From 8ba1b6966b9498e200f95e731e02163895f477ec Mon Sep 17 00:00:00 2001
From: shimingxy <shimingxy@163.com>
Date: Sat, 18 Apr 2020 16:02:22 +0800
Subject: [PATCH] ForgotPassword fix

---
 .../password/opt/impl/MailOtpAuthn.java       |  15 +-
 .../org/maxkey/domain/ForgotPassword.java     |  93 ----------
 .../dao/persistence/ForgotPasswordMapper.java |  19 --
 .../dao/persistence/UserInfoMapper.java       |   4 +-
 .../dao/service/ForgotPasswordService.java    |  30 ---
 .../maxkey/dao/service/UserInfoService.java   |   4 +
 .../xml/mysql/ForgotPasswordMapper.xml        |  11 --
 .../contorller/ForgotPasswordContorller.java  | 171 ++++++++----------
 .../resources/messages/message.properties     |  10 +
 .../resources/messages/message_en.properties  |  10 +
 .../main/resources/spring/maxkey-security.xml |  10 +-
 .../views/forgotpassword/findpwd.ftl          |  43 +++++
 .../views/forgotpassword/pwdreseted.ftl       |  34 ++++
 .../views/forgotpassword/resetpwd.ftl         |  56 ++++++
 .../templates/views/forgotpwd/email.ftl       |  11 --
 .../templates/views/forgotpwd/findpwd.ftl     |  24 ---
 .../templates/views/forgotpwd/pwdreseted.ftl  |  13 --
 .../templates/views/forgotpwd/resetpwd.ftl    |  42 -----
 18 files changed, 255 insertions(+), 345 deletions(-)
 delete mode 100644 maxkey-core/src/main/java/org/maxkey/domain/ForgotPassword.java
 delete mode 100644 maxkey-dao/src/main/java/org/maxkey/dao/persistence/ForgotPasswordMapper.java
 delete mode 100644 maxkey-dao/src/main/java/org/maxkey/dao/service/ForgotPasswordService.java
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/findpwd.ftl
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/pwdreseted.ftl
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/resetpwd.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/email.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/findpwd.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/pwdreseted.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/resetpwd.ftl

diff --git a/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/impl/MailOtpAuthn.java b/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/impl/MailOtpAuthn.java
index 6f9c29193..ba46787c3 100644
--- a/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/impl/MailOtpAuthn.java
+++ b/maxkey-core/src/main/java/org/maxkey/crypto/password/opt/impl/MailOtpAuthn.java
@@ -8,9 +8,12 @@ import org.maxkey.crypto.password.opt.AbstractOptAuthn;
 import org.maxkey.domain.UserInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
 public class MailOtpAuthn extends AbstractOptAuthn {
     private static final Logger _logger = LoggerFactory.getLogger(MailOtpAuthn.class);
+    
+    @Autowired
     EmailConfig emailConfig;
 
     public MailOtpAuthn() {
@@ -24,9 +27,10 @@ public class MailOtpAuthn extends AbstractOptAuthn {
             Email email = new SimpleEmail();
             email.setHostName(emailConfig.getSmtpHost());
             email.setSmtpPort(emailConfig.getPort());
+            email.setSSLOnConnect(emailConfig.isSsl());
             email.setAuthenticator(
                     new DefaultAuthenticator(emailConfig.getUsername(), emailConfig.getPassword()));
-            email.setSSLOnConnect(emailConfig.isSsl());
+            
             email.setFrom(emailConfig.getSenderMail());
             email.setSubject("One Time PassWord");
             email.setMsg("You Token is " + token 
@@ -36,7 +40,12 @@ public class MailOtpAuthn extends AbstractOptAuthn {
             _logger.debug(
                     "token " + token + " send to user +" + userInfo.getUsername() 
                     + ", email " + userInfo.getEmail());
-            //this.insertDataBase(userInfo, token, userInfo.getUsername(), OptTypes.EMAIL);
+            //成功返回
+            this.optTokenStore.store(
+                    userInfo, 
+                    token, 
+                    userInfo.getMobile(), 
+                    OptTypes.EMAIL);
             return true;
         } catch (Exception e) {
             e.printStackTrace();
@@ -46,7 +55,7 @@ public class MailOtpAuthn extends AbstractOptAuthn {
 
     @Override
     public boolean validate(UserInfo userInfo, String token) {
-        return true;
+        return this.optTokenStore.validate(userInfo, token, OptTypes.EMAIL, interval);
     }
 
     public void setEmailConfig(EmailConfig emailConfig) {
diff --git a/maxkey-core/src/main/java/org/maxkey/domain/ForgotPassword.java b/maxkey-core/src/main/java/org/maxkey/domain/ForgotPassword.java
deleted file mode 100644
index 1f8703e89..000000000
--- a/maxkey-core/src/main/java/org/maxkey/domain/ForgotPassword.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package org.maxkey.domain;
-
-
-public class ForgotPassword extends ChangePassword{
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1218071580331822219L;
-
-	/**
-	 * 1 for email
-	 * 2 for mobile sms code
-	 * 3 for answer question
-	 */
-	private int type;
-	
-	private String email;
-	
-	private String mobile;
-	
-	private String smsCode;
-	
-	/**
-	 * 
-	 */
-	public ForgotPassword() {
-
-	}
-	
-	/**
-	 * 
-	 */
-	public ForgotPassword(String email) {
-		this.email=email;
-		this.type=1;
-
-	}
-	
-	public ForgotPassword(String mobile,String smsCode) {
-		this.mobile=mobile;
-		this.smsCode=smsCode;
-		this.type=2;
-	}
-
-	public int getType() {
-		return type;
-	}
-
-	public void setType(int type) {
-		this.type = type;
-	}
-
-	/**
-	 * @return the email
-	 */
-	public String getEmail() {
-		return email;
-	}
-
-	/**
-	 * @param email the email to set
-	 */
-	public void setEmail(String email) {
-		this.email = email;
-	}
-
-	public String getMobile() {
-		return mobile;
-	}
-
-	public void setMobile(String mobile) {
-		this.mobile = mobile;
-	}
-
-	public String getSmsCode() {
-		return smsCode;
-	}
-
-	public void setSmsCode(String smsCode) {
-		this.smsCode = smsCode;
-	}
-
-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
-	@Override
-	public String toString() {
-		return "ForgotPassword [email=" + email + "]";
-	}
-
-	
-}
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/ForgotPasswordMapper.java b/maxkey-dao/src/main/java/org/maxkey/dao/persistence/ForgotPasswordMapper.java
deleted file mode 100644
index 38281e95b..000000000
--- a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/ForgotPasswordMapper.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/**
- * 
- */
-package org.maxkey.dao.persistence;
-
-import org.apache.mybatis.jpa.persistence.IJpaBaseMapper;
-import org.maxkey.domain.ForgotPassword;
-import org.maxkey.domain.UserInfo;
-
-/**
- * @author Crystal.sea
- *
- */
-
-public  interface ForgotPasswordMapper extends IJpaBaseMapper<ForgotPassword> {
-	
-	public UserInfo queryUserInfoByEmail(String email);
-	
-}
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/UserInfoMapper.java b/maxkey-dao/src/main/java/org/maxkey/dao/persistence/UserInfoMapper.java
index feb15873a..0926c5cce 100644
--- a/maxkey-dao/src/main/java/org/maxkey/dao/persistence/UserInfoMapper.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/persistence/UserInfoMapper.java
@@ -1,5 +1,6 @@
 package org.maxkey.dao.persistence;
 
+import org.apache.ibatis.annotations.Select;
 import org.apache.mybatis.jpa.persistence.IJpaBaseMapper;
 import org.maxkey.domain.UserInfo;
 
@@ -40,6 +41,7 @@ public interface UserInfoMapper  extends IJpaBaseMapper<UserInfo>{
 	
 	public int changeMobile(UserInfo userInfo);
 	
-	
+    @Select("SELECT * FROM  USERINFO WHERE   EMAIL = #{value} OR MOBILE= #{value}")
+    public UserInfo queryUserInfoByEmailMobile(String emailMobile);
 	
 }
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/ForgotPasswordService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/ForgotPasswordService.java
deleted file mode 100644
index a7a798b10..000000000
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/ForgotPasswordService.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package org.maxkey.dao.service;
-
-import org.apache.mybatis.jpa.persistence.JpaBaseService;
-import org.maxkey.dao.persistence.ForgotPasswordMapper;
-import org.maxkey.domain.ForgotPassword;
-import org.maxkey.domain.UserInfo;
-import org.springframework.stereotype.Service;
-
-@Service
-public class ForgotPasswordService  extends JpaBaseService<ForgotPassword>{
-
-	public ForgotPasswordService() {
-		super(ForgotPasswordMapper.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see com.connsec.db.service.BaseService#getMapper()
-	 */
-	@Override
-	public ForgotPasswordMapper getMapper() {
-
-		return (ForgotPasswordMapper)super.getMapper();
-	}
-
-	 
-	public UserInfo queryUserInfoByEmail(String email){
-		return getMapper().queryUserInfoByEmail(email);
-	}
-	
-}
diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java
index 9d92772c6..c27d7a784 100644
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java
@@ -214,4 +214,8 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 		return getMapper().changeMobile(userInfo)>0;
 	}
 	
+    public UserInfo queryUserInfoByEmailMobile(String emailMobile) {
+        return getMapper().queryUserInfoByEmailMobile(emailMobile);
+    }
+
 }
diff --git a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
index 1fdf3e8a3..a979b094c 100644
--- a/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
+++ b/maxkey-dao/src/main/resources/org/maxkey/dao/persistence/xml/mysql/ForgotPasswordMapper.xml
@@ -2,15 +2,4 @@
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="org.maxkey.dao.persistence.ForgotPasswordMapper">
 
-	<select id="queryUserInfoByEmail" parameterType="string" resultType="UserInfo">
-		SELECT
-			*
-		FROM
-			USERINFO
-		WHERE
-			EMAIL = #{value}
-	</select>
-	
-	
-	
 </mapper>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
index b29e56198..fd31cf7f5 100644
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
@@ -1,20 +1,16 @@
 package org.maxkey.web.contorller;
 
-import org.apache.commons.mail.DefaultAuthenticator;
-import org.apache.commons.mail.EmailException;
-import org.apache.commons.mail.HtmlEmail;
-import org.maxkey.config.ApplicationConfig;
-import org.maxkey.dao.service.ForgotPasswordService;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.maxkey.crypto.password.opt.AbstractOptAuthn;
 import org.maxkey.dao.service.UserInfoService;
-import org.maxkey.domain.ForgotPassword;
 import org.maxkey.domain.UserInfo;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
@@ -22,115 +18,96 @@ import org.springframework.web.servlet.ModelAndView;
 @Controller
 @RequestMapping(value = { "/forgotpassword" })
 public class ForgotPasswordContorller {
-
     private static Logger _logger = LoggerFactory.getLogger(ForgotPasswordContorller.class);
 
-    @Autowired
-    ForgotPasswordService forgotPasswordService;
-
+    Pattern emailRegex = Pattern.compile(
+            "^\\s*\\w+(?:\\.{0,1}[\\w-]+)*@[a-zA-Z0-9]+(?:[-.][a-zA-Z0-9]+)*\\.[a-zA-Z]+\\s*$");
+    
+    Pattern mobileRegex = Pattern.compile(
+            "^(13[4,5,6,7,8,9]|15[0,8,9,1,7]|188|187)\\\\d{8}$");
+    
+    public class ForgotType{
+        public final static int NOTFOUND = 1;
+        public final static int EMAIL = 2;
+        public final static int MOBILE = 3;
+    }
+    
+    public class PasswordResetResult{
+        public final static int SUCCESS = 1;
+        public final static int CAPTCHAERROR = 2;
+        public final static int PASSWORDERROR = 3;
+    }
+    
     @Autowired
     private UserInfoService userInfoService;
 
     @Autowired
-    protected ApplicationConfig applicationConfig;
-
+    @Qualifier("tfaMailOptAuthn")
+    protected AbstractOptAuthn tfaMailOptAuthn;
+    
     @Autowired
-    private PasswordEncoder passwordEncoder;
+    @Qualifier("tfaMobileOptAuthn")
+    protected AbstractOptAuthn tfaMobileOptAuthn;
+    
 
     @RequestMapping(value = { "/forward" })
     public ModelAndView forwardreg() {
-        _logger.debug("Registration  /forgotpassword/forward.");
-        return new ModelAndView("forgotpassword/forward");
+        _logger.debug("forgotpassword  /forgotpassword/forward.");
+        return new ModelAndView("forgotpassword/findpwd");
     }
 
-    @RequestMapping(value = { "/email" })
-    public ModelAndView email(@RequestParam String email) {
-        _logger.debug("Registration  /forgotpassword/email.");
-        _logger.debug("email : " + email);
-        UserInfo userInfo = forgotPasswordService.queryUserInfoByEmail(email);
-        ModelAndView modelAndView = new ModelAndView("forgotpassword/email");
-        modelAndView.addObject("emailsend", 0);
-        modelAndView.addObject("email", email);
-
-        if (userInfo != null) {
-            ForgotPassword forgotPassword = new ForgotPassword();
-            forgotPassword.setId(forgotPassword.generateId());
-            forgotPassword.setEmail(email);
-            forgotPassword.setUid(userInfo.getId());
-            forgotPassword.setUsername(userInfo.getUsername());
-            forgotPasswordService.insert(forgotPassword);
-
-            HtmlEmail hemail = new HtmlEmail();
-
-            try {
-                hemail.setHostName(applicationConfig.getEmailConfig().getSmtpHost());
-                hemail.setSmtpPort(applicationConfig.getEmailConfig().getPort());
-                hemail.setAuthenticator(new DefaultAuthenticator(applicationConfig.getEmailConfig().getUsername(),
-                        applicationConfig.getEmailConfig().getPassword()));
-
-                hemail.addTo(userInfo.getEmail(), userInfo.getNickName());
-                hemail.setFrom(applicationConfig.getEmailConfig().getSenderMail(), "ConnSec");
-                hemail.setSubject("ConnSec Cloud Identity & Access ReSet Password .");
-
-                // set the html message
-                String forgotPasswordUrl = WebContext.getHttpContextPath() + "/forgotpassword/resetpwd/"
-                        + forgotPassword.getId();
-
-                // set the html message
-                String emailText = "<html>";
-                emailText += "<a href='" + forgotPasswordUrl + "'>Reset Password</a><br>";
-                emailText += " or copy " + forgotPasswordUrl + " to brower.";
-                emailText += "</html>";
-
-                hemail.setHtmlMsg(emailText);
-
-                // set the alternative message
-                hemail.setTextMsg("Your email client does not support HTML messages");
-
-                // send the email
-                hemail.send();
-                modelAndView.addObject("emailsend", 1);
-            } catch (EmailException e) {
-                // TODO Auto-generated catch block
-                e.printStackTrace();
-            }
+    @RequestMapping(value = { "/emailmobile" })
+    public ModelAndView email(@RequestParam String emailMobile,@RequestParam String captcha) {
+        _logger.debug("forgotpassword  /forgotpassword/emailmobile.");
+        _logger.debug("emailMobile : " + emailMobile);
+        UserInfo userInfo = userInfoService.queryUserInfoByEmailMobile(emailMobile);
+        Matcher matcher = emailRegex.matcher(emailMobile);
+        int forgotType = ForgotType.NOTFOUND;
+        if (matcher.matches() && null != userInfo) {
+            tfaMailOptAuthn.produce(userInfo);
+            forgotType = ForgotType.EMAIL;
         }
+        matcher = mobileRegex.matcher(emailMobile);
+        if (matcher.matches() && null != userInfo) {
+            tfaMobileOptAuthn.produce(userInfo);
+            forgotType = ForgotType.MOBILE;
+        }
+        
+        ModelAndView modelAndView = new ModelAndView("forgotpassword/resetpwd");
+        modelAndView.addObject("userId", userInfo==null ?"":userInfo.getId());
+        modelAndView.addObject("username", userInfo==null ?"":userInfo.getUsername());
+        modelAndView.addObject("emailMobile", emailMobile);
+        modelAndView.addObject("forgotType", forgotType);
+        
         return modelAndView;
     }
 
-    @RequestMapping(value = { "/resetpwd/{id}" })
-    public ModelAndView resetpwd(@PathVariable("id") String id) {
-        _logger.debug("Registration  /forgotpassword/resetpwd.");
-        ForgotPassword forgotPassword = forgotPasswordService.get(id);
-        ModelAndView mav = new ModelAndView("forgotpassword/resetpwd");
-        if (forgotPassword != null) {
-            mav.addObject("model", forgotPassword);
-        }
-
-        return mav;
-    }
-
-    @RequestMapping(value = { "/setpassword/{id}" })
-    public ModelAndView setPassWord(@PathVariable("id") String id, @RequestParam String password,
-            @RequestParam String confirmpassword) {
-        _logger.debug("forgotPassword  /forgotPassword/pwdreseted.");
+    @RequestMapping(value = { "/setpassword" })
+    public ModelAndView setPassWord(
+                        @RequestParam String userId, 
+                        @RequestParam String username, 
+                        @RequestParam int forgotType, 
+                        @RequestParam String password,
+                        @RequestParam String confirmpassword,
+                        @RequestParam String captcha) {
+        _logger.debug("forgotPassword  /forgotpassword/pwdreseted.");
         ModelAndView modelAndView = new ModelAndView("forgotpassword/pwdreseted");
-        if (password.equals(confirmpassword)) {
-            ForgotPassword forgotPassword = forgotPasswordService.get(id);
-            if (forgotPassword != null) {
-                UserInfo userInfo = new UserInfo();
-                userInfo.setId(forgotPassword.getUid());
-                userInfo.setPassword(password);
-                userInfo.setDecipherable(password);
-                userInfo.setUsername(forgotPassword.getUsername());
+        if (null != password && password.equals(confirmpassword)) {
+            UserInfo userInfo = new UserInfo();
+            userInfo.setId(userId);
+            userInfo.setUsername(username);
+            userInfo.setPassword(password);
+            userInfo.setDecipherable(password);
+            if ((forgotType == ForgotType.EMAIL && tfaMailOptAuthn.validate(userInfo, captcha)) ||
+                    (forgotType == ForgotType.MOBILE && tfaMobileOptAuthn.validate(userInfo, captcha))
+                ) {
                 userInfoService.changePassword(userInfo);
-                forgotPasswordService.remove(id);
-                modelAndView.addObject("pwdreseted", 1);
+                modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS);
             } else {
-                modelAndView.addObject("pwdreseted", 2);
+                modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR);
             }
         } else {
-            modelAndView.addObject("pwdreseted", 0);
+            modelAndView.addObject("passwordResetResult", PasswordResetResult.PASSWORDERROR);
         }
         return modelAndView;
     }
diff --git a/maxkey-web-maxkey/src/main/resources/messages/message.properties b/maxkey-web-maxkey/src/main/resources/messages/message.properties
index 7f9f41b4e..1b51a2f6b 100644
--- a/maxkey-web-maxkey/src/main/resources/messages/message.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message.properties
@@ -185,6 +185,16 @@ button.text.search=\u67E5\u8BE2
 button.text.expandsearch=\u5C55\u5F00
 button.text.collapsesearch=\u6536\u7F29
 
+forgotpassword.emailmobile=\u90AE\u7BB1\u6216\u624B\u673A
+forgotpassword.nextstep=\u4E0B\u4E00\u6B65
+forgotpassword.resetpwd.notfound.prefix=\u90AE\u7BB1\u6216\u624B\u673A\u53F7
+forgotpassword.resetpwd.notfound.suffix=\u4E0D\u5B58\u5728,\u8BF7
+forgotpassword.backstep=\u91CD\u65B0\u8F93\u5165
+forgotpassword.pwdreseted.password=\u8F93\u5165\u5BC6\u7801\u6216\u786E\u8BA4\u5BC6\u7801\u9519\u8BEF\uFF0C\u8BF7
+forgotpassword.pwdreseted.captcha=\u9A8C\u8BC1\u7801\u9519\u8BEF\uFF0C\u8BF7
+forgotpassword.pwdreseted.success.tip=\u5BC6\u7801\u91CD\u7F6E\u6210\u529F\uFF0C\u8BF7\u524D\u5F80
+forgotpassword.pwdreseted.success.login=\u767B\u5F55
+
 log.loginhistory.id=\u7F16\u53F7
 log.loginhistory.sessionId=\u4F1A\u8BDD
 log.loginhistory.username=\u767B\u5F55\u540D
diff --git a/maxkey-web-maxkey/src/main/resources/messages/message_en.properties b/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
index a24f6c763..95a8f8dbb 100644
--- a/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
@@ -184,6 +184,16 @@ button.text.search=Search
 button.text.expandsearch=Expand
 button.text.collapsesearch=Collapse
 
+forgotpassword.emailmobile=Email OR Mobile
+forgotpassword.nextstep=Next
+forgotpassword.resetpwd.notfound.prefix=Email OR Mobile
+forgotpassword.resetpwd.notfound.suffix=not found,pls
+forgotpassword.backstep=Retry
+forgotpassword.pwdreseted.password=password error or password not eq the confirm password,pls 
+forgotpassword.pwdreseted.captcha=captcha error , pls 
+forgotpassword.pwdreseted.success.tip=Reset Password successful,pls forward 
+forgotpassword.pwdreseted.success.login=login
+
 log.loginhistory.id=id
 log.loginhistory.sessionId=sessionId
 log.loginhistory.username=username
diff --git a/maxkey-web-maxkey/src/main/resources/spring/maxkey-security.xml b/maxkey-web-maxkey/src/main/resources/spring/maxkey-security.xml
index 737081373..fb0f3af5a 100644
--- a/maxkey-web-maxkey/src/main/resources/spring/maxkey-security.xml
+++ b/maxkey-web-maxkey/src/main/resources/spring/maxkey-security.xml
@@ -93,11 +93,19 @@
 	
 	<bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn">
 	</bean>
-	 
 	<!-- 
 	<bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.netease.SmsOtpAuthnYunxin">
 	</bean>
 	-->
+	
+	<!-- for Forgot Password -->
+	<bean id="tfaMailOptAuthn" class="org.maxkey.crypto.password.opt.impl.MailOtpAuthn">
+	</bean>
+	
+	<bean id="tfaMobileOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.netease.SmsOtpAuthnYunxin">
+	</bean>
+	 
+
 	<!-- Authentication Password Encoder Config -->
 	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>   
 	
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/findpwd.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/findpwd.ftl
new file mode 100644
index 000000000..b0c0625ad
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/findpwd.ftl
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+
+<#include  "../layout/header.ftl">
+<#include  "../layout/common.cssjs.ftl">
+<script type="text/javascript"> 
+$(function(){
+
+	$('#j_captchaimg').click(function () {//
+           $(this).attr("src", "<@base />/captcha"); 
+	}); 
+});
+</script>
+</head>
+<body  >
+<div id="top">
+	<#include "../layout/nologintop.ftl">
+</div>
+<div class="container">	
+				<form action="<@base/>/forgotpassword/emailmobile" method="post">
+					<table  class="table table-bordered">
+						<tr>
+							<td><@locale code="forgotpassword.emailmobile"/></td>
+							<td><input type="email" id="emailMobile" name="emailMobile" class="form-control"  title="" value=""/></td>
+						</tr>
+						<tr>
+								<td><@locale code="login.text.captcha"/>：</td>
+								<td><input class="form-control"  type='text' id="j_captcha" name="captcha"  tabindex="3"  value="" style="float: left;"/><img id="j_captchaimg" src="<@base/>/captcha"/></td>
+								
+						</tr>
+						<tr>
+							<td  colspan="2"><input id="forgotpwdBtn"  class="button btn btn-lg btn-primary btn-block" type="submit" value="<@locale code="forgotpassword.nextstep" />"/></td>
+						</tr>
+						
+					</table>
+				</form>
+</div>
+<div id="footer">
+	<#include "../layout/footer.ftl">
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/pwdreseted.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/pwdreseted.ftl
new file mode 100644
index 000000000..97051d056
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/pwdreseted.ftl
@@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+
+<#include  "../layout/header.ftl">
+<#include  "../layout/common.cssjs.ftl">
+</head>
+<body  >
+<div id="top">
+	<#include "../layout/nologintop.ftl">
+</div>
+<div class="container">	
+  <#if 3 == passwordResetResult>
+  	<@locale code="forgotpassword.pwdreseted.password"/>
+  	<a href="javascript:history.go(-1);"><@locale code="forgotpassword.backstep"/></a >
+  	
+  </#if>
+  <#if 2 == passwordResetResult>
+  	<@locale code="forgotpassword.pwdreseted.captcha"/>
+  	<a href="javascript:history.go(-1);"><@locale code="forgotpassword.backstep"/></a >
+  	
+  </#if>
+  <#if 1 == passwordResetResult>
+  	<@locale code="forgotpassword.pwdreseted.success.tip"/>
+  	<a href="<@base/>/login"><@locale code="forgotpassword.pwdreseted.success.login"/></a> .
+  	
+  </#if>
+
+</div>
+<div id="footer">
+	<#include "../layout/footer.ftl">
+</div>
+</body>
+</html>  
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/resetpwd.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/resetpwd.ftl
new file mode 100644
index 000000000..b9cd9bf5b
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpassword/resetpwd.ftl
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+
+<#include  "../layout/header.ftl">
+<#include  "../layout/common.cssjs.ftl">
+</head>
+<body  >
+<div id="top">
+	<#include "../layout/nologintop.ftl">
+</div>
+<div class="container">	
+  <#if 1 == forgotType>
+  	<@locale code="forgotpassword.resetpwd.notfound.prefix"/> 
+  	<b>${emailMobile} </b>
+  	<@locale code="forgotpassword.resetpwd.notfound.suffix"/>
+  	<a href="javascript:history.go(-1);"><@locale code="forgotpassword.backstep"/></a >
+  </#if>
+  <#if 2 == forgotType || 3 == forgotType >
+
+	<form action="<@base/>/forgotpassword/setpassword" method="post">
+		<table  class="table table-bordered">
+			<tr>
+				<td><@locale code="forgotpassword.emailmobile"/>
+					<input type='hidden' id="text" name="userId" value="${userId}" />
+					<input type='hidden' id="text" name="forgotType" value="${forgotType}" />
+					<input type='hidden' id="text" name="username" value="${username}" />
+				</td>
+				<td>${emailMobile}</td>
+			</tr>
+			<tr>
+				<td><@locale code="login.password.newPassword"/></td>
+				<td><input  class="form-control"   type='password' id="password" name="password"  tabindex="1"  value="" /></td>
+			</tr>
+			<tr>
+				<td><@locale  code="login.password.confirmPassword"/></td>
+				<td><input  class="form-control"   type='password' id="confirmpassword" name="confirmpassword"  tabindex="2"  value="" /></td>
+			</tr>
+			<tr>
+				<td><@locale code="login.text.captcha"/>：</td>
+				<td><input class="form-control"  type='text'  name="captcha"  tabindex="3"  value="" /></td>
+					
+			</tr>
+			<tr>
+				<td  colspan="2"><input id="registerBtn" class="button btn btn-lg btn-primary btn-block" type="submit" value="<@locale code="forgotpassword.nextstep" />"/></td>
+			</tr>
+			
+		</table>
+	</form>
+	</#if> 
+</div>
+<div id="footer">
+	<#include "../layout/footer.ftl">
+</div>
+</body>
+</html>  
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/email.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/email.ftl
deleted file mode 100644
index 3ccb8b3e6..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/email.ftl
+++ /dev/null
@@ -1,11 +0,0 @@
-<div class="container">	
-  <#if 0 == emailsend>
-  	user email ${email} not find,<br>
-  	<input type="button"  class="button"  value="后退"  onclick="javascript:history.go(-1);"> 
-  </#if>
-  <#if 1 == emailsend>
-  	please check you email ${email},to Reset Password.
-  </#if>
-</div>
-  
-  
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/findpwd.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/findpwd.ftl
deleted file mode 100644
index 2045cb55b..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/findpwd.ftl
+++ /dev/null
@@ -1,24 +0,0 @@
-<div class="container">	
-	<table border="0"  style="width:100%;">
-		<tr>
-			<td width="630px">
-				
-			</td>
-			<td>
-				<form action="<@base/>/forgotpassword/email" method="post">
-					<table  class="datatable">
-						<tr>
-							<td><@locale code="forgotpwd.email"/></td>
-							<td><input type="email" id="email" name="email" class="int required" title="" value=""/></td>
-						</tr>
-						
-						<tr>
-							<td  colspan="2"><input id="forgotpwdBtn" class="button" type="submit" value="<@locale code="button.text.enable" />"/></td>
-						</tr>
-						
-					</table>
-				</form>
-			</td>
-		</tr>
-	</table>
-</div>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/pwdreseted.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/pwdreseted.ftl
deleted file mode 100644
index fbd1f6f3d..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/pwdreseted.ftl
+++ /dev/null
@@ -1,13 +0,0 @@
-
-<div class="container">	
-  <#if 0 == pwdreseted>
-  	password not eq the confirm password,<br>
-  	<input type="button"  class="button"  value="后退"  onclick="javascript:history.go(-1);"> 
-  </#if>
-  <#if 1 == pwdreseted>
-  	Reset Password successful,<a href="<s:Base/>/login">click here</a> login.
-  </#if>
-  <#if 2 == pwdreseted>
-  	url expired.
-  </#if>
-</div>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/resetpwd.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/resetpwd.ftl
deleted file mode 100644
index 626873548..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/forgotpwd/resetpwd.ftl
+++ /dev/null
@@ -1,42 +0,0 @@
-<%@ page 	language="java"   import="java.util.*" 	pageEncoding="UTF-8"%>
-<%@ taglib prefix="c"       	uri="http://java.sun.com/jsp/jstl/core"  %>
-<%@ taglib prefix="fn"     	 	uri="http://java.sun.com/jsp/jstl/functions" %>
-<%@ taglib prefix="spring"  	uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="s" 			uri="http://sso.maxkey.org/tags" %> 
-
-<div class="container">	
-  <c:if test="${null != model}">
-	<table border="0"  style="width:100%;">
-		<tr>
-			<td width="630px">
-				
-			</td>
-			<td>
-				<form action="<s:Base/>/forgotpassword/setpassword/${model.id}" method="post">
-					<table  class="datatable">
-						<tr>
-							<td><s:Locale code="register.workemail"/></td>
-							<td>${model.email}</td>
-						</tr>
-						<tr>
-							<td><s:Locale code="register.password"/></td>
-							<td><input type='password' id="password" name="password" value="" /></td>
-						</tr>
-						<tr>
-							<td><s:Locale code="register.confirmpassword"/></td>
-							<td><input type='password' id="confirmpassword" name="confirmpassword" value="" /></td>
-						</tr>
-						<tr>
-							<td  colspan="2"><input id="registerBtn" class="button" type="submit" value="<s:Locale code="button.text.enable" />"/></td>
-						</tr>
-						
-					</table>
-				</form>
-			</td>
-		</tr>
-	</table>
-	  </c:if>
-    <c:if test="${null == model}">
-    	url expired.
-    </c:if>  
-</div>
\ No newline at end of file