add: password-reset with assurance from support side

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
index b49eaad9154413977e153145d4e1fcc6e131e563..685adf3d7ce2398141f00b35438c2dad06f1587f 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
@@ -1,6 +1,8 @@
 package org.cacert.gigi.pages.admin.support;
 
 package org.cacert.gigi.pages.admin.support;
 

+import java.io.IOException;

 import java.io.PrintWriter;
 import java.io.PrintWriter;

+import java.net.URLEncoder;

 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;


@@ -10,10 +12,15 @@ import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.Name;
 import org.cacert.gigi.dbObjects.SupportedUser;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.dbObjects.Name;
 import org.cacert.gigi.dbObjects.SupportedUser;
 import org.cacert.gigi.dbObjects.User;

+import org.cacert.gigi.email.Sendmail;

 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.DateSelector;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.DateSelector;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;

+import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.PasswordResetPage;
+import org.cacert.gigi.util.RandomToken;
+import org.cacert.gigi.util.ServerConstants;

 
 public class SupportUserDetailsForm extends Form {
 
 
 public class SupportUserDetailsForm extends Form {
 


@@ -38,6 +45,35 @@ public class SupportUserDetailsForm extends Form {
         if (user.getTicket() == null) {
             return false;
         }
         if (user.getTicket() == null) {
             return false;
         }

+        if (req.getParameter("resetPass") != null) {
+            String aword = req.getParameter("aword");
+            if (aword == null || aword.equals("")) {
+                throw new GigiApiException("An A-Word is required to perform a password reset.");
+            }
+            String ptok = RandomToken.generateToken(32);
+            int id = user.getTargetUser().generatePasswordResetTicket(Page.getUser(req), ptok, aword);
+            try {
+                Language l = Language.getInstance(user.getTargetUser().getPreferredLocale());
+                StringBuffer body = new StringBuffer();
+                body.append(l.getTranslation("Hi,") + "\n\n");
+                body.append(l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page: \nhttps://"));
+                body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
+                body.append("?id=");
+                body.append(id);
+                body.append("&token=");
+                body.append(URLEncoder.encode(ptok, "UTF-8"));
+                body.append("\n");
+                body.append("\n");
+                body.append(l.getTranslation("Best regards"));
+                body.append("\n");
+                body.append(l.getTranslation("CAcert.org Support!"));
+                Sendmail.getInstance().sendmail(user.getTargetUser().getEmail(), "[CAcert.org] " + l.getTranslation("Password reset by support."), body.toString(), "support@cacert.org", null, null, null, null, false);
+                out.println(Page.getLanguage(req).getTranslation("Password reset successful."));
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+            return true;
+        }

         dobSelector.update(req);
         String fname = req.getParameter("fname");
         String mname = req.getParameter("mname");
         dobSelector.update(req);
         String fname = req.getParameter("fname");
         String mname = req.getParameter("mname");

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ
index e3ae77f70d5477bb0cffdf5c1c2c0530817fca29..689f2620908470eb57907565d3017fd3215a61d3 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ
@@ -106,8 +106,8 @@
 </td>
         </tr>
            <tr>
 </td>
         </tr>
            <tr>

-            <td><?=_Change Password?>:</td>
-            <td><?=_Change Password?></td>
+            <td><?=_Reset Password?>:</td>
+            <td><input type="text" name="aword"> <input type="submit" value="<?=_Reset Password?>" name="resetPass"></td>

         </tr>
         <tr>
             <td><?=_Delete Account?>:</td>
         </tr>
         <tr>
             <td><?=_Delete Account?>:</td>

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
index a3195367e2f8d32c955c4c3720d6381c366791bc..3d83b2013342d86629298037ca4161f4f448e7a4 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
@@ -68,7 +68,7 @@ public class SupportUserDetailsPage extends Page {
                 if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
                 if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }

-            } else if (req.getParameter("detailupdate") != null) {
+            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null) {

                 if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
                 if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }

diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java
index b1cfbae950ae09afecb62ad6610d3a41676f5f1e..a4ea3c23bf6102cf2629a7ed0a5c69f2613b931d 100644 (file)
--- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java
+++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java
@@ -113,7 +113,7 @@ public class AssuranceForm extends Form {
                     Language l = Language.getInstance(assuree.getPreferredLocale());
                     StringBuffer body = new StringBuffer();
                     body.append(l.getTranslation("Hi,") + "\n\n");
                     Language l = Language.getInstance(assuree.getPreferredLocale());
                     StringBuffer body = new StringBuffer();
                     body.append(l.getTranslation("Hi,") + "\n\n");

-                    body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form: \n"));
+                    body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form: \nhttps://"));

                     body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
                     body.append("?id=");
                     body.append(id);
                     body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
                     body.append("?id=");
                     body.append(id);