Commit e32d43a1 authored by Matija Obreza's avatar Matija Obreza

Merge branch '247-password-reset' into 'master'

Resolve "Password reset"

Closes #247

See merge request genesys-pgr/genesys-server!142
parents 0e17f67c 71f1ccd3
Pipeline #4692 passed with stages
in 4 minutes and 9 seconds
/**
* Copyright 2014 Global Crop Diversity Trust
/*
* Copyright 2017 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
......@@ -12,7 +12,7 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
*/
package org.genesys2.server.service.impl;
......@@ -34,6 +34,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
......@@ -78,6 +81,7 @@ public class EMailVerificationServiceImpl implements EMailVerificationService {
@Override
@Transactional
public void sendPasswordResetEmail(User user) {
// Generate new token
final VerificationToken verificationToken = tokenVerificationService.generateToken("email-password", user.getUuid());
final Article article = contentService.getGlobalArticle(ContentService.SMTP_EMAIL_PASSWORD, Locale.ENGLISH);
......@@ -105,12 +109,27 @@ public class EMailVerificationServiceImpl implements EMailVerificationService {
userService.userEmailValidated(consumedToken.getData());
}
/**
* The implementation will switch the security context to the user, an set the
* new password
*/
@Override
@Transactional(rollbackFor = Throwable.class)
public void changePassword(String tokenUuid, String key, String password) throws NoSuchVerificationTokenException, PasswordPolicyException, TokenExpiredException {
public void changePassword(final String tokenUuid, final String key, final String password) throws NoSuchVerificationTokenException, PasswordPolicyException,
TokenExpiredException {
final VerificationToken consumedToken = tokenVerificationService.consumeToken("email-password", tokenUuid, key);
final User user = userService.getUserByUuid(consumedToken.getData());
userService.changePassword(user, password);
Authentication prevAuth = SecurityContextHolder.getContext().getAuthentication();
try {
LOG.warn("Setting temporary authorization for password reset for {}", user.getEmail());
final UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authToken);
userService.changePassword(user, password);
} finally {
LOG.warn("Restoring authorization away from {}", user.getEmail());
SecurityContextHolder.getContext().setAuthentication(prevAuth);
}
}
}
......@@ -206,6 +206,18 @@ public class UserProfileController extends BaseController {
return "redirect:/profile/forgot-password";
}
if (user != null && user.isAccountLocked()) {
LOG.warn("Password for locked user accounts can't be reset!");
redirectAttributes.addFlashAttribute("error", "errors.reset-password.account-is-locked");
return "redirect:/profile/forgot-password";
}
if (user != null && ! user.isEnabled()) {
LOG.warn("Password for disabled user accounts can't be reset!");
redirectAttributes.addFlashAttribute("error", "errors.reset-password.account-is-disabled");
return "redirect:/profile/forgot-password";
}
if (user != null) {
emailVerificationService.sendPasswordResetEmail(user);
}
......
......@@ -57,7 +57,9 @@ captcha.text=Captcha text
errors.badCaptcha=Captcha check failed.
errors.no-such-user=Genesys does not have a user account with provided email address.
errors.second-password-doesnt-match=Second password doesn't match
errors.reset-password.invalid-login-type=Password for users with login type GOOGLE can't be reset!
errors.reset-password.invalid-login-type=Password can only be reset for LOCAL account types.
errors.reset-password.account-is-locked=Password cannot be reset for locked user accounts.
errors.reset-password.account-is-disabled=Password cannot be reset for disabled user accounts.
sample.error.not.empty=Field must not be empty
sample.error.wrong.email=Invalid e-mail format
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment