Author: thomas.heute(a)jboss.com Date: 2010-02-03 08:16:00 -0500 (Wed, 03 Feb 2010) New Revision: 1520 Added: portal/trunk/component/identity/src/main/java/conf/configuration.xml portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java Modified: portal/trunk/component/identity/pom.xml portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java Log: GTNPORTAL-583: i18n of email subject when sending new password GTNPORTAL-582: Extract email 'From' from the code when sending new password GTNPORTAL-581: "Remind my password" feature when specifying email address doesn't work GTNPORTAL-310: Change random password 'algorithm' when requesting a new password Modified: portal/trunk/component/identity/pom.xml =================================================================== --- portal/trunk/component/identity/pom.xml 2010-02-03 10:29:36 UTC (rev 1519) +++ portal/trunk/component/identity/pom.xml 2010-02-03 13:16:00 UTC (rev 1520) @@ -52,7 +52,12 @@ <artifactId>exo.core.component.organization.api</artifactId> </dependency> - <dependency> + <dependency> + <groupId>org.gatein.common</groupId> + <artifactId>common-logging</artifactId> + </dependency> + + <dependency> <groupId>org.picketlink.idm</groupId> <artifactId>picketlink-idm-core</artifactId> </dependency> Added: portal/trunk/component/identity/src/main/java/conf/configuration.xml =================================================================== --- portal/trunk/component/identity/src/main/java/conf/configuration.xml (rev 0) +++ portal/trunk/component/identity/src/main/java/conf/configuration.xml 2010-02-03 13:16:00 UTC (rev 1520) @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!-- + + Copyright (C) 2009 eXo Platform SAS. + + This is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this software; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301 USA, or see the FSF site: http://www.fsf.org. + +--> + +<configuration + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd" + xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"> + + <component> + <key>org.exoplatform.services.organization.PasswordGeneratorService</key> + <type>org.exoplatform.services.organization.PasswordGeneratorServiceImpl</type> + </component> + +</configuration> \ No newline at end of file Property changes on: portal/trunk/component/identity/src/main/java/conf/configuration.xml ___________________________________________________________________ Name: svn:mime-type + text/plain Added: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java (rev 0) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java 2010-02-03 13:16:00 UTC (rev 1520) @@ -0,0 +1,35 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ + +package org.exoplatform.services.organization; + +/** + * @author <a href="mailto:theute@redhat.com">Thomas Heute</a> + * @version $Revision$ + */ +public interface PasswordGeneratorService +{ + + public String generatePassword(); + +} Property changes on: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorService.java ___________________________________________________________________ Name: svn:mime-type + text/plain Added: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java (rev 0) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java 2010-02-03 13:16:00 UTC (rev 1520) @@ -0,0 +1,70 @@ +/****************************************************************************** + * JBoss, a division of Red Hat * + * Copyright 2010, Red Hat Middleware, LLC, and individual * + * contributors as indicated by the @authors tag. See the * + * copyright.txt in the distribution for a full listing of * + * individual contributors. * + * * + * This is free software; you can redistribute it and/or modify it * + * under the terms of the GNU Lesser General Public License as * + * published by the Free Software Foundation; either version 2.1 of * + * the License, or (at your option) any later version. * + * * + * This software is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * + * Lesser General Public License for more details. * + * * + * You should have received a copy of the GNU Lesser General Public * + * License along with this software; if not, write to the Free * + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * + ******************************************************************************/ + +package org.exoplatform.services.organization; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; + +/** + * @author <a href="mailto:theute@redhat.com">Thomas Heute</a> + * @version $Revision$ + */ +public class PasswordGeneratorServiceImpl implements PasswordGeneratorService +{ + + private String passwordCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_][{};:?.-+"; + + public String generatePassword() + { + Logger logger = LoggerFactory.getLogger(PasswordGeneratorServiceImpl.class); + int length = 12; + StringBuffer buffer = new StringBuffer(); + char[] characterMap = passwordCharacters.toCharArray(); + SecureRandom secureRandom; + try + { + secureRandom = SecureRandom.getInstance("SHA1PRNG"); + } + catch (NoSuchAlgorithmException e) + { + logger.warn("SHA1PRNG algorithm isn't available, falling back to insecure password"); + return "" + System.currentTimeMillis(); + } + + for (int i = 0; i <= length; i++) + { + byte[] bytes = new byte[512]; + secureRandom.nextBytes(bytes); + double number = secureRandom.nextDouble(); + int b = ((int) (number * characterMap.length)); + buffer.append(characterMap[b]); + } + + return buffer.toString(); + } + +} Property changes on: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/PasswordGeneratorServiceImpl.java ___________________________________________________________________ Name: svn:mime-type + text/plain Modified: portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java =================================================================== --- portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-02-03 10:29:36 UTC (rev 1519) +++ portal/trunk/webui/portal/src/main/java/org/exoplatform/portal/webui/login/UIForgetPassword.java 2010-02-03 13:16:00 UTC (rev 1520) @@ -24,6 +24,7 @@ import org.exoplatform.portal.webui.util.Util; import org.exoplatform.services.mail.MailService; import org.exoplatform.services.organization.OrganizationService; +import org.exoplatform.services.organization.PasswordGeneratorService; import org.exoplatform.services.organization.Query; import org.exoplatform.services.organization.User; import org.exoplatform.web.application.ApplicationMessage; @@ -41,7 +42,6 @@ import java.net.URLEncoder; import java.util.Date; -import java.util.List; import java.util.MissingResourceException; import java.util.ResourceBundle; @@ -78,41 +78,53 @@ String url = portalContext.getRequest().getRequestURL().toString(); MailService mailSrc = uiForm.getApplicationComponent(MailService.class); OrganizationService orgSrc = uiForm.getApplicationComponent(OrganizationService.class); + PasswordGeneratorService passwordGenSrc = uiForm.getApplicationComponent(PasswordGeneratorService.class); String userName = uiForm.getUIStringInput(Username).getValue(); String email = uiForm.getUIStringInput(Email).getValue(); uiForm.reset(); + + User user = null; + + // User provided his username if (userName != null) { - if (orgSrc.getUserHandler().findUserByName(userName) == null) + user = orgSrc.getUserHandler().findUserByName(userName); + if (user == null) { requestContext.getUIApplication().addMessage( new ApplicationMessage("UIForgetPassword.msg.user-not-exist", null)); return; } - email = orgSrc.getUserHandler().findUserByName(userName).getEmail(); } - //get user - PageList userPageList = orgSrc.getUserHandler().findUsers(new Query()); - List userList = userPageList.currentPage(); - User user = null; - for (int i = 0; i < userList.size(); i++) + + // User provided his email address + if (user == null && email != null) { - User tmpUser = (User)userList.get(i); - if (tmpUser.getEmail().equals(email)) + Query query = new Query(); + // Querying on email won't work. PLIDM-12 + // Note that querying on email is inefficient as it loops over all users... + // query.setEmail(email); + PageList<User> users = orgSrc.getUserHandler().findUsers(query); + for (User tmpUser : users.currentPage().toArray(new User[]{})) { - user = tmpUser; - break; + if (email.equals(tmpUser.getEmail())) + { + user = tmpUser; + break; + } } + if (user == null) + { + requestContext.getUIApplication().addMessage( + new ApplicationMessage("UIForgetPassword.msg.email-not-exist", null)); + return; + } } - if (user == null) - { - requestContext.getUIApplication().addMessage( - new ApplicationMessage("UIForgetPassword.msg.email-not-exist", null)); - return; - } + + email = user.getEmail(); + String portalName = URLEncoder.encode(Util.getUIPortal().getName(), "UTF-8"); - Long now = new Date().getTime(); - user.setPassword(now.toString()); + user.setPassword(passwordGenSrc.generatePassword()); orgSrc.getUserHandler().saveUser(user, true); ResourceBundle res = requestContext.getApplicationResourceBundle(); String headerMail = "headermail"; @@ -130,14 +142,18 @@ e.printStackTrace(); } String host = url.substring(0, url.indexOf(requestContext.getRequestContextPath())); + Long now = new Date().getTime(); String activeLink = host + requestContext.getRequestContextPath() + "/public/" + portalName; activeLink += "?portal:componentId=UIPortal&portal:action=RecoveryPasswordAndUsername&datesend=" + now.toString() + "&email=" + email; activeLink = headerMail + activeLink + footerMail; - try{ - mailSrc.sendMessage(&quot;exoservice(a)gmail.com&quot;, email, "Remind password and username", activeLink); - } catch(Exception e){ + try + { + mailSrc.sendMessage(res.getString("UIForgetPassword.mail.from"), email, res.getString("UIForgetPassword.mail.subject"), activeLink); + } + catch(Exception e) + { requestContext.getUIApplication().addMessage( new ApplicationMessage("UIForgetPassword.msg.send-mail-fail", null)); requestContext.addUIComponentToUpdateByAjax(uilogin);