Merge branch 'hotfix/1.8.1.1'

src/main/java/org/cloudfoundry/identity/uaa/login/ResetPasswordController.java

@@ -70,13 +70,16 @@ public String resetPasswordPage() {
     @RequestMapping(value = "/reset_password.do", method = RequestMethod.POST)
     public String resetPassword(Model model,
                                 @RequestParam("code") String code,
+                                @RequestParam("email") String email,
                                 @RequestParam("password") String password,
                                 @RequestParam("password_confirmation") String passwordConfirmation,
                                 HttpServletResponse response) {
 
         ChangePasswordValidation validation = new ChangePasswordValidation(password, passwordConfirmation);
         if (!validation.valid()) {
             model.addAttribute("message_code", validation.getMessageCode());
+            model.addAttribute("email", email);
+            model.addAttribute("code", code);
             response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
             return "reset_password";
         }

src/main/resources/messages.properties

@@ -31,3 +31,4 @@ account_activation.code_expired=Your activation code has expired. Please request
 account_activation.email_already_taken=You have already signed up. Please use the forgot password link from the login page.
 change_password.form_error=Passwords must match and not be empty.
 forgot_password.form_error=Please enter a valid email address.
+reset_password.form_error=Passwords must match and not be empty.

src/main/resources/templates/web/reset_password.html

@@ -11,7 +11,8 @@ <h1>Reset Password</h1>
         <div th:text="|Email: ${param.email[0]}|" class="email-display">Email: user@example.com</div>
         <form th:action="@{/reset_password.do}" method="post" novalidate="novalidate">
             <input type="hidden" name="code" th:value="${param.code[0]}"/>
-            <div th:if="${message}" th:text="${message}" class="error-message"></div>
+            <input type="hidden" name="email" th:value="${param.email[0]}"/>
+            <div th:if="${message_code}" th:text="#{'reset_password.' + ${message_code}}" class="error-message"></div>
             <input name="password" type="password" placeholder="New Password" autocomplete="off" class="form-control"/>
             <input name="password_confirmation" type="password" placeholder="Confirm" autocomplete="off" class="form-control"/>
             <input type="submit" value="Create new password" class="island-button"/>

src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerIntegrationTests.java

@@ -79,13 +79,15 @@ public void testResettingAPassword() throws Exception {
 
         MockHttpServletRequestBuilder post = post("/reset_password.do")
             .param("code", "the_secret_code")
+            .param("email", "user@example.com")
             .param("password", "secret")
             .param("password_confirmation", "secret");
 
         MvcResult mvcResult = mockMvc.perform(post)
             .andExpect(status().isFound())
             .andExpect(redirectedUrl("home"))
             .andReturn();
+
         SecurityContext securityContext = (SecurityContext) mvcResult.getRequest().getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
         Authentication authentication = securityContext.getAuthentication();
         Assert.assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class));

src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java

@@ -98,6 +98,7 @@ public void testResetPasswordSuccess() throws Exception {
         MockHttpServletRequestBuilder post = post("/reset_password.do")
                 .contentType(APPLICATION_FORM_URLENCODED)
                 .param("code", "secret_code")
+                .param("email", "foo@example.com")
                 .param("password", "password")
                 .param("password_confirmation", "password");
         mockMvc.perform(post)
@@ -115,12 +116,16 @@ public void testResetPasswordFormValidationFailure() throws Exception {
         MockHttpServletRequestBuilder post = post("/reset_password.do")
                 .contentType(APPLICATION_FORM_URLENCODED)
                 .param("code", "123456")
+                .param("email", "foo@example.com")
                 .param("password", "pass")
                 .param("password_confirmation", "word");
+
         mockMvc.perform(post)
                 .andExpect(status().isUnprocessableEntity())
                 .andExpect(view().name("reset_password"))
-                .andExpect(model().attribute("message_code", "form_error"));
+                .andExpect(model().attribute("message_code", "form_error"))
+                .andExpect(model().attribute("email", "foo@example.com"))
+                .andExpect(model().attribute("code", "123456"));
 
         Mockito.verifyZeroInteractions(resetPasswordService);
     }

src/test/java/org/cloudfoundry/identity/uaa/login/feature/ResetPasswordIT.java

@@ -108,10 +108,13 @@ public void resettingAPassword() throws Exception {
         webDriver.get(link);
 
         webDriver.findElement(By.name("password")).sendKeys("newsecret");
-        webDriver.findElement(By.name("password_confirmation")).sendKeys("newsecret");
-
+        webDriver.findElement(By.name("password_confirmation")).sendKeys("");
         webDriver.findElement(By.xpath("//input[@value='Create new password']")).click();
+        Assert.assertThat(webDriver.findElement(By.cssSelector(".error-message")).getText(), containsString("Passwords must match and not be empty."));
 
+        webDriver.findElement(By.name("password")).sendKeys("newsecret");
+        webDriver.findElement(By.name("password_confirmation")).sendKeys("newsecret");
+        webDriver.findElement(By.xpath("//input[@value='Create new password']")).click();
         Assert.assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), containsString("Where to?"));
 
         webDriver.findElement(By.xpath("//*[text()='"+userEmail+"']")).click();