src/webdocs/LostPassword.jsp - jspwiki - Git at Google

 <%@ page import="org.apache.log4j.*" %>
 <%@ page import="com.ecyrd.jspwiki.*" %>
 <%@ page import="java.util.*" %>
 <%@ page import="java.text.*" %>
 <%@ page import="javax.mail.*" %>
 <%@ page import="com.ecyrd.jspwiki.auth.user.*" %>
 <%@ page import="com.ecyrd.jspwiki.auth.*" %>
 <%@ page import="com.ecyrd.jspwiki.util.*" %>
 <%@ page import="com.ecyrd.jspwiki.i18n.*" %>
 <%@ page errorPage="/Error.jsp" %>
 <%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki" %>
 <%@ page import="com.ecyrd.jspwiki.tags.WikiTagBase" %>
 <%@ page import="javax.servlet.jsp.jstl.fmt.*" %>
 <%!
     Logger log = Logger.getLogger("JSPWiki");

     String message = null;
     public boolean resetPassword(WikiEngine wiki, HttpServletRequest request, ResourceBundle rb )
     {
         // Reset pw for account name
         String name = request.getParameter("name");
         UserDatabase userDatabase = wiki.getUserManager().getUserDatabase();
         boolean success = false;

         try
         {
             UserProfile profile = null;
 /*
 // This is disabled because it would otherwise be possible to DOS JSPWiki instances
 // by requesting new passwords for all users.  See https://issues.apache.org/jira/browse/JSPWIKI-78
             try
             {
                 profile = userDatabase.find(name);
             }
             catch (NoSuchPrincipalException e)
             {
                 // Try email as well
             }
  */
             if( profile == null )
             {
                 profile = userDatabase.findByEmail(name);
             }

 			String email = profile.getEmail();

 			String randomPassword = TextUtil.generateRandomPassword();

 			// Try sending email first, as that is more likely to fail.

             Object[] args = { profile.getLoginName(),
                              randomPassword,
                              wiki.getURLConstructor().makeURL(WikiContext.NONE, "Login.jsp", true, ""),
                              wiki.getApplicationName()
             };

             String mailMessage = MessageFormat.format( rb.getString("lostpwd.newpassword.email"), args );

             Object[] args2 = { wiki.getApplicationName() };
  			MailUtil.sendMessage( wiki,
                                   email,
  			                      MessageFormat.format( rb.getString("lostpwd.newpassword.subject"), args2),
  			                      mailMessage );

             log.info("User "+email+" requested and received a new password.");

 			// Mail succeeded.  Now reset the password.
 			// If this fails, we're kind of screwed, because we already emailed.
 			profile.setPassword(randomPassword);
 			userDatabase.save(profile);
 			userDatabase.commit();
 			success = true;
         }
         catch (NoSuchPrincipalException e)
         {
             Object[] args = { name };
             message = MessageFormat.format( rb.getString("lostpwd.nouser"), args );
             log.info("Tried to reset password for non-existent user '" + name + "'");
         }
         catch (SendFailedException e)
         {
             message = rb.getString("lostpwd.nomail");
             log.error("Tried to reset password and got SendFailedException: " + e);
         }
         catch (AuthenticationFailedException e)
         {
             message = rb.getString("lostpwd.nomail");
             log.error("Tried to reset password and got AuthenticationFailedException: " + e);
         }
         catch (Exception e)
         {
             message = rb.getString("lostpwd.nomail");
             log.error("Tried to reset password and got another exception: " + e);
         }
         return success;
     }
 %>
 <%
     WikiEngine wiki = WikiEngine.getInstance( getServletConfig() );

 	//Create wiki context like in Login.jsp:
     //don't check for access permissions: if you have lost your password you cannot login!
 	WikiContext wikiContext = (WikiContext) pageContext.getAttribute( WikiTagBase.ATTR_CONTEXT, PageContext.REQUEST_SCOPE );

 	// If no context, it means we're using container auth.  So, create one anyway
 	if( wikiContext == null )
 	{
 	    wikiContext = wiki.createContext( request, WikiContext.LOGIN ); /* reuse login context ! */
 	    pageContext.setAttribute( WikiTagBase.ATTR_CONTEXT,
 	                              wikiContext,
 	                              PageContext.REQUEST_SCOPE );
 	}

 	ResourceBundle rb = wikiContext.getBundle("CoreResources");

     WikiSession wikiSession = wikiContext.getWikiSession();
     String action  = request.getParameter("action");

     boolean done = false;

     if ((action != null) && (action.equals("resetPassword"))) {
 	    if ( resetPassword( wiki, request, rb ) ) {
 	        done = true;
 	        wikiSession.addMessage( "resetpw", rb.getString("lostpwd.emailed") );
             pageContext.setAttribute("passwordreset","done");
 	    }
 	    else // Error
 	    {
             wikiSession.addMessage( "resetpw", message);
 	    }
     }

     response.setContentType("text/html; charset="+wiki.getContentEncoding() );
     response.setHeader( "Cache-control", "max-age=0" );
     response.setDateHeader( "Expires", new Date().getTime() );
     response.setDateHeader( "Last-Modified", new Date().getTime() );

     String contentPage = wiki.getTemplateManager().findJSP( pageContext,
                                                             wikiContext.getTemplate(),
                                                             "ViewTemplate.jsp" );
 %>
 <wiki:Include page="<%=contentPage%>" />
	<%@ page import="org.apache.log4j.*" %>
	<%@ page import="com.ecyrd.jspwiki.*" %>
	<%@ page import="java.util.*" %>
	<%@ page import="java.text.*" %>
	<%@ page import="javax.mail.*" %>
	<%@ page import="com.ecyrd.jspwiki.auth.user.*" %>
	<%@ page import="com.ecyrd.jspwiki.auth.*" %>
	<%@ page import="com.ecyrd.jspwiki.util.*" %>
	<%@ page import="com.ecyrd.jspwiki.i18n.*" %>
	<%@ page errorPage="/Error.jsp" %>
	<%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki" %>
	<%@ page import="com.ecyrd.jspwiki.tags.WikiTagBase" %>
	<%@ page import="javax.servlet.jsp.jstl.fmt.*" %>
	<%!
	Logger log = Logger.getLogger("JSPWiki");

	String message = null;
	public boolean resetPassword(WikiEngine wiki, HttpServletRequest request, ResourceBundle rb )
	{
	// Reset pw for account name
	String name = request.getParameter("name");
	UserDatabase userDatabase = wiki.getUserManager().getUserDatabase();
	boolean success = false;

	try
	{
	UserProfile profile = null;
	/*
	// This is disabled because it would otherwise be possible to DOS JSPWiki instances
	// by requesting new passwords for all users. See https://issues.apache.org/jira/browse/JSPWIKI-78
	try
	{
	profile = userDatabase.find(name);
	}
	catch (NoSuchPrincipalException e)
	{
	// Try email as well
	}
	*/
	if( profile == null )
	{
	profile = userDatabase.findByEmail(name);
	}

	String email = profile.getEmail();

	String randomPassword = TextUtil.generateRandomPassword();

	// Try sending email first, as that is more likely to fail.

	Object[] args = { profile.getLoginName(),
	randomPassword,
	wiki.getURLConstructor().makeURL(WikiContext.NONE, "Login.jsp", true, ""),
	wiki.getApplicationName()
	};

	String mailMessage = MessageFormat.format( rb.getString("lostpwd.newpassword.email"), args );

	Object[] args2 = { wiki.getApplicationName() };
	MailUtil.sendMessage( wiki,
	email,
	MessageFormat.format( rb.getString("lostpwd.newpassword.subject"), args2),
	mailMessage );

	log.info("User "+email+" requested and received a new password.");

	// Mail succeeded. Now reset the password.
	// If this fails, we're kind of screwed, because we already emailed.
	profile.setPassword(randomPassword);
	userDatabase.save(profile);
	userDatabase.commit();
	success = true;
	}
	catch (NoSuchPrincipalException e)
	{
	Object[] args = { name };
	message = MessageFormat.format( rb.getString("lostpwd.nouser"), args );
	log.info("Tried to reset password for non-existent user '" + name + "'");
	}
	catch (SendFailedException e)
	{
	message = rb.getString("lostpwd.nomail");
	log.error("Tried to reset password and got SendFailedException: " + e);
	}
	catch (AuthenticationFailedException e)
	{
	message = rb.getString("lostpwd.nomail");
	log.error("Tried to reset password and got AuthenticationFailedException: " + e);
	}
	catch (Exception e)
	{
	message = rb.getString("lostpwd.nomail");
	log.error("Tried to reset password and got another exception: " + e);
	}
	return success;
	}
	%>
	<%
	WikiEngine wiki = WikiEngine.getInstance( getServletConfig() );

	//Create wiki context like in Login.jsp:
	//don't check for access permissions: if you have lost your password you cannot login!
	WikiContext wikiContext = (WikiContext) pageContext.getAttribute( WikiTagBase.ATTR_CONTEXT, PageContext.REQUEST_SCOPE );

	// If no context, it means we're using container auth. So, create one anyway
	if( wikiContext == null )
	{
	wikiContext = wiki.createContext( request, WikiContext.LOGIN ); /* reuse login context ! */
	pageContext.setAttribute( WikiTagBase.ATTR_CONTEXT,
	wikiContext,
	PageContext.REQUEST_SCOPE );
	}

	ResourceBundle rb = wikiContext.getBundle("CoreResources");

	WikiSession wikiSession = wikiContext.getWikiSession();
	String action = request.getParameter("action");

	boolean done = false;

	if ((action != null) && (action.equals("resetPassword"))) {
	if ( resetPassword( wiki, request, rb ) ) {
	done = true;
	wikiSession.addMessage( "resetpw", rb.getString("lostpwd.emailed") );
	pageContext.setAttribute("passwordreset","done");
	}
	else // Error
	{
	wikiSession.addMessage( "resetpw", message);
	}
	}

	response.setContentType("text/html; charset="+wiki.getContentEncoding() );
	response.setHeader( "Cache-control", "max-age=0" );
	response.setDateHeader( "Expires", new Date().getTime() );
	response.setDateHeader( "Last-Modified", new Date().getTime() );

	String contentPage = wiki.getTemplateManager().findJSP( pageContext,
	wikiContext.getTemplate(),
	"ViewTemplate.jsp" );
	%>
	<wiki:Include page="<%=contentPage%>" />