From 6605da19e850922ef621c60df5853af999a1b3e7 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Wed, 7 Aug 2019 16:14:04 +0200
Subject: [PATCH] Simplify account mails and fix placeholders

The account activation and reset mail now only contain the code. String
placeholders are numbered correctly again. The activation and reset
keys' length has been reduced to 8 characters.

Fixes arsnova-backend#47.
---
 .../thm/arsnova/service/UserServiceImpl.java  | 28 ++++---------------
 src/main/resources/config/defaults.yml        | 14 ++++++----
 2 files changed, 14 insertions(+), 28 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/service/UserServiceImpl.java b/src/main/java/de/thm/arsnova/service/UserServiceImpl.java
index 9c3996006..2014a08ea 100644
--- a/src/main/java/de/thm/arsnova/service/UserServiceImpl.java
+++ b/src/main/java/de/thm/arsnova/service/UserServiceImpl.java
@@ -437,7 +437,7 @@ public class UserServiceImpl extends DefaultEntityServiceImpl<UserProfile> imple
 		userProfile.setAuthProvider(UserProfile.AuthProvider.ARSNOVA);
 		userProfile.setLoginId(lcUsername);
 		account.setPassword(encodePassword(password));
-		account.setActivationKey(RandomStringUtils.randomAlphanumeric(32));
+		account.setActivationKey(RandomStringUtils.randomAlphanumeric(8));
 		userProfile.setCreationTimestamp(new Date());
 
 		/* Repository is accessed directly without EntityService to skip permission check */
@@ -461,15 +461,9 @@ public class UserServiceImpl extends DefaultEntityServiceImpl<UserProfile> imple
 
 	private void sendActivationEmail(final UserProfile userProfile) {
 		final String activationKey = userProfile.getAccount().getActivationKey();
-		final String activationUrl = MessageFormat.format(
-				"{0}{1}/login?action=activate&username={3}&key={4}",
-				rootUrl,
-				customizationPath,
-				UriUtils.encodeQueryParam(userProfile.getLoginId(), "UTF-8"),
-				activationKey);
 
 		sendEmail(userProfile, registeredProperties.getRegistrationMailSubject(),
-				MessageFormat.format(registeredProperties.getRegistrationMailBody(), activationUrl, activationKey));
+				MessageFormat.format(registeredProperties.getRegistrationMailBody(), activationKey, rootUrl));
 	}
 
 	private void parseMailAddressPattern() {
@@ -562,27 +556,15 @@ public class UserServiceImpl extends DefaultEntityServiceImpl<UserProfile> imple
 			throw new BadRequestException();
 		}
 
-		account.setPasswordResetKey(RandomStringUtils.randomAlphanumeric(32));
+		account.setPasswordResetKey(RandomStringUtils.randomAlphanumeric(8));
 		account.setPasswordResetTime(new Date());
 
 		if (null == userRepository.save(userProfile)) {
 			logger.error("Password reset failed. {} could not be updated.", username);
 		}
 
-		final String resetPasswordUrl = MessageFormat.format(
-				"{0}{1}/login?action=resetpassword&username={3}&key={4}",
-				rootUrl,
-				customizationPath,
-				UriUtils.encodeQueryParam(userProfile.getLoginId(), "UTF-8"), account.getPasswordResetKey());
-
-		final String mailBody = MessageFormat.format(
-				registeredProperties.getResetPasswordMailBody(),
-				resetPasswordUrl,
-				account.getPasswordResetKey()
-		);
-
-		sendEmail(userProfile, registeredProperties.getResetPasswordMailSubject(),
-				MessageFormat.format(mailBody, resetPasswordUrl));
+		sendEmail(userProfile, registeredProperties.getResetPasswordMailSubject(), MessageFormat.format(
+				registeredProperties.getResetPasswordMailBody(), account.getPasswordResetKey(), rootUrl));
 	}
 
 	@Override
diff --git a/src/main/resources/config/defaults.yml b/src/main/resources/config/defaults.yml
index 0209418cf..80c46a9cf 100644
--- a/src/main/resources/config/defaults.yml
+++ b/src/main/resources/config/defaults.yml
@@ -107,16 +107,20 @@ arsnova:
         registration-mail-body: |-
           Welcome to ARSnova!
 
-          Please confirm your registration by visiting the following web address:
-          {0}
+          Here is the activation code you need for your first login to ARSnova:
 
-          Afterwards, you can log into ARSnova with your e-mail address and password.
+              {0}
+
+          {1}
         reset-password-mail-subject: ARSnova Password Reset
         reset-password-mail-body: |-
           You requested to reset your password.
 
-          Please follow the link below to set a new password:
-          {0}
+          Here is the confirmation code you need to set a new password:
+
+              {0}
+
+          {1}
 
       # LDAP authentication
       #
-- 
GitLab