Exemplo n.º 1
0
  // NOTE: this controller is called via a web form by a browser to reset the user's password
  // Filters to extract username/appcode/atc.. from the headers have no sense in this case
  public static Result resetPasswordStep3(String base64) {
    String tokenReceived = "";
    String appCode = "";
    String username = "";
    String tokenId = "";
    Map<String, String[]> bodyForm = null;
    Boolean isJSON = false;
    ObjectNode result = Json.newObject();

    if (base64.endsWith(".json")) {
      isJSON = true;
    }
    try {
      // if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
      if (isJSON) {
        base64 = base64.substring(0, base64.lastIndexOf('.'));
      }
      // loads the received token and extracts data by the hashcode in the url
      tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("resetPasswordStep3 - sRandom: " + tokenReceived);

      // token format should be APP_Code%%%%Username%%%%ResetTokenId
      String[] tokens = tokenReceived.split("%%%%");
      if (tokens.length != 3) return badRequest("The reset password code is invalid.");
      appCode = tokens[0];
      username = tokens[1];
      tokenId = tokens[2];

      String adminUser =
          BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
      String adminPassword =
          BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);

      try {
        DbHelper.open(appCode, adminUser, adminPassword);
      } catch (InvalidAppCodeException e1) {
        throw new Exception("The code to reset the password seems to be invalid");
      }

      if (!UserService.exists(username)) throw new Exception("User not found!");

      boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep2(base64, username);
      if (!isTokenValid)
        throw new Exception(
            "Reset Code not found or expired! Please repeat the reset password procedure");

      Http.RequestBody body = request().body();

      bodyForm = body.asFormUrlEncoded();
      if (bodyForm == null)
        throw new Exception(
            "Error getting submitted data. Please repeat the reset password procedure");

    } catch (Exception e) {
      if (isJSON) {
        result.put("user_name", username);
        result.put("error", ExceptionUtils.getMessage(e));
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(result);

      } else {
        ST pageTemplate =
            new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add("user_name", username);
        pageTemplate.add("error", ExceptionUtils.getMessage(e));
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    // check and validate input
    String errorString = "";
    if (bodyForm.get("password").length != 1) errorString = "The 'new password' field is missing";
    if (bodyForm.get("repeat-password").length != 1)
      errorString = "The 'repeat password' field is missing";

    String password = (String) bodyForm.get("password")[0];
    String repeatPassword = (String) bodyForm.get("repeat-password")[0];

    if (!password.equals(repeatPassword)) {
      errorString =
          "The new \"password\" field and the \"repeat password\" field must be the same.";
    }
    if (!errorString.isEmpty()) {
      if (isJSON) {
        result.put("user_name", username);
        result.put("link", "/user/password/reset/" + base64 + ".json");
        result.put("token", base64);
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        result.put("error", errorString);
        DbHelper.getConnection().close();
        return badRequest(result);
      } else {
        ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add(
            "form_template",
            "<form action='/user/password/reset/"
                + base64
                + "' method='POST' id='reset_pwd_form'>"
                + "<label for='password'>New password</label>"
                + "<input type='password' id='password' name='password' />"
                + "<label for='repeat-password'>Repeat the new password</label>"
                + "<input type='password' id='repeat-password' name='repeat-password' />"
                + "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
                + "</form>");
        pageTemplate.add("user_name", username);
        pageTemplate.add("link", "/user/password/reset/" + base64);
        pageTemplate.add("token", base64);
        pageTemplate.add("password", "password");
        pageTemplate.add("repeat_password", "repeat-password");
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        pageTemplate.add("error", errorString);
        DbHelper.getConnection().close();
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    try {
      UserService.resetUserPasswordFinalStep(username, password);
    } catch (Throwable e) {
      BaasBoxLogger.warn("changeUserPassword", e);
      DbHelper.getConnection().close();
      if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
      else return internalServerError(ExceptionUtils.getMessage(e));
    }
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");

    String ok_message = "Password changed";
    if (isJSON) {
      result.put("user_name", username);
      result.put("message", ok_message);
      result.put(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(result);
    } else {
      ST pageTemplate =
          new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
      pageTemplate.add("user_name", username);
      pageTemplate.add("message", ok_message);
      pageTemplate.add(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(Html.apply(pageTemplate.render()));
    }
  }
Exemplo n.º 2
0
  // NOTE: this controller is called via a web link by a mail client to reset the user's password
  // Filters to extract username/appcode/atc.. from the headers have no sense in this case
  public static Result resetPasswordStep2(String base64) throws ResetPasswordException {
    // loads the received token and extracts data by the hashcode in the url
    String tokenReceived = "";
    String appCode = "";
    String username = "";
    String tokenId = "";
    String adminUser = "";
    String adminPassword = "";
    Boolean isJSON = false;
    ObjectNode result = Json.newObject();

    if (base64.endsWith(".json")) {
      isJSON = true;
    }

    try {
      // if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
      if (isJSON) {
        base64 = base64.substring(0, base64.lastIndexOf('.'));
      }
      tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("resetPasswordStep2 - sRandom: " + tokenReceived);

      // token format should be APP_Code%%%%Username%%%%ResetTokenId
      String[] tokens = tokenReceived.split("%%%%");
      if (tokens.length != 3)
        throw new Exception(
            "The reset password code is invalid. Please repeat the reset password procedure");
      appCode = tokens[0];
      username = tokens[1];
      tokenId = tokens[2];

      adminUser = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
      adminPassword = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);

      try {
        DbHelper.open(appCode, adminUser, adminPassword);
      } catch (InvalidAppCodeException e1) {
        throw new Exception(
            "The code to reset the password seems to be invalid. Please repeat the reset password procedure");
      }

      boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep1(base64, username);
      if (!isTokenValid)
        throw new Exception(
            "Reset password procedure is expired! Please repeat the reset password procedure");

    } catch (Exception e) {
      if (isJSON) {
        result.put("status", "KO");
        result.put("user_name", username);
        result.put("error", ExceptionUtils.getMessage(e));
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(result);
      } else {
        ST pageTemplate =
            new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add("user_name", username);
        pageTemplate.add("error", ExceptionUtils.getMessage(e));
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    String tokenStep2 = ResetPwdDao.getInstance().setTokenStep2(username, appCode);

    if (isJSON) {
      result.put("user_name", username);
      result.put("link", "/user/password/reset/" + tokenStep2 + ".json");
      result.put("token", tokenStep2);
      result.put(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(result);
    } else {
      ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
      pageTemplate.add(
          "form_template",
          "<form action='/user/password/reset/"
              + tokenStep2
              + "' method='POST' id='reset_pwd_form'>"
              + "<label for='password'>New password</label>"
              + "<input type='password' id='password' name='password' />"
              + "<label for='repeat-password'>Repeat the new password</label>"
              + "<input type='password' id='repeat-password' name='repeat-password' />"
              + "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
              + "</form>");
      pageTemplate.add("user_name", username);
      pageTemplate.add("link", "/user/password/reset/" + tokenStep2);
      pageTemplate.add("password", "password");
      pageTemplate.add("repeat_password", "repeat-password");
      pageTemplate.add("token", tokenStep2);
      pageTemplate.add(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(Html.apply(pageTemplate.render()));
    }
  }