Author: thomas.heute(a)jboss.com Date: 2010-03-14 06:53:50 -0400 (Sun, 14 Mar 2010) New Revision: 2243 Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java Log: GTNPORTAL-880: password recovery may change anyone's password Delete token once used Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java =================================================================== --- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java 2010-03-13 23:41:02 UTC (rev 2242) +++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIResetPassword.java 2010-03-14 10:53:50 UTC (rev 2243) @@ -25,6 +25,8 @@ import org.exoplatform.services.organization.User; import org.exoplatform.web.application.ApplicationMessage; import org.exoplatform.web.security.GateInToken; +import org.exoplatform.web.security.Token; +import org.exoplatform.web.security.security.RemindPasswordTokenService; import org.exoplatform.webui.application.WebuiRequestContext; import org.exoplatform.webui.config.annotation.ComponentConfig; import org.exoplatform.webui.config.annotation.EventConfig; @@ -57,7 +59,7 @@ static User user_; - private static GateInToken token; + private static String tokenId; public UIResetPassword() throws Exception { @@ -76,9 +78,9 @@ getUIStringInput(USER_NAME).setValue(user.getUserName()); } - public void setToken(GateInToken token) + public void setTokenId(String tokenId) { - UIResetPassword.token = token; + UIResetPassword.tokenId = tokenId; } @Override @@ -101,6 +103,8 @@ UIApplication uiApp = request.getUIApplication(); UIMaskWorkspace uiMaskWorkspace = uiApp.getChildById(UIPortalApplication.UI_MASK_WS_ID); OrganizationService orgService = uiForm.getApplicationComponent(OrganizationService.class); + RemindPasswordTokenService tokenService = uiForm.getApplicationComponent(RemindPasswordTokenService.class); + uiForm.reset(); boolean setPassword = true; @@ -110,6 +114,7 @@ setPassword = false; } + Token token = tokenService.getToken(tokenId); // Making sure a token exist if (token == null || token.isExpired()) { @@ -125,7 +130,7 @@ uiMaskWorkspace.setWindowSize(-1, -1); uiApp.addMessage(new ApplicationMessage("UIResetPassword.msg.change-password-successfully", null)); - // Should invalidate the token here... + tokenService.deleteToken(tokenId); } event.getRequestContext().addUIComponentToUpdateByAjax(uiMaskWorkspace); } Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java =================================================================== --- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-13 23:41:02 UTC (rev 2242) +++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/portal/UIPortalComponentActionListener.java 2010-03-14 10:53:50 UTC (rev 2243) @@ -457,7 +457,7 @@ UIResetPassword uiReset = uiMaskWS.createUIComponent(UIResetPassword.class, null, null); uiReset.setUser(user); - uiReset.setToken(token); + uiReset.setTokenId(tokenId); uiMaskWS.setUIComponent(uiReset); uiMaskWS.setWindowSize(630, -1); event.getRequestContext().addUIComponentToUpdateByAjax(uiMaskWS);