From 32775806750be2dc0d67f117283c49c07b297b61 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Tue, 15 Oct 2013 14:58:23 +0200
Subject: [PATCH] CL-232: add a web service to create a temporary key for a new
 password

---
 .../olat/registration/PwChangeController.java |   3 +-
 .../org/olat/registration/TemporaryKey.java   |  28 ++---
 .../restapi/ChangePasswordWebService.java     |  85 +++++++++++++
 .../registration/restapi/TemporaryKeyVO.java  | 117 ++++++++++++++++++
 .../olat/restapi/_spring/restApiContext.xml   |   1 +
 .../org/olat/restapi/ChangePasswordTest.java  |  81 ++++++++++++
 .../java/org/olat/test/AllTestsJunit4.java    |   1 +
 7 files changed, 301 insertions(+), 15 deletions(-)
 create mode 100644 src/main/java/org/olat/registration/restapi/ChangePasswordWebService.java
 create mode 100644 src/main/java/org/olat/registration/restapi/TemporaryKeyVO.java
 create mode 100644 src/test/java/org/olat/restapi/ChangePasswordTest.java

diff --git a/src/main/java/org/olat/registration/PwChangeController.java b/src/main/java/org/olat/registration/PwChangeController.java
index 0dc96daf286..daf6ce948fb 100644
--- a/src/main/java/org/olat/registration/PwChangeController.java
+++ b/src/main/java/org/olat/registration/PwChangeController.java
@@ -107,7 +107,8 @@ public class PwChangeController extends BasicController {
 			// no temporarykey is given, we assume step 1
 			//fxdiff FXOLAT-113: business path in DMZ
 			createEmailForm(ureq, wControl, initialEmail);
-			putInitialPanel(myContent);
+			LayoutMain3ColsController layoutCtr = new LayoutMain3ColsController(ureq, getWindowControl(), null, null, myContent, null);
+			putInitialPanel(layoutCtr.getInitialComponent());
 		} else {
 			// we check if given key is a valid temporary key
 			tempKey = rm.loadTemporaryKeyByRegistrationKey(pwKey);
diff --git a/src/main/java/org/olat/registration/TemporaryKey.java b/src/main/java/org/olat/registration/TemporaryKey.java
index 202a7ec80bb..b3486534ad3 100644
--- a/src/main/java/org/olat/registration/TemporaryKey.java
+++ b/src/main/java/org/olat/registration/TemporaryKey.java
@@ -41,59 +41,59 @@ public interface TemporaryKey {
 	/**
 	 * @return email address
 	 */
-	public abstract String getEmailAddress();
+	public String getEmailAddress();
 	/**
 	 * @param string
 	 */
-	public abstract void setEmailAddress(String string);
+	public void setEmailAddress(String string);
 	/**
 	 * @return The ip address the registration request came from
 	 */
-	public abstract String getIpAddress();
+	public String getIpAddress();
 	/**
 	 * @param string
 	 */
-	public abstract void setIpAddress(String string);
+	public void setIpAddress(String string);
 
 	/**
 	 * @return Creation date
 	 */
-	public abstract Date getCreationDate();
+	public Date getCreationDate();
 
 	/**
 	 * @return The key itself
 	 */
-	public abstract String getRegistrationKey();
+	public String getRegistrationKey();
 	/**
 	 * @param string
 	 */
-	public abstract void setRegistrationKey(String string);
+	public void setRegistrationKey(String string);
 	/**
 	 * @return Wether email has been sent.
 	 */
-	public abstract boolean isMailSent();
+	public boolean isMailSent();
 	/**
 	 * @param b
 	 */
-	public abstract void setMailSent(boolean b);
+	public void setMailSent(boolean b);
 	/**
 	 * @return Object key.
 	 */
-	public abstract Long getKey();
+	public Long getKey();
 	/**
 	 * @param long1
 	 */
-	public abstract void setKey(Long long1);
+	public void setKey(Long long1);
 	/**
 	 * @param date
 	 */
-	public abstract void setCreationDate(Date date);
+	public void setCreationDate(Date date);
 	/**
 	 * @return Registration action.
 	 */
-	public abstract String getRegAction();
+	public String getRegAction();
 	/**
 	 * @param string
 	 */
-	public abstract void setRegAction(String string);
+	public void setRegAction(String string);
 }
\ No newline at end of file
diff --git a/src/main/java/org/olat/registration/restapi/ChangePasswordWebService.java b/src/main/java/org/olat/registration/restapi/ChangePasswordWebService.java
new file mode 100644
index 00000000000..6a7c3a6b655
--- /dev/null
+++ b/src/main/java/org/olat/registration/restapi/ChangePasswordWebService.java
@@ -0,0 +1,85 @@
+/**
+ * OLAT - Online Learning and Training<br>
+ * http://www.olat.org
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Copyright (c) frentix GmbH<br>
+ * http://www.frentix.com<br>
+ * <p>
+ */
+package org.olat.registration.restapi;
+
+import static org.olat.restapi.security.RestSecurityHelper.isUserManager;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+
+import org.olat.basesecurity.BaseSecurity;
+import org.olat.core.CoreSpringFactory;
+import org.olat.core.id.Identity;
+import org.olat.core.id.UserConstants;
+import org.olat.registration.RegistrationManager;
+import org.olat.registration.TemporaryKey;
+import org.olat.user.UserModule;
+
+
+/**
+ * Webservice to create a temporary key to change the password
+ * 
+ * Initial date: 15.10.2013<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+@Path("pwchange")
+public class ChangePasswordWebService {
+	
+/**
+ * 
+ * @param identityKey
+ * @param request
+ * @return
+ */
+	@PUT
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
+	public Response register(@QueryParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
+		if(!isUserManager(request)) {
+			return Response.serverError().status(Status.UNAUTHORIZED).build();
+		}
+
+		BaseSecurity securityManager = CoreSpringFactory.getImpl(BaseSecurity.class);
+		Identity identity = securityManager.loadIdentityByKey(identityKey);
+		if(identity == null) {
+			return Response.serverError().status(Status.NOT_FOUND).build();
+		} else if(!UserModule.isPwdchangeallowed(identity)) {
+			return Response.serverError().status(Status.FORBIDDEN).build();
+		}
+
+		RegistrationManager rm = RegistrationManager.getInstance();
+		String emailAdress = identity.getUser().getProperty(UserConstants.EMAIL, null); 
+		TemporaryKey tk = rm.loadTemporaryKeyByEmail(emailAdress);
+		if (tk == null) {
+			String ip = request.getRemoteAddr();
+			tk = rm.createTemporaryKeyByEmail(emailAdress, ip, RegistrationManager.PW_CHANGE);
+		}
+
+		return Response.ok(new TemporaryKeyVO(tk)).build();
+	}
+}
diff --git a/src/main/java/org/olat/registration/restapi/TemporaryKeyVO.java b/src/main/java/org/olat/registration/restapi/TemporaryKeyVO.java
new file mode 100644
index 00000000000..d1716aee8c3
--- /dev/null
+++ b/src/main/java/org/olat/registration/restapi/TemporaryKeyVO.java
@@ -0,0 +1,117 @@
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.registration.restapi;
+
+import java.util.Date;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.olat.registration.TemporaryKey;
+
+/**
+ * 
+ * Initial date: 15.10.2013<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlRootElement(name = "temporaryKeyVO")
+public class TemporaryKeyVO {
+	
+	private Long key;
+	private String emailAddress;
+	private String ipAddress;
+	private Date creationDate;
+	private String registrationKey;
+	private String regAction;
+	private boolean mailSent;
+	
+	public TemporaryKeyVO() {
+		//
+	}
+	
+	public TemporaryKeyVO(TemporaryKey tk) {
+		this.key = tk.getKey();
+		this.emailAddress = tk.getEmailAddress();
+		this.ipAddress = tk.getIpAddress();
+		this.creationDate = tk.getCreationDate();
+		this.registrationKey = tk.getRegistrationKey();
+		this.regAction = tk.getRegAction();
+		this.mailSent = tk.isMailSent();
+	}
+	
+	public Long getKey() {
+		return key;
+	}
+	
+	public void setKey(Long key) {
+		this.key = key;
+	}
+	
+	public String getEmailAddress() {
+		return emailAddress;
+	}
+	
+	public void setEmailAddress(String emailAddress) {
+		this.emailAddress = emailAddress;
+	}
+	
+	public String getIpAddress() {
+		return ipAddress;
+	}
+	
+	public void setIpAddress(String ipAddress) {
+		this.ipAddress = ipAddress;
+	}
+	
+	public Date getCreationDate() {
+		return creationDate;
+	}
+	
+	public void setCreationDate(Date creationDate) {
+		this.creationDate = creationDate;
+	}
+	
+	public String getRegistrationKey() {
+		return registrationKey;
+	}
+	
+	public void setRegistrationKey(String registrationKey) {
+		this.registrationKey = registrationKey;
+	}
+	
+	public String getRegAction() {
+		return regAction;
+	}
+	
+	public void setRegAction(String regAction) {
+		this.regAction = regAction;
+	}
+	
+	public boolean isMailSent() {
+		return mailSent;
+	}
+	
+	public void setMailSent(boolean mailSent) {
+		this.mailSent = mailSent;
+	}
+}
diff --git a/src/main/java/org/olat/restapi/_spring/restApiContext.xml b/src/main/java/org/olat/restapi/_spring/restApiContext.xml
index 25331c03924..e9ba23f1a5b 100644
--- a/src/main/java/org/olat/restapi/_spring/restApiContext.xml
+++ b/src/main/java/org/olat/restapi/_spring/restApiContext.xml
@@ -51,6 +51,7 @@
 				<value>org.olat.catalog.restapi.CatalogWebService</value>
 				<value>org.olat.notifications.restapi.NotificationsWebService</value>
 				<value>org.olat.registration.restapi.RegistrationWebService</value>
+				<value>org.olat.registration.restapi.ChangePasswordWebService</value>
 				<value>org.olat.commons.calendar.restapi.UserCalendarWebService</value>
 				<value>org.olat.restapi.system.LogWebService</value>
 				<value>org.olat.restapi.system.SystemWebService</value>
diff --git a/src/test/java/org/olat/restapi/ChangePasswordTest.java b/src/test/java/org/olat/restapi/ChangePasswordTest.java
new file mode 100644
index 00000000000..2f060535a76
--- /dev/null
+++ b/src/test/java/org/olat/restapi/ChangePasswordTest.java
@@ -0,0 +1,81 @@
+/**
+ * OLAT - Online Learning and Training<br>
+ * http://www.olat.org
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Copyright (c) frentix GmbH<br>
+ * http://www.frentix.com<br>
+ * <p>
+ */
+package org.olat.restapi;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.UUID;
+
+import javax.ws.rs.core.MediaType;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPut;
+import org.junit.Assert;
+import org.junit.Test;
+import org.olat.basesecurity.BaseSecurity;
+import org.olat.core.commons.persistence.DB;
+import org.olat.core.id.Identity;
+import org.olat.core.id.UserConstants;
+import org.olat.registration.RegistrationManager;
+import org.olat.registration.restapi.TemporaryKeyVO;
+import org.olat.test.JunitTestHelper;
+import org.olat.test.OlatJerseyTestCase;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * 
+ * Initial date: 15.10.2013<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class ChangePasswordTest extends OlatJerseyTestCase {
+
+	@Autowired
+	private DB dbInstance;
+	@Autowired
+	private BaseSecurity securityManager;
+	
+	@Test
+	public void testRegistration() throws IOException, URISyntaxException {
+		RestConnection conn = new RestConnection();
+		Assert.assertTrue(conn.login("administrator", "openolat"));
+		
+		Identity id = JunitTestHelper.createAndPersistIdentityAsUser("pwchange-1-" + UUID.randomUUID().toString());
+		dbInstance.commitAndCloseSession();
+
+		URI uri = conn.getContextURI().path("pwchange").queryParam("identityKey", id.getKey()).build();
+		HttpPut put = conn.createPut(uri, MediaType.APPLICATION_JSON, true);
+		HttpResponse response = conn.execute(put);
+		assertEquals(200, response.getStatusLine().getStatusCode());
+		TemporaryKeyVO tk = conn.parse(response, TemporaryKeyVO.class);
+		Assert.assertNotNull(tk);
+		Assert.assertNotNull(tk.getIpAddress());
+		Assert.assertNotNull(tk.getRegistrationKey());
+		Assert.assertEquals(RegistrationManager.PW_CHANGE, tk.getRegAction());
+		Assert.assertEquals(id.getUser().getProperty(UserConstants.EMAIL, null), tk.getEmailAddress());
+		Assert.assertFalse(tk.isMailSent());
+
+		conn.shutdown();
+	}
+}
diff --git a/src/test/java/org/olat/test/AllTestsJunit4.java b/src/test/java/org/olat/test/AllTestsJunit4.java
index 6d99fbf8517..705d1880c96 100644
--- a/src/test/java/org/olat/test/AllTestsJunit4.java
+++ b/src/test/java/org/olat/test/AllTestsJunit4.java
@@ -193,6 +193,7 @@ import org.junit.runners.Suite;
 	org.olat.restapi.UserMgmtTest.class,
 	org.olat.restapi.ContactsTest.class,
 	org.olat.restapi.SystemTest.class,
+	org.olat.restapi.ChangePasswordTest.class,
 	org.olat.restapi.RegistrationTest.class,
 	de.bps.olat.portal.institution.InstitutionPortletTest.class,
 	org.olat.group.manager.BusinessGroupImportExportXStreamTest.class,
-- 
GitLab