Misc fixes

aq-ikhwa-tech · aq-ikhwa-tech · commit 39ad3ac732ff · 2024-02-26T19:15:29.000+05:00
diff --git a/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/organization/model/Organization.java b/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/organization/model/Organization.java
@@ -86,7 +86,7 @@ public OrganizationCommonSettings getCommonSettings() {
     public static class OrganizationCommonSettings extends HashMap<String, Object> {
         public static final String USER_EXTRA_TRANSFORMER = "userExtraTransformer";
         public static final String USER_EXTRA_TRANSFORMER_UPDATE_TIME = "userExtraTransformer_updateTime";
-        public static final String PASSWORD_RESET_EMAIL_TEMPLATE = "passwordRestEmailTemplate";
+        public static final String PASSWORD_RESET_EMAIL_TEMPLATE = "passwordResetEmailTemplate";
         // custom branding configs
         public static final String CUSTOM_BRANDING_KEY = "branding";
     }
diff --git a/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/organization/service/OrganizationServiceImpl.java b/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/organization/service/OrganizationServiceImpl.java
@@ -158,7 +158,8 @@ public Mono<Organization> create(Organization organization, String creatorId) {
                     if (organization == null || StringUtils.isNotBlank(organization.getId())) {
                         return Mono.error(new BizException(BizError.INVALID_PARAMETER, "INVALID_PARAMETER", FieldName.ORGANIZATION));
                     }
-                    organization.getCommonSettings().put(PASSWORD_RESET_EMAIL_TEMPLATE,
+                    organization.setCommonSettings(new OrganizationCommonSettings());
+                    organization.getCommonSettings().put("PASSWORD_RESET_EMAIL_TEMPLATE",
                             PASSWORD_RESET_EMAIL_TEMPLATE_DEFAULT);
                     organization.setState(ACTIVE);
                     return Mono.just(organization);
diff --git a/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/EmailCommunicationService.java b/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/EmailCommunicationService.java
@@ -30,7 +30,7 @@ public boolean sendPasswordResetEmail(String to, String token, String message) {
             mimeMessageHelper.setSubject(subject);
 
             // Construct the message with the token link
-            String resetLink = config.getLowcoderPublicUrl() + "lost-password?token=" + token;
+            String resetLink = config.getLowcoderPublicUrl() + "/lost-password?token=" + token;
             String formattedMessage = String.format(message, to, resetLink);
             mimeMessageHelper.setText(formattedMessage, true); // Set HTML to true to allow links
 
diff --git a/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserServiceImpl.java b/server/api-service/lowcoder-domain/src/main/java/org/lowcoder/domain/user/service/UserServiceImpl.java
@@ -295,15 +295,11 @@ public Mono<Boolean> resetLostPassword(String userEmail, String token, String ne
         return findByName(userEmail)
                 .flatMap(user -> {
                     if (Instant.now().until(user.getPasswordResetTokenExpiry(), ChronoUnit.MINUTES) <= 0) {
-                        return ofError(BizError.LOGIN_EXPIRED, "TOKEN_EXPIRED");
+                        return ofError(BizError.INVALID_PARAMETER, "TOKEN_EXPIRED");
                     }
 
                     if (!StringUtils.equals(HashUtils.hash(token.getBytes()), user.getPasswordResetToken())) {
-                        return ofError(BizError.INVALID_PASSWORD, "INVALID_TOKEN");
-                    }
-
-                    if (StringUtils.isBlank(newPassword)) {
-                        return ofError(BizError.INVALID_PASSWORD, "PASSWORD_NOT_SET_YET");
+                        return ofError(BizError.INVALID_PARAMETER, "INVALID_TOKEN");
                     }
 
                     user.setPassword(encryptionService.encryptPassword(newPassword));
diff --git a/server/api-service/lowcoder-sdk/src/main/resources/locale_en.properties b/server/api-service/lowcoder-sdk/src/main/resources/locale_en.properties
@@ -17,6 +17,9 @@ CANNOT_DELETE_SYSTEM_GROUP=System group cannot be deleted.
 NEED_DEV_TO_CREATE_RESOURCE=Invalid operation, workspace developers or admin required.
 UNABLE_TO_FIND_VALID_ORG=Cannot find a valid workspace for current user.
 USER_BANNED=Current account is frozen.
+SENDING_EMAIL_FAILED=Email could not be sent. Please check the smtp settings for the org.
+TOKEN_EXPIRED=Token to reset the password has expired
+INVALID_TOKEN=Invalid token received for password reset request
 # invitation
 INVALID_INVITATION_CODE=Invitation code not found.
 ALREADY_IN_ORGANIZATION=You are already in this workspace.
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/security/SecurityConfig.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/framework/security/SecurityConfig.java
@@ -114,6 +114,7 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/me"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/currentUser"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/lost-password"),
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, USER_URL + "/reset-lost-password"),
 
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, GROUP_URL + "/list"), // application view
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, QUERY_URL + "/execute"), // application view
@@ -141,6 +142,7 @@ SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.USER_URL + "/me"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.USER_URL + "/currentUser"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, NewUrl.USER_URL + "/lost-password"),
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, NewUrl.USER_URL + "/reset-lost-password"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.GROUP_URL + "/list"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, NewUrl.QUERY_URL + "/execute"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, NewUrl.MATERIAL_URL + "/**"),
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserController.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserController.java
@@ -156,13 +156,13 @@ public Mono<ResponseView<Boolean>> lostPassword(@RequestBody LostPasswordRequest
     }
 
     @Override
-    public Mono<ResponseView<Boolean>> resetLostPassword(@PathVariable String token, @RequestBody ResetLostPasswordRequest request) {
-        if (StringUtils.isBlank(request.userEmail()) || StringUtils.isBlank(token)
+    public Mono<ResponseView<Boolean>> resetLostPassword(@RequestBody ResetLostPasswordRequest request) {
+        if (StringUtils.isBlank(request.userEmail()) || StringUtils.isBlank(request.token())
                 || StringUtils.isBlank(request.newPassword())) {
             return ofError(BizError.INVALID_PARAMETER, "INVALID_PARAMETER");
         }
 
-        return userApiService.resetLostPassword(request.userEmail(), token, request.newPassword())
+        return userApiService.resetLostPassword(request.userEmail(), request.token(), request.newPassword())
                 .map(ResponseView::success);
     }
 
diff --git a/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserEndpoints.java b/server/api-service/lowcoder-server/src/main/java/org/lowcoder/api/usermanagement/UserEndpoints.java
@@ -124,8 +124,8 @@ public interface UserEndpoints
 	@PostMapping("/lost-password")
 	public Mono<ResponseView<Boolean>> lostPassword(@RequestBody LostPasswordRequest request);
 
-	@PostMapping("/lost-password/{token}")
-	public Mono<ResponseView<Boolean>> resetLostPassword(@PathVariable String token, @RequestBody ResetLostPasswordRequest request);
+	@PostMapping("/reset-lost-password")
+	public Mono<ResponseView<Boolean>> resetLostPassword(@RequestBody ResetLostPasswordRequest request);
 
 	@Operation(
 			tags = TAG_USER_PASSWORD_MANAGEMENT,
@@ -160,7 +160,7 @@ public record ResetPasswordRequest(String userId) {
 	public record LostPasswordRequest(String userEmail) {
 	}
 
-	public record ResetLostPasswordRequest(String userEmail, String newPassword) {
+	public record ResetLostPasswordRequest(String token, String userEmail, String newPassword) {
 	}
 
     public record UpdatePasswordRequest(String oldPassword, String newPassword) {

Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ public OrganizationCommonSettings getCommonSettings() {`
`86`	`86`	`public static class OrganizationCommonSettings extends HashMap<String, Object> {`
`87`	`87`	`public static final String USER_EXTRA_TRANSFORMER = "userExtraTransformer";`
`88`	`88`	`public static final String USER_EXTRA_TRANSFORMER_UPDATE_TIME = "userExtraTransformer_updateTime";`
`89`		`- public static final String PASSWORD_RESET_EMAIL_TEMPLATE = "passwordRestEmailTemplate";`
	`89`	`+ public static final String PASSWORD_RESET_EMAIL_TEMPLATE = "passwordResetEmailTemplate";`
`90`	`90`	`// custom branding configs`
`91`	`91`	`public static final String CUSTOM_BRANDING_KEY = "branding";`
`92`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -156,13 +156,13 @@ public Mono<ResponseView<Boolean>> lostPassword(@RequestBody LostPasswordRequest`
`156`	`156`	`}`
`157`	`157`
`158`	`158`	`@Override`
`159`		`- public Mono<ResponseView<Boolean>> resetLostPassword(@PathVariable String token, @RequestBody ResetLostPasswordRequest request) {`
`160`		`- if (StringUtils.isBlank(request.userEmail()) \|\| StringUtils.isBlank(token)`
	`159`	`+ public Mono<ResponseView<Boolean>> resetLostPassword(@RequestBody ResetLostPasswordRequest request) {`
	`160`	`+ if (StringUtils.isBlank(request.userEmail()) \|\| StringUtils.isBlank(request.token())`
`161`	`161`	`\|\| StringUtils.isBlank(request.newPassword())) {`
`162`	`162`	`return ofError(BizError.INVALID_PARAMETER, "INVALID_PARAMETER");`
`163`	`163`	`}`
`164`	`164`
`165`		`- return userApiService.resetLostPassword(request.userEmail(), token, request.newPassword())`
	`165`	`+ return userApiService.resetLostPassword(request.userEmail(), request.token(), request.newPassword())`
`166`	`166`	`.map(ResponseView::success);`
`167`	`167`	`}`
`168`	`168`