[gatein-commits] gatein SVN: r2234 - in portal/trunk: component/identity/src/main/java/org/exoplatform/services/organization and 5 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Sat Mar 13 13:12:06 EST 2010
Author: thomas.heute at jboss.com
Date: 2010-03-13 13:12:04 -0500 (Sat, 13 Mar 2010)
New Revision: 2234
Added:
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/remindpwd-configuration.xml
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIChangePassword.java
Removed:
portal/trunk/component/identity/src/main/java/conf/configuration.xml
portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java
portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java
Modified:
portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/autologin-configuration.xml
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java
portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java
Log:
GTNPORTAL-880: password recovery may change anyone's password
Changed flow so that a unique link is sent to the user to a form where he can change his password
Still requires to manage the case when token has expired.
Deleted: portal/trunk/component/identity/src/main/java/conf/configuration.xml
===================================================================
--- portal/trunk/component/identity/src/main/java/conf/configuration.xml 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/component/identity/src/main/java/conf/configuration.xml 2010-03-13 18:12:04 UTC (rev 2234)
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--
-
- Copyright (C) 2009 eXo Platform SAS.
-
- This is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as
- published by the Free Software Foundation; either version 2.1 of
- the License, or (at your option) any later version.
-
- This software is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this software; if not, write to the Free
- Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-
--->
-
-<configuration
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"
- xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd">
-
- <component>
- <key>org.exoplatform.services.organization.PasswordGeneratorService</key>
- <type>org.exoplatform.services.organization.PasswordGeneratorServiceImpl</type>
- </component>
-
-</configuration>
\ No newline at end of file
Deleted: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java
===================================================================
--- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -1,35 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2010, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-
-package org.exoplatform.services.organization;
-
-/**
- * @author <a href="mailto:theute at redhat.com">Thomas Heute</a>
- * @version $Revision$
- */
-public interface PasswordGeneratorService
-{
-
- public String generatePassword();
-
-}
Deleted: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java
===================================================================
--- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -1,70 +0,0 @@
-/******************************************************************************
- * JBoss, a division of Red Hat *
- * Copyright 2010, Red Hat Middleware, LLC, and individual *
- * contributors as indicated by the @authors tag. See the *
- * copyright.txt in the distribution for a full listing of *
- * individual contributors. *
- * *
- * This is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU Lesser General Public License as *
- * published by the Free Software Foundation; either version 2.1 of *
- * the License, or (at your option) any later version. *
- * *
- * This software is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
- * Lesser General Public License for more details. *
- * *
- * You should have received a copy of the GNU Lesser General Public *
- * License along with this software; if not, write to the Free *
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
- ******************************************************************************/
-
-package org.exoplatform.services.organization;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-
-import org.gatein.common.logging.Logger;
-import org.gatein.common.logging.LoggerFactory;
-
-/**
- * @author <a href="mailto:theute at redhat.com">Thomas Heute</a>
- * @version $Revision$
- */
-public class PasswordGeneratorServiceImpl implements PasswordGeneratorService
-{
-
- private String passwordCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_][{};:?.-+";
-
- public String generatePassword()
- {
- Logger logger = LoggerFactory.getLogger(PasswordGeneratorServiceImpl.class);
- int length = 12;
- StringBuffer buffer = new StringBuffer();
- char[] characterMap = passwordCharacters.toCharArray();
- SecureRandom secureRandom;
- try
- {
- secureRandom = SecureRandom.getInstance("SHA1PRNG");
- }
- catch (NoSuchAlgorithmException e)
- {
- logger.warn("SHA1PRNG algorithm isn't available, falling back to insecure password");
- return "" + System.currentTimeMillis();
- }
-
- for (int i = 0; i <= length; i++)
- {
- byte[] bytes = new byte[512];
- secureRandom.nextBytes(bytes);
- double number = secureRandom.nextDouble();
- int b = ((int) (number * characterMap.length));
- buffer.append(characterMap[b]);
- }
-
- return buffer.toString();
- }
-
-}
Modified: portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java
===================================================================
--- portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/CookieTokenService.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -39,18 +39,23 @@
{
/** . */
- private ChromatticManager chromatticManager;
-
+ public static final String LIFECYCLE_NAME="lifecycle-name";
+
/** . */
private ChromatticLifeCycle chromatticLifeCycle;
+
+ /** . */
+ private String lifecycleName="autologin";
public CookieTokenService(InitParams initParams, ChromatticManager chromatticManager)
{
super(initParams);
- //
- this.chromatticManager = chromatticManager;
- this.chromatticLifeCycle = chromatticManager.getLifeCycle("autologin");
+ if (initParams.getValuesParam(SERVICE_CONFIG).getValues().size() > 3)
+ {
+ lifecycleName = (String)initParams.getValuesParam(SERVICE_CONFIG).getValues().get(3);
+ }
+ this.chromatticLifeCycle = chromatticManager.getLifeCycle(lifecycleName);
}
public String createToken(final Credentials credentials)
@@ -149,16 +154,13 @@
private abstract class TokenTask<V> extends ContextualTask<V>
{
- /** . */
- private SessionContext context;
-
protected final TokenContainer getTokenContainer() {
SessionContext ctx = chromatticLifeCycle.getContext();
ChromatticSession session = ctx.getSession();
- TokenContainer container = session.findByPath(TokenContainer.class, "autologin");
+ TokenContainer container = session.findByPath(TokenContainer.class, lifecycleName);
if (container == null)
{
- container = session.insert(TokenContainer.class, "autologin");
+ container = session.insert(TokenContainer.class, lifecycleName);
}
return container;
}
@@ -166,17 +168,7 @@
@Override
protected V execute(SessionContext context)
{
- this.context = context;
-
- //
- try
- {
- return execute();
- }
- finally
- {
- this.context = null;
- }
+ return execute();
}
protected abstract V execute();
Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/autologin-configuration.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/autologin-configuration.xml 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/autologin-configuration.xml 2010-03-13 18:12:04 UTC (rev 2234)
@@ -29,12 +29,13 @@
<key>org.exoplatform.web.security.security.CookieTokenService</key>
<type>org.exoplatform.web.security.security.CookieTokenService</type>
<init-params>
- <values-param>
- <name>service.configuration</name>
- <value>jcr-token</value>
- <value>7</value>
- <value>DAY</value>
- </values-param>
+ <values-param>
+ <name>service.configuration</name>
+ <value>jcr-token</value>
+ <value>7</value>
+ <value>DAY</value>
+ <value>autologin</value>
+ </values-param>
</init-params>
</component>
Added: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/remindpwd-configuration.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/remindpwd-configuration.xml (rev 0)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/common/remindpwd-configuration.xml 2010-03-13 18:12:04 UTC (rev 2234)
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (C) 2009 eXo Platform SAS.
+
+ This is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ This software is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this software; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<configuration
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd http://www.exoplaform.org/xml/ns/kernel_1_0.xsd"
+ xmlns="http://www.exoplaform.org/xml/ns/kernel_1_0.xsd">
+
+ <component>
+ <key>org.exoplatform.web.security.security.RemindPasswordTokenService</key>
+ <type>org.exoplatform.web.security.security.RemindPasswordTokenService</type>
+ <init-params>
+ <values-param>
+ <name>service.configuration</name>
+ <value>jcr-token</value>
+ <value>1</value>
+ <value>DAY</value>
+ <value>remindpwd</value>
+ </values-param>
+ </init-params>
+ </component>
+
+ <external-component-plugins>
+ <target-component>org.exoplatform.commons.chromattic.ChromatticManager</target-component>
+ <component-plugin>
+ <name>chromattic</name>
+ <set-method>addLifeCycle</set-method>
+ <type>org.exoplatform.commons.chromattic.ChromatticLifeCycle</type>
+ <init-params>
+ <value-param>
+ <name>domain-name</name>
+ <value>remindpwd</value>
+ </value-param>
+ <value-param>
+ <name>workspace-name</name>
+ <value>portal-work</value>
+ </value-param>
+ <values-param>
+ <name>entities</name>
+ <value>org.exoplatform.web.security.security.TokenContainer</value>
+ <value>org.exoplatform.web.security.security.TokenEntry</value>
+ </values-param>
+ </init-params>
+ </component-plugin>
+ </external-component-plugins>
+</configuration>
Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/configuration.xml 2010-03-13 18:12:04 UTC (rev 2234)
@@ -29,6 +29,7 @@
<import profiles="jboss">war:/conf/wsrp/wsrp-configuration.xml</import>
<import>war:/conf/common/logs-configuration.xml</import>
<import>war:/conf/common/autologin-configuration.xml</import>
+ <import>war:/conf/common/remindpwd-configuration.xml</import>
<import>war:/conf/jcr/jcr-configuration.xml</import>
Added: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIChangePassword.java
===================================================================
--- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIChangePassword.java (rev 0)
+++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIChangePassword.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -0,0 +1,127 @@
+/**
+ * Copyright (C) 2009 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.portal.webui.login;
+
+import org.exoplatform.portal.webui.workspace.UIMaskWorkspace;
+import org.exoplatform.portal.webui.workspace.UIPortalApplication;
+import org.exoplatform.services.organization.OrganizationService;
+import org.exoplatform.services.organization.User;
+import org.exoplatform.web.application.ApplicationMessage;
+import org.exoplatform.web.security.GateInToken;
+import org.exoplatform.webui.application.WebuiRequestContext;
+import org.exoplatform.webui.config.annotation.ComponentConfig;
+import org.exoplatform.webui.config.annotation.EventConfig;
+import org.exoplatform.webui.core.UIApplication;
+import org.exoplatform.webui.core.lifecycle.UIFormLifecycle;
+import org.exoplatform.webui.event.Event;
+import org.exoplatform.webui.event.EventListener;
+import org.exoplatform.webui.event.Event.Phase;
+import org.exoplatform.webui.form.UIForm;
+import org.exoplatform.webui.form.UIFormStringInput;
+import org.exoplatform.webui.form.validator.MandatoryValidator;
+import org.exoplatform.webui.form.validator.StringLengthValidator;
+
+/**
+ * Created by The eXo Platform SARL
+ * Author : dang.tung
+ * tungcnw at gmail.com
+ * Jul 09, 2008
+ */
+ at ComponentConfig(lifecycle = UIFormLifecycle.class, template = "system:/groovy/webui/form/UIFormWithTitle.gtmpl", events = {
+ @EventConfig(listeners = UIChangePassword.SaveActionListener.class),
+ @EventConfig(phase = Phase.DECODE, listeners = UIMaskWorkspace.CloseActionListener.class)})
+public class UIChangePassword extends UIForm
+{
+ final static String USER_NAME = "username";
+
+ final static String PASSWORD = "password";
+
+ final static String NEW_PASSWORD = "newpassword";
+
+ final static String CONFIRM_NEW_PASSWORD = "confirmnewpassword";
+
+ static User user_;
+
+ public UIChangePassword() throws Exception
+ {
+ addUIFormInput(new UIFormStringInput(USER_NAME, USER_NAME, null).setEditable(false));
+ addUIFormInput(new UIFormStringInput(PASSWORD, PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE)
+ .addValidator(MandatoryValidator.class));
+ addUIFormInput(((UIFormStringInput)new UIFormStringInput(NEW_PASSWORD, NEW_PASSWORD, null)).setType(
+ UIFormStringInput.PASSWORD_TYPE).addValidator(MandatoryValidator.class).addValidator(
+ StringLengthValidator.class, 6, 30));
+ addUIFormInput(((UIFormStringInput)new UIFormStringInput(CONFIRM_NEW_PASSWORD, CONFIRM_NEW_PASSWORD, null))
+ .setType(UIFormStringInput.PASSWORD_TYPE).addValidator(MandatoryValidator.class).addValidator(
+ StringLengthValidator.class, 6, 30));
+ }
+
+ public void setData(User user)
+ {
+ user_ = user;
+ getUIStringInput(USER_NAME).setValue(user.getUserName());
+ }
+
+ @Override
+ public void reset()
+ {
+ UIFormStringInput passwordForm = getUIStringInput(PASSWORD);
+ passwordForm.reset();
+ UIFormStringInput newPasswordForm = getUIStringInput(NEW_PASSWORD);
+ newPasswordForm.reset();
+ UIFormStringInput confirmPasswordForm = getUIStringInput(CONFIRM_NEW_PASSWORD);
+ confirmPasswordForm.reset();
+ }
+
+ static public class SaveActionListener extends EventListener<UIChangePassword>
+ {
+ public void execute(Event<UIChangePassword> event) throws Exception
+ {
+ UIChangePassword uiForm = event.getSource();
+ String password = uiForm.getUIStringInput(PASSWORD).getValue();
+ String newpassword = uiForm.getUIStringInput(NEW_PASSWORD).getValue();
+ String confirmnewpassword = uiForm.getUIStringInput(CONFIRM_NEW_PASSWORD).getValue();
+ WebuiRequestContext request = event.getRequestContext();
+ UIApplication uiApp = request.getUIApplication();
+ UIMaskWorkspace uiMaskWorkspace = uiApp.getChildById(UIPortalApplication.UI_MASK_WS_ID);
+ OrganizationService orgService = uiForm.getApplicationComponent(OrganizationService.class);
+ uiForm.reset();
+ boolean isNew = true;
+ if (!orgService.getUserHandler().authenticate(user_.getUserName(), password))
+ {
+ uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.Invalid-account", null));
+ isNew = false;
+ }
+ if (!newpassword.equals(confirmnewpassword))
+ {
+ uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.password-is-not-match", null));
+ isNew = false;
+ }
+ if (isNew)
+ {
+ user_.setPassword(newpassword);
+ orgService.getUserHandler().saveUser(user_, true);
+ uiMaskWorkspace.setUIComponent(null);
+ uiMaskWorkspace.setWindowSize(-1, -1);
+ uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.change-password-successfully", null));
+ }
+ event.getRequestContext().addUIComponentToUpdateByAjax(uiMaskWorkspace);
+ }
+ }
+}
Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java
===================================================================
--- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -24,10 +24,11 @@
import org.exoplatform.portal.webui.util.Util;
import org.exoplatform.services.mail.MailService;
import org.exoplatform.services.organization.OrganizationService;
-import org.exoplatform.services.organization.PasswordGeneratorService;
import org.exoplatform.services.organization.Query;
import org.exoplatform.services.organization.User;
import org.exoplatform.web.application.ApplicationMessage;
+import org.exoplatform.web.security.Credentials;
+import org.exoplatform.web.security.security.RemindPasswordTokenService;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
@@ -78,11 +79,16 @@
String url = portalContext.getRequest().getRequestURL().toString();
MailService mailSrc = uiForm.getApplicationComponent(MailService.class);
OrganizationService orgSrc = uiForm.getApplicationComponent(OrganizationService.class);
- PasswordGeneratorService passwordGenSrc = uiForm.getApplicationComponent(PasswordGeneratorService.class);
String userName = uiForm.getUIStringInput(Username).getValue();
String email = uiForm.getUIStringInput(Email).getValue();
uiForm.reset();
+ RemindPasswordTokenService tokenService = uiForm.getApplicationComponent(RemindPasswordTokenService.class);
+
+ Credentials credentials = new Credentials(userName, "");
+ String tokenId = tokenService.createToken(credentials);
+
+
User user = null;
// User provided his username
@@ -124,8 +130,7 @@
email = user.getEmail();
String portalName = URLEncoder.encode(Util.getUIPortal().getName(), "UTF-8");
- user.setPassword(passwordGenSrc.generatePassword());
- orgSrc.getUserHandler().saveUser(user, true);
+
ResourceBundle res = requestContext.getApplicationResourceBundle();
String headerMail = "headermail";
String footerMail = "footer";
@@ -133,8 +138,7 @@
{
headerMail =
res.getString(uiForm.getId() + ".mail.header") + "\n\n" + res.getString(uiForm.getId() + ".mail.user")
- + user.getUserName() + "\n" + res.getString(uiForm.getId() + ".mail.password") + user.getPassword()
- + "\n\n\n" + res.getString(uiForm.getId() + ".mail.link");
+ + user.getUserName() + "\n"+ res.getString(uiForm.getId() + ".mail.link");
footerMail = "\n\n\n" + res.getString(uiForm.getId() + ".mail.footer");
}
catch (MissingResourceException e)
@@ -145,8 +149,7 @@
Long now = new Date().getTime();
String activeLink = host + requestContext.getRequestContextPath() + "/public/" + portalName;
activeLink +=
- "?portal:componentId=UIPortal&portal:action=RecoveryPasswordAndUsername&datesend=" + now.toString()
- + "&email=" + email;
+ "?portal:componentId=UIPortal&portal:action=RecoveryPasswordAndUsername&tokenId=" + tokenId;
activeLink = headerMail + activeLink + footerMail;
try
{
@@ -157,9 +160,14 @@
requestContext.getUIApplication().addMessage(
new ApplicationMessage("UIForgetPassword.msg.send-mail-fail", null));
requestContext.addUIComponentToUpdateByAjax(uilogin);
+
return;
}
-
+
+ // Don't save the new password if we couldn't send the email
+// user.setPassword(newPassword);
+ orgSrc.getUserHandler().saveUser(user, true);
+
uilogin.getChild(UILoginForm.class).setRendered(true);
uilogin.getChild(UIForgetPasswordWizard.class).setRendered(false);
uilogin.getChild(UIForgetPassword.class).setRendered(false);
Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java
===================================================================
--- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -24,6 +24,7 @@
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.User;
import org.exoplatform.web.application.ApplicationMessage;
+import org.exoplatform.web.security.GateInToken;
import org.exoplatform.webui.application.WebuiRequestContext;
import org.exoplatform.webui.config.annotation.ComponentConfig;
import org.exoplatform.webui.config.annotation.EventConfig;
@@ -50,8 +51,6 @@
{
final static String USER_NAME = "username";
- final static String PASSWORD = "password";
-
final static String NEW_PASSWORD = "newpassword";
final static String CONFIRM_NEW_PASSWORD = "confirmnewpassword";
@@ -61,8 +60,6 @@
public UIResetPassword() throws Exception
{
addUIFormInput(new UIFormStringInput(USER_NAME, USER_NAME, null).setEditable(false));
- addUIFormInput(new UIFormStringInput(PASSWORD, PASSWORD, null).setType(UIFormStringInput.PASSWORD_TYPE)
- .addValidator(MandatoryValidator.class));
addUIFormInput(((UIFormStringInput)new UIFormStringInput(NEW_PASSWORD, NEW_PASSWORD, null)).setType(
UIFormStringInput.PASSWORD_TYPE).addValidator(MandatoryValidator.class).addValidator(
StringLengthValidator.class, 6, 30));
@@ -71,7 +68,7 @@
StringLengthValidator.class, 6, 30));
}
- public void setData(User user)
+ public void setUser(User user)
{
user_ = user;
getUIStringInput(USER_NAME).setValue(user.getUserName());
@@ -80,8 +77,6 @@
@Override
public void reset()
{
- UIFormStringInput passwordForm = getUIStringInput(PASSWORD);
- passwordForm.reset();
UIFormStringInput newPasswordForm = getUIStringInput(NEW_PASSWORD);
newPasswordForm.reset();
UIFormStringInput confirmPasswordForm = getUIStringInput(CONFIRM_NEW_PASSWORD);
@@ -93,7 +88,6 @@
public void execute(Event<UIResetPassword> event) throws Exception
{
UIResetPassword uiForm = event.getSource();
- String password = uiForm.getUIStringInput(PASSWORD).getValue();
String newpassword = uiForm.getUIStringInput(NEW_PASSWORD).getValue();
String confirmnewpassword = uiForm.getUIStringInput(CONFIRM_NEW_PASSWORD).getValue();
WebuiRequestContext request = event.getRequestContext();
@@ -102,16 +96,13 @@
OrganizationService orgService = uiForm.getApplicationComponent(OrganizationService.class);
uiForm.reset();
boolean isNew = true;
- if (!orgService.getUserHandler().authenticate(user_.getUserName(), password))
- {
- uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.Invalid-account", null));
- isNew = false;
- }
+
if (!newpassword.equals(confirmnewpassword))
{
uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.password-is-not-match", null));
isNew = false;
}
+
if (isNew)
{
user_.setPassword(newpassword);
Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java
===================================================================
--- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-13 17:58:30 UTC (rev 2233)
+++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-13 18:12:04 UTC (rev 2234)
@@ -19,9 +19,9 @@
package org.exoplatform.portal.webui.portal;
-import org.exoplatform.application.gadget.GadgetRegistryService;
+import java.util.List;
+
import org.exoplatform.application.registry.Application;
-import org.exoplatform.commons.utils.PageList;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.portal.config.UserACL;
import org.exoplatform.portal.config.UserPortalConfigService;
@@ -29,12 +29,8 @@
import org.exoplatform.portal.config.model.CloneApplicationState;
import org.exoplatform.portal.config.model.Container;
import org.exoplatform.portal.config.model.TransientApplicationState;
-import org.exoplatform.portal.pom.spi.gadget.Gadget;
-import org.exoplatform.portal.pom.spi.portlet.Portlet;
-import org.exoplatform.portal.pom.spi.portlet.Preference;
import org.exoplatform.portal.webui.application.PortletState;
import org.exoplatform.portal.webui.application.UIApplicationList;
-import org.exoplatform.portal.webui.application.UIGadget;
import org.exoplatform.portal.webui.application.UIPortlet;
import org.exoplatform.portal.webui.container.UIContainerList;
import org.exoplatform.portal.webui.login.UILogin;
@@ -49,25 +45,17 @@
import org.exoplatform.portal.webui.workspace.UIPortalToolPanel;
import org.exoplatform.portal.webui.workspace.UIWorkingWorkspace;
import org.exoplatform.services.organization.OrganizationService;
-import org.exoplatform.services.organization.Query;
import org.exoplatform.services.organization.User;
-import org.exoplatform.services.rss.parser.DefaultRSSChannel;
-import org.exoplatform.services.rss.parser.DefaultRSSItem;
-import org.exoplatform.services.rss.parser.RSSDocument;
-import org.exoplatform.services.rss.parser.RSSParser;
import org.exoplatform.web.application.ApplicationMessage;
import org.exoplatform.web.application.JavascriptManager;
+import org.exoplatform.web.security.GateInToken;
+import org.exoplatform.web.security.security.RemindPasswordTokenService;
import org.exoplatform.webui.core.UIComponent;
import org.exoplatform.webui.core.UIContainer;
import org.exoplatform.webui.core.UITabPane;
import org.exoplatform.webui.event.Event;
import org.exoplatform.webui.event.EventListener;
-import org.exoplatform.webui.exception.MessageException;
-import java.net.URI;
-import java.util.Date;
-import java.util.List;
-
/** Author : Nhu Dinh Thuan nhudinhthuan at yahoo.com Jun 14, 2006 */
public class UIPortalComponentActionListener
{
@@ -446,38 +434,20 @@
public void execute(Event<UIPortal> event) throws Exception
{
UIPortal uiPortal = event.getSource();
+ RemindPasswordTokenService tokenService = uiPortal.getApplicationComponent(RemindPasswordTokenService.class);
+ String tokenId = event.getRequestContext().getRequestParameter("tokenId");
+
+ GateInToken token = tokenService.getToken(tokenId);
+
UIPortalApplication uiApp = uiPortal.getAncestorOfType(UIPortalApplication.class);
UIMaskWorkspace uiMaskWS = uiApp.getChildById(UIPortalApplication.UI_MASK_WS_ID);
- String date = event.getRequestContext().getRequestParameter("datesend");
- String email = event.getRequestContext().getRequestParameter("email");
+
OrganizationService orgSrc = uiPortal.getApplicationComponent(OrganizationService.class);
// get user
- PageList userPageList = orgSrc.getUserHandler().findUsers(new Query());
- List userList = userPageList.currentPage();
- User user = null;
- for (int i = 0; i < userList.size(); i++)
- {
- User tmpUser = (User)userList.get(i);
- if (tmpUser.getEmail().equals(email))
- {
- user = tmpUser;
- break;
- }
- }
- if (user == null)
- {
- throw new MessageException(new ApplicationMessage("UIForgetPassword.msg.user-delete", null));
- }
- // delete link active by one day
- long now = new Date().getTime();
- if (now - Long.parseLong(date) > 86400000)
- {
- user.setPassword(Long.toString(now));
- orgSrc.getUserHandler().saveUser(user, true);
- throw new MessageException(new ApplicationMessage("UIForgetPassword.msg.expration", null));
- }
+ User user = orgSrc.getUserHandler().findUserByName(token.getPayload().getUsername());
+
UIResetPassword uiReset = uiMaskWS.createUIComponent(UIResetPassword.class, null, null);
- uiReset.setData(user);
+ uiReset.setUser(user);
uiMaskWS.setUIComponent(uiReset);
uiMaskWS.setWindowSize(630, -1);
event.getRequestContext().addUIComponentToUpdateByAjax(uiMaskWS);
More information about the gatein-commits
mailing list