... And include deadline in email.
Change-Id: I4df3a897b75f74c58e3f0faa2bf34260153b8de8
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.DateSelector;
+import org.cacert.gigi.pages.PasswordResetPage;
import org.cacert.gigi.util.CalendarUtil;
import org.cacert.gigi.util.DayDate;
import org.cacert.gigi.util.Notary;
}
public static User getResetWithToken(int id, String token) {
- try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '96 hours'")) {
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '1 hours' * ?")) {
ps.setInt(1, id);
ps.setString(2, token);
+ ps.setInt(3, PasswordResetPage.HOUR_MAX);
GigiResultSet res = ps.executeQuery();
if ( !res.next()) {
return null;
import java.io.IOException;
import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.email.Sendmail;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.output.template.Template;
import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.ServerConstants;
public class PasswordResetPage extends Page {
+ public static final int HOUR_MAX = 96;
+
public static final String PATH = "/passwordReset";
public PasswordResetPage() {
@Override
public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
- try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '96 hours';")) {
+ try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) {
+ passwordReset.setInt(1, HOUR_MAX);
passwordReset.execute();
}
public boolean isPermitted(AuthorizationContext ac) {
return true;
}
+
+ public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) {
+ String ptok = RandomToken.generateToken(32);
+ int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword);
+ try {
+ StringWriter sw = new StringWriter();
+ PrintWriter outMail = new PrintWriter(sw);
+ outMail.print(l.getTranslation("Hi,") + "\n\n");
+ outMail.print(method);
+ outMail.print("\n\nhttps://");
+ outMail.print(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
+ outMail.print("?id=");
+ outMail.print(id);
+ outMail.print("&token=");
+ outMail.print(URLEncoder.encode(ptok, "UTF-8"));
+ outMail.print("\n");
+ outMail.print("\n");
+ SprintfCommand.createSimple("This process will expire in {0} hours.", Integer.toString(HOUR_MAX)).output(outMail, l, new HashMap<String, Object>());
+ outMail.print("\n");
+ outMail.print("\n");
+ outMail.print(l.getTranslation("Best regards"));
+ outMail.print("\n");
+ outMail.print(l.getTranslation("SomeCA.org Support!"));
+ outMail.close();
+ Sendmail.getInstance().sendmail(Page.getUser(req).getEmail(), "[SomeCA.org] " + subject, sw.toString(), "support@cacert.org", null, null, null, null, false);
+ out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+
+ }
}
package org.cacert.gigi.pages.admin.support;
-import java.io.IOException;
import java.io.PrintWriter;
-import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.cacert.gigi.dbObjects.Name;
import org.cacert.gigi.dbObjects.SupportedUser;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.email.Sendmail;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.output.GroupSelector;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Template;
-import org.cacert.gigi.pages.Page;
import org.cacert.gigi.pages.PasswordResetPage;
-import org.cacert.gigi.util.RandomToken;
-import org.cacert.gigi.util.ServerConstants;
public class SupportUserDetailsForm extends Form {
if (aword == null || aword.equals("")) {
throw new GigiApiException("An A-Word is required to perform a password reset.");
}
- String ptok = RandomToken.generateToken(32);
- int id = user.getTargetUser().generatePasswordResetTicket(Page.getUser(req), ptok, aword);
- try {
- Language l = Language.getInstance(user.getTargetUser().getPreferredLocale());
- StringBuffer body = new StringBuffer();
- body.append(l.getTranslation("Hi,") + "\n\n");
- body.append(l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:"));
- body.append("\n\nhttps://");
- body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
- body.append("?id=");
- body.append(id);
- body.append("&token=");
- body.append(URLEncoder.encode(ptok, "UTF-8"));
- body.append("\n");
- body.append("\n");
- body.append(l.getTranslation("Best regards"));
- body.append("\n");
- body.append(l.getTranslation("SomeCA.org Support!"));
- Sendmail.getInstance().sendmail(user.getTargetUser().getEmail(), "[SomeCA.org] " + l.getTranslation("Password reset by support."), body.toString(), "support@cacert.org", null, null, null, null, false);
- out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
- } catch (IOException e) {
- e.printStackTrace();
- }
+ Language l = Language.getInstance(user.getTargetUser().getPreferredLocale());
+ String method = l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:");
+ String subject = l.getTranslation("Password reset by support.");
+ PasswordResetPage.initPasswordResetProcess(out, user.getTargetUser(), req, aword, l, method, subject);
return true;
}
dobSelector.update(req);
package org.cacert.gigi.pages.wot;
-import java.io.IOException;
import java.io.PrintWriter;
-import java.net.URLEncoder;
import java.text.SimpleDateFormat;
import java.util.HashMap;
import java.util.Iterator;
import org.cacert.gigi.dbObjects.Assurance.AssuranceType;
import org.cacert.gigi.dbObjects.Name;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.email.Sendmail;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.pages.PasswordResetPage;
import org.cacert.gigi.util.DayDate;
import org.cacert.gigi.util.Notary;
-import org.cacert.gigi.util.RandomToken;
-import org.cacert.gigi.util.ServerConstants;
public class AssuranceForm extends Form {
try {
Notary.assure(assurer, assuree, assureeName, dob, pointsI, location, req.getParameter("date"), type);
if (aword != null && !aword.equals("")) {
- String systemToken = RandomToken.generateToken(32);
- int id = assuree.generatePasswordResetTicket(Page.getUser(req), systemToken, aword);
- try {
- Language l = Language.getInstance(assuree.getPreferredLocale());
- StringBuffer body = new StringBuffer();
- body.append(l.getTranslation("Hi,") + "\n\n");
- body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form:"));
- body.append("\n\nhttps://");
- body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
- body.append("?id=");
- body.append(id);
- body.append("&token=");
- body.append(URLEncoder.encode(systemToken, "UTF-8"));
- body.append("\n");
- body.append("\n");
- body.append(l.getTranslation("Best regards"));
- body.append("\n");
- body.append(l.getTranslation("SomeCA.org Support!"));
- Sendmail.getInstance().sendmail(assuree.getEmail(), "[SomeCA.org] " + l.getTranslation("Password reset by assurance"), body.toString(), "support@cacert.org", null, null, null, null, false);
- } catch (IOException e) {
- e.printStackTrace();
- }
+ Language l = Language.getInstance(assuree.getPreferredLocale());
+ String method = l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form:");
+ String subject = l.getTranslation("Password reset by assurance");
+ PasswordResetPage.initPasswordResetProcess(out, assuree, req, aword, l, method, subject);
}
return true;
} catch (GigiApiException e) {