Revision 51770
Added by Katerina Iatropoulou about 6 years ago
ForgotPasswordServlet.java | ||
---|---|---|
4 | 4 |
import eu.dnetlib.openaire.user.utils.EmailSender; |
5 | 5 |
import eu.dnetlib.openaire.user.utils.LDAPActions; |
6 | 6 |
import eu.dnetlib.openaire.user.utils.VerificationActions; |
7 |
import eu.dnetlib.openaire.user.utils.VerifyRecaptcha; |
|
7 | 8 |
import eu.dnetlib.openaire.usermanagement.utils.UrlConstructor; |
9 |
import org.apache.commons.validator.routines.EmailValidator; |
|
8 | 10 |
import org.apache.log4j.Logger; |
9 | 11 |
import org.springframework.beans.factory.annotation.Autowired; |
12 |
import org.springframework.beans.factory.annotation.Value; |
|
10 | 13 |
import org.springframework.web.context.support.SpringBeanAutowiringSupport; |
11 | 14 |
|
12 | 15 |
import javax.mail.MessagingException; |
... | ... | |
25 | 28 |
|
26 | 29 |
public class ForgotPasswordServlet extends HttpServlet { |
27 | 30 |
|
28 |
public void init(ServletConfig config) throws ServletException { |
|
29 |
super.init(config); |
|
30 |
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, |
|
31 |
config.getServletContext()); |
|
32 |
} |
|
33 |
|
|
34 | 31 |
@Autowired |
35 | 32 |
private LDAPActions ldapActions; |
36 | 33 |
|
... | ... | |
40 | 37 |
@Autowired |
41 | 38 |
private EmailSender emailSender; |
42 | 39 |
|
40 |
@Value("${google.recaptcha.secret}") |
|
41 |
private String secret; |
|
42 |
|
|
43 |
@Value("${google.recaptcha.key}") |
|
44 |
private String sitekey; |
|
45 |
|
|
43 | 46 |
private Logger logger = Logger.getLogger(ForgotPasswordServlet.class); |
44 | 47 |
|
48 |
public void init(ServletConfig config) throws ServletException { |
|
49 |
super.init(config); |
|
50 |
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, |
|
51 |
config.getServletContext()); |
|
52 |
config.getServletContext().setAttribute("sitekey", sitekey); |
|
45 | 53 |
|
54 |
} |
|
55 |
|
|
46 | 56 |
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { |
47 | 57 |
|
48 | 58 |
String formEmail = request.getParameter("email").trim(); |
59 |
String gRecaptchaResponse = request.getParameter("g-recaptcha-response"); |
|
49 | 60 |
|
61 |
|
|
50 | 62 |
if (formEmail == null) { |
51 | 63 |
request.getSession().setAttribute("message", "Error reading email."); |
52 | 64 |
response.sendRedirect("./forgotPassword.jsp"); |
53 |
} |
|
65 |
} else if (formEmail.isEmpty()) { |
|
66 |
request.getSession().setAttribute("message", "Please enter your email."); |
|
67 |
response.sendRedirect("./remindUsername.jsp"); |
|
54 | 68 |
|
55 |
try { |
|
69 |
} else if (!EmailValidator.getInstance().isValid(formEmail)) { |
|
70 |
request.getSession().setAttribute("message", "Please enter a valid email."); |
|
71 |
response.sendRedirect("./remindUsername.jsp"); |
|
56 | 72 |
|
57 |
String username = ldapActions.getUsername(formEmail); |
|
58 |
if (username == null || username.isEmpty()) { |
|
59 |
request.getSession().setAttribute("message", "User does not exist."); |
|
60 |
response.sendRedirect("./forgotPassword.jsp"); |
|
73 |
} else if (!VerifyRecaptcha.verify(gRecaptchaResponse, secret)) { |
|
74 |
request.getSession().setAttribute("message", "You missed the reCAPTCHA validation!"); |
|
75 |
response.sendRedirect("./remindUsername.jsp"); |
|
61 | 76 |
|
62 |
} else { |
|
63 |
UUID verificationCode = UUID.randomUUID(); |
|
64 |
Date creationDate = new Date(); |
|
77 |
} else { |
|
65 | 78 |
|
66 |
Timestamp timestamp = new Timestamp(creationDate.getTime());
|
|
79 |
try {
|
|
67 | 80 |
|
68 |
if (!verificationActions.verificationEntryExists(username)) { |
|
69 |
verificationActions.addVerificationEntry(username, verificationCode.toString(), timestamp); |
|
81 |
String username = ldapActions.getUsername(formEmail); |
|
82 |
if (username == null || username.isEmpty()) { |
|
83 |
request.getSession().setAttribute("message", "User does not exist."); |
|
84 |
response.sendRedirect("./forgotPassword.jsp"); |
|
70 | 85 |
|
71 | 86 |
} else { |
72 |
verificationActions.updateVerificationEntry(username, verificationCode.toString(), timestamp);
|
|
73 |
}
|
|
87 |
UUID verificationCode = UUID.randomUUID();
|
|
88 |
Date creationDate = new Date();
|
|
74 | 89 |
|
75 |
String resultPath = UrlConstructor.getRedirectUrl(request, "verify.jsp");
|
|
90 |
Timestamp timestamp = new Timestamp(creationDate.getTime());
|
|
76 | 91 |
|
77 |
String verificationCodeMsg = "<p>Hello,</p>" + |
|
78 |
"<p> A request has been made to reset your OpenAIRE account password. To reset your " + |
|
79 |
"password, you will need to submit this verification code in order to verify that the " + |
|
80 |
"request was legitimate.</p>" + |
|
81 |
"<p> The verification code is " + verificationCode.toString() + "</p>" + |
|
82 |
"Select the URL below and proceed with verification." + |
|
83 |
"<p><a href=" + resultPath + ">" + resultPath + "</a></p>" + |
|
84 |
"<p>Thank you</p>"; |
|
92 |
if (!verificationActions.verificationEntryExists(username)) { |
|
93 |
verificationActions.addVerificationEntry(username, verificationCode.toString(), timestamp); |
|
85 | 94 |
|
86 |
String verificationCodeSubject = "Your OpenAIRE password reset request"; |
|
95 |
} else { |
|
96 |
verificationActions.updateVerificationEntry(username, verificationCode.toString(), timestamp); |
|
97 |
} |
|
87 | 98 |
|
88 |
emailSender.sendEmail(formEmail, verificationCodeSubject, verificationCodeMsg);
|
|
99 |
String resultPath = UrlConstructor.getRedirectUrl(request, "verify.jsp");
|
|
89 | 100 |
|
90 |
response.setContentType("text/html"); |
|
91 |
response.sendRedirect("./verify.jsp"); |
|
92 |
} |
|
101 |
String verificationCodeMsg = "<p>Hello,</p>" + |
|
102 |
"<p> A request has been made to reset your OpenAIRE account password. To reset your " + |
|
103 |
"password, you will need to submit this verification code in order to verify that the " + |
|
104 |
"request was legitimate.</p>" + |
|
105 |
"<p> The verification code is " + verificationCode.toString() + "</p>" + |
|
106 |
"Select the URL below and proceed with verification." + |
|
107 |
"<p><a href=" + resultPath + ">" + resultPath + "</a></p>" + |
|
108 |
"<p>Thank you</p>"; |
|
93 | 109 |
|
94 |
} catch (LDAPException ldape) { |
|
95 |
logger.error("LDAP error", ldape); |
|
96 |
response.sendRedirect(UrlConstructor.getRedirectUrl(request, "error.jsp")); |
|
97 |
//response.sendRedirect("./error.jsp"); |
|
110 |
String verificationCodeSubject = "Your OpenAIRE password reset request"; |
|
98 | 111 |
|
99 |
} catch (MessagingException e) { |
|
100 |
logger.error("Error in sending email", e); |
|
101 |
request.getSession().setAttribute("message", "Error sending email."); |
|
102 |
response.sendRedirect("./forgotPassword.jsp"); |
|
112 |
emailSender.sendEmail(formEmail, verificationCodeSubject, verificationCodeMsg); |
|
113 |
|
|
114 |
response.setContentType("text/html"); |
|
115 |
response.sendRedirect("./verify.jsp"); |
|
116 |
} |
|
117 |
|
|
118 |
} catch (LDAPException ldape) { |
|
119 |
logger.error("LDAP error", ldape); |
|
120 |
response.sendRedirect(UrlConstructor.getRedirectUrl(request, "error.jsp")); |
|
121 |
//response.sendRedirect("./error.jsp"); |
|
122 |
|
|
123 |
} catch (MessagingException e) { |
|
124 |
logger.error("Error in sending email", e); |
|
125 |
request.getSession().setAttribute("message", "Error sending email."); |
|
126 |
response.sendRedirect("./forgotPassword.jsp"); |
|
127 |
} |
|
103 | 128 |
} |
104 | 129 |
|
105 | 130 |
} |
Also available in: Unified diff
Added recaptcha