From b5fcec6a33a670504daa587714e437c8aa572bfd Mon Sep 17 00:00:00 2001
From: Lukas Forer <lukas.forer@i-med.ac.at>
Date: Sun, 10 Dec 2023 09:12:03 +0100
Subject: [PATCH] Handle anonymous users in reset password

---
 .../components/core/user/profile/profile.stache  |  8 ++++----
 .../mapred/api/v2/users/ResetPassword.java       | 16 ++++++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/main/html/webapp/components/core/user/profile/profile.stache b/src/main/html/webapp/components/core/user/profile/profile.stache
index b26b4016..e246429d 100644
--- a/src/main/html/webapp/components/core/user/profile/profile.stache
+++ b/src/main/html/webapp/components/core/user/profile/profile.stache
@@ -63,9 +63,9 @@ Please fill out the form below to change your account settings or your password.
 
 	</div>
 </form>
-
+<br>
 <hr>
-
+<br>
 <h3>API Access</h3>
 
 <p>This service provides a rich RestAPI to submit, monitor and download jobs.</p>
@@ -88,9 +88,9 @@ Please fill out the form below to change your account settings or your password.
 
 
 {{/user.hasApiToken}}
-
+<br>
 <hr>
-
+<br>
 <h3>Delete Account</h3>
 
 <p>Once you delete your user account, there is no going back. Please be certain.</p>
diff --git a/src/main/java/cloudgene/mapred/api/v2/users/ResetPassword.java b/src/main/java/cloudgene/mapred/api/v2/users/ResetPassword.java
index e89d6eef..52f515ea 100644
--- a/src/main/java/cloudgene/mapred/api/v2/users/ResetPassword.java
+++ b/src/main/java/cloudgene/mapred/api/v2/users/ResetPassword.java
@@ -25,7 +25,7 @@ public Representation get(Representation entity) {
 		Form form = new Form(entity);
 		String username = form.getFirstValue("username");
 
-		if (username == null || username.isEmpty()) {
+		if (username == null || username.trim().isEmpty()) {
 			return new JSONAnswer("Please enter a valid username or email address.", false);
 		}
 
@@ -66,13 +66,17 @@ public Representation get(Representation entity) {
 			String body = getWebApp().getTemplate(Template.RECOVERY_MAIL, user.getFullName(), application, link);
 
 			try {
-				log.info(String.format("Password reset link requested for user '%s'", username));
-				MailUtil.notifySlack(getSettings(), "Hi! " + username + " asked for a new password :key:");
 
-				MailUtil.send(getSettings(), user.getMail(), subject, body);
+				if (user.getMail()!= null && !user.getMail().isEmpty()) {
+					log.info(String.format("Password reset link requested for user '%s'", username));
+					MailUtil.notifySlack(getSettings(), "Hi! " + username + " asked for a new password :key:");
+					MailUtil.send(getSettings(), user.getMail(), subject, body);
 
-				return new JSONAnswer(
-						"Email sent to " + user.getMail() + " with instructions on how to reset your password.", true);
+					return new JSONAnswer(
+							"We sent you an email with instructions on how to reset your password.", true);
+				} else {
+					return new JSONAnswer("No email address is associated with the provided username. Therefore, password recovery cannot be completed.", false);
+				}
 
 			} catch (Exception e) {