diff --git a/datastore/src/main/java/net/jami/datastore/dao/UserDao.java b/datastore/src/main/java/net/jami/datastore/dao/UserDao.java
index 144c74d80cd851eb2e716b464247d2f07856823f..ca2c69cc7478bc3d24f35ead311cf9b0b56972fe 100644
--- a/datastore/src/main/java/net/jami/datastore/dao/UserDao.java
+++ b/datastore/src/main/java/net/jami/datastore/dao/UserDao.java
@@ -88,10 +88,11 @@ public class UserDao extends AbstractDao<User> {
public boolean updateObject(StatementList update, StatementList constraints) {
String pw = update.getStatements().get(0).getValue();
- String user = update.getStatements().get(1).getValue();
- String needsPasswordReset = "";
- if (update.getStatements().size() >= 3 && update.getStatements().get(2) != null)
- needsPasswordReset = update.getStatements().get(2).getValue();
+ String user = constraints.getStatements().get(0).getValue();
+ String pwReset = "false";
+
+ if (update.getStatements().size() > 1)
+ pwReset = update.getStatements().get(1).getValue();
SQLConnection connection = DataStore.connectionPool.getConnection();
@@ -102,10 +103,7 @@ public class UserDao extends AbstractDao<User> {
ps.executeUpdate();
ps = connection.getConnection().prepareStatement("UPDATE users SET needsPasswordReset = ? WHERE username = ?");
- if (!needsPasswordReset.isEmpty())
- ps.setString(1, needsPasswordReset);
- else
- ps.setString(1, "false");
+ ps.setString(1, pwReset);
ps.setString(2, user);
return ps.executeUpdate() != 0;
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
index a8191bf5410ca4ad2bfc79c5756752c8888216da..74db4619971953668c256f21f00d8650059efde4 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -61,6 +61,21 @@ public class UserServlet extends HttpServlet {
user.setRevoked(certificateAuthority.getLatestCRL().get().getRevokedCertificate(user.getCertificate().getSerialNumber()) != null);
}
else user.setRevoked(false);
+
+ if (!user.getNeedsPasswordReset() && req.getParameter("needPW") != null) {
+ String password = PasswordGenerator.generatePassword();
+ StatementList update = new StatementList();
+ StatementElement st0 = new StatementElement("password","=",password,"");
+ update.addStatement(st0);
+ StatementList constraint = new StatementList();
+ StatementElement st = new StatementElement("username","=",req.getParameter("username"),"");
+ constraint.addStatement(st);
+ StatementElement st2 = new StatementElement("needsPasswordReset","=","true","");
+ update.addStatement(st2);
+ // refresh variable
+ dataStore.getUserDao().updateObject(update,constraint);
+ user = dataStore.getUserDao().getObjects(statementList).get(0);
+ }
resp.getOutputStream().write(JsonStream.serialize(user).getBytes());
}
@@ -99,7 +114,7 @@ public class UserServlet extends HttpServlet {
update.addStatement(st0);
StatementList constraint = new StatementList();
StatementElement st1 = new StatementElement("username","=",username,"");
- update.addStatement(st1);
+ constraint.addStatement(st1);
if(dataStore.getUserDao().updateObject(update,constraint)) resp.setStatus(200);
else resp.sendError(500,"could not update the users's data field!");
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
index dad2985e5e229abc9850ee81442655c056cea310..dfc1a9fcde91000b5bea1677aa4a9875de58e8d9 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
@@ -97,7 +97,7 @@ public class UserServlet extends HttpServlet {
*/
@Override
@ScopedServletMethod(securityGroups = AccessLevel.USER)
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String username = req.getAttribute("username").toString();
//Check if he is AD/LDAP - then return a 403, because we can't set such password.
StatementList select = new StatementList();
diff --git a/jams-server/src/main/resources/webapp/js/api.js b/jams-server/src/main/resources/webapp/js/api.js
index b1adf1cee1411510b2bdf17724887aeeb70175de..76d0e802317ffb7e5f39ded1ba7fc8280eac9d0f 100644
--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -73,7 +73,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
},
error: function (data, statusCode, jqXHR) {
callBackFunction(data, statusCode, jqXHR);
- if(data.status == 401){
+ if(data.status == 401 && !url.includes("api/login")){
window.localStorage.removeItem('access_token');
window.location.replace(url_path + ":" + url_port+"/templates/signup.html");
}
diff --git a/jams-server/src/main/resources/webapp/js/auth.js b/jams-server/src/main/resources/webapp/js/auth.js
index 8e916e75b3823dd32b1e1d738e00f365df78b8a2..8fe5c73f9afd7e2eb2e42d96206868402ed1a081 100644
--- a/jams-server/src/main/resources/webapp/js/auth.js
+++ b/jams-server/src/main/resources/webapp/js/auth.js
@@ -92,7 +92,7 @@ function serverConfigStatus(data) {
if (getAdminStatus() && (!current_uri.includes('search.html')) && (!current_uri.includes('user.html')) && (!current_uri.includes('config.html'))) {
window.location.replace("search.html");
}
- else if (!getAdminStatus() && getUser() && (!current_uri.includes('user.html'))) {
+ else if (!getAdminStatus() && getUser() && JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1])).oneTimePassword == false && (!current_uri.includes('user.html'))) {
window.location.replace("user.html?username=" + getUser());
}
else if (!getAdminStatus() && !getUser() && (!current_uri.includes('signup.html'))) {
diff --git a/jams-server/src/main/resources/webapp/js/new-password.js b/jams-server/src/main/resources/webapp/js/new-password.js
index 7fcc63ba73c3dfaded0dc1d505b45468cf4020d6..e77fb7ba415e2b7a78255f0d54a6499ffd8b9cff 100644
--- a/jams-server/src/main/resources/webapp/js/new-password.js
+++ b/jams-server/src/main/resources/webapp/js/new-password.js
@@ -60,6 +60,8 @@ document.getElementById("changePasswordButton").addEventListener('click', functi
function updateLocalAccountPasswordCallBackHandler(data) {
// now we can login normally
- if (data.status != 500)
+ if (data.status != 500) {
+ window.localStorage.removeItem('access_token');
ajaxApiCall(api_path_post_auth_login, "POST", jsonData, null, signinCallBackHandler);
+ }
}
\ No newline at end of file
diff --git a/jams-server/src/main/resources/webapp/js/signup.js b/jams-server/src/main/resources/webapp/js/signup.js
index e73320ddf19ff1a38ba6c9c9edf5295e61519183..90c06c4a75549f565285ee6487cdc1889ede9b89 100644
--- a/jams-server/src/main/resources/webapp/js/signup.js
+++ b/jams-server/src/main/resources/webapp/js/signup.js
@@ -93,20 +93,16 @@ function createAdminCallBackHandler(data, statusCode, jqXHR) {
function signinCallBackHandler(data, statusCode, jqXHR) {
- var tokenJSON = '';
- if (data.access_token) {
+ if (data.status == 401 || data.status == 405)
+ invalidLogin();
+ else if (data.access_token && jqXHR.status == 200) {
setJWT(data);
- tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
- }
-
- if (jqXHR.status == 200 && tokenJSON != '' && tokenJSON.oneTimePassword == false) {
+ var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
- // check server configuration status
- getServerConfigStatus();
- } else if (jqXHR.status == 200 && tokenJSON != '' && tokenJSON.oneTimePassword == true) {
- window.location.replace("new-password.html?username=" + getUser());
- }
- else {
- invalidLogin();
- }
+ if (tokenJSON.oneTimePassword == false)
+ getServerConfigStatus();
+ else {
+ window.location.replace("new-password.html?username=" + getUser());
+ }
+ }
}
diff --git a/jams-server/src/main/resources/webapp/js/user.js b/jams-server/src/main/resources/webapp/js/user.js
index d9ed7fc1293ef4f1444aa2e7c7bf9e62ff2b8d72..b870f349f52b0e6cd2539eb199d4edd7144d5377 100644
--- a/jams-server/src/main/resources/webapp/js/user.js
+++ b/jams-server/src/main/resources/webapp/js/user.js
@@ -122,11 +122,9 @@ $(document).ready(function() {
ajaxApiCall(api_path_delete_admin_user_revoke + "?username=" + encodeURIComponent(userData["username"]), 'DELETE', null, null, revokeUser);
});
- $( '.user-information' ).on( 'click', '.reset-password', function (e) {
+ $( '.user-information' ).on( 'click', '.reset-password', function () {
if (getAdminStatus())
- ajaxApiCall(api_path_get_admin_user, 'GET', userData, null, handleNewOTP);
- else
- ajaxApiCall(api_path_get_auth_user, 'GET', null, null, handleNewOTP);
+ ajaxApiCall(api_path_get_admin_user, 'GET', {"username":username, "needPW": "needPW"}, null, handleNewOTP);
});
// change device name
@@ -505,17 +503,17 @@ function isLocalDB(data, statusCode, jqXHR){
}
function handleNewOTP(data) {
-
if (data.status == 200) {
-
- if (data.getResponseHeader('needspasswordreset') == "false") {
+ var resultSet = JSON.parse(data.responseText.replace(/\s+/g, ' ').trim());
+ if (resultSet.needsPasswordReset == true) {
$('#otpModalCenter').modal('show');
- $('#user-pw-modal-body').text("User password reset. Here is the new one time password: " + data.getResponseHeader('password'));
- } else if (data.getResponseHeader('needspasswordreset') == "true") {
+ $('#user-pw-modal-body').text("User password reset. Here is the new one time password: " + resultSet.password);
+ } else {
// show modal
$('#otpModalCenter').modal('show');
- $('#user-pw-modal-body').text("User has not changed his temporary password. Current password: " + data.getResponseHeader('password'));
+ $('#user-pw-modal-body').text("User has not changed his temporary password. Current password: " + resultSet.password);
}
+
}
}