Index: lams_central/conf/language/lams/ApplicationResources_en_AU.properties =================================================================== diff -u -r5949a49ec6308dfce3ac7c88808da019f8260c76 -r87b69b432f9b2639bceb4e418cf889097a6c919c --- lams_central/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision 5949a49ec6308dfce3ac7c88808da019f8260c76) +++ lams_central/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision 87b69b432f9b2639bceb4e418cf889097a6c919c) @@ -180,7 +180,9 @@ forgot.password.email.subject =LAMS server - Forgot password response forgot.password.email.body =Click the link below and it will take you to a page where you can change your password. forgot.password.email.sent =An email has been sent to your email address. -error.user.not.found =Unable to find the username in LAMS. Please check your username and try again. +forgot.password.request.processed =If the email/username that you have provided exists, an email would be sent to the registered email address. + + error.support.email.not.set =Email could not be sent. The LAMS server has not been configured to handle emails. Please contact your system administrator. error.password.request.expired =This request for a new password has expired. Please click the "Forgot your Password" link again to make a new request. label.forgot.password.instructions.1 =Please enter your user name or email below. An email will be sent to you shortly with a link that will allow you to change your password. You only need to enter one value. @@ -189,7 +191,6 @@ label.forgot.password.username =By username error.forgot.password.fields =Both fields are required. Please try again. error.email.not.sent =Server failed to send email to recipient. Please contact your system administrator. -error.email.not.found =Unable to find a user that matches the given email. Please check your email address and try again. error.forgot.password.email =Please enter an email address. error.forgot.password.username =Please enter a username. button.select.another.importfile =Select another file to import Index: lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java =================================================================== diff -u -rec8852a3b210bda6bc32e99a177f4767dca7d8ee -r87b69b432f9b2639bceb4e418cf889097a6c919c --- lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java (.../ForgotPasswordServlet.java) (revision ec8852a3b210bda6bc32e99a177f4767dca7d8ee) +++ lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java (.../ForgotPasswordServlet.java) (revision 87b69b432f9b2639bceb4e418cf889097a6c919c) @@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.hibernate.id.Configurable; import org.hibernate.id.IdentifierGenerator; @@ -45,21 +46,17 @@ private static Logger log = Logger.getLogger(ForgotPasswordServlet.class); // states - public static String SMTP_SERVER_NOT_SET = "error.support.email.not.set"; - public static String USER_NOT_FOUND = "error.user.not.found"; - public static String PASSWORD_REQUEST_EXPIRED = "error.password.request.expired"; - public static String SUCCESS_REQUEST_EMAIL = "forgot.password.email.sent"; - public static String SUCCESS_CHANGE_PASS = "heading.password.changed.screen"; - public static String EMAIL_NOT_FOUND = "error.email.not.found"; - public static String INTERNAL_ERROR = "error.email.internal"; - public static String EMAIL_FAILED = "error.email.not.sent"; - public static String REQUEST_KEY_NOT_FOUND = "error.forgot.password.incorrect.key"; + private static String SMTP_SERVER_NOT_SET = "error.support.email.not.set"; + private static String PASSWORD_REQUEST_EXPIRED = "error.password.request.expired"; + private static String REQUEST_PROCESSED = "forgot.password.request.processed"; + private static String SUCCESS_CHANGE_PASS = "heading.password.changed.screen"; + private static String INTERNAL_ERROR = "error.email.internal"; + private static String EMAIL_FAILED = "error.email.not.sent"; + private static String REQUEST_KEY_NOT_FOUND = "error.forgot.password.incorrect.key"; private static int MILLISECONDS_IN_A_DAY = 86400000; - private static String STATE = "&state="; private static String LANGUAGE_KEY = "&languageKey="; - private static String EMAIL_SENT = "&emailSent="; @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { @@ -83,16 +80,16 @@ } else { param = request.getParameter("login"); } - handleEmailRequest(findByEmail, param.trim(), response); + } else if (method.equals("requestPasswordChange")) { String newPassword = request.getParameter("newPassword"); String key = request.getParameter("key"); handlePasswordChange(newPassword, key, response); + } else { response.sendError(HttpServletResponse.SC_BAD_REQUEST); } - } /** @@ -109,12 +106,6 @@ */ public void handleEmailRequest(Boolean findByEmail, String param, HttpServletResponse response) throws ServletException, IOException { - - int success = 0; - String languageKey = ""; - - boolean err = false; - if ((param == null) || param.equals("")) { response.sendError(HttpServletResponse.SC_BAD_REQUEST); return; @@ -124,9 +115,12 @@ String supportEmail = Configuration.get("LamsSupportEmail"); User user = null; - if ((SMPTServer == null) || SMPTServer.equals("") || (supportEmail == null) || supportEmail.equals("")) { + String languageKey = null; + boolean skipSendingEmail = false; + if (StringUtils.isBlank(SMPTServer) || StringUtils.isBlank(supportEmail)) { // Validate SMTP not set up languageKey = ForgotPasswordServlet.SMTP_SERVER_NOT_SET; + } else { WebApplicationContext ctx = WebApplicationContextUtils .getRequiredWebApplicationContext(this.getServletContext()); @@ -137,35 +131,37 @@ if (!findByEmail) { if (userService.getUserByLogin(param) != null) { user = userService.getUserByLogin(param); + } else { // validate user is not found - languageKey = ForgotPasswordServlet.USER_NOT_FOUND; - err = true; + skipSendingEmail = true; } + } else { try { List users = userService.getAllUsersWithEmail(param); if (users.size() == 1) { user = users.get(0); + } else if (users.size() == 0) { // validate no user with email found - languageKey = ForgotPasswordServlet.EMAIL_NOT_FOUND; - err = true; + skipSendingEmail = true; + } else { // validate multiple users with email found languageKey = ForgotPasswordServlet.INTERNAL_ERROR; - ForgotPasswordServlet.log - .info("Password recovery: The email is assigned to multiple users: " + param); - err = true; + log.info("Password recovery: The email is assigned to multiple users: " + param); + skipSendingEmail = true; + } } catch (Exception e) { languageKey = ForgotPasswordServlet.INTERNAL_ERROR; - ForgotPasswordServlet.log.error("Error while recovering password.", e); - err = true; + log.error("Error while recovering password.", e); + skipSendingEmail = true; } } - if (!err) { + if (!skipSendingEmail) { boolean isHtmlFormat = false; // generate a key for the request String key = ForgotPasswordServlet.generateUniqueKey(); @@ -185,44 +181,30 @@ try { Emailer.sendFromSupportEmail(messageService.getMessage("forgot.password.email.subject"), user.getEmail(), body, isHtmlFormat); - languageKey = ForgotPasswordServlet.SUCCESS_REQUEST_EMAIL; - success = 1; } catch (AddressException e) { // failure handling - ForgotPasswordServlet.log.error( - "Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); - // response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + log.error("Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); languageKey = ForgotPasswordServlet.EMAIL_FAILED; - success = 0; } catch (MessagingException e) { // failure handling - ForgotPasswordServlet.log.error( - "Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); - // response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + log.error("Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); languageKey = ForgotPasswordServlet.EMAIL_FAILED; - success = 0; } catch (Exception e) { // failure handling - ForgotPasswordServlet.log.error( - "Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); + log.error("Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); languageKey = ForgotPasswordServlet.EMAIL_FAILED; - success = 0; - // response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } - } - } - String redirectStr = Configuration.get("ServerURL") + "forgotPasswordProc.jsp?" + ForgotPasswordServlet.STATE - + success + ForgotPasswordServlet.LANGUAGE_KEY + languageKey; + //show message as an error only in case message differs from the default one + boolean showErrorMessage = languageKey != null; + //show default message if there is no error message + languageKey = languageKey == null ? ForgotPasswordServlet.REQUEST_PROCESSED : languageKey; - if ((success == 1) && (user.getEmail() != null)) { - redirectStr += ForgotPasswordServlet.EMAIL_SENT + java.net.URLEncoder.encode(user.getEmail(), "UTF-8"); - } - - response.sendRedirect(redirectStr); - + String redirectUrl = Configuration.get("ServerURL") + "forgotPasswordProc.jsp?" + + ForgotPasswordServlet.LANGUAGE_KEY + languageKey + "&showErrorMessage=" + showErrorMessage; + response.sendRedirect(response.encodeRedirectURL(redirectUrl)); } /** @@ -233,9 +215,6 @@ */ public void handlePasswordChange(String newPassword, String key, HttpServletResponse response) throws ServletException, IOException { - int success = 0; - String languageKey = ""; - if ((key == null) || key.equals("") || (newPassword == null) || newPassword.equals("")) { response.sendError(HttpServletResponse.SC_BAD_REQUEST); return; @@ -245,34 +224,36 @@ .getRequiredWebApplicationContext(this.getServletContext()); IUserManagementService userService = (IUserManagementService) ctx.getBean("userManagementService"); + String languageKey = ""; + boolean showErrorMessage = false; ForgotPasswordRequest fp = userService.getForgotPasswordRequest(key); - if (fp == null) { - response.sendRedirect( - Configuration.get("ServerURL") + "forgotPasswordProc.jsp?" + ForgotPasswordServlet.STATE + 0 - + ForgotPasswordServlet.LANGUAGE_KEY + ForgotPasswordServlet.REQUEST_KEY_NOT_FOUND); - return; - } + languageKey = ForgotPasswordServlet.REQUEST_KEY_NOT_FOUND; + showErrorMessage = true; + + } else { + long cutoffTime = fp.getRequestDate().getTime() + ForgotPasswordServlet.MILLISECONDS_IN_A_DAY; + long now = new Date().getTime(); - long cutoffTime = fp.getRequestDate().getTime() + ForgotPasswordServlet.MILLISECONDS_IN_A_DAY; - Date now = new Date(); - long nowLong = now.getTime(); + if (now < cutoffTime) { + User user = (User) userService.findById(User.class, fp.getUserId()); + userService.updatePassword(user.getLogin(), newPassword); + userService.logPasswordChanged(user, user); + languageKey = ForgotPasswordServlet.SUCCESS_CHANGE_PASS; - if (nowLong < cutoffTime) { - User user = (User) userService.findById(User.class, fp.getUserId()); - userService.updatePassword(user.getLogin(), newPassword); - userService.logPasswordChanged(user, user); - languageKey = ForgotPasswordServlet.SUCCESS_CHANGE_PASS; - success = 1; - } else { - // validate password request expired - languageKey = ForgotPasswordServlet.PASSWORD_REQUEST_EXPIRED; + } else { + // validate password request expired + languageKey = ForgotPasswordServlet.PASSWORD_REQUEST_EXPIRED; + showErrorMessage = true; + } + + userService.delete(fp); } - userService.delete(fp); - - response.sendRedirect(Configuration.get("ServerURL") + "forgotPasswordProc.jsp?" + ForgotPasswordServlet.STATE - + success + ForgotPasswordServlet.LANGUAGE_KEY + languageKey); + String redirectUrl = Configuration.get("ServerURL") + "forgotPasswordProc.jsp?" + + ForgotPasswordServlet.LANGUAGE_KEY + languageKey + "&showErrorMessage=" + + showErrorMessage; + response.sendRedirect(response.encodeRedirectURL(redirectUrl)); } /** Index: lams_central/web/forgotPassword.jsp =================================================================== diff -u -re0a7b3e91077a48612f883dc740e177efb582d99 -r87b69b432f9b2639bceb4e418cf889097a6c919c --- lams_central/web/forgotPassword.jsp (.../forgotPassword.jsp) (revision e0a7b3e91077a48612f883dc740e177efb582d99) +++ lams_central/web/forgotPassword.jsp (.../forgotPassword.jsp) (revision 87b69b432f9b2639bceb4e418cf889097a6c919c) @@ -73,8 +73,9 @@ if (keycode == 13) { validateForm(); return false; - } else + } else { return true; + } } @@ -109,37 +110,34 @@
- +
-
- + +
-
- + - +
Index: lams_central/web/forgotPasswordChange.jsp =================================================================== diff -u -r6825a5272d3a48f8cafa370b0e0107cc9077cff6 -r87b69b432f9b2639bceb4e418cf889097a6c919c --- lams_central/web/forgotPasswordChange.jsp (.../forgotPasswordChange.jsp) (revision 6825a5272d3a48f8cafa370b0e0107cc9077cff6) +++ lams_central/web/forgotPasswordChange.jsp (.../forgotPasswordChange.jsp) (revision 87b69b432f9b2639bceb4e418cf889097a6c919c) @@ -32,69 +32,65 @@ }; var mustHaveUppercase = ${mustHaveUppercase}, - mustHaveNumerics = ${mustHaveNumerics}, - mustHaveLowercase = ${mustHaveLowercase}, - mustHaveSymbols = ${mustHaveSymbols}; + mustHaveNumerics = ${mustHaveNumerics}, + mustHaveLowercase = ${mustHaveLowercase}, + mustHaveSymbols = ${mustHaveSymbols}; - $.validator.addMethod("pwcheck", function(value) { - return (!mustHaveUppercase || /[A-Z]/.test(value)) && // has uppercase letters - (!mustHaveNumerics || /\d/.test(value)) && // has a digit - (!mustHaveLowercase || /[a-z]/.test(value)) && // has a lower case - (!mustHaveSymbols || /[`~!@#$%^&*\(\)_\-+={}\[\]\\|:\;\"\'\<\>,.?\/]/.test(value)); //has symbols - }); + $.validator.addMethod("pwcheck", function(value) { + return (!mustHaveUppercase || /[A-Z]/.test(value)) && // has uppercase letters + (!mustHaveNumerics || /\d/.test(value)) && // has a digit + (!mustHaveLowercase || /[a-z]/.test(value)) && // has a lower case + (!mustHaveSymbols || /[`~!@#$%^&*\(\)_\-+={}\[\]\\|:\;\"\'\<\>,.?\/]/.test(value)); //has symbols + }); - $.validator - .addMethod( - "charactersAllowed", - function(value) { - return /^[A-Za-z0-9\d`~!@#$%^&*\(\)_\-+={}\[\]\\|:\;\"\'\<\>,.?\/]*$/ - .test(value) + $.validator.addMethod( + "charactersAllowed", + function(value) { + return /^[A-Za-z0-9\d`~!@#$%^&*\(\)_\-+={}\[\]\\|:\;\"\'\<\>,.?\/]*$/ + .test(value) + } + ); - }); - $(function() { // Setup form validation - $("form[name='changePass']") - .validate( - { - debug : true, - errorClass : 'help-block', - // validation rules - rules : { - newPassword : { - required : true, - minlength : , - maxlength : 25, - charactersAllowed : true, - pwcheck : true - }, - confirmNewPassword : { - required : true, - equalTo : "#newPassword" - } - }, + $("form[name='changePass']").validate({ + debug : true, + errorClass : 'help-block', + // validation rules + rules : { + newPassword : { + required : true, + minlength : , + maxlength : 25, + charactersAllowed : true, + pwcheck : true + }, + confirmNewPassword : { + required : true, + equalTo : "#newPassword" + } + }, - // Specify the validation error messages - messages : { - newPassword : { - required : "", - minlength : "", - maxlength : "", - charactersAllowed : " ` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; \" ' < > , . ? /", - pwcheck : "" - }, - confirmNewPassword : { - required : "", - equalTo : "" - }, - }, + // Specify the validation error messages + messages : { + newPassword : { + required : "", + minlength : "", + maxlength : "", + charactersAllowed : " ` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; \" ' < > , . ? /", + pwcheck : "" + }, + confirmNewPassword : { + required : "", + equalTo : "" + }, + }, - submitHandler : function(form) { - document.changePass.submit(); - } - }); - + submitHandler : function(form) { + document.changePass.submit(); + } + }); }); Index: lams_central/web/forgotPasswordProc.jsp =================================================================== diff -u -r038b324dcfb10ea96cdaa78b8ce513ae5d11cb14 -r87b69b432f9b2639bceb4e418cf889097a6c919c --- lams_central/web/forgotPasswordProc.jsp (.../forgotPasswordProc.jsp) (revision 038b324dcfb10ea96cdaa78b8ce513ae5d11cb14) +++ lams_central/web/forgotPasswordProc.jsp (.../forgotPasswordProc.jsp) (revision 87b69b432f9b2639bceb4e418cf889097a6c919c) @@ -1,85 +1,45 @@ <%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%> -<%@page import="org.apache.struts.action.ActionMessages"%> -<%@page import="org.apache.commons.lang.StringEscapeUtils"%> -<%@page import="org.lamsfoundation.lams.web.ForgotPasswordServlet"%> -<%@page import="org.lamsfoundation.lams.util.MessageService"%> -<%@page import="org.springframework.web.context.WebApplicationContext"%> -<%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%> -<%@ page import="org.lamsfoundation.lams.util.Configuration"%> -<%@ page import="org.lamsfoundation.lams.util.ConfigurationKeys"%> - <%@ taglib uri="tags-html" prefix="html"%> <%@ taglib uri="tags-logic" prefix="logic"%> <%@ taglib uri="tags-fmt" prefix="fmt"%> <%@ taglib uri="tags-lams" prefix="lams"%> <%@ taglib uri="tags-core" prefix="c"%> -<% - String languageKey = StringEscapeUtils.escapeHtml(request - .getParameter("languageKey")); - String stateStr = request.getParameter("state"); - String emailStr = request.getParameter("emailSent"); -%> - - - <%=languageKey%> - - - <%=stateStr%> - - - <%=emailStr%> - - - - <fmt:message key="title.forgot.password" /> + - - - - - + -

- -

- - - - - - + + + + + + + + - - - + - -