Author: channa Date: Fri Jan 25 00:21:47 2008 New Revision: 12876 Log:
Added 'reset forgotten password' functionality. Verifying the requester using the user id and e-mail id initially provided and sending a mail with the new password. Added: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java trunk/mashup/java/modules/www/reset_password.jsp Modified: trunk/mashup/java/modules/core/conf/UI.properties trunk/mashup/java/modules/core/src/org/wso2/mashup/transport/MainServlet.java trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java trunk/mashup/java/modules/www/signin.jsp Modified: trunk/mashup/java/modules/core/conf/UI.properties ============================================================================== --- trunk/mashup/java/modules/core/conf/UI.properties (original) +++ trunk/mashup/java/modules/core/conf/UI.properties Fri Jan 25 00:21:47 2008 @@ -2,4 +2,6 @@ welcome.header=Welcome to the WSO2 Mashup Server beta! welcome.message=The WSO2 Mashup Server is a completely free and open source platform for acquiring, converting, combining, and republishing digital information. Each mashup is exposed as a Web Service, accessible through multiple formats and protocols. We hope you enjoy trying out this beta and encourage you to provide feedback on the <a href="http://www.wso2.org/forum/226";>Mashup Server Forum</a>. register.admin.title=Welcome to the WSO2 Mashup Server! -register.admin.message=Please take a moment to secure the WSO2 Mashup Server by providing a user name and password for the primary account. This primary account will have administrative privileges, with full control over all the resources and users. Additional users can be added by this account, or self-registration with email verification can be enabled.</p><p>Note that if no email address is provided, you will be unable to recover a lost password for this account. \ No newline at end of file +register.admin.message=Please take a moment to secure the WSO2 Mashup Server by providing a user name and password for the primary account. This primary account will have administrative privileges, with full control over all the resources and users. Additional users can be added by this account, or self-registration with email verification can be enabled.</p><p>Note that if no email address is provided, you will be unable to recover a lost password for this account. +reset.password.title=Reset Password +reset.password.message=Enter the user name and e-mail ID you registered with to reset your password. \ No newline at end of file Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/transport/MainServlet.java ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/transport/MainServlet.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/transport/MainServlet.java Fri Jan 25 00:21:47 2008 @@ -60,16 +60,20 @@ // Setting up the e-mail verifier for self registration. EmailVerifierConfig verifierConfig = new EmailVerifierConfig(); - verifierConfig.setHost(servletConfig.getInitParameter(MashupConstants.EMAIL_RELAY_HOST)); + String relayHost = servletConfig.getInitParameter(MashupConstants.EMAIL_RELAY_HOST); + String fromEmail = servletConfig.getInitParameter(MashupConstants.EMAIL_FROM_ADDRESS); + verifierConfig.setHost(relayHost); verifierConfig.setRegistrationServiceEPR(servletConfig.getInitParameter( MashupConstants.REG_VALIDATION_URL)); - verifierConfig.setFromAddress(servletConfig.getInitParameter( - MashupConstants.EMAIL_FROM_ADDRESS)); + verifierConfig.setFromAddress(fromEmail); verifierConfig.setSubject(servletConfig.getInitParameter( MashupConstants.EMAIL_SUBJECT)); verifierConfig.setEmailBody(servletConfig.getInitParameter( MashupConstants.EMAIL_BODY)); + // Add the e-mail parameters to the servlet context. + servletContext.setAttribute(MashupConstants.EMAIL_RELAY_HOST, relayHost); + servletContext.setAttribute(MashupConstants.EMAIL_FROM_ADDRESS, fromEmail); try { EmailVerifier.init(realm, verifierConfig); } catch (UserManagerException e) { Added: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java Fri Jan 25 00:21:47 2008 @@ -0,0 +1,181 @@ +/* + * Copyright (c) 2006, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wso2.mashup.webapp.userprofile; + +import org.apache.axiom.om.util.UUIDGenerator; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.mashup.MashupConstants; +import org.wso2.mashup.MashupFault; +import org.wso2.registry.RegistryConstants; +import org.wso2.usermanager.Realm; +import org.wso2.usermanager.UserManagerException; +import org.wso2.usermanager.UserStoreAdmin; +import org.wso2.usermanager.verification.email.EmailVerifierConfig; + +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.AddressException; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import java.util.Hashtable; +import java.util.Map; +import java.util.Properties; + +/** + * Encapsulates the user password resetting functionality. + */ +public class ResetPasswordBean { + private static final Log log = LogFactory.getLog(ResetPasswordBean.class); + private int port = 25; + private String host; + private String fromAddress; + private String subject = "Password Reset Successful"; + private String message = "As requested, your password has been reset. Your new password is: "; + private String emailId; + private String userName; + private Hashtable errors; + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getEmailId() { + return emailId; + } + + public void setEmailId(String emailId) { + this.emailId = emailId; + } + + /** + * Initialize bean values. + */ + public ResetPasswordBean() { + this.userName = ""; + this.emailId = ""; + this.errors = new Hashtable(); + } + + /** + * Validates the information in mandatory fields. + * + * @return true if validation is successful. + */ + public boolean isInputValid(HttpServletRequest request) { + boolean valid = true; + if (userName.equals("")) { + errors.put("userName", "User name cannot be empty."); + valid = false; + } + + if (emailId.equals("")) { + errors.put("emailId", "E-mail ID cannot be empty."); + valid = false; + } + return valid; + } + + /** + * Return any added error messages. + * + * @param key Key to identify error. + * @return Message associated with key, if it exists. + */ + public String getErrorMessage(String key) { + String errorMsg = (String) errors.get(key.trim()); + return (errorMsg == null) ? "" : errorMsg; + } + + /** + * Resets the requesters password. + * @param request Servlet request. + * @return true if the reset operation succeeded. + * @throws MashupFault on errors. + */ + public boolean resetPassword(HttpServletRequest request) throws MashupFault { + boolean success = false; + ServletContext context = request.getSession().getServletContext(); + Realm realm = (Realm) context.getAttribute(RegistryConstants.REGISTRY_REALM); + + try { + UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin(); + Map userProps = userStoreAdmin.getUserProperties(userName); + String eMail = (String) userProps.get(MashupConstants.EMAIL_ID); + if (emailId.equals(eMail)) { + // Currently setting the password to the user name. + String uuid = UUIDGenerator.getUUID(); + String newPassword = uuid.substring(uuid.length() - 8); + userStoreAdmin.updateUser(userName, newPassword); + sendEmail(newPassword); + } + } catch (UserManagerException e) { + log.error("Error resetting password in user manager", e); + throw new MashupFault("Could not reset password", e); + } + return success; + } + + /** + * Send an e-mail to the requester of a password reset. + * @param newPassword password to be mailed to the user. + * @throws MashupFault If an error has been found. + */ + protected void sendEmail(String newPassword) throws MashupFault { + Properties props = new Properties(); + props.put(EmailVerifierConfig.HOST, host); + props.put(EmailVerifierConfig.PORT, Integer.toString(port)); + Session session = Session.getDefaultInstance(props, null); + + try { + // Construct the message + Message msg = new MimeMessage(session); + msg.setFrom(new InternetAddress(fromAddress)); + msg.setRecipient(Message.RecipientType.TO, new InternetAddress(emailId)); + msg.setSubject(subject); + msg.setText(message + newPassword); + + log.debug("Sending confirmation mail to " + emailId); + // Send the message + Transport.send(msg); + log.debug("Sending confirmation mail to " + emailId + "DONE"); + } catch (AddressException e) { + throw new MashupFault("sendingMailProblems", e); + } catch (MessagingException e) { + throw new MashupFault("sendingMailProblems", e); + } + } + + /** + * Get the e-mail parameters to the servlet context. + * + * @param request Servlet request. + */ + public void initMailConfig(HttpServletRequest request) { + host = (String) request.getSession().getServletContext().getAttribute( + MashupConstants.EMAIL_RELAY_HOST); + fromAddress = (String) request.getSession().getServletContext().getAttribute( + MashupConstants.EMAIL_FROM_ADDRESS); + } +} Modified: trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java ============================================================================== --- trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java (original) +++ trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java Fri Jan 25 00:21:47 2008 @@ -524,6 +524,7 @@ Map properties = userStoreAdmin.getUserProperties(userName); properties.put(MashupConstants.PROFILE_PATH, profilePath); properties.put(MashupConstants.FULL_NAME, fullName); + properties.put(MashupConstants.EMAIL_ID, eMailId); properties.put(MashupConstants.ORIGIN_MASHUP, String.valueOf(true)); userStoreAdmin.setUserProperties(userName, properties); @@ -592,6 +593,7 @@ String profilePath = null; Map properties = userStoreAdmin.getUserProperties(userName); properties.put(MashupConstants.FULL_NAME, fullName); + properties.put(MashupConstants.EMAIL_ID, eMailId); userStoreAdmin.setUserProperties(userName, properties); if (properties.containsKey(MashupConstants.PROFILE_PATH)) { Added: trunk/mashup/java/modules/www/reset_password.jsp ============================================================================== --- (empty file) +++ trunk/mashup/java/modules/www/reset_password.jsp Fri Jan 25 00:21:47 2008 @@ -0,0 +1,140 @@ +<%-- + * Copyright 2006,2007 WSO2, Inc. http://www.wso2.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +--%> +<%@ page errorPage="error.jsp" %> +<%@ page contentType="text/html;charset=UTF-8" language="java" %> +<%@ page import="com.sun.syndication.feed.synd.SyndContent" %> +<%@ page import="com.sun.syndication.feed.synd.SyndContentImpl" %> +<%@ page import="com.sun.syndication.feed.synd.SyndEntry" %> +<%@ page import="com.sun.syndication.feed.synd.SyndEntryImpl" %> +<%@ page import="com.sun.syndication.feed.synd.SyndFeed" %> +<%@ page import="com.sun.syndication.feed.synd.SyndFeedImpl" %> +<%@ page import="com.sun.syndication.io.SyndFeedOutput" %> +<%@ page import="org.apache.axis2.context.ConfigurationContext" %> +<%@ page import="org.wso2.mashup.MashupConstants" %> +<%@ page import="org.wso2.mashup.MashupFault" %> +<%@ page import="org.wso2.mashup.utils.MashupUtils" %> +<%@ page import="org.wso2.mashup.utils.QueryResult" %> +<%@ page import="org.wso2.mashup.utils.QueryResults" %> +<%@ page import="org.wso2.mashup.webapp.MashupUiFault" %> +<%@ page import="org.wso2.mashup.webapp.identity.InfoCardHandler" %> +<%@ page import="org.wso2.mashup.webapp.identity.RegistrationBean" %> +<%@ page import="org.wso2.mashup.webapp.userprofile.ManageUsers" %> +<%@ page import="org.wso2.mashup.webapp.userprofile.User" %> +<%@ page import="org.wso2.mashup.webapp.userprofile.UserInformation" %> +<%@ page import="org.wso2.mashup.webapp.userprofile.UserQuery" %> +<%@ page import="org.wso2.mashup.webapp.utils.QueryParamUtils" %> +<%@ page import="org.wso2.mashup.webapp.utils.RegistryUtils" %> +<%@ page import="org.wso2.registry.Comment" %> +<%@ page import="org.wso2.registry.Registry" %> +<%@ page import="org.wso2.registry.RegistryConstants" %> +<%@ page import="org.wso2.registry.RegistryException" %> +<%@ page import="org.wso2.registry.Resource" %> +<%@ page import="org.wso2.registry.Tag" %> +<%@ page import="org.wso2.registry.jdbc.JDBCRegistry" %> +<%@ page import="org.wso2.registry.secure.SecureRegistry" %> +<%@ page import="org.wso2.usermanager.Realm" %> +<%@ page import="org.wso2.usermanager.UserManagerException" %> +<%@ page import="org.wso2.usermanager.UserStoreAdmin" %> +<%@ page import="org.wso2.utils.ServerConfiguration" %> +<%@ page import="org.wso2.wsas.ServerManager" %> +<%@ page import="java.io.BufferedReader" %> +<%@ page import="java.io.FileReader" %> +<%@ page import="java.net.URL" %> +<%@ page import="java.net.URLDecoder" %> +<%@ page import="java.util.ArrayList" %> +<%@ page import="java.util.Date" %> +<%@ page import="java.util.Iterator" %> +<%@ page import="java.util.List" %> +<%@ page import="java.util.Map" %> +<%@ page import="java.util.ResourceBundle" %> + +<% + ResourceBundle bundle = ResourceBundle.getBundle("UI"); + String firstCall = request.getParameter("firstcall"); + String bounceback = request.getParameter("bounceback"); + if (bounceback == null) { + bounceback = "index.jsp"; + } else { + bounceback = URLDecoder.decode(bounceback, "UTF-8"); + } + + Registry registry = RegistryUtils.getRegistry(request); +%> +<jsp:useBean id="resetPasswordHandler" class="org.wso2.mashup.webapp.userprofile.ResetPasswordBean" + scope="request"> + <jsp:setProperty name="resetPasswordHandler" property="*"/> +</jsp:useBean> +<% + if (!"true".equals(firstCall)) { + if (resetPasswordHandler.isInputValid(request)) { + resetPasswordHandler.initMailConfig(request); + resetPasswordHandler.resetPassword(request); + response.sendRedirect(bounceback); + } + } +%> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +<html> +<head> + <title><%= bundle.getString("main.title")%> - Reset Password</title> + <!-- Required CSS --> + <link href="css/styles.css" rel="stylesheet" type="text/css"/> + <script language="javascript" src="js/common.js" type="text/javascript"></script> + <script language="javascript" + type="text/javascript">userLoggedOn = <%=RegistryUtils.isLoggedIn(registry) %>;</script> +</head> +<body> +<div id="page"> + <% String thisPage = "index.jsp"; %> + <%@ include file="header.jsp" %> + <div id="search"></div> + <div id="content" style="height:400px; "> + <div class="mashup_title"><%= bundle.getString("reset.password.title")%></div> + <p><%= bundle.getString("reset.password.message")%></p> + <br /> + <form name="formResetPassword" method='post' action="reset_password.jsp"> + <table width="100%" border="0" cellpadding="3" cellspacing="0" > + <tr> + <td width="130"><label><strong>User Name:<font color="#FF0000">*</font></strong></label></td> + <td><input type="text" name="userName" + value="<%=resetPasswordHandler.getUserName()%>"/> + <br><font color="#FF0000"><%=resetPasswordHandler.getErrorMessage("userName")%></font> + </td> + </tr> + <tr> + <td width="130"><label><strong>Email:<font color="#FF0000">*</font></strong></label></td> + <td><input type="text" name="emailId" + value="<%=resetPasswordHandler.getEmailId()%>"/> + <br><font color="#FF0000"><%=resetPasswordHandler.getErrorMessage("email")%></font> + </td> + </tr> + <tr> + <td> </td> + <td><input type="submit" value="Reset Password"/></td> + </tr> + <tr> + <td> </td> + <td align="center"></td> + </tr> + </table> + <strong><font color="#FF0000">*</font></strong> Required fields + </form> + <br> + </div> + <%@ include file="footer.jsp" %> +</div> +</body> +</html> Modified: trunk/mashup/java/modules/www/signin.jsp ============================================================================== --- trunk/mashup/java/modules/www/signin.jsp (original) +++ trunk/mashup/java/modules/www/signin.jsp Fri Jan 25 00:21:47 2008 @@ -223,6 +223,11 @@ border="0"></a> </td> </tr> + <tr> + <td align="center"> + <a href="reset_password.jsp?firstcall=true&bounceback=<%=URLEncoder.encode(bounceback,"UTF-8")%>">Forgot Password?</a> + </td> + </tr> </table> <br/> <br/> _______________________________________________ Mashup-dev mailing list [email protected] http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
