Feature/forgot password

[ivanmrsulja]

VIVO PR
This PR solves "I forgot my pasword" issue.

What does this pull request do?

This PR allows the user to request password change from login widget, instead of having to ask an admin to do it for him.

What's new?

Password reset functionality with built-in anti-spam measures. I have added a new servlet (ForgotPassword) that handles the logic. I have also updated i18n files with required frontend labels. Have in mind that I only speak English and Serbian (and a tiny bit of German :D) so I am not well suited for translation. For majority of languages I have used Google Translate so if you notice any translation errors please leave a comment on this PR.

How should this be tested?

Try to change your password through login widget. Try to spam and see what happens.

Additional Notes:

Removed old captcha implementation files which was replaced in PR
jquery.realperson.css
jquery.realperson.js

Admin notification email translations:

English

German

Spanish

Russian

Portuguese

French-Canadian

Interested parties

@chenejac @litvinovg @brianjlowe

[chenejac]

@ivanmrsulja is it possible to use infoM or errorMessage at widget-login.ftl instead of specifying html output (at the next blank page) in the ForgotPassword Servlet? If you try to type wrong message in the login widget, you will see the errorMessage. Can that property be used for informing user about sent email (infoMessage) and warning when the next email can be sent (errorMessage) in the case of "I forgot my password" was clicked?

Moreover, if you type wrong password and try to login, you will get the error message, and after that the option "I forgot my password" is not working in my case. Can you please check this scenario?

[ivanmrsulja]

@ivanmrsulja is it possible to use infoM or errorMessage at widget-login.ftl instead of specifying html output (at the next blank page) in the ForgotPassword Servlet? If you try to type wrong message in the login widget, you will see the errorMessage. Can that property be used for informing user about sent email (infoMessage) and warning when the next email can be sent (errorMessage) in the case of "I forgot my password" was clicked?

Moreover, if you type wrong password and try to login, you will get the error message, and after that the option "I forgot my password" is not working in my case. Can you please check this scenario?

I have discussed whether the message should be displayed in a toast-like way that you are suggesting or on the next blank page with Brian and Georgy on a dynapi meeting about 1 month ago. After a brief discussion we went with the blank page approach but I am willing to change it if that is the better way to do it, never the less the change is not that big so it could be implemented in a short time. In regards of the bug you are mentioning, it has to do with the JS logic, i will look at it as soon as possible.

[litvinovg]

I think there is a need for configuration option to turn this feature on/off.
Also should requestHistory and requestFrequency implementations be thread safe?

[ivanmrsulja]

I think there is a need for configuration option to turn this feature on/off. Also should requestHistory and requestFrequency implementations be thread safe?

I am allready working on feature toggle but I didn't think of thread safety for this scenario so thanks for reminding me 🙂 . Do you know if just switching to ConcurrentHashMap will suffice or will I have to implement mutual exclusion?

[litvinovg]

I am allready working on feature toggle but I didn't think of thread safety for this scenario so thanks for reminding me 🙂 . Do you know if just switching to ConcurrentHashMap will suffice or will I have to implement mutual exclusion?
I think ConcurrentHashMap should be fine.

[ivanmrsulja]

I am allready working on feature toggle but I didn't think of thread safety for this scenario so thanks for reminding me 🙂 . Do you know if just switching to ConcurrentHashMap will suffice or will I have to implement mutual exclusion?
I think ConcurrentHashMap should be fine.

In addition, I used atomic operations for addition and increment so as not to cause a potential race condition. With regards to mutual exclusion, I have not thought of a scenario where I would need to synchronize a part of the code.

[bkampe]

German translations are fine.

[litvinovg]

@ivanmrsulja I added some comments, please have a look.
Russian translations look good to me.
Link to restore password works for me.
Styles might need to be improved.

[litvinovg]

is js/commentForm.js used on password reset page?

[ivanmrsulja]

It is not needed, I have removed it. Jquery import is also not needed.

[litvinovg]

is ./webapp/src/main/webapp/templates/freemarker/edit/forms/css/customForm.css used on password reset page?

[ivanmrsulja]

It is.

[litvinovg]

Maybe first check if string is shorter than 320, and trim only in this case?

[litvinovg]

I think this component should reuse styles from existing themes.

[litvinovg]

@ivanmrsulja Thank you very much. Logic looks good to me. Could you please clean up some minor issues I described in the comments below.
@chenejac are we going to apply theme specific styling in this PR or it should be done separately? If it is out of scope, then we can create a ticket for theme styling and merge this PR after small clean-up.

[litvinovg]

This file doesn't contain modifications related to this PR. Please remove new empty line.

[litvinovg]

Tested with themes: WIlma, Ternderfoot, Nemo, Vitro.
With turned on nano captcha and with turned off captcha.
Successfully restored forgotten password by following link to reset password.
Russian translations look good to me.
Code looks good to me.

[chenejac]

@ivanmrsulja looks nice. Thanks

[bkampe]

Just a minor optimization, the rest of the german translations looks good.

[bkampe]

Suggested change

	rdfs:label "Eine E-Mail zur Wiederherstellung des Passworts wird an {0} gesendet, wenn sie mit einem bestehenden Konto verknüpft ist."@de-DE ;
	rdfs:label "Eine E-Mail zur Wiederherstellung des Passworts wird an {0} gesendet, wenn die Adresse mit einem bestehenden Konto verknüpft ist."@de-DE ;

[chenejac]

Looks ok for me and works well. Serbian labels are fine.

[michel-heon]

It is good

[michel-heon]

Replace by:
L'adresse électronique que vous avez fournie n'est pas valide.