From: Felix Dörre Date: Wed, 22 Jun 2016 08:43:02 +0000 (+0200) Subject: upd: Factor out password reset initiation. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=7f4284fefac71623029edbb2a3bc8279f1d881e3 upd: Factor out password reset initiation. ... And include deadline in email. Change-Id: I4df3a897b75f74c58e3f0faa2bf34260153b8de8 --- diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index 5c9173f9..5132b52f 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -13,6 +13,7 @@ import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.DateSelector; +import org.cacert.gigi.pages.PasswordResetPage; import org.cacert.gigi.util.CalendarUtil; import org.cacert.gigi.util.DayDate; import org.cacert.gigi.util.Notary; @@ -520,9 +521,10 @@ public class User extends CertificateOwner { } public static User getResetWithToken(int id, String token) { - try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '96 hours'")) { + try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '1 hours' * ?")) { ps.setInt(1, id); ps.setString(2, token); + ps.setInt(3, PasswordResetPage.HOUR_MAX); GigiResultSet res = ps.executeQuery(); if ( !res.next()) { return null; diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index a2641db1..496c0e1e 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -2,6 +2,8 @@ package org.cacert.gigi.pages; import java.io.IOException; import java.io.PrintWriter; +import java.io.StringWriter; +import java.net.URLEncoder; import java.util.HashMap; import java.util.Map; @@ -11,13 +13,19 @@ import javax.servlet.http.HttpServletResponse; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.dbObjects.User; +import org.cacert.gigi.email.Sendmail; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.SprintfCommand; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class PasswordResetPage extends Page { + public static final int HOUR_MAX = 96; + public static final String PATH = "/passwordReset"; public PasswordResetPage() { @@ -53,7 +61,8 @@ public class PasswordResetPage extends Page { @Override public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { - try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '96 hours';")) { + try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { + passwordReset.setInt(1, HOUR_MAX); passwordReset.execute(); } @@ -104,4 +113,35 @@ public class PasswordResetPage extends Page { public boolean isPermitted(AuthorizationContext ac) { return true; } + + public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) { + String ptok = RandomToken.generateToken(32); + int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword); + try { + StringWriter sw = new StringWriter(); + PrintWriter outMail = new PrintWriter(sw); + outMail.print(l.getTranslation("Hi,") + "\n\n"); + outMail.print(method); + outMail.print("\n\nhttps://"); + outMail.print(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH); + outMail.print("?id="); + outMail.print(id); + outMail.print("&token="); + outMail.print(URLEncoder.encode(ptok, "UTF-8")); + outMail.print("\n"); + outMail.print("\n"); + SprintfCommand.createSimple("This process will expire in {0} hours.", Integer.toString(HOUR_MAX)).output(outMail, l, new HashMap()); + outMail.print("\n"); + outMail.print("\n"); + outMail.print(l.getTranslation("Best regards")); + outMail.print("\n"); + outMail.print(l.getTranslation("SomeCA.org Support!")); + outMail.close(); + Sendmail.getInstance().sendmail(Page.getUser(req).getEmail(), "[SomeCA.org] " + subject, sw.toString(), "support@cacert.org", null, null, null, null, false); + out.println(Page.getLanguage(req).getTranslation("Password reset successful.")); + } catch (IOException e) { + e.printStackTrace(); + } + + } } diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java index a85952f6..60251e7e 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java @@ -1,8 +1,6 @@ package org.cacert.gigi.pages.admin.support; -import java.io.IOException; import java.io.PrintWriter; -import java.net.URLEncoder; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -14,17 +12,13 @@ import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.Name; import org.cacert.gigi.dbObjects.SupportedUser; import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.email.Sendmail; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.DateSelector; import org.cacert.gigi.output.GroupSelector; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; -import org.cacert.gigi.pages.Page; import org.cacert.gigi.pages.PasswordResetPage; -import org.cacert.gigi.util.RandomToken; -import org.cacert.gigi.util.ServerConstants; public class SupportUserDetailsForm extends Form { @@ -69,29 +63,10 @@ public class SupportUserDetailsForm extends Form { if (aword == null || aword.equals("")) { throw new GigiApiException("An A-Word is required to perform a password reset."); } - String ptok = RandomToken.generateToken(32); - int id = user.getTargetUser().generatePasswordResetTicket(Page.getUser(req), ptok, aword); - try { - Language l = Language.getInstance(user.getTargetUser().getPreferredLocale()); - StringBuffer body = new StringBuffer(); - body.append(l.getTranslation("Hi,") + "\n\n"); - body.append(l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:")); - body.append("\n\nhttps://"); - body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH); - body.append("?id="); - body.append(id); - body.append("&token="); - body.append(URLEncoder.encode(ptok, "UTF-8")); - body.append("\n"); - body.append("\n"); - body.append(l.getTranslation("Best regards")); - body.append("\n"); - body.append(l.getTranslation("SomeCA.org Support!")); - Sendmail.getInstance().sendmail(user.getTargetUser().getEmail(), "[SomeCA.org] " + l.getTranslation("Password reset by support."), body.toString(), "support@cacert.org", null, null, null, null, false); - out.println(Page.getLanguage(req).getTranslation("Password reset successful.")); - } catch (IOException e) { - e.printStackTrace(); - } + Language l = Language.getInstance(user.getTargetUser().getPreferredLocale()); + String method = l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:"); + String subject = l.getTranslation("Password reset by support."); + PasswordResetPage.initPasswordResetProcess(out, user.getTargetUser(), req, aword, l, method, subject); return true; } dobSelector.update(req); diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index cf60f75b..79f4d509 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -1,8 +1,6 @@ package org.cacert.gigi.pages.wot; -import java.io.IOException; import java.io.PrintWriter; -import java.net.URLEncoder; import java.text.SimpleDateFormat; import java.util.HashMap; import java.util.Iterator; @@ -15,7 +13,6 @@ import org.cacert.gigi.GigiApiException; import org.cacert.gigi.dbObjects.Assurance.AssuranceType; import org.cacert.gigi.dbObjects.Name; import org.cacert.gigi.dbObjects.User; -import org.cacert.gigi.email.Sendmail; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; @@ -24,8 +21,6 @@ import org.cacert.gigi.pages.Page; import org.cacert.gigi.pages.PasswordResetPage; import org.cacert.gigi.util.DayDate; import org.cacert.gigi.util.Notary; -import org.cacert.gigi.util.RandomToken; -import org.cacert.gigi.util.ServerConstants; public class AssuranceForm extends Form { @@ -147,28 +142,10 @@ public class AssuranceForm extends Form { try { Notary.assure(assurer, assuree, assureeName, dob, pointsI, location, req.getParameter("date"), type); if (aword != null && !aword.equals("")) { - String systemToken = RandomToken.generateToken(32); - int id = assuree.generatePasswordResetTicket(Page.getUser(req), systemToken, aword); - try { - Language l = Language.getInstance(assuree.getPreferredLocale()); - StringBuffer body = new StringBuffer(); - body.append(l.getTranslation("Hi,") + "\n\n"); - body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form:")); - body.append("\n\nhttps://"); - body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH); - body.append("?id="); - body.append(id); - body.append("&token="); - body.append(URLEncoder.encode(systemToken, "UTF-8")); - body.append("\n"); - body.append("\n"); - body.append(l.getTranslation("Best regards")); - body.append("\n"); - body.append(l.getTranslation("SomeCA.org Support!")); - Sendmail.getInstance().sendmail(assuree.getEmail(), "[SomeCA.org] " + l.getTranslation("Password reset by assurance"), body.toString(), "support@cacert.org", null, null, null, null, false); - } catch (IOException e) { - e.printStackTrace(); - } + Language l = Language.getInstance(assuree.getPreferredLocale()); + String method = l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form:"); + String subject = l.getTranslation("Password reset by assurance"); + PasswordResetPage.initPasswordResetProcess(out, assuree, req, aword, l, method, subject); } return true; } catch (GigiApiException e) {