SAK-42333

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages.properties

@@ -1,7 +1,4 @@
-wrongtype=You cannot use this service to reset your password
-nosuchuser=If an account using this email address exists, a password change confirmation email will be sent to the address.
 noemailprovided=You must provide your email address
-morethanone=If an account using this email address exists, a password change confirmation email will be sent to the address.
 
 mainTitle= Reset your password
 mainText= This password service is only available for guest users on {0}.
@@ -10,10 +7,9 @@ postForm= Send Password
 postForm2=Request Password Change
 explanation=Upon submission, an email will be sent to you containing a link where you can securely set your password. You will have {0} before this link expires.
 
-
 confirm= Your new password has been sent to {0}
-confirm.validate = If an account using this email address exists, a password change confirmation email will be sent to the address.
-supportMessage = For any further assistance, contact 
+confirm.validate = {0} has attempted to send a password change email to {1}.
+supportMessage = If you do not receive the email or you need further assistance, please contact
 
 mailSubject = New Password for {0} 
 mailBodyPre = Dear {0}

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_ca.properties

@@ -1,7 +1,4 @@
-wrongtype=No podeu usar aquest servei per canviar la clau
-nosuchuser=No s'ha trobat l'adre\u00e7a de correu electr\u00f2nic
 noemailprovided=Cal que proporcioneu una adre\u00e7a de correu electr\u00f2nic
-morethanone=Hi ha m\u00e9s d'un usuari amb aquesta adre\u00e7a de correu electr\u00f2nic
 
 mainTitle=Canvia la clau
 mainText=Aquest servei de canvi de clau nom\u00e9s est\u00e0 disponible per a usuaris convidats a {0}.

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_es.properties

@@ -1,7 +1,4 @@
-wrongtype=No puede utilizar este servicio para restablecer su contrase\u00f1a
-nosuchuser=La direcci\u00f3n de correo electr\u00f3nico no se ha encontrado
 noemailprovided=Debe indicar una direcci\u00f3n de correo electr\u00f3nico
-morethanone=Hay m\u00e1s de un usuario con esa direcci\u00f3n de correo electr\u00f3nico
 
 mainTitle=Restablecer su contrase\u00f1a
 mainText=Este servicio de contrase\u00f1as solo est\u00e1 disponible para usuario invitados a {0}.

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_eu.properties

@@ -1,7 +1,4 @@
-wrongtype=Ezin duzu erabili zerbitzu hau zure pasahitza berrezartzeko
-nosuchuser=Ez da aurkitu helbide elektroniko hori 
 noemailprovided=You must provide your email address
-morethanone=Erabiltzaile batek baino gehiagok dauka e-mail helbide hori
 
 mainTitle=Berrezarri zure pasahitza 
 mainText=Pasahitz zerbitzu hau gonbidatuentzat bakarrik dago erabilgarri hemen\: {0}.

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_fr_FR.properties

@@ -1,7 +1,4 @@
 #X-Generator: crowdin.net
-wrongtype=Vous ne pouvez pas utiliser ce service pour r\u00e9initialiser votre mot de passe. La r\u00e9initialisation de votre mot de passe annuaire est g\u00e9r\u00e9e au niveau de l'annuaire. Pour les \u00e9tudiants, consultez https\://enligne.upmc.fr/Aide/mot_de_passe_aide.htm. Pour les personnels, contactez [email protected].
-nosuchuser=Cette adresse \u00e9lectronique ne correspond \u00e0 aucun compte
-morethanone=Plusieurs comptes poss\u00e8dent la m\u00eame adresse \u00e9lectronique
 
 mainTitle=R\u00e9initialiser votre mot de passe
 mainText=Ce service de r\u00e9initialisation de mot de passe est uniquement disponible pour les utilisateurs inscrits par courrier \u00e9lectronique sur {0}. La r\u00e9initialisation des mots de passe annuaire est g\u00e9r\u00e9e au niveau de l'annuaire. Pour les \u00e9tudiants, consultez https\://enligne.upmc.fr/Aide/mot_de_passe_aide.htm. Pour les personnels, contactez [email protected].

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_hi_IN.properties

@@ -1,7 +1,4 @@
 #X-Generator: crowdin.net
-wrongtype=\u0906\u092a \u0905\u092a\u0928\u0947 \u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0915\u094b \u0930\u0940\u0938\u0947\u091f \u0915\u0930\u0928\u0947 \u0915\u0947 \u0932\u093f\u090f \u0907\u0938 \u0938\u0947\u0935\u093e \u0915\u093e \u0909\u092a\u092f\u094b\u0917 \u0928\u0939\u0940\u0902 \u0915\u0930 \u0938\u0915\u0924\u0947
-nosuchuser=\u0908\u092e\u0947\u0932 \u092a\u0924\u093e \u0928\u0939\u0940\u0902 \u092e\u093f\u0932\u093e
-morethanone=\u0909\u0938 \u0908\u092e\u0947\u0932 \u092a\u0924\u0947 \u0915\u0947 \u090f\u0915 \u0938\u0947 \u0905\u0927\u093f\u0915 \u0909\u092a\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e \u0939\u0948
 
 mainTitle=\u0905\u092a\u0928\u093e \u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0930\u0940\u0938\u0947\u091f \u0915\u0930\u0947\u0902
 mainText=\u092f\u0939 \u092a\u093e\u0938\u0935\u0930\u094d\u0921 \u0938\u0947\u0935\u093e \u0915\u0947\u0935\u0932 {0} \u092a\u0930 \u0905\u0924\u093f\u0925\u093f \u0909\u092a\u092f\u094b\u0917\u0915\u0930\u094d\u0924\u093e\u0913\u0902 \u0915\u0947 \u0932\u093f\u090f \u0909\u092a\u0932\u092c\u094d\u0927 \u0939\u0948\u0964

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_ja.properties

@@ -1,7 +1,4 @@
-wrongtype=\u3053\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8\u3059\u308b\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093
-nosuchuser=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u304c\u898b\u3064\u304b\u308a\u307e\u305b\u3093
 noemailprovided=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3057\u3066\u4e0b\u3055\u3044
-morethanone=\u305d\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306f\u8907\u6570\u30e6\u30fc\u30b6\u3067\u4f7f\u308f\u308c\u3066\u3044\u307e\u3059
 mainTitle=\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30ea\u30bb\u30c3\u30c8
 mainText=\u3053\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u306e\u306f {0}\u306e\u30b2\u30b9\u30c8\u30e6\u30fc\u30b6\u3060\u3051\u3067\u3059\uff0e
 formLabel=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_mn.properties

@@ -3,9 +3,6 @@
 # email: [email protected] #
 ###################################
 
-wrongtype= \u0422\u0430 \u043D\u0443\u0443\u0446 \u04AF\u0433\u044D\u044D \u0434\u0430\u0445\u0438\u043D \u0442\u043E\u0445\u0438\u0440\u0443\u0443\u043B\u0430\u0445\u0430\u0434 \u044D\u043D\u044D \u04AF\u0439\u043B\u0447\u0438\u043B\u0433\u044D\u044D\u0433 \u0430\u0448\u0438\u0433\u043B\u0430\u0445 \u0431\u043E\u043B\u043E\u043C\u0436\u0433\u04AF\u0439 \u0431\u0430\u0439\u043D\u0430.  
-nosuchuser=\u0418\u043C\u044D\u0439\u043B \u0445\u0430\u044F\u0433 \u043E\u043B\u0434\u0441\u043E\u043D\u0433\u04AF\u0439
-morethanone=\u041D\u044D\u0433\u044D\u044D\u0441 \u0438\u043B\u04AF\u04AF \u0445\u044D\u0440\u044D\u0433\u043B\u044D\u0433\u0447 \u044D\u043D\u044D \u0438\u043C\u044D\u0439\u043B \u0445\u0430\u044F\u0433\u0442\u0430\u0439 \u0431\u0430\u0439\u043D\u0430 
 
 mainTitle= \u041D\u0443\u0443\u0446 \u04AF\u0433\u044D\u044D \u0434\u0430\u0445\u0438\u043D \u0442\u043E\u0445\u0438\u0440\u0443\u0443\u043B\u0430\u0445
 mainText= \u042D\u043D\u044D \u043D\u0443\u0443\u0446 \u04AF\u0433\u0438\u0439\u043D \u04AF\u0439\u043B\u0447\u0438\u043B\u0433\u044D\u044D \u043D\u044C \u0437\u04E9\u0432\u0445\u04E9\u043D {0}-\u0442 \u0431\u0430\u0439\u0433\u0430\u0430 \u0437\u043E\u0447\u0438\u043D \u0445\u044D\u0440\u044D\u0433\u043B\u044D\u0433\u0447\u0434\u044D\u0434 \u0431\u043E\u043B\u043E\u043C\u0436\u0442\u043E\u0439.

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_pt_BR.properties

@@ -4,10 +4,7 @@
 # TIDIA-Ae Project Fapesp, Sao Paulo, Brazil
 #-------------------------------------------------------------------------------
 
-wrongtype=Voc\u00ea n\u00e3o pode usar este servi\u00e7o para redefinir a sua senha
-nosuchuser=Endere\u00e7o de e-mail n\u00e3o encontrado
 noemailprovided=Voc\u00ea deve fornecer seu endere\u00e7o de e-mail
-morethanone=Mais de um usu\u00e1rio possui este endere\u00e7o de e-mail
 
 mainTitle= Resetar a sua senha
 #mainText= Este servi\u00e7o de senha est\u00e1 dispon\u00edvel somente para usu\u00e1rios convidados em {0}.

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_tr_TR.properties

@@ -1,7 +1,4 @@
-wrongtype=\u015eifrenizi s\u0131f\u0131rlamak i\u00e7in bu hizmeti kullanamazs\u0131n\u0131z
-nosuchuser=E-posta adresi bulunamad\u0131
 noemailprovided=E-posta adresinizi vermeniz gerekir
-morethanone=Birden fazla kullan\u0131c\u0131 bu e-posta adresine sahip
 mainTitle=\u015eifrenizi s\u0131f\u0131rlay\u0131n
 mainText=Bu \u015fifre hizmeti yaln\u0131zca {0} misafir kullan\u0131c\u0131lar\u0131 i\u00e7in ge\u00e7erli.
 formLabel=E-posta adresiniz

reset-pass/reset-pass/src/bundle/org/sakaiproject/tool/resetpass/bundle/Messages_zh_CN.properties

@@ -1,7 +1,4 @@
-wrongtype=\u60A8\u4E0D\u80FD\u4F7F\u7528\u91CD\u7F6E\u5BC6\u7801\u6B64\u670D\u52A1
-nosuchuser=Email\u5730\u5740\u5173\u8054\u7684\u7528\u6237\u4E0D\u5B58\u5728
 noemailprovided=\u60A8\u5FC5\u987B\u63D0\u4F9Bemail\u5730\u5740
-morethanone=\u6709\u5176\u4ED6\u7528\u6237\u4F7F\u7528\u4E86\u6B64email\u5730\u5740
 
 mainTitle= \u91CD\u7F6E\u60A8\u7684\u5BC6\u7801
 mainText= \u6B64\u5BC6\u7801\u670D\u52A1\u4EC5\u4F9B {0} \u7684\u8BBF\u5BA2\u7528\u6237\u4F7F\u7528\u3002

reset-pass/reset-pass/src/java/org/sakaiproject/tool/resetpass/ConfirmProducer.java

@@ -15,7 +15,7 @@
  */
 package org.sakaiproject.tool.resetpass;
 
-
+import org.apache.commons.lang3.StringUtils;
 import org.sakaiproject.component.api.ServerConfigurationService;
 import org.sakaiproject.tool.api.Placement;
 import org.sakaiproject.tool.api.ToolManager;
@@ -30,11 +30,12 @@
 
 public class ConfirmProducer implements ViewComponentProducer {
 	public static final String VIEW_ID = "confirm";
+
 	private ToolManager toolManager;
 	public void setToolManager(ToolManager toolManager) {
 		this.toolManager = toolManager;
 	}
-	
+
 	public String getViewID() {
 		return VIEW_ID;
 	}
@@ -43,32 +44,31 @@ public String getViewID() {
 	public void setServerConfigurationService(ServerConfigurationService s) {
 		this.serverConfigurationService = s;
 	}
-	
+
 	private RetUser userBean;
 	public void setUserBean(RetUser u){
 		this.userBean = u;
 	}
-
-	public void fillComponents(UIContainer tofill, ViewParameters arg1,
-			ComponentChecker arg2) {
-
-		String[] parms = new String[] {userBean.getEmail()};
+
+	public void fillComponents(UIContainer tofill, ViewParameters arg1, ComponentChecker arg2) {
+
 		boolean validatingAccounts = serverConfigurationService.getBoolean("siteManage.validateNewUsers", true);
 
 		if (!validatingAccounts) {
-			UIMessage.make(tofill,"message","confirm",parms);
+			UIMessage.make(tofill,"message", "confirm", new String[] {userBean.getEmail()});
 		} else {
-			UIMessage.make(tofill,"message","confirm.validate");
+			UIMessage.make(tofill,"message", "confirm.validate", new String[] {serverConfigurationService.getString("ui.service", "Sakai"), userBean.getEmail()});
 		}
+
 		// Get the instructions from the tool placement.
 		Placement placement = toolManager.getCurrentPlacement();
 		String supportInstructions = placement == null ? "" :  placement.getConfig().getProperty("supportInstructions");
-		if(supportInstructions != null && !"".equals(supportInstructions)){
+		if(StringUtils.isNotBlank(supportInstructions)){
 			UIVerbatim.make(tofill, "supportMessage", supportInstructions);
 		}else if (serverConfigurationService.getString("mail.support", null) != null) {
+			String supportEmail = serverConfigurationService.getString("mail.support", "");
 			UIMessage.make(tofill, "supportMessage", "supportMessage");
-			UILink.make(tofill, "supportEmail",serverConfigurationService.getString("mail.support", ""),"mailto:" + serverConfigurationService.getString("mail.support", ""));
+			UILink.make(tofill, "supportEmail", supportEmail, "mailto:" + supportEmail);
 		}
 	}
-
 }

reset-pass/reset-pass/src/java/org/sakaiproject/tool/resetpass/FormHandler.java

@@ -88,6 +88,13 @@ public String processAction() {
 			return resetPassClassic();
 		}
 
+		// If the user is null at this point, it means we hit one of the error cases (wrong type, super user, invalid email, multiple accounts tied to email)
+		// We return 'success' here so that we're transferred to the confirmation page, so that no information is leaked about if the account exists or not.
+		if (userBean.getUser() == null ) {
+			// Don't send any email, just transfer to the confirmation page
+			return "Success";
+		}
+
 		//otherwise lets we need some info on the user.
 		//is the user validated?
 		String userId = userBean.getUser().getId().trim();
@@ -107,8 +114,6 @@ public String processAction() {
 				log.debug("resending validation");
 				validationLogic.resendValidation(va.getValidationToken());
 			}
-
-
 			return "Success";
 		} else {
 			//there may be a pending VA that needs to be verified

reset-pass/reset-pass/src/java/org/sakaiproject/tool/resetpass/UserValidator.java

@@ -21,50 +21,38 @@
 import java.util.List;
 
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 
 import org.sakaiproject.component.api.ServerConfigurationService;
 import org.sakaiproject.user.api.User;
 import org.sakaiproject.user.api.UserDirectoryService;
 import org.sakaiproject.authz.api.SecurityService;
-import org.sakaiproject.tool.api.Placement;
-import org.sakaiproject.tool.api.ToolManager;
 
 @Slf4j
 public class UserValidator implements Validator {
 
-	// prefix for error messages - indicates they are to be pulled from tool configuration rather than a resource bundle
-	private final String TOOL_CONFIG_PREFIX = "toolconfig_";
-
+	public String userEmail;
+
 	public boolean supports(Class clazz) {
 		return clazz.equals(User.class);
 	}
 
-	public String userEmail;
-
-
 	private ServerConfigurationService serverConfigurationService;
 	public void setServerConfigurationService(ServerConfigurationService s) {
 		this.serverConfigurationService = s;
 	}
-	
+
 	private UserDirectoryService userDirectoryService;
 	public void setUserDirectoryService(UserDirectoryService ds){
 		this.userDirectoryService = ds;
 	}
-	
+
 	private SecurityService securityService;
 	public void setSecurityService(SecurityService ss){
 		this.securityService = ss;
 	}
 
-	private ToolManager toolManager;
-	public void setToolManager(ToolManager tm) {
-		this.toolManager = tm;
-	}
-
 	public void validate(Object obj, Errors errors) {
 		RetUser retUser = (RetUser)obj;
 		log.debug("validating user " + retUser.getEmail());
@@ -78,22 +66,27 @@ public void validate(Object obj, Errors errors) {
 
 		Collection<User> c = this.userDirectoryService.findUsersByEmail(retUser.getEmail().trim());
 		if (c.size()>1) {
+			// Email is tied to more than one user, null out the user and transfer to next page
 			log.warn("more than one account with email: {}", retUser.getEmail());
-			errors.reject("morethanone","more than one email");
+			retUser.setUser(null);
 			return;
 		} else if (c.size()==0) {
+			// User doesn't exist, null out the user and transfer to next page
 			log.debug("no such email: {}", retUser.getEmail());
-			errors.reject("nosuchuser","no such user");
+			retUser.setUser(null);
 			return;
 		}
+
 		Iterator<User> i = c.iterator();
 		User user = (User)i.next();
 		log.debug("got user " + user.getId() + " of type " + user.getType());
 		if (securityService.isSuperUser(user.getId())) {
+			// Email belongs to super user, null out the user and transfer to next page
 			log.warn("tryng to change superuser password");
-			rejectWrongType(errors);
+			retUser.setUser(null);
 			return;
 		}
+
 		boolean allroles = serverConfigurationService.getBoolean("resetPass.resetAllRoles",false);
 		if (!allroles){
 			// SAK-24379 - deprecate the resetRoles property
@@ -107,36 +100,18 @@ public void validate(Object obj, Errors errors) {
 					roles = rolesOld;
 				}
 			}
-		    if (roles == null ){
-		        roles = new String[]{"guest"};
-		    }
-		    List<String> rolesL = Arrays.asList(roles);
-		    if (!rolesL.contains(user.getType())) {
-		        log.warn("this is a type don't change");
-		        rejectWrongType(errors);
-		        return;
-		    }
+			if (roles == null ){
+				roles = new String[]{"guest"};
+			}
+			List<String> rolesL = Arrays.asList(roles);
+			if (!rolesL.contains(user.getType())) {
+				// Email belongs to a user who's type is not allowed to use this tool, null out the user and transfer to the next page
+				log.warn("this is a user type which isn't allowed to reset password via tool");
+				retUser.setUser(null);
+				return;
+			}
 		}
-		retUser.setUser(user);
-	}
 
-	/**
-	 * Explains that the user's type is incorrect.
-	 * Looks for a custom message in the tool properties first,
-	 * if there is no custom message, it goes to the message bundle
-	 */
-	private void rejectWrongType(Errors errors)
-	{
-		Placement placement = toolManager.getCurrentPlacement();
-		String toolPropWrongType = placement.getConfig().getProperty("wrongtype");
-		if (StringUtils.isBlank(toolPropWrongType))
-		{
-			errors.reject("wrongtype", "wrong type");
-		}
-		else
-		{
-			errors.reject(TOOL_CONFIG_PREFIX + "wrongtype", toolPropWrongType);
-		}
+		retUser.setUser(user);
 	}
-
 }

reset-pass/reset-pass/src/webapp/WEB-INF/applicationContext.xml

@@ -3,42 +3,36 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<!--  Spring messageSource replaces JSF message-bundle from faces-config.xml -->
-	<bean id="messageSource"
-		class="org.sakaiproject.util.ResourceLoaderMessageSource"
-		depends-on="TLABPostProcessorLoader">
-    <property name="basename"
-			value="classpath:org/sakaiproject/tool/resetpass/bundle/Messages" />
-    <property name="cacheSeconds" value="10" />
+    <!--  Spring messageSource replaces JSF message-bundle from faces-config.xml -->
+    <bean id="messageSource"
+        class="org.sakaiproject.util.ResourceLoaderMessageSource"
+        depends-on="TLABPostProcessorLoader">
+        <property name="basename" value="classpath:org/sakaiproject/tool/resetpass/bundle/Messages" />
+        <property name="cacheSeconds" value="10" />
   </bean>
 
      <bean id="userGuard" parent="writeGuardParent">
-     <property name="guardedPath" value="userBean"/>
-     <property name="guard">
-         <bean class="org.sakaiproject.tool.resetpass.UserValidator">
-         <property name="userDirectoryService"
-			ref="org.sakaiproject.user.api.UserDirectoryService" />
-			<property name="serverConfigurationService"
-			ref="org.sakaiproject.component.api.ServerConfigurationService" />
-			<property name="securityService"
-			ref="org.sakaiproject.authz.api.SecurityService" />
-			<property name="toolManager"
-			ref="org.sakaiproject.tool.api.ToolManager" />
- 	 </bean>
-     </property>
+        <property name="guardedPath" value="userBean"/>
+        <property name="guard">
+            <bean class="org.sakaiproject.tool.resetpass.UserValidator">
+                <property name="userDirectoryService" ref="org.sakaiproject.user.api.UserDirectoryService" />
+                <property name="serverConfigurationService" ref="org.sakaiproject.component.api.ServerConfigurationService" />
+                <property name="securityService" ref="org.sakaiproject.authz.api.SecurityService" />
+            </bean>
+        </property>
    </bean>
-  
-<bean parent="requestAddressibleParent">
-    <property name="value" value="formHandler, userBean" />
-  </bean>
-  
+
+    <bean parent="requestAddressibleParent">
+        <property name="value" value="formHandler, userBean" />
+    </bean>
+
     <!-- Scope for the user bean -->
     <bean id="UserScope" parent="beanScopeParent">
-    <property name="copyPreservingBeans" value="userBean"/>
-  </bean>
+        <property name="copyPreservingBeans" value="userBean"/>
+    </bean>
 
- <bean id="ignoreFossilizedValues" class="uk.org.ponder.springutil.BooleanFactory">
-<property name="value" value="true" />
-</bean>
+    <bean id="ignoreFossilizedValues" class="uk.org.ponder.springutil.BooleanFactory">
+        <property name="value" value="true" />
+    </bean>
 
 </beans>