jspwiki/JSPWiki/LostPassword.jsp

<%@ page import="org.apache.log4j.*"%>
<%@ page import="com.ecyrd.jspwiki.*"%>
<%@ page import="java.util.*"%>
<%@ page import="java.text.*"%>
<%@ page import="javax.mail.*"%>
<%@ page import="com.ecyrd.jspwiki.auth.user.*"%>
<%@ page import="com.ecyrd.jspwiki.auth.*"%>
<%@ page import="com.ecyrd.jspwiki.util.*"%>
<%@ page import="com.ecyrd.jspwiki.i18n.*"%>
<%@ page errorPage="/Error.jsp"%>
<%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki"%>
<%@ page import="com.ecyrd.jspwiki.tags.WikiTagBase"%>
<%@ page import="javax.servlet.jsp.jstl.fmt.*"%>
<%!Logger log = Logger.getLogger( "JSPWiki" );

    String message = null;

    public boolean resetPassword( WikiEngine wiki, HttpServletRequest request, ResourceBundle rb )
    {
        // Reset pw for account name
        String name = request.getParameter( "name" );
        UserDatabase userDatabase = wiki.getUserManager().getUserDatabase();
        boolean success = false;

        try
        {
            UserProfile profile = null;
            /*
             // This is disabled because it would otherwise be possible to DOS JSPWiki instances
             // by requesting new passwords for all users.  See https://issues.apache.org/jira/browse/JSPWIKI-78
             try
             {
             profile = userDatabase.find(name);
             }
             catch (NoSuchPrincipalException e)
             {
             // Try email as well
             }
             */
            if( profile == null )
            {
                profile = userDatabase.findByEmail( name );
            }

            String email = profile.getEmail();

            String randomPassword = TextUtil.generateRandomPassword();

            // Try sending email first, as that is more likely to fail.

            Object[] args = { profile.getLoginName(), randomPassword,
                             wiki.getURLConstructor().makeURL( WikiContext.NONE, "Login.jsp", true, "" ), wiki.getApplicationName() };

            String mailMessage = MessageFormat.format( rb.getString( "lostpwd.newpassword.email" ), args );

            Object[] args2 = { wiki.getApplicationName() };
            MailUtil.sendMessage( wiki, email, MessageFormat.format( rb.getString( "lostpwd.newpassword.subject" ), args2 ),
                                  mailMessage );

            log.info( "User " + email + " requested and received a new password." );

            // Mail succeeded.  Now reset the password.
            // If this fails, we're kind of screwed, because we already emailed.
            profile.setPassword( randomPassword );
            userDatabase.save( profile );
            userDatabase.commit();
            success = true;
        }
        catch( NoSuchPrincipalException e )
        {
            Object[] args = { name };
            message = MessageFormat.format( rb.getString( "lostpwd.nouser" ), args );
            log.info( "Tried to reset password for non-existent user '" + name + "'" );
        }
        catch( SendFailedException e )
        {
            message = rb.getString( "lostpwd.nomail" );
            log.error( "Tried to reset password and got SendFailedException: " + e );
        }
        catch( AuthenticationFailedException e )
        {
            message = rb.getString( "lostpwd.nomail" );
            log.error( "Tried to reset password and got AuthenticationFailedException: " + e );
        }
        catch( Exception e )
        {
            message = rb.getString( "lostpwd.nomail" );
            log.error( "Tried to reset password and got another exception: " + e );
        }
        return success;
    }%>
<%
    WikiEngine wiki = WikiEngine.getInstance( getServletConfig() );

    //Create wiki context like in Login.jsp:
    //don't check for access permissions: if you have lost your password you cannot login!
    WikiContext wikiContext = (WikiContext) pageContext.getAttribute( WikiTagBase.ATTR_CONTEXT, PageContext.REQUEST_SCOPE );

    // If no context, it means we're using container auth.  So, create one anyway
    if( wikiContext == null )
    {
        wikiContext = wiki.createContext( request, WikiContext.LOGIN ); /* reuse login context ! */
        pageContext.setAttribute( WikiTagBase.ATTR_CONTEXT, wikiContext, PageContext.REQUEST_SCOPE );
    }

    ResourceBundle rb = wikiContext.getBundle( "CoreResources" );

    WikiSession wikiSession = wikiContext.getWikiSession();
    String action = request.getParameter( "action" );

    boolean done = false;

    if( (action != null) && (action.equals( "resetPassword" )) )
    {
        if( resetPassword( wiki, request, rb ) )
        {
            done = true;
            wikiSession.addMessage( "resetpwok", rb.getString( "lostpwd.emailed" ) );
            pageContext.setAttribute( "passwordreset", "done" );
        }
        else
        // Error
        {
            wikiSession.addMessage( "resetpw", message );
        }
    }

    response.setContentType( "text/html; charset=" + wiki.getContentEncoding() );
    response.setHeader( "Cache-control", "max-age=0" );
    response.setDateHeader( "Expires", new Date().getTime() );
    response.setDateHeader( "Last-Modified", new Date().getTime() );

    String contentPage = wiki.getTemplateManager().findJSP( pageContext, wikiContext.getTemplate(), "ViewTemplate.jsp" );
%>
<wiki:Include page="<%=contentPage%>" />