mirror of
https://github.com/ArenMg/aren.git
synced 2024-11-22 00:20:52 +00:00
Merge pull request #4 from Arimihanta/main
Regler le problème de réinitialisation de mot de passe
This commit is contained in:
commit
1e8344d3a3
2 changed files with 77 additions and 2 deletions
27
src/main/java/fr/lirmm/aren/model/ws/ResetPassword.java
Normal file
27
src/main/java/fr/lirmm/aren/model/ws/ResetPassword.java
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
package fr.lirmm.aren.model.ws;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author ANDRIAMBOLAHARIMIHANTA Havana on 24/06/2021
|
||||||
|
* @project aren-1
|
||||||
|
*/
|
||||||
|
public class ResetPassword {
|
||||||
|
private String password;
|
||||||
|
public ResetPassword() {
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
public String getPassword() {
|
||||||
|
return password;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param password
|
||||||
|
*/
|
||||||
|
public void setPassword(String password) {
|
||||||
|
this.password = password;
|
||||||
|
}
|
||||||
|
}
|
|
@ -7,6 +7,7 @@ import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.QueryParam;
|
import javax.ws.rs.QueryParam;
|
||||||
|
|
||||||
|
import fr.lirmm.aren.model.ws.ResetPassword;
|
||||||
import fr.lirmm.aren.service.InstitutionService;
|
import fr.lirmm.aren.service.InstitutionService;
|
||||||
import fr.lirmm.aren.service.UserService;
|
import fr.lirmm.aren.service.UserService;
|
||||||
import fr.lirmm.aren.exception.AccessDeniedException;
|
import fr.lirmm.aren.exception.AccessDeniedException;
|
||||||
|
@ -222,7 +223,6 @@ public class UserRESTFacade extends AbstractRESTFacade<User> {
|
||||||
* @param user
|
* @param user
|
||||||
* @param subject
|
* @param subject
|
||||||
* @param body
|
* @param body
|
||||||
* @param defautReturnUrl
|
|
||||||
*/
|
*/
|
||||||
private void sendLink(User user, String subject, String body) throws MessagingException {
|
private void sendLink(User user, String subject, String body) throws MessagingException {
|
||||||
Locale currentLocale = request.getLocale();
|
Locale currentLocale = request.getLocale();
|
||||||
|
@ -252,6 +252,34 @@ public class UserRESTFacade extends AbstractRESTFacade<User> {
|
||||||
mailingService.sendMail(application_config.getString("smtp.username"), user.getEmail(), localSubject, localBody);
|
mailingService.sendMail(application_config.getString("smtp.username"), user.getEmail(), localSubject, localBody);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void sendLinkResetPassword(User user, String subject, String body) throws MessagingException {
|
||||||
|
Locale currentLocale = request.getLocale();
|
||||||
|
ResourceBundle messages = ResourceBundle.getBundle("messages", currentLocale);
|
||||||
|
ResourceBundle application_config = ResourceBundle.getBundle("application", currentLocale);
|
||||||
|
|
||||||
|
|
||||||
|
String token = authenticationTokenService.issueToken(user, 24L * 60 * 60);
|
||||||
|
System.out.println(authenticationTokenService.parseToken(token).getIssuedDate());
|
||||||
|
String activationLink;
|
||||||
|
String localSubject;
|
||||||
|
String localBody;
|
||||||
|
|
||||||
|
String serverRoot = this.reverseProxy;
|
||||||
|
if (serverRoot.length() == 0) {
|
||||||
|
serverRoot=request.getRequestURL().substring(0, request.getRequestURL().length() - "/ws/users/resetPasswd".length()) ;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (returnUrl != null && !returnUrl.isEmpty()) {
|
||||||
|
activationLink = serverRoot + returnUrl.replace("{token}", token);
|
||||||
|
localSubject = messages.getString(subject);
|
||||||
|
localBody = MessageFormat.format(messages.getString(body), activationLink, activationLink);
|
||||||
|
} else {
|
||||||
|
localSubject = "AREN API token";
|
||||||
|
localBody = token;
|
||||||
|
}
|
||||||
|
mailingService.sendMail(application_config.getString("smtp.username"), user.getEmail(), localSubject, localBody);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mark a User as being activated after having clik in the mail link
|
* Mark a User as being activated after having clik in the mail link
|
||||||
*
|
*
|
||||||
|
@ -277,7 +305,7 @@ public class UserRESTFacade extends AbstractRESTFacade<User> {
|
||||||
User user = getService().findByUsernameOrEmail(identifier);
|
User user = getService().findByUsernameOrEmail(identifier);
|
||||||
if (user != null && user.isActive()) {
|
if (user != null && user.isActive()) {
|
||||||
try {
|
try {
|
||||||
sendLink(user, "mail_reset_password_subject", "mail_reset_password_body");
|
sendLinkResetPassword(user, "mail_reset_password_subject", "mail_reset_password_body");
|
||||||
} catch (MessagingException ex) {
|
} catch (MessagingException ex) {
|
||||||
throw new RuntimeException();
|
throw new RuntimeException();
|
||||||
}
|
}
|
||||||
|
@ -285,6 +313,26 @@ public class UserRESTFacade extends AbstractRESTFacade<User> {
|
||||||
// else nothing happend, it avoids someone to bruteforce user
|
// else nothing happend, it avoids someone to bruteforce user
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Path("resetPswd")
|
||||||
|
@RolesAllowed({"USER"})
|
||||||
|
public void resetPasswd(ResetPassword resetPasswd, @QueryParam("token") String token) {
|
||||||
|
// Mail token are 24h long, login token are 1 year long
|
||||||
|
// If this is a token from a mail, then it comes from a password reset requests
|
||||||
|
// so we do not check the old password
|
||||||
|
if (token != null && !token.isEmpty()) {
|
||||||
|
AuthenticationTokenDetails authToken = authenticationTokenService.parseToken(token);
|
||||||
|
if (authToken.getIssuedDate().plusSeconds(24 * 3600).isEqual(authToken.getExpirationDate())) {
|
||||||
|
userService.changePassword(getUser(), resetPasswd.getPassword());
|
||||||
|
getService().invalidateToken(getUser());
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
authentificationService.validateCredentials(getUser().getUsername(), resetPasswd.getPassword());
|
||||||
|
userService.changePassword(getUser(), resetPasswd.getPassword());
|
||||||
|
getService().invalidateToken(getUser());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mark a User as being removed without deleting its associated datas
|
* Mark a User as being removed without deleting its associated datas
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in a new issue