89 password reset

5 years ago · 90799356ab
parent 56f083e757
commit 90799356ab
13 changed files with 161 additions and 76 deletions
--- a/src/main/java/ru/ulstu/configuration/Constants.java
+++ b/src/main/java/ru/ulstu/configuration/Constants.java
@ -21,4 +21,5 @@ public class Constants {
    public static final String PASSWORD_RESET_REQUEST_PAGE = "/resetRequest";
    public static final String PASSWORD_RESET_PAGE = "/reset";
    public static final int RESET_KEY_LENGTH = 6;
 }
--- a/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
+++ b/src/main/java/ru/ulstu/configuration/SecurityConfiguration.java
@ -104,7 +104,8 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                .antMatchers("/css/**")
                .antMatchers("/js/**")
                .antMatchers("/templates/**")
-                .antMatchers("/webjars/**");
+                .antMatchers("/webjars/**")
                .antMatchers("/img/**");
    }
    @Autowired
--- a/src/main/java/ru/ulstu/core/controller/AdviceController.java
+++ b/src/main/java/ru/ulstu/core/controller/AdviceController.java
@ -34,11 +34,11 @@ public class AdviceController {
    public AdviceController(UserService userService) {
        this.userService = userService;
    }
-
+//
-    @ModelAttribute("currentUser")
+//    @ModelAttribute("currentUser")
-    public String getCurrentUser() {
+//    public String getCurrentUser() {
-        return userService.getCurrentUser().getUserAbbreviate();
+//        return userService.getCurrentUser().getUserAbbreviate();
-    }
+//    }
    @ModelAttribute("flashMessage")
    public String getFlashMessage() {
--- a/src/main/java/ru/ulstu/core/model/ErrorConstants.java
+++ b/src/main/java/ru/ulstu/core/model/ErrorConstants.java
@ -9,9 +9,9 @@ public enum ErrorConstants {
    USER_EMAIL_EXISTS(102, "Пользователь с таким почтовым ящиком уже существует"),
    USER_LOGIN_EXISTS(103, "Пользователь с таким логином уже существует"),
    USER_PASSWORDS_NOT_VALID_OR_NOT_MATCH(104, "Пароли введены неверно"),
-    USER_NOT_FOUND(105, "User is not found"),
+    USER_NOT_FOUND(105, "Аккаунт не найден"),
    USER_NOT_ACTIVATED(106, "User is not activated"),
-    USER_RESET_ERROR(107, "Invalid reset key"),
+    USER_RESET_ERROR(107, "Некорректный ключ подтверждения"),
    USER_UNDEAD_ERROR(108, "Can't edit/delete that user"),
    FILE_UPLOAD_ERROR(110, "File upload error"),
    USER_SENDING_MAIL_EXCEPTION(111, "Во время отправки приглашения пользователю произошла ошибка");
--- a/src/main/java/ru/ulstu/user/controller/UserController.java
+++ b/src/main/java/ru/ulstu/user/controller/UserController.java
@ -148,16 +148,15 @@ public class UserController extends OdinController<UserListDto, UserDto> {
    }
    @PostMapping(PASSWORD_RESET_REQUEST_URL)
-    public Response<Boolean> requestPasswordReset(@RequestParam("email") String email) {
+    public void requestPasswordReset(@RequestParam("email") String email) {
        log.debug("REST: UserController.requestPasswordReset( {} )", email);
-        return new Response<>(userService.requestUserPasswordReset(email));
+        userService.requestUserPasswordReset(email);
    }
    @PostMapping(PASSWORD_RESET_URL)
-    public Response<Boolean> finishPasswordReset(@RequestParam("key") String key,
+    public Response<Boolean> finishPasswordReset(@RequestBody UserResetPasswordDto userResetPasswordDto) {
-                                                 @RequestBody UserResetPasswordDto userResetPasswordDto) {
+        log.debug("REST: UserController.requestPasswordReset( {} )", userResetPasswordDto.getResetKey());
-        log.debug("REST: UserController.requestPasswordReset( {} )", key);
+        return new Response<>(userService.completeUserPasswordReset(userResetPasswordDto));
        return new Response<>(userService.completeUserPasswordReset(key, userResetPasswordDto));
    }
    @PostMapping("/changePassword")
--- a/src/main/java/ru/ulstu/user/model/UserResetPasswordDto.java
+++ b/src/main/java/ru/ulstu/user/model/UserResetPasswordDto.java
@ -14,6 +14,10 @@ public class UserResetPasswordDto {
    @Size(min = Constants.MIN_PASSWORD_LENGTH, max = 50)
    private String passwordConfirm;
    @NotEmpty
    @Size(min = Constants.RESET_KEY_LENGTH)
    private String resetKey;
    public String getPassword() {
        return password;
    }
@ -25,4 +29,8 @@ public class UserResetPasswordDto {
    public boolean isPasswordsValid() {
        return Objects.equals(password, passwordConfirm);
    }
    public String getResetKey() {
        return resetKey;
    }
 }
--- a/src/main/java/ru/ulstu/user/service/MailService.java
+++ b/src/main/java/ru/ulstu/user/service/MailService.java
@ -106,8 +106,7 @@ public class MailService {
        sendEmailFromTemplate(user, "activationEmail", Constants.MAIL_ACTIVATE);
    }
-    @Async
+    public void sendPasswordResetMail(User user) throws MessagingException, MailException {
    public void sendPasswordResetMail(User user) {
        sendEmailFromTemplate(user, "passwordResetEmail", Constants.MAIL_RESET);
    }
@ -118,6 +117,5 @@ public class MailService {
    @Async
    public void sendChangePasswordMail(User user) {
        sendEmailFromTemplate(user, "passwordChangeEmail", Constants.MAIL_CHANGE_PASSWORD);
    }
 }
--- a/src/main/java/ru/ulstu/user/service/UserService.java
+++ b/src/main/java/ru/ulstu/user/service/UserService.java
@ -236,7 +236,7 @@ public class UserService implements UserDetailsService {
        mailService.sendChangePasswordMail(user);
    }
-    public boolean requestUserPasswordReset(String email) {
+    public boolean requestUserPasswordReset(String email)  {
        User user = userRepository.findOneByEmailIgnoreCase(email);
        if (user == null) {
            throw new UserNotFoundException(email);
@ -247,23 +247,30 @@ public class UserService implements UserDetailsService {
        user.setResetKey(UserUtils.generateResetKey());
        user.setResetDate(new Date());
        user = userRepository.save(user);
-        mailService.sendPasswordResetMail(user);
+        try {
            mailService.sendPasswordResetMail(user);
        } catch (MessagingException | MailException e) {
            throw new UserSendingMailException(email);
        }
        log.debug("Created Reset Password Request for User: {}", user.getLogin());
        return true;
    }
-    public boolean completeUserPasswordReset(String key, UserResetPasswordDto userResetPasswordDto) {
+    public boolean completeUserPasswordReset(UserResetPasswordDto userResetPasswordDto) {
        if (!userResetPasswordDto.isPasswordsValid()) {
-            throw new UserPasswordsNotValidOrNotMatchException("");
+            throw new UserPasswordsNotValidOrNotMatchException("Пароли не совпадают");
        }
-        User user = userRepository.findOneByResetKey(key);
+        User user = userRepository.findOneByResetKey(userResetPasswordDto.getResetKey());
        if (user == null) {
-            throw new UserResetKeyError(key);
+            throw new UserResetKeyError(userResetPasswordDto.getResetKey());
        }
        user.setPassword(passwordEncoder.encode(userResetPasswordDto.getPassword()));
        user.setResetKey(null);
        user.setResetDate(null);
        user = userRepository.save(user);
        mailService.sendChangePasswordMail(user);
        log.debug("Reset Password for User: {}", user.getLogin());
        return true;
    }
--- a/src/main/resources/mail_templates/passwordResetEmail.html
+++ b/src/main/resources/mail_templates/passwordResetEmail.html
@ -1,23 +1,19 @@
 <!DOCTYPE html>
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
-    <title>Password reset</title>
+    <title>Восстановление пароля</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
    <link rel="shortcut icon" th:href="@{|${baseUrl}/favicon.ico|}"/>
 </head>
 <body>
 <p>
-    Dear <span th:text="${user.firstName + ' ' + user.lastName}">Ivan Ivanov</span>
+    Дорогой <span th:text="${user.firstName + ' ' + user.lastName}">Ivan Ivanov</span>
 </p>
 <p>
-    For your account a password reset was requested, please click on the URL below to
+    Ваш ключ для восстановления пароля <span th:text="${user.resetKey}"></span>
 </p>
 <p>
-    <a th:href="@{|${baseUrl}/reset?key=${user.resetKey}|}"
+    С уважением,
       th:text="@{|${baseUrl}/reset?key=${user.resetKey}|}">Reset Link</a>
 </p>
 <p>
    Regards,
    <br/>
    <em>Balance Team.</em>
 </p>
--- a/src/main/resources/public/css/base.css
+++ b/src/main/resources/public/css/base.css
@ -0,0 +1,3 @@
 .loader {
    padding-left:50%
 }
--- a/src/main/resources/public/img/main/ajax-loader.gif
+++ b/src/main/resources/public/img/main/ajax-loader.gif
--- a/src/main/resources/public/js/users.js
+++ b/src/main/resources/public/js/users.js
@ -35,10 +35,7 @@ function changePassword() {
 function inviteUser() {
    email = document.getElementById("email").value;
-    re = /\S+@\S+\.\S+/;
+    if (!isEmailValid(email)) {
    if (!re.test(email)) {
        showFeedbackMessage("Некорректный почтовый ящик", MessageTypesEnum.WARNING);
        return;
    }
@ -55,4 +52,77 @@ function inviteUser() {
            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
        }
    })
 }
 function requestResetPassword() {
    email = document.getElementById("emailReset").value
    if (!isEmailValid(email)) {
        showFeedbackMessage("Некорректный почтовый ящик", MessageTypesEnum.WARNING);
        return;
    }
    document.getElementById("dvloader").hidden = false;
    $.ajax({
        url:"/api/1.0/users/password-reset-request?email=" + email,
        contentType: "application/json; charset=utf-8",
        method: "POST",
        success: function() {
            showFeedbackMessage("Проверочный код был отправлен на указанный почтовый ящик", MessageTypesEnum.SUCCESS)
            document.getElementById("passwordNew").hidden = false
            document.getElementById("passwordConfirm").hidden = false
            document.getElementById("btnReset").hidden = false
            document.getElementById("resetKey").hidden = false
            document.getElementById("emailReset").hidden = true
            document.getElementById("btnSend").hidden = true
            document.getElementById("dvloader").hidden = true;
        },
        error: function(errorData) {
            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
            document.getElementById("dvloader").hidden = true;
        }
    })
 }
 function resetPassword() {
    passwordNew = document.getElementById("passwordNew").value;
    passwordConfirm = document.getElementById("passwordConfirm").value;
    resetKey = document.getElementById("resetKey").value;
    if ([passwordNew, passwordConfirm, resetKey].includes("")) {
        showFeedbackMessage("Заполните все поля", MessageTypesEnum.WARNING);
        return;
    }
    if (passwordNew != passwordConfirm) {
        showFeedbackMessage("Пароли не совпадают", MessageTypesEnum.WARNING);
        return;
    }
    $.ajax({
        url:"/api/1.0/users/password-reset",
        contentType: "application/json; charset=utf-8",
        method: "POST",
        data: JSON.stringify({
            "password": passwordNew,
            "passwordConfirm": passwordConfirm,
            "resetKey": resetKey,
        }),
        success: function() {
            showFeedbackMessage("Пользователь был успешно приглашен", MessageTypesEnum.SUCCESS)
            window.location.href = "/login"
        },
        error: function(errorData) {
            showFeedbackMessage(errorData.responseJSON.error.message, MessageTypesEnum.WARNING)
        }
    })
 }
 function isEmailValid(email) {
    re = /\S+@\S+\.\S+/;
    return re.test(email)
 }
--- a/src/main/resources/templates/resetRequest.html
+++ b/src/main/resources/templates/resetRequest.html
@ -1,9 +1,10 @@
 <!DOCTYPE html>
 <html lang="en"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
-      layout:decorator="default">
+      layout:decorator="default" xmlns:th="http://www.w3.org/1999/xhtml">
 <head>
    <script src="/js/users.js"></script>
    <link rel="stylesheet" href="../css/base.css"/>
 </head>
 <body>
 <nav layout:fragment="navbar">
@ -12,46 +13,47 @@
                class="fa fa-plane fa-4" aria-hidden="true"></i> Balance</span></a>
    </div>
 </nav>
-<div class="container" layout:fragment="content">
+<div layout:fragment="content">
-    <form id="reset-form" method="post" class="margined-top-10">
+    <section class="bg-light" id="portfolio">
-        <fieldset>
+
-            <div class="form-group">
+        <div class="container">
-                <input type="email" name="email" id="email" class="form-control"
+            <div class="row justify-content-md-center">
-                       placeholder="E-Mail" required="true" autofocus="autofocus"/>
+                <div class="col-lg-6">
-            </div>
+                    <div class="form-group">
-            <button type="submit" class="btn btn-success btn-block">Сбросить пароль</button>
+                        <input type="text" name="email" id="emailReset" class="form-control"
-            <div class="form-group">
+                               placeholder="E-Mail"/>
-                <small class="form-text text-muted">
+                    </div>
-                    <a href="/login">Вернуться к странице входа</a>
+                    <div class="form-group">
-                </small>
+                        <input type="password" name="email" id="passwordNew" class="form-control"
                               placeholder="Новый пароль" hidden="true"/>
                    </div>
                    <div class="form-group">
                        <input type="password" name="email" id="passwordConfirm" class="form-control"
                               placeholder="Подтвердите пароль" hidden="true"/>
                    </div>
                    <div class="form-group">
                        <input type="text" name="email" id="resetKey" class="form-control"
                               placeholder="Код подтверждения" hidden="true"/>
                    </div>
                    <div id="dvloader" class="loader" hidden="true"><img src="../img/main/ajax-loader.gif" /></div>
                    <button id="btnSend" type="button" onclick="requestResetPassword()"
                            class="btn btn-success btn-block">
                        Отправить код подтверждения
                    </button>
                    <button id="btnReset" hidden="true" type="button" onclick="resetPassword()"
                            class="btn btn-success btn-block">
                        Сбросить
                        пароль
                    </button>
                    <div class="form-group">
                        <small class="form-text text-muted">
                            <a href="/login">Вернуться к странице входа</a>
                        </small>
                    </div>
                </div>
            </div>
-        </fieldset>
+        </div>
-    </form>
+    </section>
 </div>
 <th:block layout:fragment="data-scripts">
    <script type="text/javascript">
        /*<![CDATA[*/
        $(document).ready(function () {
            $("#reset-form").submit(function () {
                var email = $("#email").val();
                if (isEmpty(email)) {
                    showFeedbackMessage("Адрес электронной почты не задан", MessageTypesEnum.DANGER);
                    return false;
                }
                postToRest(urlUsersPasswordResetRequest + "?email=" + email, null,
                    function () {
                        showFeedbackMessage("Запрос на смену пароля отправлен");
                    },
                    function () {
                        $("#email").val("");
                    }
                );
                return false;
            });
        });
        /*]]>*/
    </script>
 </th:block>
 </body>
 </html>