amy/venice-main-classic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added automated password recovery to the password reminder messages

Browse Source
This commit is contained in:
Eric J. Bowersox
2001-11-05 00:40:07 +00:00
parent 1c69955046
commit e201ecb34b
9 changed files with 416 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/com/silverwrist/venice/core/VeniceEngine.java
+3
View File
@@ -44,6 +44,9 @@ public interface VeniceEngine extends SearchMode
public abstract void sendPasswordReminder(String username)
throws DataException, AccessError, EmailException;
public abstract void completePasswordChange(int uid, int authentication)
throws DataException, AccessError, EmailException;
public abstract UserContext createNewAccount(String remote_addr, String username, String password,
String reminder) throws DataException, AccessError;
src/com/silverwrist/venice/core/impl/VeniceEngineImpl.java
+150 -4
View File
@@ -31,6 +31,7 @@ import com.silverwrist.venice.htmlcheck.*;
import com.silverwrist.venice.htmlcheck.dict.*;
import com.silverwrist.venice.htmlcheck.filters.*;
import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.PasswordGenerator;
import com.silverwrist.venice.security.PasswordHash;
import com.silverwrist.venice.security.DefaultLevels;
@@ -408,6 +409,64 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
} // end class ConferenceCoreDataCreator
/*--------------------------------------------------------------------------------
* Internal class for password change requests
*--------------------------------------------------------------------------------
*/
class PasswordChangeRequest
{
private static final long EXPIRE_TIME = 3600000L; // one hour
private int uid; // UID of the password change request
private String username; // username of the password change request
private int authentication; // authentication value
private String email; // email address
private long timestamp; // current timestamp
PasswordChangeRequest(int uid, String username, String email)
{
this.uid = uid;
this.username = username;
this.email = email;
this.authentication = rng.nextInt(Integer.MAX_VALUE);
this.timestamp = System.currentTimeMillis();
} // end constructor
final int getUID()
{
return uid;
} // end getUID
final String getUserName()
{
return username;
} // end getUserName
final int getAuthentication()
{
return authentication;
} // end getAuthentication
final String getEmail()
{
return email;
} // end getEmail
final boolean isExpired()
{
long diff = System.currentTimeMillis() - timestamp;
return (diff>EXPIRE_TIME);
} // end isExpired
} // end class PasswordChangeRequest
/*--------------------------------------------------------------------------------
* Static data values
*--------------------------------------------------------------------------------
@@ -445,6 +504,7 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
private LinkedList cache_fp_posts = new LinkedList(); // all posts that have been published to front page
private boolean cache_fp_posts_busy = false; // busy flag for above vector
private HashSet no_compress_types = new HashSet(); // the file types that can't be compressed
private HashMap password_changes = new HashMap(); // current password change requests
/*--------------------------------------------------------------------------------
* Constructor
@@ -1025,8 +1085,8 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
{ // look for a user name matching this user record
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("SELECT c.email, u.passreminder FROM users u, contacts c WHERE "
+ "u.contactid = c.contactid AND u.username = '");
StringBuffer sql = new StringBuffer("SELECT c.email, u.uid, u.passreminder FROM users u, contacts c "
+ "WHERE u.contactid = c.contactid AND u.username = '");
sql.append(SQLUtil.encodeString(username)).append("';");
ResultSet rs = stmt.executeQuery(sql.toString());
if (!(rs.next()))
@@ -1041,6 +1101,10 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
if (logger.isDebugEnabled())
logger.debug("sendPasswordReminder(\"" + username + "\") going out to \"" + email_addr + "\"");
// Enqueue a password change request.
PasswordChangeRequest pcr = new PasswordChangeRequest(rs.getInt(2),username,email_addr);
password_changes.put(new Integer(pcr.getUID()),pcr);
// Create the message to be sent.
String message = getStockMessage("reminder");
if (message==null)
@@ -1051,9 +1115,11 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
} // end if
// Replace the message variables.
HashMap vars = new HashMap(2);
HashMap vars = new HashMap(4);
vars.put("username",username);
vars.put("reminder",rs.getString(2));
vars.put("reminder",rs.getString(3));
vars.put("change.uid",String.valueOf(pcr.getUID()));
vars.put("change.auth",String.valueOf(pcr.getAuthentication()));
message = StringUtil.replaceAllVariables(message,vars);
// Find the message subject.
@@ -1086,6 +1152,86 @@ public class VeniceEngineImpl implements VeniceEngine, EngineBackend
} // end sendPasswordReminder
public void completePasswordChange(int uid, int authentication)
throws DataException, AccessError, EmailException
{
checkInitialized();
Integer key = new Integer(uid);
PasswordChangeRequest pcr;
synchronized (this)
{ // make sure we can't pull the same request out twice!
pcr = (PasswordChangeRequest)(password_changes.get(key));
if (pcr==null)
throw new AccessError("Password change request not found.");
password_changes.remove(key); // can't use the same request twice!
} // end synchronized block
if (authentication!=pcr.getAuthentication())
throw new AccessError("Invalid password change request.");
if (pcr.isExpired())
throw new AccessError("Password change request has expired.");
if (logger.isDebugEnabled())
logger.debug("completePasswordChange for user \"" + pcr.getUserName() + "\"");
// Request is valid; synthesize a new password
PasswordGenerator pgen = new PasswordGenerator();
PasswordHash phash = new PasswordHash(pgen.toString());
Connection conn = null;
try
{ // perform the database update
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("UPDATE users SET passhash = '");
sql.append(phash.toString()).append("' WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
} // end try
catch (SQLException e)
{ // database error - this is a DataException
logger.error("DB error resetting password for user: " + e.getMessage(),e);
throw new DataException("unable to reset password: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
// Create the message to be sent.
String message = getStockMessage("password-change");
if (message==null)
{ // what? the message does not exist?
logger.error("\"password-change\" message does not exist in config file!");
throw new DataException("INTERNAL: password change message not specified");
} // end if
// Replace the message variables.
HashMap vars = new HashMap(2);
vars.put("username",pcr.getUserName());
vars.put("password",pgen.toString());
message = StringUtil.replaceAllVariables(message,vars);
// Find the message subject.
String subject = getStockMessage("password-change-subject");
if (subject==null)
subject = "Venice Password Changed";
// Create the emailer and send the message.
SimpleEmailer emailer = createEmailer();
emailer.setTo(pcr.getEmail());
emailer.setSubject(subject);
emailer.setText(message);
emailer.send();
if (logger.isDebugEnabled())
logger.debug("...email sent");
} // end completePasswordChange
public UserContext createNewAccount(String remote_addr, String username, String password, String reminder)
throws DataException, AccessError
{