Author: channa
Date: Sun Jan 27 20:56:41 2008
New Revision: 13018
Log:
Adding uid/email match validation to improve usability of password recovery
page. (MASHUP-614).
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java
trunk/mashup/java/modules/www/reset_password.jsp
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ResetPasswordBean.java
Sun Jan 27 20:56:41 2008
@@ -24,6 +24,7 @@
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
import org.wso2.usermanager.UserStoreAdmin;
+import org.wso2.usermanager.UserStoreReader;
import org.wso2.usermanager.verification.email.EmailVerifierConfig;
import javax.mail.Message;
@@ -83,7 +84,7 @@
*
* @return true if validation is successful.
*/
- public boolean isInputValid(HttpServletRequest request) {
+ public boolean isInputValid(HttpServletRequest request) throws MashupFault
{
boolean valid = true;
if (userName.equals("")) {
errors.put("userName", "User name cannot be empty.");
@@ -94,6 +95,25 @@
errors.put("emailId", "E-mail ID cannot be empty.");
valid = false;
}
+
+ // User/email combination verification. Do this check only if data has
been entered.
+ if (valid) {
+ ServletContext context = request.getSession().getServletContext();
+ Realm realm = (Realm)
context.getAttribute(RegistryConstants.REGISTRY_REALM);
+ try {
+ UserStoreReader userStoreReader = realm.getUserStoreReader();
+ Map userProps = userStoreReader.getUserProperties(userName);
+ String eMail = (String)
userProps.get(MashupConstants.EMAIL_ID);
+ if ("".equals(eMail) || !emailId.equals(eMail)) {
+ errors.put("emailId", "The user and e-mail ID combination
specified are " +
+ "incorrect.");
+ valid = false;
+ }
+ } catch (UserManagerException ume) {
+ log.error("Error retrieving user information", ume);
+ throw new MashupFault(ume);
+ }
+ }
return valid;
}
@@ -123,12 +143,15 @@
UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
Map userProps = userStoreAdmin.getUserProperties(userName);
String eMail = (String) userProps.get(MashupConstants.EMAIL_ID);
+
+ // Recheck the user/e-mail ID match, the proceed with change.
if (emailId.equals(eMail)) {
// Currently setting the password to the user name.
String uuid = UUIDGenerator.getUUID();
String newPassword = uuid.substring(uuid.length() - 8);
userStoreAdmin.updateUser(userName, newPassword);
sendEmail(newPassword);
+ success = true;
}
} catch (UserManagerException e) {
log.error("Error resetting password in user manager", e);
@@ -161,9 +184,11 @@
Transport.send(msg);
log.debug("Sending confirmation mail to " + emailId + "DONE");
} catch (AddressException e) {
- throw new MashupFault("sendingMailProblems", e);
+ log.error("Error sending mail - check config", e);
+ throw new MashupFault("Error sending mail - check config", e);
} catch (MessagingException e) {
- throw new MashupFault("sendingMailProblems", e);
+ log.error("Error sending mail - check config", e);
+ throw new MashupFault("Error sending mail - check config", e);
}
}
Modified: trunk/mashup/java/modules/www/reset_password.jsp
==============================================================================
--- trunk/mashup/java/modules/www/reset_password.jsp (original)
+++ trunk/mashup/java/modules/www/reset_password.jsp Sun Jan 27 20:56:41 2008
@@ -118,7 +118,7 @@
<td width="130"><label><strong>Email:<font
color="#FF0000">*</font></strong></label></td>
<td><input type="text" name="emailId"
value="<%=resetPasswordHandler.getEmailId()%>"/>
- <br><font
color="#FF0000"><%=resetPasswordHandler.getErrorMessage("email")%></font>
+ <br><font
color="#FF0000"><%=resetPasswordHandler.getErrorMessage("emailId")%></font>
</td>
</tr>
<tr>
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev