From 802cee52f8019a16e9bd79eaf2a6aa7c53754fc6 Mon Sep 17 00:00:00 2001
From: Claudio Maggioni <maggicl@usi.ch>
Date: Thu, 26 Mar 2020 01:01:49 +0100
Subject: [PATCH] fixed cors on password reset

---
 .../smarthut/config/CORSFilter.java           | 23 +++++--------------
 .../controller/UserAccountController.java     |  4 ++--
 2 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
index 7df826d..d5e19ae 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
@@ -1,7 +1,6 @@
 package ch.usi.inf.sa4.sanmarinoes.smarthut.config;
 
 import java.io.IOException;
-import java.util.List;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
@@ -14,23 +13,13 @@ import org.springframework.stereotype.Component;
 @Component
 public class CORSFilter implements Filter {
 
-    static void setCORSHeaders(HttpServletResponse response) {
+    public static void setCORSHeaders(HttpServletResponse response) {
         response.setHeader("Access-Control-Allow-Origin", "*");
-        response.setHeader("Access-Control-Allow-Methods", "HEAD, PUT, POST, GET, OPTIONS, DELETE");
-        response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader(
-                "Access-Control-Allow-Headers",
-                String.join(
-                        ",",
-                        List.of(
-                                "Access-Control-Allow-Headers",
-                                "Origin",
-                                "Accept",
-                                "X-Requested-With",
-                                "Authorization",
-                                "Content-Type",
-                                "Access-Control-Request-Method",
-                                "Access-Control-Request-Headers")));
+        response.setHeader("Access-Control-Allow-Methods", "*");
+        response.setHeader("Access-Control-Allow-Headers", "*");
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Expose-Headers", "*");
+        response.setHeader("Access-Control-Max-Age", "6".repeat(99));
     }
 
     @Override
diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java
index 1957319..950fb1a 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/controller/UserAccountController.java
@@ -160,7 +160,7 @@ public class UserAccountController {
      * @throws EmailTokenNotFoundException if given token is not a valid token for password reset
      */
     @PutMapping("/reset-password")
-    public void resetPassword(
+    public OkResponse resetPassword(
             @Valid @RequestBody PasswordResetRequest resetRequest,
             final HttpServletResponse response)
             throws EmailTokenNotFoundException, IOException {
@@ -179,7 +179,7 @@ public class UserAccountController {
         // Delete token to prevent further password changes
         confirmationTokenRepository.delete(token);
 
-        response.sendRedirect(emailConfig.getResetPasswordRedirect());
+        return new OkResponse();
     }
 
     /**