Forgot your Password Error (#74)

Fix #73
openkm · Jun 26, 2018 · 0489cd0 · 0489cd0
1 parent ebc5178
commit 0489cd0
Show file tree

Hide file tree

Showing 3 changed files with 115 additions and 36 deletions.
diff --git a/src/main/java/com/openkm/jaas/PrincipalUtils.java b/src/main/java/com/openkm/jaas/PrincipalUtils.java
@@ -21,6 +21,10 @@
 
 package com.openkm.jaas;
 
+import com.openkm.core.AccessDeniedException;
+import com.openkm.module.db.stuff.DbSessionManager;
+import org.springframework.security.core.Authentication;
+
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
 import javax.security.auth.Subject;
@@ -99,4 +103,17 @@ public static boolean hasRole(String role) {
 
 		return false;
 	}
+
+	/**
+	 * Get Authentication by token and also set it as current Authentication.
+	 */
+	public static Authentication getAuthenticationByToken(String token) throws AccessDeniedException {
+		Authentication auth = DbSessionManager.getInstance().getAuthentication(token);
+
+		if (auth != null) {
+			return auth;
+		} else {
+			throw new AccessDeniedException("Invalid token: " + token);
+		}
+	}
 }
diff --git a/src/main/java/com/openkm/servlet/PasswordResetServlet.java b/src/main/java/com/openkm/servlet/PasswordResetServlet.java
@@ -26,6 +26,9 @@
 import com.openkm.core.DatabaseException;
 import com.openkm.dao.AuthDAO;
 import com.openkm.dao.bean.User;
+import com.openkm.jaas.PrincipalUtils;
+import com.openkm.module.db.stuff.DbSessionManager;
+import com.openkm.spring.SecurityHolder;
 import com.openkm.util.MailUtils;
 import com.openkm.util.WebUtils;
 import org.apache.commons.lang.RandomStringUtils;
@@ -54,22 +57,21 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
 
 	@Override
 	public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
-		String username = WebUtils.getString(request, "username");
+		String userId = WebUtils.getString(request, "userId");
 		ServletContext sc = getServletContext();
 		User usr = null;
 
 		if (Config.USER_PASSWORD_RESET) {
 			try {
-				usr = AuthDAO.findUserByPk(username);
+				usr = AuthDAO.findUserByPk(userId);
 			} catch (DatabaseException e) {
-				log.error(getServletName() + " User '" + username + "' not found");
+				log.error(getServletName() + " User '" + userId + "' not found");
 			}
 
 			if (usr != null) {
 				try {
-					String password = RandomStringUtils.randomAlphanumeric(8);
-					AuthDAO.updateUserPassword(username, password);
-					MailUtils.sendMessage(usr.getEmail(), usr.getEmail(), "Password reset", "Your new password is: " + password
+					String newPass = resetPassword(userId);
+					MailUtils.sendMessage(usr.getEmail(), usr.getEmail(), "OpenKM Password reset", "Your new password is: " + newPass
 							+ "<br/>" + "To change it log in and then go to 'Tools' > 'Preferences' > 'User Configuration'.");
 					sc.setAttribute("resetOk", usr.getEmail());
 					response.sendRedirect("password_reset.jsp");
@@ -94,4 +96,19 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr
 			sc.getRequestDispatcher("/login.jsp").forward(request, response);
 		}
 	}
+
+	private String resetPassword(String userId) throws DatabaseException, AccessDeniedException {
+		try {
+			// Necessary to have privileges to change the password
+			String sysToken = DbSessionManager.getInstance().getSystemToken();
+			SecurityHolder.set(PrincipalUtils.getAuthenticationByToken(sysToken));
+
+			String newPass = RandomStringUtils.randomAlphanumeric(12);
+			AuthDAO.updateUserPassword(userId, newPass);
+
+			return newPass;
+		} finally {
+			SecurityHolder.unset();
+		}
+	}
 }
diff --git a/src/main/webapp/password_reset.jsp b/src/main/webapp/password_reset.jsp
@@ -1,39 +1,84 @@
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<%@ taglib uri="http://www.openkm.com/tags/utils" prefix="u" %>
+<%@ page import="com.openkm.core.Config" %>
+<!DOCTYPE html>
 <head>
-  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-  <link rel="Shortcut icon" href="<%=request.getContextPath() %>/favicon.ico" />
-  <link rel="stylesheet" href="<%=request.getContextPath() %>/css/desktop.css" type="text/css" />
+  <meta charset="utf-8">
+  <meta name="author" content="OpenKM">
+  <meta name="description" content="OpenKM is an EDRMS EDRMS, Document Management System and Record Management, easily to manage digital content, simplify your workload and yield high efficiency.">
+  <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1.0">
+  <link rel="Shortcut icon" href="<%=request.getContextPath() %>/logo/favicon"/>
+  <link rel="stylesheet" href="<%=request.getContextPath() %>/css/bootstrap/bootstrap.min.css" type="text/css"/>
+  <link rel="stylesheet" href="<%=request.getContextPath() %>/css/font-awesome/font-awesome.min.css" type="text/css"/>
+  <link rel="stylesheet" href="<%=request.getContextPath() %>/css/login.css" type="text/css"/>
   <title>OpenKM password reset</title>
 </head>
 <body onload="document.forms[0].elements[0].focus()">
-  <div id="box">
-    <div id="logo"></div>
-    <% ServletContext sc = getServletContext(); %>
-    <c:if test="${not empty resetFailed}">
-      <div id="error">${resetFailed}</div>
-      <% sc.removeAttribute("resetFailed"); %>
-    </c:if>
-    <c:if test="${not empty resetOk}">
-      <div id="ok" style="height: 35px">Password correctly reset and mail sent to ${resetOk}</div>
-      <% sc.removeAttribute("resetOk"); %>
-    </c:if>
-    <div id="text">
-      <center><img src="<%=request.getContextPath() %>/img/lock.png"/></center>
-      <p>Please insert the user name of your registered user. A password reminder will be sent to your email address.</p>
-    </div>
-    <div id="form">
-      <form name="resetForm" method="post" action="PasswordReset">
-        <label for="username">Registered user name</label>
-        <input name="username" id="username" type="text" /><br/><br/>
-        <input type="submit" name="submit" value="Reset Password" />
-      </form>
-      <br/><br/>
-      <center><a href="login.jsp">Back to login</a></center>
-    </div>
+<div id="login-background" class="background-zen">
+  <div id="col-xs-12" class="hidden-xs hidden-sm hidden-md" style="height:100%;">
+    <div class="background-zen" style="height:100%;"></div>
   </div>
+</div>
+<u:constantsMap className="com.openkm.core.Config" var="Config"/>
+<div id="login-container">
+  <div class="login-title">
+    <img id="login-image" class="img-responsive center-block" src="img/logo_login.gif">
+  </div>
+  <div class="block remove-margin" style="border-bottom-left-radius: 10px; border-bottom-right-radius: 10px;">
+    <form name="resetForm" method="post" action="PasswordReset"
+          class="form-horizontal form-bordered form-control-borderless" id="form-reset">
+      <div class="form-group form-header text-center">
+        <div class="col-xs-12">
+          <%=Config.TEXT_BANNER %>
+          <p>Please insert the user name of your registered user. A password reminder will be sent to your email address.</p>
+        </div>
+      </div>
+      <% ServletContext sc = getServletContext(); %>
+      <c:if test="${not empty resetFailed}">
+        <div class="form-group form-error">
+          <div id="col-xs-12">
+            <p class="text-danger text-center">${resetFailed}</p>
+          </div>
+        </div>
+        <% sc.removeAttribute("resetFailed"); %>
+      </c:if>
+      <c:if test="${not empty resetOk}">
+        <div class="form-group form-error">
+          <div id="col-xs-12">
+            <p class="text-success text-center">Password correctly reset and mail sent to ${resetOk}</p>
+          </div>
+        </div>
+        <% sc.removeAttribute("resetOk"); %>
+      </c:if>
+      <div class="form-group">
+        <div class="col-xs-12">
+          <div class="input-group">
+            <span class="input-group-addon"><i class="fa fa-user"></i></span>
+            <input name="userId" id="userId" type="text" class="form-control input-lg" placeholder="Registered user id"/>
+          </div>
+        </div>
+      </div>
+      <div class="form-group form-actions">
+        <div class="col-xs-6">
+          <a href="login.jsp" class="btn btn-sm btn-default">
+            <i class="fa fa-arrow-left"></i> Back to login
+          </a>
+        </div>
+        <div class="col-xs-4 pull-right">
+          <button name="submit" type="submit" class="btn btn-sm btn-primary btn-block">
+            <i class="fa fa-key"></i> Reset Password
+          </button>
+        </div>
+      </div>
+      <div class="form-group form-footer"
+           style="border-bottom-left-radius: 10px !important; border-bottom-right-radius: 10px !important;">
+        <div class="col-xs-12 text-center">
+          <p>&copy; 2006-2018 OpenKM. All rights reserved.</p>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
 </body>
 </html>