From c0bf870d1e5e44fd9f6e0b7c90f46a068324b7dc Mon Sep 17 00:00:00 2001
From: Simon Hohl <simon.hohl@dainst.de>
Date: Tue, 14 Jan 2025 09:52:01 +0100
Subject: [PATCH] Simplify password reset

Instead of requiring username, email, first- and lastname, users only need to provide their email address.
---
 .../controller/UserManagementController.java  | 34 ++++--------
 frontend/app/users/pwd-reset.html             | 53 +++++++------------
 frontend/app/users/pwd-reset.resource.js      |  6 +--
 3 files changed, 33 insertions(+), 60 deletions(-)

diff --git a/backend/src/main/java/de/uni_koeln/arachne/controller/UserManagementController.java b/backend/src/main/java/de/uni_koeln/arachne/controller/UserManagementController.java
index 76e3d069b..c6a328b15 100644
--- a/backend/src/main/java/de/uni_koeln/arachne/controller/UserManagementController.java
+++ b/backend/src/main/java/de/uni_koeln/arachne/controller/UserManagementController.java
@@ -427,29 +427,17 @@ public Map<String,String> reset(@RequestBody Map<String,String> userCredentials,
 
         if (userRightsService.isSignedInUser()) return result;
 
-        final String userName = getFormData(userCredentials, "username", true, "ui.passwordreset.");
         final String eMailAddress = getFormData(userCredentials, "email", true, "ui.passwordreset.");
-        final String firstName = getFormData(userCredentials, "firstname", true, "ui.passwordreset.");
-        final String lastName = getFormData(userCredentials, "lastname", true, "ui.passwordreset.");
 
-        User userByName = userDao.findByName(userName);
-        if (userByName == null) {
-        	LOGGER.info("User not found: {}", userName);
-        	return result;
-		}
-        if (!userByName.getEmail().equals(eMailAddress)) {
-        	LOGGER.info("Wrong eMail provided for user '{}': {}", userName, eMailAddress);
-        	return result;
-		}
-        if (!userByName.getFirstname().equals(firstName) ||
-                !userByName.getLastname().equals(lastName)) {
-			LOGGER.info("Wrong first or last name provided for user '{}': {}, {}", userName, firstName, lastName);
+        User userByEmail = userDao.findByEMailAddress(eMailAddress);
+        if (userByEmail == null) {
+        	LOGGER.info("User not found: {}", eMailAddress);
         	return result;
 		}
 
         resetPasswordRequestDao.deleteExpiredRequests(); // get rid of all expired requests
         // if there is already a request pending do not allow to add a new one
-        if (resetPasswordRequestDao.getByUserId(userByName.getId()) != null) {
+        if (resetPasswordRequestDao.getByUserId(userByEmail.getId()) != null) {
         	result.put("message", "ui.passwordreset.already_present");
 			LOGGER.info("A non-expired password request is already present in the database for user: {}", userName);
         	return result;
@@ -465,7 +453,7 @@ public Map<String,String> reset(@RequestBody Map<String,String> userCredentials,
 
         ResetPasswordRequest request = new ResetPasswordRequest();
         request.setToken(token);
-        request.setUserId(userByName.getId());
+        request.setUserId(userByEmail.getId());
         request.setExpirationDate(expirationDate);
         resetPasswordRequestDao.save(request);
 
@@ -473,14 +461,14 @@ public Map<String,String> reset(@RequestBody Map<String,String> userCredentials,
         final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
         final String nowString = dateFormat.format(now);
         final String expirationDateString = dateFormat.format(expirationDate);
-        final String linkString = "http://" + serverAddress + "/user/activation/" + token;
+        final String linkString = "https://" + serverAddress + "/user/activation/" + token;
 
-        final String messageBody = "Sie haben ihr Passwort bei Arachne am " + nowString + " zurückgesetzt."
-                + newLine + "Bitte folgen sie diesem Link um den Prozess abzuschließen: " + linkString
-                + newLine + "Dieser Link ist bis zum " + expirationDateString + " gültig.";
+        final String messageBody = "A password reset was requested for iDAI.objects/Arachne on " + nowString + "."
+                + newLine + "You can use the following link to reset your password: " + linkString
+                + newLine + "The link is valid until " + expirationDateString + ".";
 
-        if (!isTestUser(userByName) && !mailService.sendMail(userByName.getEmail(), "Passwort zurückgesetzt bei Arachne", messageBody)) {
-            LOGGER.error("Unable to send password activation eMail to user: " + userByName.getEmail());
+        if (!isTestUser(userByEmail) && !mailService.sendMail(userByEmail.getEmail(), "Passwort zurückgesetzt bei Arachne", messageBody)) {
+            LOGGER.error("Unable to send password activation eMail to user: " + userByEmail.getEmail());
             resetPasswordRequestDao.delete(request);
             result.put("success", "false");
             response.setStatus(400);
diff --git a/frontend/app/users/pwd-reset.html b/frontend/app/users/pwd-reset.html
index 99d4c7fbe..b2aa0746b 100644
--- a/frontend/app/users/pwd-reset.html
+++ b/frontend/app/users/pwd-reset.html
@@ -1,47 +1,32 @@
 <div class="row" style="margin-top: 0;" ng-controller="PwdResetController as pwdResetController">
-    <div class="col-md-6 col-md-offset-3 col-xs-12 page-header">
+	<div class="col-md-6 col-md-offset-3 col-xs-12 page-header">
 		<h2>{{'ui.passwordreset.reset'|transl8}}</h2>
 	</div>
 	<div class="col-md-6 col-md-offset-3 col-xs-12 well" ng-hide="success">
 		<form novalidate show-validation class="form-horizontal register-form" role="form" name="contactForm">
-
-			<div class="form-group" style="padding-top: 10px;">
-	        	<label class="col-sm-4 control-label">{{'ui.passwordreset.username'|transl8}}</label>
-	        	<div class="col-sm-8">
-	        		<input type="text" ng-model="user.username" class="form-control" placeholder="{{'ui.passwordreset.username'|transl8}}" required />
-	        	</div>
-			</div>
 			<div class="form-group">
-	        	<label class="col-sm-4 control-label">{{'ui.passwordreset.email'|transl8}} </label>
-	        	<div class="col-sm-8">
-	        		<input type="email" ng-model="user.email" placeholder="{{'ui.passwordreset.email'|transl8}}" class="form-control" required />
-	        	</div>
+				<label class="col-sm-4 control-label">{{'ui.passwordreset.email'|transl8}} </label>
+				<div class="col-sm-8">
+					<input type="email" ng-model="user.email" placeholder="{{'ui.passwordreset.email'|transl8}}"
+						class="form-control" required />
+				</div>
 			</div>
 			<div class="form-group">
-	        	<label class="col-sm-4 control-label">{{'ui.passwordreset.first-name'|transl8}}</label>
-	        	<div class="col-sm-8">
-	        		<input type="text" name="name" ng-model="user.firstname" class="form-control" placeholder="{{'ui.passwordreset.first-name'|transl8}}" required />
-	        	</div>
-			</div><div class="form-group">
-	        	<label class="col-sm-4 control-label">{{'ui.passwordreset.surname'|transl8}}</label>
-	        	<div class="col-sm-8">
-	        		<input type="text" name="name" ng-model="user.lastname" class="form-control" placeholder="{{'ui.passwordreset.surname'|transl8}}" required />
-	        	</div>
+				<div class="col-sm-offset-4 col-sm-8">
+					<div class="checkbox">
+						<label>
+							<input type="checkbox" ng-model="user.iAmHuman"
+								ng-true-value="'humanIAm'">{{'ui.passwordreset.iamhuman'|transl8}}
+						</label>
+					</div>
+				</div>
 			</div>
 			<div class="form-group">
-			    <div class="col-sm-offset-4 col-sm-8">
-			      <div class="checkbox">
-			        <label>
-			          <input type="checkbox" ng-model="user.iAmHuman" ng-true-value="'humanIAm'">{{'ui.passwordreset.iamhuman'|transl8}}
-			        </label>
-			      </div>
-			    </div>
-		  	</div>
-			<div class="form-group">
-		    	<div class="col-sm-offset-4 col-sm-8">
-		      		<button type="submit" ng-click="submit()" class="btn btn-primary">{{'ui.passwordreset.send'|transl8}}</button>
-		    	</div>
-		  	</div>
+				<div class="col-sm-offset-4 col-sm-8">
+					<button type="submit" ng-click="submit()"
+						class="btn btn-primary">{{'ui.passwordreset.send'|transl8}}</button>
+				</div>
+			</div>
 		</form>
 	</div>
 </div>
\ No newline at end of file
diff --git a/frontend/app/users/pwd-reset.resource.js b/frontend/app/users/pwd-reset.resource.js
index 6e1f3f587..c26b38f8b 100644
--- a/frontend/app/users/pwd-reset.resource.js
+++ b/frontend/app/users/pwd-reset.resource.js
@@ -1,10 +1,10 @@
-export default function($resource, arachneSettings) {
+export default function ($resource, arachneSettings) {
 
     return $resource(arachneSettings.dataserviceUri + '/user/reset', {}, {
-        save : {
+        save: {
             isArray: false,
             method: 'POST',
-            headers: {'Content-Type': 'application/json'}
+            headers: { 'Content-Type': 'application/json' }
         }
     });
 };