Commit c0e4c256 authored by Matija Obreza's avatar Matija Obreza

Require captcha in password reset form

parent e0b728a2
......@@ -188,6 +188,7 @@ public class UserProfileController extends BaseController {
@RequestMapping(value = "/{tokenUuid:.+}/pwdreset", method = RequestMethod.GET)
public String passwordReset(ModelMap model, @PathVariable("tokenUuid") String tokenUuid) {
model.addAttribute("captchaSiteKey", captchaSiteKey);
model.addAttribute("tokenUuid", tokenUuid);
return "/user/password";
}
......@@ -198,24 +199,23 @@ public class UserProfileController extends BaseController {
// Validate the reCAPTCHA
if (!ReCaptchaUtil.isValid(response, req.getRemoteAddr(), captchaPrivateKey)) {
model.addAttribute("tokenUuid", tokenUuid);
model.addAttribute("key", key);
model.addAttribute("error", "errors.badCaptcha");
return "/user/password";
return passwordReset(model, tokenUuid);
}
try {
emailVerificationService.changePassword(tokenUuid, key, password);
return "redirect:/content/user.password-reset";
} catch (final NoSuchVerificationTokenException e) {
model.addAttribute("tokenUuid", tokenUuid);
model.addAttribute("key", key);
model.addAttribute("error", "verification.invalid-key");
return passwordReset(model, tokenUuid);
} catch (PasswordPolicyException e) {
model.addAttribute("tokenUuid", tokenUuid);
model.addAttribute("key", key);
model.addAttribute("error", e.getMessage());
return passwordReset(model, tokenUuid);
}
return "/user/password";
}
@RequestMapping(value = "/{uuid:.+}/update", method = { RequestMethod.POST })
......
......@@ -18,22 +18,28 @@
</gui:alert>
<form class="form-horizontal" action="<c:url value="/profile/password/reset"/>" method="post">
<div class="form-group">
<label class="col-lg-2 control-label"><spring:message code="captcha.text" /></label>
<div class="form-group">
<label class="col-lg-2 control-label">
<spring:message code="captcha.text" />
</label>
<div class="col-lg-3">
<local:captcha siteKey="${captchaSiteKey}" />
</div>
</div>
<div class="form-group">
<label for="email" class="col-lg-2 control-label"><spring:message code="userprofile.enter.email" /></label>
<div class="col-lg-3"><input type="text" id="email" name="email" class="span3 form-control" /></div>
<div class="col-lg-1">
<input type="submit" value="<spring:message code="userprofile.email.send" />" class="btn btn-primary" />
</div>
</div>
<!-- CSRF protection -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
<label for="email" class="col-lg-2 control-label">
<spring:message code="userprofile.enter.email" />
</label>
<div class="col-lg-3">
<input type="text" id="email" name="email" class="span3 form-control" />
</div>
<div class="col-lg-1">
<input type="submit" value="<spring:message code="userprofile.email.send" />" class="btn btn-primary" />
</div>
</div>
<!-- CSRF protection -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</body>
</html>
\ No newline at end of file
......@@ -10,27 +10,43 @@
<h1>
<spring:message code="userprofile.password" />
</h1>
<gui:alert type="danger" display="${error ne null}">
<spring:message code="${error}" />
</gui:alert>
<form class="form-horizontal" action="<c:url value="/profile/${tokenUuid}/pwdreset"/>" method="post">
<div class="form-group">
<label for="password" class="col-lg-2 control-label"><spring:message code="verification.token-key" /></label>
<div class="col-lg-3"><input type="text" id="key" name="key" class="span1 form-control" maxlength="4" placeholder="..." value="<c:out value="${key}" />" /></div>
</div>
<div class="form-group">
<label for="password" class="col-lg-2 control-label"><spring:message code="userprofile.enter.password" /></label>
<div class="col-lg-3"><input type="password" id="password" name="password" class="span3 form-control" value="" /></div>
</div>
<div class="form-group">
<div class="col-lg-1">
<input type="submit" value="<spring:message code="userprofile.password" />" class="btn btn-primary" />
</div>
</div>
<!-- CSRF protection -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
<div class="form-group">
<label for="password" class="col-lg-2 control-label">
<spring:message code="verification.token-key" />
</label>
<div class="col-lg-3">
<input type="text" id="key" name="key" class="span1 form-control" maxlength="4" placeholder="..." value="<c:out value="${key}" />" />
</div>
</div>
<div class="form-group">
<label for="password" class="col-lg-2 control-label">
<spring:message code="userprofile.enter.password" />
</label>
<div class="col-lg-3">
<input type="password" id="password" name="password" class="span3 form-control" value="" />
</div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label">
<spring:message code="captcha.text" />
</label>
<div class="col-lg-3">
<local:captcha siteKey="${captchaSiteKey}" />
</div>
</div>
<div class="form-group">
<div class="col-lg-1">
<input type="submit" value="<spring:message code="userprofile.password" />" class="btn btn-primary" />
</div>
</div>
<!-- CSRF protection -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</body>
</html>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment