more on password recovery

src/main/java/com/commafeed/backend/services/MailService.java

@@ -34,12 +34,6 @@ public class MailService implements Serializable {
 		final String username = settings.getSmtpUserName();
 		final String password = settings.getSmtpPassword();
 
-		log.info(username);
-		log.info(password);
-		log.info("" + settings.isSmtpTls());
-		log.info(settings.getSmtpHost());
-		log.info("" + settings.getSmtpPort());
-
 		String dest = user.getEmail();
 
 		Properties props = new Properties();
@@ -59,7 +53,7 @@ public class MailService implements Serializable {
 		message.setRecipients(Message.RecipientType.TO,
 				InternetAddress.parse(dest));
 		message.setSubject("CommaFeed - " + subject);
-		message.setText(content);
+		message.setContent(content, "text/html; charset=utf-8");
 
 		Transport.send(message);
 

src/main/java/com/commafeed/backend/services/PasswordEncryptionService.java

@@ -1,5 +1,6 @@
 package com.commafeed.backend.services;
 
+import java.io.Serializable;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.spec.KeySpec;
@@ -15,7 +16,8 @@ import org.slf4j.LoggerFactory;
 import com.commafeed.backend.dao.UserDAO;
 
 // http://www.javacodegeeks.com/2012/05/secure-password-storage-donts-dos-and.html
-public class PasswordEncryptionService {
+@SuppressWarnings("serial")
+public class PasswordEncryptionService implements Serializable {
 
 	private static final Logger log = LoggerFactory.getLogger(UserDAO.class);
 

src/main/java/com/commafeed/frontend/pages/PasswordRecoveryCallbackPage.html

@@ -6,10 +6,10 @@
 				<img src="images/logo_2.png" />
 				<div wicket:id="feedback"></div>
 				<form wicket:id="form">
-					Password:
+					New Password:
 					<input type="password" wicket:id="password" />
 					<br />
-					Password:
+					Confirm:
 					<input type="password" wicket:id="confirm" />
 					<br />
 					<input type="submit" class="btn btn-primary" value="Submit" />

src/main/java/com/commafeed/frontend/pages/PasswordRecoveryCallbackPage.java

@@ -61,6 +61,8 @@ public class PasswordRecoveryCallbackPage extends BasePage {
 							passwd, user.getSalt());
 					user.setPassword(password);
 					user.setApiKey(userService.generateApiKey(user));
+					user.setRecoverPasswordToken(null);
+					user.setRecoverPasswordTokenDate(null);
 					userDAO.update(user);
 					info("Password saved.");
 				} else {

src/main/java/com/commafeed/frontend/pages/PasswordRecoveryPage.java

@@ -4,6 +4,7 @@ import java.util.Calendar;
 import java.util.UUID;
 
 import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.http.client.utils.URIBuilder;
 import org.apache.wicket.extensions.validation.validator.RfcCompliantEmailAddressValidator;
 import org.apache.wicket.markup.html.form.Form;
 import org.apache.wicket.markup.html.form.RequiredTextField;
@@ -65,7 +66,25 @@ public class PasswordRecoveryPage extends BasePage {
 		form.add(new BookmarkablePageLink<Void>("cancel", HomePage.class));
 	}
 
-	private String buildEmailContent(User user) {
+	private String buildEmailContent(User user) throws Exception {
-		return "cc";
+
+		String publicUrl = applicationSettingsService.get().getPublicUrl();
+		if (publicUrl.endsWith("/")) {
+			publicUrl = publicUrl.substring(0, publicUrl.length() - 1);
+		}
+		publicUrl += "/recover2";
+
+		return String
+				.format("You asked for password recovery, <a href='%s'>follow this link</a> to change your password. Ignore this if you didn't request a password recovery.",
+						callbackUrl(user, publicUrl));
+	}
+
+	private String callbackUrl(User user, String publicUrl) throws Exception {
+		return new URIBuilder(publicUrl)
+				.addParameter(PasswordRecoveryCallbackPage.PARAM_EMAIL,
+						user.getEmail())
+				.addParameter(PasswordRecoveryCallbackPage.PARAM_TOKEN,
+						user.getRecoverPasswordToken()).build().toURL()
+				.toString();
 	}
 }