> On 2012-01-16 22:42:36, mfranklin wrote: > > Looks good. The only thing I still really have any concern about is the > > fact that there is no timeout on the forgotpasswordhash. I would be OK > > with a simple solution like a timestamp on the user object that you check > > (as you mentioned) or encrypting the token you send to the user and > > embedding a timestamp in that, along with the hash, etc. Other than that, > > you are talking about a cleanup job that is prone to all kinds of issues. > > > > The only other minor nit I have (not critical) is I was thinking about how > > you are looking to do e-mails and I think it would be nice to have a > > central e-mail service that we could delegate template management, etc. > > IE, in the userservice I could make a call like > > EmailService.sendMail(String templateName, String to, Map<String, ?> > > templateData)
To answer your question, #3 is a pretty common pattern and I think we can live with it, but I am not a security expert. Just took 1 too many security classes :-) - mfranklin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/3427/#review4416 ----------------------------------------------------------- On 2012-01-09 21:00:04, marijan milicevic wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/3427/ > ----------------------------------------------------------- > > (Updated 2012-01-09 21:00:04) > > > Review request for rave. > > > Summary > ------- > > - configure mail settings to be able to test, see comments in: > /rave/rave-components/rave-core/src/main/resources/org/apache/rave/core-applicationContext.xml > > > Diffs > ----- > > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/UserService.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultNewAccountService.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultUserService.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/util/ServiceUtils.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/resources/org/apache/rave/core-applicationContext.xml > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/test/resources/portal.properties > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/controller/ChangePasswordController.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/controller/NewAccountController.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/controller/ReminderController.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/util/ModelKeys.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/util/ViewNames.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/validator/ChangePasswordValidator.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/validator/NewAccountValidator.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/validator/NewPasswordValidator.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/controller/ChangePasswordControllerTest.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/repository/UserRepository.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/repository/impl/JpaUserRepository.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/model/NewUser.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/model/User.java > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-core/pom.xml > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-commons/src/main/java/org/apache/rave/exception/EmailException.java > PRE-CREATION > https://svn.apache.org/repos/asf/incubator/rave/trunk/pom.xml 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/controller/ReminderControllerTest.java > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/resources/messages.properties > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/resources/portal.properties > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/applicationContext-security.xml > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/dispatcher-servlet.xml > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/jsp/views/changepassword.jsp > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/jsp/views/newpassword.jsp > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/jsp/views/retrieveusername.jsp > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/mailtemplates/password_reminder.ftl > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/WEB-INF/mailtemplates/username_reminder.ftl > PRE-CREATION > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal-resources/src/main/webapp/login.jsp > 1229282 > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal/pom.xml > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal/src/main/dist/NOTICE > 1229282 > > https://svn.apache.org/repos/asf/incubator/rave/trunk/rave-portal/src/test/resources/portal.properties > 1229282 > > Diff: https://reviews.apache.org/r/3427/diff > > > Testing > ------- > > > Thanks, > > marijan > >
