1 /*******************************************************************************
2 * Copyright � Igor Barma, Alexandre Desoubeaux, Christian Martel, Eric Brun, Mathieu Amblard, Gwenael Gevet, Pierre Guillot, 2012
3 * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Alexandre Lefevre, Marc Salvat 2014-2016
4 * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Marc Salvat, Marc Suarez, Harifetra Ramamonjy 2017
6 * This file is part of the work and learning management system Pentila Nero.
8 * Pentila Nero is free software. You can redistribute it and/or modify since
9 * you respect the terms of either (at least one of the both license) :
10 * - under the terms of the GNU Affero General Public License as
11 * published by the Free Software Foundation, either version 3 of the
12 * License, or (at your option) any later version.
13 * - the CeCILL-C as published by CeCILL-C; either version 1 of the
14 * License, or any later version
15 * - the GNU Lesser General Public License as published by the
16 * Free Software Foundation, either version 3 of the license,
17 * or (at your option) any later version.
19 * There are special exceptions to the terms and conditions of the
20 * licenses as they are applied to this software. View the full text of
21 * the exception in file LICENSE-PROJECT.txt in the directory of this software
24 * Pentila Nero is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * Licenses for more details.
29 * You should have received a copy of the GNU Affero General Public License
30 * and the CeCILL-C and the GNU Lesser General Public License along with
31 * Pentila Nero. If not, see :
32 * <http://www.gnu.org/licenses/> and
33 * <http://www.cecill.info/licences.fr.html>.
34 ******************************************************************************/
35 package com.pentila.entSavoie.userProperties.action;
37 import java.math.BigInteger;
38 import java.security.SecureRandom;
39 import java.text.SimpleDateFormat;
40 import java.util.Date;
42 import javax.mail.internet.InternetAddress;
43 import javax.portlet.ActionRequest;
44 import javax.portlet.ActionResponse;
45 import javax.portlet.PortletConfig;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
49 import net.tanesha.recaptcha.ReCaptchaImpl;
50 import net.tanesha.recaptcha.ReCaptchaResponse;
52 import org.apache.struts.action.ActionForm;
53 import org.apache.struts.action.ActionForward;
54 import org.apache.struts.action.ActionMapping;
56 import com.liferay.mail.service.MailServiceUtil;
57 import com.liferay.portal.kernel.mail.MailMessage;
58 import com.liferay.portal.kernel.util.ParamUtil;
59 import com.liferay.portal.model.User;
60 import com.liferay.portal.security.ldap.PasswordUtil;
61 import com.liferay.portal.service.CompanyLocalServiceUtil;
62 import com.liferay.portal.service.UserLocalServiceUtil;
63 import com.liferay.portal.struts.ActionConstants;
64 import com.liferay.portal.struts.PortletAction;
65 import com.liferay.portal.util.PortalUtil;
66 import com.pentila.entSavoie.userProperties.model.UserProperties;
67 import com.pentila.entSavoie.userProperties.service.UserPropertiesLocalServiceUtil;
68 import com.pentila.entSavoie.utils.ENTMainUtilsLocalServiceUtil;
71 * Demande de recuperation de mot de passe
73 public class ResetPasswordAction extends PortletAction {
75 public ActionForward strutsExecute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
78 String key = ParamUtil.getString(request, "key");
82 params = resetPassword(key);
84 String challenge = ParamUtil.getString(request, "recaptcha_challenge_field", "");
85 String uresponse = ParamUtil.getString(request, "recaptcha_response_field", "");
86 String login = ParamUtil.getString(request, "login", "").toLowerCase();
87 String mail = ParamUtil.getString(request, "mail", "").toLowerCase();
89 String remoteAddr = request.getRemoteAddr();
91 ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
92 reCaptcha.setPrivateKey(ENTMainUtilsLocalServiceUtil.getEntCaptchaPrivateKey());
94 ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, uresponse);
96 if (reCaptchaResponse.isValid()) {
97 params = sendKeyPasswordRecovery(login, mail, remoteAddr);
99 params = "?incorrect_captcha=true&mail=" + mail + "&login=" + login;
103 response.sendRedirect(ENTMainUtilsLocalServiceUtil.getEntResetPasswordUrl() + params);
107 catch (Exception e) {
108 PortalUtil.sendError(e, request, response);
114 public void processAction(ActionMapping mapping, ActionForm form, PortletConfig portletConfig, ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
116 String key = ParamUtil.getString(actionRequest, "key");
120 params = resetPassword(key);
122 String challenge = ParamUtil.getString(actionRequest, "recaptcha_challenge_field", "");
123 String uresponse = ParamUtil.getString(actionRequest, "recaptcha_response_field", "");
124 String login = ParamUtil.getString(actionRequest, "login", "").toLowerCase();
125 String mail = ParamUtil.getString(actionRequest, "mail", "").toLowerCase();
127 String remoteAddr = PortalUtil.getHttpServletRequest(actionRequest).getRemoteAddr();
129 ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
130 reCaptcha.setPrivateKey(ENTMainUtilsLocalServiceUtil.getEntCaptchaPrivateKey());
132 ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(remoteAddr, challenge, uresponse);
134 if (reCaptchaResponse.isValid()) {
135 params = sendKeyPasswordRecovery(login, mail, remoteAddr);
137 params = "?incorrect_captcha=true&mail=" + mail + "&login=" + login;
141 actionResponse.sendRedirect(ENTMainUtilsLocalServiceUtil.getEntResetPasswordUrl() + params);
143 setForward(actionRequest, ActionConstants.COMMON_NULL);
145 catch (Exception e) {
146 PortalUtil.sendError(e, actionRequest, actionResponse);
150 private String sendKeyPasswordRecovery(String login, String mail, String ip) throws Exception {
151 long companyId = CompanyLocalServiceUtil.getCompanies().get(0).getCompanyId();
154 // Recupertation de l'utilisateur a partir de son login
155 boolean incorrectLogin = false;
156 if(!login.isEmpty()){
158 user = UserLocalServiceUtil.getUserByScreenName(companyId, login);
159 } catch(Exception e){
160 // Le login entre est incorrect
161 incorrectLogin = true;
165 // Recupertation de l'utilisateur a partir de son adresse mail de recuperation
169 long userId = UserPropertiesLocalServiceUtil.getUserPropertiesByMailPasswordRecovery(mail).getUserId();
170 user = UserLocalServiceUtil.getUser(userId);
171 } catch(Exception e){
172 // Le mail entre est incorrect
173 return "?incorrect_mail=true&mail=" + mail + (incorrectLogin?"&incorrect_login=true&login=" + login:"") ;
176 return "?incorrect_login=true&login=" + login;
181 mail = UserPropertiesLocalServiceUtil.getUserPropertiesByUserId(user.getUserId()).getMailPasswordRecovery();
183 // Obtention de l'adresse mail de recupertaion du mot de passe
184 UserProperties up = UserPropertiesLocalServiceUtil.getUserPropertiesByUserId(user.getUserId());
185 mail = up.getMailPasswordRecovery();
188 return "?success=false&incorrect_rescue_mail=true";
191 // Set de la key permettant de recuperer l'identifiant et le mot de passe
192 SecureRandom random = new SecureRandom();
193 String key = new BigInteger(130, random).toString(32);
194 up.setKeyPasswordRecovery(key);
195 UserPropertiesLocalServiceUtil.updateUserProperties(up, false);
197 // Envoi du mot de passe a l'utilisateur
198 String noReplyMail = ENTMainUtilsLocalServiceUtil.getMailNoReply(companyId);
200 InternetAddress iaTo = new InternetAddress(mail);
201 InternetAddress iaFrom = new InternetAddress(noReplyMail);
203 MailMessage mailMessage = new MailMessage();
204 mailMessage.setFrom(iaFrom);
205 mailMessage.setTo(iaTo);
207 mailMessage.setHTMLFormat(true);
209 String entPlateformName = ENTMainUtilsLocalServiceUtil.getEntPlateformName();
210 String subject = "ENT " + entPlateformName + " : Réinitialisation de votre mot de passe (1/2)";
211 mailMessage.setSubject(subject);
213 SimpleDateFormat frenchDateFormat = new SimpleDateFormat("dd-MM-yyyy HH:mm");
214 String body = "Bonjour " + user.getFullName() + ", </br></br>" +
215 "Pour réinitialiser votre mot de passe et obtenir vos nouveaux identifiants de connexion sur la plateforme " + entPlateformName + ", veuillez cliquer sur le lien ci-dessous : <br/>" +
216 "<a href='" + PortalUtil.getPortalProperties().getProperty("absolute.url") + "/c/userProperties/reset_password?key=" + key + "'>Réinitialiser mes identifiants de connexion</a> <br/>" +
217 "Un message vous sera transmis avec vos nouvelles données personnelles de connexion. <br/>" +
218 "Ce lien est unique et ne pourra pas être réutulisé. <br/><br/>" +
219 "<i>Si vous n'êtes pas l'initiateur de la demande de réinitialisation de votre mot de passe, merci de ne pas prendre en compte ce message.</i><br/><br/>" +
220 "Cordialement,<br/>" +
221 "L'équipe Technique. <br/><br/>" +
222 "<i style='color: grey; font-size: 11px;'>" +
223 "Ce message a été envoyé depuis la machine " + ip + " le " + frenchDateFormat.format(new Date()) + "." +
225 mailMessage.setBody(body);
226 MailServiceUtil.sendEmail(mailMessage);
227 return "?success=true";
230 return "?success=false";
233 private String resetPassword(String key) throws Exception {
235 long companyId = CompanyLocalServiceUtil.getCompanies().get(0).getCompanyId();
238 // Recupertation de l'utilisateur a partir de son login
240 UserProperties up = UserPropertiesLocalServiceUtil.getUserPropertiesByKeyPasswordRecovery(key);
241 user = UserLocalServiceUtil.getUser(up.getUserId());
242 } catch(Exception e){
243 // La key est incorrect
247 // Obtention de l'adresse mail de recupertaion du mot de passe
248 UserProperties up = UserPropertiesLocalServiceUtil.getUserPropertiesByUserId(user.getUserId());
249 up.setKeyPasswordRecovery("");
250 UserPropertiesLocalServiceUtil.updateUserProperties(up, false);
252 String mail = up.getMailPasswordRecovery();
254 // Reset du mot de passe
255 String password = PasswordUtil.generatePassword();
256 UserLocalServiceUtil.updatePassword(user.getUserId(), password, password, true);
258 // Envoi du mot de passe a l'utilisateur
259 String noReplyMail = ENTMainUtilsLocalServiceUtil.getMailNoReply(companyId);
261 InternetAddress iaTo = new InternetAddress(mail);
262 InternetAddress iaFrom = new InternetAddress(noReplyMail);
264 MailMessage mailMessage = new MailMessage();
265 mailMessage.setFrom(iaFrom);
266 mailMessage.setTo(iaTo);
268 mailMessage.setHTMLFormat(true);
270 String entPlateformName = ENTMainUtilsLocalServiceUtil.getEntPlateformName();
271 String subject = "ENT " + entPlateformName + " : Réinitialisation de votre mot de passe (2/2)";
272 mailMessage.setSubject(subject);
274 String body = "Bonjour " + user.getFullName() + ", </br></br>" +
275 "Votre demande de réinitialisation de mot de passe a été traitée avec succès. <br/>" +
276 "Voici vos nouvelles informations de connexion sur la plateforme " + entPlateformName + " : <br/>" +
277 " • Identifiant : " + user.getScreenName() + "<br/>" +
278 " • Mot de passe : " + password + "<br/><br/>" +
279 "Pour des raisons de sécurité, il vous sera demandée de le modifier lors de votre prochaine connexion sur l'ENT.<br/><br/>" +
280 "Cordialement,<br/>" +
281 "L'équipe Technique.";
282 mailMessage.setBody(body);
283 MailServiceUtil.sendEmail(mailMessage);
285 return "?success_init=true";
288 return "?success_init=false";