From 1d1044980c69995da5c3f667295289d994913c5d Mon Sep 17 00:00:00 2001 From: Stephan Richter Date: Sun, 19 May 2024 12:13:48 +0000 Subject: [PATCH] Bugfix: drop token after use Signed-off-by: Stephan Richter --- pom.xml | 2 +- .../java/de/srsoftware/widerhall/data/User.java | 5 +++++ src/main/java/de/srsoftware/widerhall/web/Web.java | 13 ++++++++----- static/templates/footer.st | 2 +- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index 4ea190a..cfdeefc 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ org.example Widerhall - 1.0.3 + 1.0.4 diff --git a/src/main/java/de/srsoftware/widerhall/data/User.java b/src/main/java/de/srsoftware/widerhall/data/User.java index ba4efe6..4b1d558 100644 --- a/src/main/java/de/srsoftware/widerhall/data/User.java +++ b/src/main/java/de/srsoftware/widerhall/data/User.java @@ -137,6 +137,11 @@ public class User { Database.open().query(sql).compile().run(); } + + public void dropPasswordToken() throws SQLException { + Database.open().update(TABLE_NAME).set(RESET_TOKEN,null).where(EMAIL,email).compile().run(); + } + /** * Withdraw a specific permission from the user object. * Updated permission flag will be written to db. diff --git a/src/main/java/de/srsoftware/widerhall/web/Web.java b/src/main/java/de/srsoftware/widerhall/web/Web.java index b6644a5..16a2cde 100644 --- a/src/main/java/de/srsoftware/widerhall/web/Web.java +++ b/src/main/java/de/srsoftware/widerhall/web/Web.java @@ -372,14 +372,17 @@ public class Web extends TemplateServlet { case RESET_PASSWORD: if (!isGet) return resetPassword(req,resp); // TODO: move following code into resetPassword method - try { - user = User.byToken(req.getParameter(TOKEN)); - if (user != null) { + var token = req.getParameter(TOKEN); + if (token != null){ + try { + user = User.byToken(req.getParameter(TOKEN)); + if (user == null) return loadTemplate(path,Map.of(ERROR,"Failed to find user for token!"),resp); + user.dropPasswordToken(); req.getSession().setAttribute("user",user); return redirectTo(NEW_PASSWORD_FORM,resp); + } catch (SQLException sqle){ + return loadTemplate(path,Map.of(ERROR,"Failed to add user for token!"),resp); } - } catch (SQLException sqle){ - return loadTemplate(path,Map.of(ERROR,"Failed to add user for token!"),resp); } var email = req.getParameter(EMAIL); return loadTemplate(path,email == null ? null : Map.of(EMAIL,email),resp); diff --git a/static/templates/footer.st b/static/templates/footer.st index eb1924b..7dc53ac 100644 --- a/static/templates/footer.st +++ b/static/templates/footer.st @@ -1,5 +1,5 @@