Changeset 7409


Ignore:
Timestamp:
Oct 9, 2017, 8:43:46 AM (5 years ago)
Author:
Nicklas Nordborg
Message:

References #2097: Implement support for device verification

An email message with the verification code is now sent to the user. The messge text is currently hardcoded into the code. This should maybe be configurable by the server admin?

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/clients/web/net/sf/basedb/clients/web/taglib/Page.java

    r7395 r7409  
    2727
    2828import net.sf.basedb.core.Application;
    29 import net.sf.basedb.core.Config;
    3029import net.sf.basedb.core.SessionControl;
    3130import net.sf.basedb.core.Version;
     
    254253    BASE_VERSION = Version.getMajor() + "." + Version.getMinor() + "." + Version.getMaintenance() + Version.getSuffix();
    255254    SERVER_NAME = Application.getHostName();
    256     DEFAULT_PAGE_TITLE = Config.getString("app.title", "BASE $VERSION @ $SERVER")
    257       .replace("$VERSION", BASE_VERSION)
    258       .replace("$SERVER", SERVER_NAME);
     255    DEFAULT_PAGE_TITLE = Application.getTitle();
    259256    initialized = true;
    260257  }
  • trunk/src/core/net/sf/basedb/core/Application.java

    r7381 r7409  
    177177 
    178178  /**
     179    The title of the server.
     180   */
     181  private static String title;
     182 
     183  /**
    179184    The internal job queue reference if it is enabled.
    180185  */
     
    323328    }
    324329    return hostName;
     330  }
     331 
     332  /**
     333    Get the "display title" of this server. This can be configured
     334    in base.config via the 'app.title' setting.
     335    @since 3.12
     336  */
     337  public static String getTitle()
     338  {
     339    if (title == null)
     340    {
     341      String t = Config.getString("app.title", "BASE $VERSION @ $SERVER");
     342      t = t.replace("$SERVER", Application.getHostName());
     343      t = t.replace("$VERSION", Version.getMajor() + "." + Version.getMinor() + "." + Version.getMaintenance() + Version.getSuffix());
     344      title = t;
     345    }
     346    return title;
    325347  }
    326348 
  • trunk/src/core/net/sf/basedb/core/SessionControl.java

    r7408 r7409  
    6666import java.util.WeakHashMap;
    6767
     68import org.apache.commons.mail.Email;
     69import org.apache.commons.mail.EmailException;
     70
    6871import java.util.Collections;
    6972import java.util.List;
     
    471474      udi.authenticatedUser = authUser;
    472475      udi.verificationCode = MD5.leftPad(Integer.toString((int)(Math.random()*1000000)), '0', 6);
    473 
    474       udi.message = "A verification code has been sent to your registered email address: " +
    475         "<b>" + user.getEmail() + "</b>\n" +
    476         "Please enter the verification code in the form below to continue with the login.";
     476      udi.userName = user.getName();
     477      udi.userEmail = user.getEmail();
     478
     479      try
     480      {
     481        String serverUrl = loginRequest.getAttribute("server-url");
     482        if (serverUrl == null) serverUrl = Application.getTitle();
     483       
     484        String msg = "Hi " + user.getName() + ",\n\n" +
     485          "The verification code is: " + udi.verificationCode + "\n\n"
     486          + "This email was sent to you because you are trying to login to " + serverUrl + "\n"
     487          + "from an unknown device. Please enter the verification code in the form on your\n"
     488          + "browser to continue with the login. The verification code can only be used once.\n\n"
     489          + "If you did not try to login at this time, your login information might be stolen.\n"
     490          + "Please contact the server administrator if you have any questions.\n\n"
     491          + "The login attempt was made from: " + getRemoteId() + "\n";
     492       
     493        Email email = EmailUtil.createSimpleEmail();
     494        email.addTo(user.getEmail(), user.getName(), "UTF-8");
     495        email.setSubject("Your verification code for " + serverUrl);
     496        email.setMsg(msg);
     497        email.send();
     498      }
     499      catch (EmailException ex)
     500      {
     501        throw new LoginException("Could not send verification code", ex);
     502      }
    477503     
    478       udi.message += "\n\nDEBUG!!! The verification code for device '" + udi.getDeviceToken() + "' is: " + udi.verificationCode;
    479504      unverifiedDeviceInfo = udi;
    480      
    481505      throw new DeviceNotVerifiedException();
    482506    }
     
    27212745   
    27222746    String verificationCode;
    2723     String message;
     2747   
     2748    String userName;
     2749    String userEmail;
    27242750   
    27252751    /**
     
    27352761   
    27362762    /**
    2737       Get a message to display for the user on the form where the
    2738       verification code should be entered.
     2763      Get the name of the user.
    27392764    */
    2740     public String getVerificationSentMessage()
    2741     {
    2742       return message;
     2765    public String getUserName()
     2766    {
     2767      return userName;
     2768    }
     2769   
     2770    /**
     2771      Get the email to the user.
     2772    */
     2773    public String getUserEmail()
     2774    {
     2775      return userEmail;
    27432776    }
    27442777   
  • trunk/www/login.jsp

    r7408 r7409  
    7171      LoginRequest loginRequest = new LoginRequest(login, password, deviceToken);
    7272      loginRequest.setAttribute("user-agent", request.getHeader("User-Agent"));
     73      String serverUrl = request.getRequestURL().toString().replace("/login.jsp", "/");
     74      loginRequest.setAttribute("server-url", serverUrl);
    7375      sc.login(loginRequest);
    7476      useAutoStartPage = Values.getBoolean(request.getParameter("useAutoStartPage"));
  • trunk/www/verify_device.jsp

    r7408 r7409  
    5858      <div class="messagecontainer help" id="login-help" style="text-align: center; padding: 1em;">
    5959        <b style="font-size: 125%;">This is the first time you are logging in from this device</b>
    60         <p style="margin-top: 1em;">
    61         <%=HTML.niceFormat(ui.getVerificationSentMessage(), 0) %>
     60        <p style="margin-top: 1em; line-height: 170%;">
     61        A verification code has been sent to your registered email address: <br>
     62        <b><%=HTML.encodeTags(ui.getUserName())%> &lt;<%=HTML.encodeTags(ui.getUserEmail())%>&gt;</b><br>
     63        Please enter the verification code in the form below to complete the login.
    6264      </div>
    6365     
Note: See TracChangeset for help on using the changeset viewer.