From: Felix Dörre Date: Sat, 14 Nov 2015 06:56:59 +0000 (+0100) Subject: add: password-reset with assurance from support side X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=c793f81c916f0f24b2180649b3d88348434b9480 add: password-reset with assurance from support side --- diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java index b49eaad9..685adf3d 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java @@ -1,6 +1,8 @@ package org.cacert.gigi.pages.admin.support; +import java.io.IOException; import java.io.PrintWriter; +import java.net.URLEncoder; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -10,10 +12,15 @@ import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.Name; import org.cacert.gigi.dbObjects.SupportedUser; import org.cacert.gigi.dbObjects.User; +import org.cacert.gigi.email.Sendmail; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.DateSelector; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; +import org.cacert.gigi.pages.Page; +import org.cacert.gigi.pages.PasswordResetPage; +import org.cacert.gigi.util.RandomToken; +import org.cacert.gigi.util.ServerConstants; public class SupportUserDetailsForm extends Form { @@ -38,6 +45,35 @@ public class SupportUserDetailsForm extends Form { if (user.getTicket() == null) { return false; } + if (req.getParameter("resetPass") != null) { + String aword = req.getParameter("aword"); + if (aword == null || aword.equals("")) { + throw new GigiApiException("An A-Word is required to perform a password reset."); + } + String ptok = RandomToken.generateToken(32); + int id = user.getTargetUser().generatePasswordResetTicket(Page.getUser(req), ptok, aword); + try { + Language l = Language.getInstance(user.getTargetUser().getPreferredLocale()); + StringBuffer body = new StringBuffer(); + body.append(l.getTranslation("Hi,") + "\n\n"); + body.append(l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page: \nhttps://")); + body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH); + body.append("?id="); + body.append(id); + body.append("&token="); + body.append(URLEncoder.encode(ptok, "UTF-8")); + body.append("\n"); + body.append("\n"); + body.append(l.getTranslation("Best regards")); + body.append("\n"); + body.append(l.getTranslation("CAcert.org Support!")); + Sendmail.getInstance().sendmail(user.getTargetUser().getEmail(), "[CAcert.org] " + l.getTranslation("Password reset by support."), body.toString(), "support@cacert.org", null, null, null, null, false); + out.println(Page.getLanguage(req).getTranslation("Password reset successful.")); + } catch (IOException e) { + e.printStackTrace(); + } + return true; + } dobSelector.update(req); String fname = req.getParameter("fname"); String mname = req.getParameter("mname"); diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ index e3ae77f7..689f2620 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.templ @@ -106,8 +106,8 @@ - : - + : + : diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java index a3195367..3d83b201 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java @@ -68,7 +68,7 @@ public class SupportUserDetailsPage extends Page { if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) { throw new GigiApiException("No ticket number set."); } - } else if (req.getParameter("detailupdate") != null) { + } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null) { if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) { throw new GigiApiException("No ticket number set."); } diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index b1cfbae9..a4ea3c23 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -113,7 +113,7 @@ public class AssuranceForm extends Form { Language l = Language.getInstance(assuree.getPreferredLocale()); StringBuffer body = new StringBuffer(); body.append(l.getTranslation("Hi,") + "\n\n"); - body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form: \n")); + body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form: \nhttps://")); body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH); body.append("?id="); body.append(id);