I am using java mail and activation to send email to the user. When user clicks forget password, a mail is to be triggered to user email with link for resetting the password.
I dont want user to use same link again, so when he clicks the link from email...the link should get disabled..
I am not sure how to do it...
String body = "<a href='resetpage.jsp'>Reset Password</a>";
Message message = new MimeMessage(session);
message.setFrom(new InternetAddress(username));
message.setRecipients(Message.RecipientType.TO,
InternetAddress.parse(email));
message.setSubject("Password Reset");
MimeBodyPart mbp = new MimeBodyPart();
mbp.setText(body, "UTF-8", "html");
Multipart multipart = new MimeMultipart();
multipart.addBodyPart(mbp);
message.setContent(multipart);
Transport.send(message);
From this code, i am getting the link in email..but now after user click the link in email..the link should get disabled..or i want to make sure..when user clicks the same link again it should not work..
If I understand you correctly you would like to enable the user to click a link that will achieve some functionality and thereafter invalidate the link to ensure that it cannot be reused for performing another change.
What I would suggest is:
Generate a token of some sort UUID.randomUUID().toString() would work nicely.
Store the token in the database with something to indicate who it was for and what function it would allow (Joe Soap, Password reset)
Send a URL to the user including ?token=[token_string_here]
When the page loads check the token exists and display the function you wish to make available.
When the code makes a change to the user / account, check that the token exists again before performing the action and then delete the token from the database
Have you thought of using a random token for this?
This token could be included in the link (reset.jsp?token=RANDOM)
Whenever a user is directed to the reset page, it could read the given token and mark it as used.
When a used token is used again, you could redirect the user to another page (e.g. the login page or an error page).
(I am aware that this may not be a complete answer to your question, but I am unable to add a comment to your question.)
Related
I am using AWS Cognito for user management in my application. The userpool is configured that the users login with a unique username and a password, and that multiple users can have the same email addess. I am using Amplify built-in components for authentification.
The problem I can't seem to resolve, are double verification mesages upon updating user email. When an an email is chaged CustomMessage_UpdateUserAttribute is triggered, and when user wants to verify the changed email CustomMessage_VerifyUserAttribute is triggered. I have a custom lambda function that listens for these triggers among others and sends corresponding emails based on the action user is trying to perform: login, verify email, reset password etc.
So if a user modifies his email address, CustomMessage_UpdateUserAttribute is triggered and the user recieves an email with the following (default) message "Please verify your account and enter the following verification code to reset your password: xxxxxx". However, when this user loggs in, amplify recognises that the user is in the "verifyContact" state, and displays the screen you can see below.
The user has two options:
to skip the verification, or
to select the only attribute that awaits verification and click on "verify" button.
Clicking on the "verify" button triggers CustomMessage_VerifyUserAttribute and sends yet another email to the user. The user is redirected to the following screen.
The second screen shows where user is supposed to input newly sent code (from the second email). So the user has absolutely no need for the first email (and code) that is sent automatically when the email is updated. I have tried to find a way to avoid sending the email, but have not found a good solution. Congito won't let you override the message in lambda without sending the confirmation code in it, which is completely unnecessary since there is no place where user can input it. I don't want to disable email verification, or set email_verified to true upon updating.
Do you have any suggestions what I could do?
If anybody is facing the same problem, a workaround is to update email_verified field twice. When updating the email, set email_verified to true. This will prevent Cognito from sending and email on CustomMessage_UpdateUserAttribute. Then in a separate user attribute update request update only email_verified field to false. This will set the user to "verifyContact" state and request email verification on login.
Basically I'm trying to use HTML unit to perform a login.
However the login as form to input the username with a button next, then it actulizes the form and the password should be inputed. My problem occurs when I do button.click() the page gets the first form not the second where should be inputted the password
public void search() throws Exception {
WebClient wb = new WebClient();
HtmlPage p = wb.getPage(
"https://account.booking.com/sign-in?op_token=EgVvYXV0aCJHChQ2Wjcyb0hPZDM2Tm43emszcGlyaBIJYXV0aG9yaXplGhpodHRwczovL2FkbWluLmJvb2tpbmcuY29tLyoCe31CBGNvZGUqDDCgqZHe5rMjOgBCAA");
// HtmlPage p = (HtmlPage) wb.getPage(this.bUrl);
List<HtmlForm> form = p.getForms();
form.get(0).getInputByName("loginname").setValueAttribute("1234567");
HtmlForm fm = form.get(0);
System.out.println(form.get(0).getInputByName("loginname").getValueAttribute().toString());
List<Object> button = fm.getByXPath("//button[#type='submit']");
HtmlButton bt = (HtmlButton) button.get(0);
System.out.println(p.asText() + "\n+_________________");
bt.click();
System.out.println(p.asText());
}
The output shows to be the same before and after the bt.click()
1234567
Booking.com Account
This website uses cookies. Click here for more information.
Close
Sign In to Manage Your Property
Username
1234567
Next
Having trouble signing in?
Questions about your property or the Extranet? Visit the Partner Help Center or ask another partner on the Partner Forum.
Add your property to Booking.com
Create a partner account to list and manage your property.
Register
By clicking "Allow access" you authorize Extranet to use your Booking.com account info according to Extranet Terms of service.
+_________________
Booking.com Account
This website uses cookies. Click here for more information.
Close
Sign In to Manage Your Property
Username
Enter your username
Next
Having trouble signing in?
Questions about your property or the Extranet? Visit the Partner Help Center or ask another partner on the Partner Forum.
Add your property to Booking.com
Create a partner account to list and manage your property.
Register
By clicking "Allow access" you authorize Extranet to use your Booking.com account info according to Extranet Terms of service.
Sorry, but your code is based on a fundamental misunderstanding of Html and HtmlUnit.
HtmlPage p = wb.getPage(.....
retrieves a (html) page. This page is shown inside a browser window (same in HtmlUnit). If you interact with elements on this page like
form.get(0).getInputByName("loginname").setValueAttribute("1234567");
or better
form.get(0).getInputByName("loginname").type("1234567");
these elements are changing there state and as a result the whole page changes.
But:
Clicking an submit button is a total different story. In this case the browser (and HtmlUnit also) sends a Http Request to the server and gets back a new HtmlPage. Usually this page is shown inside the same window.
In HtmlUnit this is reflected by the return value of the click method - the return value is the new page. As long you are not assigning this value to a page variable and doing your next steps on this new page you are still working with the old one.
BTW: there is a commented sample on the Getting Started HtmlUnit page.
So far the simplest version of form/submit handling. But today the thinks are a bit (in fact many bits) more complicated because most of the pages out there doing (additional) magic based on javascript (e.g. Ajax).
Suggestion:
if you send me some credentials via private mail i can try to help you to get this login working based on HtmlUnit.
Suggestion 2:
Try to learn and understand all the technical stuff related to the web, without this you will be lost.
I have the following use case in my app:
When a specific event happens in the app all interested users should be notified by email. Then if a user replies to the email, his reply should be shown in the event page in the app.
My initial idea was to create a temp mail alias of the main notification email every time when an event happens and send the notification email with that alias set in the Reply-To header. Then if someone replies to that mail by using the alias (let's say csa123423#mydomain.com) I can figure out which event this reply refers to.
It turned out that Spring's JavaMailSender doesn't provide a way to use aliases, so I tried with Gmail API. As far as I understood creating a Gmail alias means actually setting an already existing email in your domain as an alias for another already existing email in that domain. So the Java code to achieve this using Directory API and Gmail API would look like this:
User newUser = new User();
UserName userName = new UserName();
userName.setGivenName("xsd");
userName.setFamilyName("ewrewr");
newUser.setPrimaryEmail("bbb34262bb45#mydomain.com");
newUser.setPassword("12345");
newUser.setName(userName);
User result = directoryService.users().insert(newUser).execute();
SendAs sendAs = new SendAs().setSendAsEmail("bbb34262bb45#mydomain.com").setReplyToAddress("bbb34262bb45#mydomain.com").setDisplayName("My name").setTreatAsAlias(true);
SendAs sendAsResult = gmailService.users().settings().sendAs().create(user, sendAs).execute();
MimeMessage emailContent = createEmail("mymail#gmail.com", "bbb34262bb45#mydomain.com", "Test from app", "Test body");
Message message = createMessageWithEmail(emailContent);
message = gmailService.users().messages().send(user, message).execute();
But as far as I know there are some limits on the number of accounts you can create per domain/account and also Google would charge more for this.
Is there another easier way to create aliases in Gmail? Or is there another approach to achieve the desired functionality (linking mail replies to application content) without using mail aliases?
Try leveraging '+' functionality given by Gmail for creating temporary aliases.
The basic idea is if my email id is xyz#gmail.com, I can send/receive an email with xyz+1#gmail.com or xyz+anything_here#gmail.com and it will work like a charm.
You can utilize this by keeping the alias/unique-id after the '+' in the Gmail id and then parse this alias easily in your application.
After registration, system send a verification mail to subscriber's mail id.
When user once clicks on verification link, the token must be expired.
I want to display the link expired message from next time click?
How to do it?
You may override VerifyEmailAddressAction.java action class, and set custom error message in SessionErrors and display it in Email Verification screen.
Within my hospital I wish to send an email to staff members with a link which when clicked will run a Java app which displays a form to be completed. I have got this working for a standard form requesting their details. However I need to be able to provide a link with a parameter. I have tried:
\location\program.jar param
\location\program.jar?param
\location\program.jar%20param
All give a "Cannot open the specified file." message.
Without the parameter works fine.
Must be possible surely?
You can try this if you are using JavaMail :
BodyPart messageBodyPart = new MimeBodyPart();
messageBodyPart.setText(html, "UTF-8", "html");