = 96; + public static final String PATH = "/passwordReset"; public PasswordResetPage() { @@ -25,7 +33,7 @@ public class PasswordResetPage extends Page { public static class PasswordResetForm extends Form { - private static Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); + private static final Template t = new Template(PasswordResetForm.class.getResource("PasswordResetForm.templ")); private User u; @@ -33,8 +41,17 @@ public class PasswordResetPage extends Page { public PasswordResetForm(HttpServletRequest hsr) throws GigiApiException { super(hsr, PATH); - id = Integer.parseInt(hsr.getParameter("id")); - u = User.getResetWithToken(id, hsr.getParameter("token")); + String idS = hsr.getParameter("id"); + String tokS = hsr.getParameter("token"); + if (idS == null || tokS == null) { + throw new GigiApiException("requires id and token"); + } + try { + id = Integer.parseInt(idS); + } catch (NumberFormatException e) { + throw new GigiApiException("requires id to be integer"); + } + u = User.getResetWithToken(id, tokS); if (u == null) { throw new GigiApiException("User missing or token invalid"); } @@ -42,7 +59,12 @@ public class PasswordResetPage extends Page { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public SuccessMessageResult submit(HttpServletRequest req) throws GigiApiException { + try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { + passwordReset.setInt(1, HOUR_MAX); + passwordReset.execute(); + } + String p1 = req.getParameter("pword1"); String p2 = req.getParameter("pword2"); String tok = req.getParameter("private_token"); @@ -53,28 +75,27 @@ public class PasswordResetPage extends Page { throw new GigiApiException("New passwords differ."); } u.consumePasswordResetTicket(id, tok, p1); - return true; + return new SuccessMessageResult(new TranslateCommand("Password reset successful.")); } @Override protected void outputContent(PrintWriter out, Language l, Map vars) { - t.output(out, l, vars); } } + @Override + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + return Form.getForm(req, PasswordResetForm.class).submitExceptionProtected(req, resp); + } + @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { - PasswordResetForm form = Form.getForm(req, PasswordResetForm.class); - try { - form.submit(resp.getWriter(), req); - resp.getWriter().println(getLanguage(req).getTranslation("Password reset successful.")); - return; - } catch (GigiApiException e) { - e.format(resp.getWriter(), getLanguage(req)); + if (Form.printFormErrors(req, resp.getWriter())) { + PasswordResetForm form = Form.getForm(req, PasswordResetForm.class); + form.output(resp.getWriter(), getLanguage(req), new HashMap()); } - form.output(resp.getWriter(), getLanguage(req), new HashMap()); } @Override @@ -90,4 +111,24 @@ public class PasswordResetPage extends Page { public boolean isPermitted(AuthorizationContext ac) { return true; } + + private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ")); + + public static void initPasswordResetProcess(User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) { + String ptok = RandomToken.generateToken(32); + int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword); + try { + HashMap vars = new HashMap<>(); + vars.put("subject", subject); + vars.put("method", method); + vars.put("link", "https://" + ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH // + + "?id=" + id + "&token=" + URLEncoder.encode(ptok, "UTF-8")); + vars.put("hour_max", HOUR_MAX); + + passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail()); + } catch (IOException e) { + e.printStackTrace(); + } + + } }