1<%@ page import="org.apache.log4j.*"%> 2<%@ page import="com.ecyrd.jspwiki.*"%> 3<%@ page import="java.util.*"%> 4<%@ page import="java.text.*"%> 5<%@ page import="javax.mail.*"%> 6<%@ page import="com.ecyrd.jspwiki.auth.user.*"%> 7<%@ page import="com.ecyrd.jspwiki.auth.*"%> 8<%@ page import="com.ecyrd.jspwiki.util.*"%> 9<%@ page import="com.ecyrd.jspwiki.i18n.*"%> 10<%@ page errorPage="/Error.jsp"%> 11<%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki"%> 12<%@ page import="com.ecyrd.jspwiki.tags.WikiTagBase"%> 13<%@ page import="javax.servlet.jsp.jstl.fmt.*"%> 14<%!Logger log = Logger.getLogger( "JSPWiki" ); 15 16 String message = null; 17 18 public boolean resetPassword( WikiEngine wiki, HttpServletRequest request, ResourceBundle rb ) 19 { 20 // Reset pw for account name 21 String name = request.getParameter( "name" ); 22 UserDatabase userDatabase = wiki.getUserManager().getUserDatabase(); 23 boolean success = false; 24 25 try 26 { 27 UserProfile profile = null; 28 /* 29 // This is disabled because it would otherwise be possible to DOS JSPWiki instances 30 // by requesting new passwords for all users. See https://issues.apache.org/jira/browse/JSPWIKI-78 31 try 32 { 33 profile = userDatabase.find(name); 34 } 35 catch (NoSuchPrincipalException e) 36 { 37 // Try email as well 38 } 39 */ 40 if( profile == null ) 41 { 42 profile = userDatabase.findByEmail( name ); 43 } 44 45 String email = profile.getEmail(); 46 47 String randomPassword = TextUtil.generateRandomPassword(); 48 49 // Try sending email first, as that is more likely to fail. 50 51 Object[] args = { profile.getLoginName(), randomPassword, 52 wiki.getURLConstructor().makeURL( WikiContext.NONE, "Login.jsp", true, "" ), wiki.getApplicationName() }; 53 54 String mailMessage = MessageFormat.format( rb.getString( "lostpwd.newpassword.email" ), args ); 55 56 Object[] args2 = { wiki.getApplicationName() }; 57 MailUtil.sendMessage( wiki, email, MessageFormat.format( rb.getString( "lostpwd.newpassword.subject" ), args2 ), 58 mailMessage ); 59 60 log.info( "User " + email + " requested and received a new password." ); 61 62 // Mail succeeded. Now reset the password. 63 // If this fails, we're kind of screwed, because we already emailed. 64 profile.setPassword( randomPassword ); 65 userDatabase.save( profile ); 66 userDatabase.commit(); 67 success = true; 68 } 69 catch( NoSuchPrincipalException e ) 70 { 71 Object[] args = { name }; 72 message = MessageFormat.format( rb.getString( "lostpwd.nouser" ), args ); 73 log.info( "Tried to reset password for non-existent user '" + name + "'" ); 74 } 75 catch( SendFailedException e ) 76 { 77 message = rb.getString( "lostpwd.nomail" ); 78 log.error( "Tried to reset password and got SendFailedException: " + e ); 79 } 80 catch( AuthenticationFailedException e ) 81 { 82 message = rb.getString( "lostpwd.nomail" ); 83 log.error( "Tried to reset password and got AuthenticationFailedException: " + e ); 84 } 85 catch( Exception e ) 86 { 87 message = rb.getString( "lostpwd.nomail" ); 88 log.error( "Tried to reset password and got another exception: " + e ); 89 } 90 return success; 91 }%> 92<% 93 WikiEngine wiki = WikiEngine.getInstance( getServletConfig() ); 94 95 //Create wiki context like in Login.jsp: 96 //don't check for access permissions: if you have lost your password you cannot login! 97 WikiContext wikiContext = (WikiContext) pageContext.getAttribute( WikiTagBase.ATTR_CONTEXT, PageContext.REQUEST_SCOPE ); 98 99 // If no context, it means we're using container auth. So, create one anyway 100 if( wikiContext == null ) 101 { 102 wikiContext = wiki.createContext( request, WikiContext.LOGIN ); /* reuse login context ! */ 103 pageContext.setAttribute( WikiTagBase.ATTR_CONTEXT, wikiContext, PageContext.REQUEST_SCOPE ); 104 } 105 106 ResourceBundle rb = wikiContext.getBundle( "CoreResources" ); 107 108 WikiSession wikiSession = wikiContext.getWikiSession(); 109 String action = request.getParameter( "action" ); 110 111 boolean done = false; 112 113 if( (action != null) && (action.equals( "resetPassword" )) ) 114 { 115 if( resetPassword( wiki, request, rb ) ) 116 { 117 done = true; 118 wikiSession.addMessage( "resetpwok", rb.getString( "lostpwd.emailed" ) ); 119 pageContext.setAttribute( "passwordreset", "done" ); 120 } 121 else 122 // Error 123 { 124 wikiSession.addMessage( "resetpw", message ); 125 } 126 } 127 128 response.setContentType( "text/html; charset=" + wiki.getContentEncoding() ); 129 response.setHeader( "Cache-control", "max-age=0" ); 130 response.setDateHeader( "Expires", new Date().getTime() ); 131 response.setDateHeader( "Last-Modified", new Date().getTime() ); 132 133 String contentPage = wiki.getTemplateManager().findJSP( pageContext, wikiContext.getTemplate(), "ViewTemplate.jsp" ); 134%> 135<wiki:Include page="<%=contentPage%>" /> 136