From f9622ec272a1caa074056f370b8437541da52dbf Mon Sep 17 00:00:00 2001
From: kmitresse <kmitresse@etud.univ-pau.fr>
Date: Sat, 23 Mar 2024 09:49:21 +0100
Subject: [PATCH] feet: dev-web - update reset password and token generation

---
 .../project/pojo/RecoveryPasswordToken.java   |  1 +
 .../servlet/ForgottenPasswordServlet.java     | 19 +++++++-------
 .../project/servlet/ResetPasswordServlet.java | 16 +++++++-----
 .../WEB-INF/static/js/forgotten-password.js   | 14 +++++++++++
 .../WEB-INF/static/js/reset-password.js       |  3 +--
 .../WEB-INF/views/forgotten-password.jsp      |  3 ++-
 .../webapp/WEB-INF/views/reset-password.jsp   | 25 ++-----------------
 7 files changed, 40 insertions(+), 41 deletions(-)

diff --git a/S2/DevWeb/Projet/src/main/java/uppa/project/pojo/RecoveryPasswordToken.java b/S2/DevWeb/Projet/src/main/java/uppa/project/pojo/RecoveryPasswordToken.java
index d20408a..5c71fc4 100644
--- a/S2/DevWeb/Projet/src/main/java/uppa/project/pojo/RecoveryPasswordToken.java
+++ b/S2/DevWeb/Projet/src/main/java/uppa/project/pojo/RecoveryPasswordToken.java
@@ -50,6 +50,7 @@ public class RecoveryPasswordToken {
   public RecoveryPasswordToken(String token, User user) {
     this.token = token;
     this.user = user;
+    this.expiresAt = new Date(new Date().getTime() + 600000);
   }
 
   /**
diff --git a/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ForgottenPasswordServlet.java b/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ForgottenPasswordServlet.java
index 22ab5b4..6cf18c4 100644
--- a/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ForgottenPasswordServlet.java
+++ b/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ForgottenPasswordServlet.java
@@ -23,6 +23,9 @@ import uppa.project.pojo.User;
 import java.util.Properties;
 import javax.mail.*;
 import javax.mail.internet.*;
+import uppa.project.provider.DotenvProvider;
+import io.github.cdimascio.dotenv.Dotenv;
+
 
 @WebServlet(name = "forgottenPasswordServlet", value = "/forgotten-password")
 public class ForgottenPasswordServlet extends HttpServlet {
@@ -64,14 +67,11 @@ public class ForgottenPasswordServlet extends HttpServlet {
    * @param token
    */
   public void sendRecoveryEmail(String email, String token) {
-
-      String host = "smtp.gmail.com";
-    String port = "587";
-      //TODO: Set up environment variables
-//      String username = System.getenv("MAIL_USERNAME");
-//      String password = System.getenv("MAIL_PASSWORD");
-      String username = "kmitresse@gmail.com";
-      String password = "xwos ujwf cesq ocyt";
+      Dotenv dotEnv = DotenvProvider.getInstance();
+      String host = dotEnv.get("MAIL_HOST");
+      String port = dotEnv.get("MAIL_PORT");
+      String username = dotEnv.get("MAIL_USERNAME");
+      String password = dotEnv.get("MAIL_PASSWORD");
 
       Properties props = new Properties();
       props.put("mail.smtp.auth", "true");
@@ -87,6 +87,7 @@ public class ForgottenPasswordServlet extends HttpServlet {
       });
 
       try {
+        String tomcatHost = dotEnv.get("TOMCAT_HOST");
         // Création du message
         Message message = new MimeMessage(session);
         message.setFrom(new InternetAddress(username));
@@ -94,7 +95,7 @@ public class ForgottenPasswordServlet extends HttpServlet {
         message.setSubject("Réinitialisation de votre mot de passe");
         message.setText("Bonjour,\n\n" +
           "Vous avez demandé la réinitialisation de votre mot de passe.\n" +
-          "Pour cela, veuillez cliquer sur le lien suivant : http://localhost:8088/project_war_exploded/reset-password?token=" + token + "\n\n" +
+          "Pour cela, veuillez cliquer sur le lien suivant : http://localhost:"+tomcatHost+"/project_war_exploded/reset-password?token=" + token + "\n\n" +
           "Cordialement,\n" +
           "L'équipe CardRush");
         // Envoi du message
diff --git a/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ResetPasswordServlet.java b/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ResetPasswordServlet.java
index d1f25aa..a55d917 100644
--- a/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ResetPasswordServlet.java
+++ b/S2/DevWeb/Projet/src/main/java/uppa/project/servlet/ResetPasswordServlet.java
@@ -19,9 +19,13 @@ public class ResetPasswordServlet extends HttpServlet {
 
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
 
-    RecoveryPasswordToken recoveryPasswordToken = findRecoveryToken(request.getParameter("token"));
-    if (recoveryPasswordToken == null) {
-      response.sendRedirect(request.getContextPath() + "/error?code=404");
+    RecoveryPasswordToken token = findRecoveryToken(request.getParameter("token"));
+    if (token == null) {
+      response.sendRedirect(request.getContextPath() + "/forgotten-password?error=invalid-token");
+      return;
+    }
+    if (token.getExpirationDate().compareTo(new java.util.Date()) > 0){
+      response.sendRedirect(request.getContextPath() + "/forgotten-password?error=expired-token");
       return;
     }
     request.getRequestDispatcher("/WEB-INF/views/reset-password.jsp").forward(request, response);
@@ -44,7 +48,7 @@ public class ResetPasswordServlet extends HttpServlet {
       System.out.println(!newPassword.equals(confirmPassword));
       if (!newPassword.equals(confirmPassword)) {
         System.out.println("ici");
-        response.sendRedirect(request.getContextPath() + "/reset-password?error=1&token=" + recoveryPasswordToken.getToken());
+        response.sendRedirect(request.getContextPath() + "/reset-password?error=matching-password&token=" + recoveryPasswordToken.getToken());
         return;
       }
       user.setPassword(newPassword);
@@ -52,9 +56,9 @@ public class ResetPasswordServlet extends HttpServlet {
       try {
         daoJpaUser = new DAO_JPA_User();
         daoJpaUser.update(user);
-        response.sendRedirect(request.getContextPath() + "/login?success=password-modified");
+        response.sendRedirect(request.getContextPath() + "/login?success=password-reseted");
       } catch (DAOException e) {
-        response.sendRedirect(request.getContextPath() + "/reset-password?error=2");
+        response.sendRedirect(request.getContextPath() + "/reset-password?error=1");
       }
     }
 
diff --git a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/forgotten-password.js b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/forgotten-password.js
index e9bac97..6de8211 100644
--- a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/forgotten-password.js
+++ b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/forgotten-password.js
@@ -24,3 +24,17 @@ forgottenPasswordForm.addEventListener("submit", (event) => {
 
 });
 
+window.onload = function (){
+    const urlParams = new URLSearchParams(window.location.search);
+    let error = null;
+    if (urlParams.has('error')) {
+        error = urlParams.get('error');
+    }
+    console.log(error);
+    if (error != null && error === "expired-token") {
+        window.alert("Lien expiré, veuillez recommencer la procédure de récupération de mot de passe.");
+    }
+    if (error != null && error === "invalid-token") {
+        window.alert("Lien invalide, veuillez recommencer la procédure de récupération de mot de passe.");
+    }
+}
diff --git a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/reset-password.js b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/reset-password.js
index f2434c2..ef2e081 100644
--- a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/reset-password.js
+++ b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/static/js/reset-password.js
@@ -27,7 +27,6 @@ ResetPasswordForm.addEventListener("submit", function (event) {
     }).catch(error => {
         console.error("Error:", error);
     });
-
-
 });
 
+
diff --git a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/forgotten-password.jsp b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/forgotten-password.jsp
index 7187490..5bd49e3 100644
--- a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/forgotten-password.jsp
+++ b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/forgotten-password.jsp
@@ -19,11 +19,12 @@
             <input type="email" id="email" name="email" required>
             <button type="submit">Send</button>
         </form>
-        <%if(request.getParameter("error") != null){%>
+        <%if(request.getParameter("error") != null && request.getParameter("error").equals("1")){%>
         <p>L'adresse mail insérée est incorrecte</p>
         <%} else if (request.getParameter("success") != null) {%>
         <p>Un email vous a été envoyé</p>
         <%}%>
     </main>
 </body>
+<script><%@include file="../static/js/forgotten-password.js"%></script>
 </html>
diff --git a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/reset-password.jsp b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/reset-password.jsp
index b070d20..f495c3f 100644
--- a/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/reset-password.jsp
+++ b/S2/DevWeb/Projet/src/main/webapp/WEB-INF/views/reset-password.jsp
@@ -11,28 +11,10 @@
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <html>
 <head>
-    <title>Recovery password</title>
+    <title>Récupération du mot de passe</title>
 </head>
 <body>
     <main>
-        <%
-            DAO_JPA_RecoveryPasswordToken dao = null;
-            RecoveryPasswordToken[] token;
-            try {
-                dao = new DAO_JPA_RecoveryPasswordToken();
-                token = dao.findByField("token",request.getParameter("token"));
-            } catch (DAOException e) {
-                throw new RuntimeException(e);
-            }
-            if (token.length == 0 || token[0] == null || token[0].getExpirationDate()== null) {%>
-        <p> Lien invalide </p>
-        <%
-            } else if (token[0].getExpirationDate().compareTo(new java.util.Date()) >0){
-        %>
-        <p> Lien expiré </p>
-        <%
-            } else {
-        %>
         <jsp:include page="../components/navbar.jsp"/>
         <h1>Récupération du mot de passe</h1>
         <form id="resetPasswordForm" action="reset-password" method="post">
@@ -40,15 +22,12 @@
             <input type="password" id="newPassword" name="newPassword" required>
             <label for="confirmPassword">Confirmer le mot de passe</label>
             <input type="password" id="confirmPassword" name="confirmPassword" required>
-            <% if (request.getParameter("error") != null && request.getParameter("error").equals("1")) {%>
+            <% if (request.getParameter("error") != null && request.getParameter("error").equals("matching-password")) {%>
             <p>Les mots de passe ne correspondent pas</p>
             <% } %>
             <input type="hidden" name="token" value="${param.token}">
             <input type="submit" value="Valider">
         </form>
-        <%
-            }
-        %>
     </main>
 </body>
 </html>