Author: thomas.heute(a)jboss.com Date: 2010-03-13 16:24:19 -0500 (Sat, 13 Mar 2010) New Revision: 2238 Modified: portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/RemindPasswordTokenService.java portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java Log: GTNPORTAL-880: password recovery may change anyone's password + Fix: remember my username + Handle case when token expired Modified: portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/RemindPasswordTokenService.java =================================================================== --- portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/RemindPasswordTokenService.java 2010-03-13 20:36:19 UTC (rev 2237) +++ portal/trunk/component/web/src/main/java/org/exoplatform/web/security/security/RemindPasswordTokenService.java 2010-03-13 21:24:19 UTC (rev 2238) @@ -1,3 +1,25 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ package org.exoplatform.web.security.security; import org.exoplatform.commons.chromattic.ChromatticManager; @@ -3,16 +25,20 @@ import org.exoplatform.container.xml.InitParams; +/** + * @author <a href="mailto:theute@redhat.com">Thomas Heute</a> + * @version $Revision$ + */ public class RemindPasswordTokenService extends CookieTokenService { - public RemindPasswordTokenService(InitParams initParams, - ChromatticManager chromatticManager) { - - super(initParams, chromatticManager); - } + public RemindPasswordTokenService(InitParams initParams, + ChromatticManager chromatticManager) + { + super(initParams, chromatticManager); + } - protected String nextTokenId() - { - return "" + random.nextInt(); - } - + @Override + protected String nextTokenId() + { + return "" + random.nextInt(); + } } Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java =================================================================== --- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-03-13 20:36:19 UTC (rev 2237) +++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-03-13 21:24:19 UTC (rev 2238) @@ -42,7 +42,6 @@ import org.exoplatform.webui.form.validator.MandatoryValidator; import java.net.URLEncoder; -import java.util.Date; import java.util.MissingResourceException; import java.util.ResourceBundle; @@ -82,15 +81,11 @@ String userName = uiForm.getUIStringInput(Username).getValue(); String email = uiForm.getUIStringInput(Email).getValue(); uiForm.reset(); - - RemindPasswordTokenService tokenService = uiForm.getApplicationComponent(RemindPasswordTokenService.class); + + User user = null; - Credentials credentials = new Credentials(userName, ""); - String tokenId = tokenService.createToken(credentials); + String tokenId = null; - - User user = null; - // User provided his username if (userName != null) { @@ -109,17 +104,13 @@ Query query = new Query(); // Querying on email won't work. PLIDM-12 // Note that querying on email is inefficient as it loops over all users... - // query.setEmail(email); + query.setEmail(email); PageList<User> users = orgSrc.getUserHandler().findUsers(query); - for (User tmpUser : users.currentPage().toArray(new User[]{})) + if (users.getAll().size() > 0) { - if (email.equals(tmpUser.getEmail())) - { - user = tmpUser; - break; - } + user = users.getAll().get(0); } - if (user == null) + else { requestContext.getUIApplication().addMessage( new ApplicationMessage("UIForgetPassword.msg.email-not-exist", null)); @@ -128,7 +119,12 @@ } email = user.getEmail(); - + + // Create token + RemindPasswordTokenService tokenService = uiForm.getApplicationComponent(RemindPasswordTokenService.class); + Credentials credentials = new Credentials(user.getUserName(), ""); + tokenId = tokenService.createToken(credentials); + String portalName = URLEncoder.encode(Util.getUIPortal().getName(), "UTF-8"); ResourceBundle res = requestContext.getApplicationResourceBundle(); @@ -146,14 +142,13 @@ e.printStackTrace(); } String host = url.substring(0, url.indexOf(requestContext.getRequestContextPath())); - Long now = new Date().getTime(); - String activeLink = host + requestContext.getRequestContextPath() + "/public/" + portalName; - activeLink += - "?portal:componentId=UIPortal&portal:action=RecoveryPasswordAndUsername&tokenId=" + tokenId; - activeLink = headerMail + activeLink + footerMail; + String activeLink = host + requestContext.getRequestContextPath() + "/public/" + portalName + + "?portal:componentId=UIPortal&portal:action=RecoveryPasswordAndUsername&tokenId=" + + tokenId; + String mailText = headerMail + "\n" + activeLink + footerMail; try { - mailSrc.sendMessage(res.getString("UIForgetPassword.mail.from"), email, res.getString("UIForgetPassword.mail.subject"), activeLink); + mailSrc.sendMessage(res.getString("UIForgetPassword.mail.from"), email, res.getString("UIForgetPassword.mail.subject"), mailText); } catch(Exception e) { @@ -164,10 +159,6 @@ return; } - // Don't save the new password if we couldn't send the email -// user.setPassword(newPassword); - orgSrc.getUserHandler().saveUser(user, true); - uilogin.getChild(UILoginForm.class).setRendered(true); uilogin.getChild(UIForgetPasswordWizard.class).setRendered(false); uilogin.getChild(UIForgetPassword.class).setRendered(false); Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java =================================================================== --- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-13 20:36:19 UTC (rev 2237) +++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-13 21:24:19 UTC (rev 2238) @@ -50,6 +50,7 @@ import org.exoplatform.web.application.JavascriptManager; import org.exoplatform.web.security.GateInToken; import org.exoplatform.web.security.security.RemindPasswordTokenService; +import org.exoplatform.webui.application.WebuiRequestContext; import org.exoplatform.webui.core.UIComponent; import org.exoplatform.webui.core.UIContainer; import org.exoplatform.webui.core.UITabPane; @@ -438,6 +439,14 @@ String tokenId = event.getRequestContext().getRequestParameter("tokenId"); GateInToken token = tokenService.getToken(tokenId); + if (token == null) + { + WebuiRequestContext requestContext = event.getRequestContext(); + requestContext.getUIApplication().addMessage( + new ApplicationMessage("UIForgetPassword.msg.expration", null)); + requestContext.addUIComponentToUpdateByAjax(uiPortal.getParent()); + return; + } UIPortalApplication uiApp = uiPortal.getAncestorOfType(UIPortalApplication.class); UIMaskWorkspace uiMaskWS = uiApp.getChildById(UIPortalApplication.UI_MASK_WS_ID);