New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/forgot password #421
base: main
Are you sure you want to change the base?
Feature/forgot password #421
Conversation
…PAM messages. Fixed dao saving bug.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivanmrsulja is it possible to use infoM or errorMessage at widget-login.ftl instead of specifying html output (at the next blank page) in the ForgotPassword Servlet? If you try to type wrong message in the login widget, you will see the errorMessage. Can that property be used for informing user about sent email (infoMessage) and warning when the next email can be sent (errorMessage) in the case of "I forgot my password" was clicked?
Moreover, if you type wrong password and try to login, you will get the error message, and after that the option "I forgot my password" is not working in my case. Can you please check this scenario?
I have discussed whether the message should be displayed in a toast-like way that you are suggesting or on the next blank page with Brian and Georgy on a dynapi meeting about 1 month ago. After a brief discussion we went with the blank page approach but I am willing to change it if that is the better way to do it, never the less the change is not that big so it could be implemented in a short time. In regards of the bug you are mentioning, it has to do with the JS logic, i will look at it as soon as possible. |
…s with required labels.
I think there is a need for configuration option to turn this feature on/off. |
I am allready working on feature toggle but I didn't think of thread safety for this scenario so thanks for reminding me 🙂 . Do you know if just switching to ConcurrentHashMap will suffice or will I have to implement mutual exclusion? |
|
In addition, I used atomic operations for addition and increment so as not to cause a potential race condition. With regards to mutual exclusion, I have not thought of a scenario where I would need to synchronize a part of the code. |
…ration. Added java docs.
webapp/src/main/webapp/templates/freemarker/body/captcha/captcha-clientExecutionLogic.ftl
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
German translations are fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivanmrsulja I added some comments, please have a look.
Russian translations look good to me.
Link to restore password works for me.
Styles might need to be improved.
home/src/main/resources/rdf/i18n/sr_Latn_RS/interface-i18n/firsttime/vitro_UiLabel.ttl
Outdated
Show resolved
Hide resolved
<#assign isEnabled = isEnabled!true> | ||
|
||
${stylesheets.add('<link rel="stylesheet" href="${urls.base}/templates/freemarker/edit/forms/css/customForm.css" />')} | ||
${scripts.add('<script type="text/javascript" src="${urls.base}/js/commentForm.js"></script>', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is js/commentForm.js used on password reset page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not needed, I have removed it. Jquery import is also not needed.
@@ -0,0 +1,39 @@ | |||
<#assign isEnabled = isEnabled!true> | |||
|
|||
${stylesheets.add('<link rel="stylesheet" href="${urls.base}/templates/freemarker/edit/forms/css/customForm.css" />')} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is ./webapp/src/main/webapp/templates/freemarker/edit/forms/css/customForm.css used on password reset page?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is.
UserAccountsDao userAccountsDao = constructUserAccountsDao(); | ||
I18nBundle i18n = I18n.bundle(vreq); | ||
|
||
String email = getNonNullTrimmedParameterValue(vreq, "email"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe first check if string is shorter than 320, and trim only in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this component should reuse styles from existing themes.
.../java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ForgotPasswordController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ForgotPasswordController.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivanmrsulja Thank you very much. Logic looks good to me. Could you please clean up some minor issues I described in the comments below.
@chenejac are we going to apply theme specific styling in this PR or it should be done separately? If it is out of scope, then we can create a ticket for theme styling and merge this PR after small clean-up.
api/src/main/java/edu/cornell/mannlib/vitro/webapp/web/widgets/LoginWidget.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/authenticate/ForgotPasswordController.java
Show resolved
Hide resolved
webapp/src/main/webapp/templates/freemarker/body/captcha/captcha-clientExecutionLogic.ftl
Show resolved
Hide resolved
webapp/src/main/webapp/templates/freemarker/body/accounts/userAccounts-resetPasswordRequest.ftl
Outdated
Show resolved
Hide resolved
webapp/src/main/webapp/templates/freemarker/body/accounts/userAccounts-resetPasswordRequest.ftl
Outdated
Show resolved
Hide resolved
@@ -164,6 +164,12 @@ section#pubsContainer input { | |||
img#indicator { | |||
padding-left:60px; | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file doesn't contain modifications related to this PR. Please remove new empty line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested with themes: WIlma, Ternderfoot, Nemo, Vitro.
With turned on nano captcha and with turned off captcha.
Successfully restored forgotten password by following link to reset password.
Russian translations look good to me.
Code looks good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ivanmrsulja looks nice. Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor optimization, the rest of the german translations looks good.
uil-data:password_reset_email_sent.Vitro | ||
rdf:type owl:NamedIndividual ; | ||
rdf:type uil:UILabel ; | ||
rdfs:label "Eine E-Mail zur Wiederherstellung des Passworts wird an {0} gesendet, wenn sie mit einem bestehenden Konto verknüpft ist."@de-DE ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rdfs:label "Eine E-Mail zur Wiederherstellung des Passworts wird an {0} gesendet, wenn sie mit einem bestehenden Konto verknüpft ist."@de-DE ; | |
rdfs:label "Eine E-Mail zur Wiederherstellung des Passworts wird an {0} gesendet, wenn die Adresse mit einem bestehenden Konto verknüpft ist."@de-DE ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks ok for me and works well. Serbian labels are fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is good
@@ -3185,7 +3241,7 @@ uil-data:javascript_instructions.Vitro | |||
uil-data:error_invalid_email.Vitro | |||
rdf:type owl:NamedIndividual ; | |||
rdf:type uil:UILabel ; | |||
rdfs:label "''{0}'' n'est pas une adresse courriel valide."@fr-CA ; | |||
rdfs:label "L'adresse e-mail que vous avez fournie n'est pas une adresse e-mail valide."@fr-CA ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replace by:
L'adresse électronique que vous avez fournie n'est pas valide.
VIVO PR
This PR solves "I forgot my pasword" issue.
What does this pull request do?
This PR allows the user to request password change from login widget, instead of having to ask an admin to do it for him.
What's new?
Password reset functionality with built-in anti-spam measures. I have added a new servlet (ForgotPassword) that handles the logic. I have also updated i18n files with required frontend labels. Have in mind that I only speak English and Serbian (and a tiny bit of German :D) so I am not well suited for translation. For majority of languages I have used Google Translate so if you notice any translation errors please leave a comment on this PR.
How should this be tested?
Try to change your password through login widget. Try to spam and see what happens.
Additional Notes:
Removed old captcha implementation files which was replaced in PR
jquery.realperson.css
jquery.realperson.js
Admin notification email translations:
English
German
Spanish
Russian
Portuguese
French-Canadian
Interested parties
@chenejac @litvinovg @brianjlowe