From 039d881a07d8f41120d2ae301748df9ec4c5fb5b Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Fri, 17 Nov 2017 22:03:54 +0100
Subject: [PATCH 01/17] #161: password recovery by email (wip, server part
 done)

---
 docs-core/pom.xml                             |  15 +++
 .../sismics/docs/core/constant/Constants.java |  20 +++
 .../core/dao/jpa/PasswordRecoveryDao.java     |  68 ++++++++++
 .../docs/core/event/PasswordLostEvent.java    |  46 +++++++
 .../async/PasswordLostAsyncListener.java      |  53 ++++++++
 .../docs/core/model/context/AppContext.java   |  51 ++++---
 .../docs/core/model/jpa/PasswordRecovery.java |  82 ++++++++++++
 .../sismics/docs/core/util/AuditLogUtil.java  |   4 +
 .../com/sismics/docs/core/util/UserUtil.java  |  20 ---
 .../main/java/com/sismics/util/EmailUtil.java | 125 ++++++++++++++++++
 .../java/com/sismics/util/LocaleUtil.java     |  36 +++++
 .../java/com/sismics/util/MessageUtil.java    |  43 ++++++
 .../com/sismics/util/ResourceBundleModel.java |  55 ++++++++
 .../main/resources/META-INF/persistence.xml   |   2 +-
 .../src/main/resources/config.properties      |   2 +-
 .../resources/db/update/dbupdate-013-0.sql    |   2 +
 .../main/resources/email_template/layout.ftl  |  16 +++
 .../password_recovery/template.ftl            |   8 ++
 .../src/main/resources/messages.properties    |   5 +
 .../src/main/resources/messages_fr.properties |   5 +
 docs-web-common/pom.xml                       |   8 +-
 .../com/sismics/docs/rest/BaseJerseyTest.java |  52 ++++++--
 docs-web/pom.xml                              |   6 +
 docs-web/src/dev/resources/config.properties  |   2 +-
 .../docs/rest/resource/UserResource.java      | 107 ++++++++++++++-
 docs-web/src/prod/resources/config.properties |   2 +-
 .../src/stress/resources/config.properties    |   2 +-
 .../sismics/docs/rest/TestUserResource.java   |  78 +++++++++++
 pom.xml                                       |  32 ++++-
 29 files changed, 881 insertions(+), 66 deletions(-)
 create mode 100644 docs-core/src/main/java/com/sismics/docs/core/dao/jpa/PasswordRecoveryDao.java
 create mode 100644 docs-core/src/main/java/com/sismics/docs/core/event/PasswordLostEvent.java
 create mode 100644 docs-core/src/main/java/com/sismics/docs/core/listener/async/PasswordLostAsyncListener.java
 create mode 100644 docs-core/src/main/java/com/sismics/docs/core/model/jpa/PasswordRecovery.java
 delete mode 100644 docs-core/src/main/java/com/sismics/docs/core/util/UserUtil.java
 create mode 100644 docs-core/src/main/java/com/sismics/util/EmailUtil.java
 create mode 100644 docs-core/src/main/java/com/sismics/util/LocaleUtil.java
 create mode 100644 docs-core/src/main/java/com/sismics/util/MessageUtil.java
 create mode 100644 docs-core/src/main/java/com/sismics/util/ResourceBundleModel.java
 create mode 100644 docs-core/src/main/resources/db/update/dbupdate-013-0.sql
 create mode 100644 docs-core/src/main/resources/email_template/layout.ftl
 create mode 100644 docs-core/src/main/resources/email_template/password_recovery/template.ftl
 create mode 100644 docs-core/src/main/resources/messages.properties
 create mode 100644 docs-core/src/main/resources/messages_fr.properties

diff --git a/docs-core/pom.xml b/docs-core/pom.xml
index 85e0267d..cafafa76 100644
--- a/docs-core/pom.xml
+++ b/docs-core/pom.xml
@@ -51,7 +51,22 @@
       <groupId>commons-lang</groupId>
       <artifactId>commons-lang</artifactId>
     </dependency>
+
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-email</artifactId>
+    </dependency>
     
+    <dependency>
+      <groupId>org.freemarker</groupId>
+      <artifactId>freemarker</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.glassfish</groupId>
+      <artifactId>javax.json</artifactId>
+    </dependency>
+
     <dependency>
       <groupId>log4j</groupId>
       <artifactId>log4j</artifactId>
diff --git a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
index aba7c82d..9ac980b2 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
@@ -44,4 +44,24 @@ public class Constants {
      * Supported document languages.
      */
     public static final List<String> SUPPORTED_LANGUAGES = Lists.newArrayList("eng", "fra", "ita", "deu", "spa", "por", "pol", "rus", "ukr", "ara", "hin", "chi_sim", "chi_tra", "jpn", "tha", "kor");
+
+    /**
+     * Base URL environnement variable.
+     */
+    public static final String BASE_URL_ENV = "DOCS_BASE_URL";
+
+    /**
+     * Default language environnement variable.
+     */
+    public static final String DEFAULT_LANGUAGE_ENV = "DOCS_DEFAULT_LANGUAGE";
+
+    /**
+     * Expiration time of the password recovery in hours.
+     */
+    public static final int PASSWORD_RECOVERY_EXPIRATION_HOUR = 2;
+
+    /**
+     * Email template for password recovery.
+     */
+    public static final String EMAIL_TEMPLATE_PASSWORD_RECOVERY = "password_recovery";
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/PasswordRecoveryDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/PasswordRecoveryDao.java
new file mode 100644
index 00000000..1eb5bec0
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/PasswordRecoveryDao.java
@@ -0,0 +1,68 @@
+package com.sismics.docs.core.dao.jpa;
+
+import com.sismics.docs.core.constant.Constants;
+import com.sismics.docs.core.model.jpa.PasswordRecovery;
+import com.sismics.util.context.ThreadLocalContext;
+import org.joda.time.DateTime;
+import org.joda.time.DurationFieldType;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.Query;
+import java.util.Date;
+import java.util.UUID;
+
+/**
+ * Password recovery DAO.
+ * 
+ * @author jtremeaux
+ */
+public class PasswordRecoveryDao {
+    /**
+     * Create a new password recovery request.
+     * 
+     * @param passwordRecovery Password recovery
+     * @return Unique identifier
+     */
+    public String create(PasswordRecovery passwordRecovery) {
+        passwordRecovery.setId(UUID.randomUUID().toString());
+        passwordRecovery.setCreateDate(new Date());
+
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        em.persist(passwordRecovery);
+        
+        return passwordRecovery.getId();
+    }
+    
+    /**
+     * Search an active password recovery by unique identifier.
+     * 
+     * @param id Unique identifier
+     * @return Password recovery
+     */
+    public PasswordRecovery getActiveById(String id) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        try {
+            Query q = em.createQuery("select r from PasswordRecovery r where r.id = :id and r.createDate > :createDateMin and r.deleteDate is null");
+            q.setParameter("id", id);
+            q.setParameter("createDateMin", new DateTime().withFieldAdded(DurationFieldType.hours(), -1 * Constants.PASSWORD_RECOVERY_EXPIRATION_HOUR).toDate());
+            return (PasswordRecovery) q.getSingleResult();
+        } catch (NoResultException e) {
+            return null;
+        }
+    }
+    
+    /**
+     * Deletes active password recovery by username.
+     * 
+     * @param username Username
+     */
+    public void deleteActiveByLogin(String username) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query q = em.createQuery("update PasswordRecovery r set r.deleteDate = :deleteDate where r.username = :username and r.createDate > :createDateMin and r.deleteDate is null");
+        q.setParameter("username", username);
+        q.setParameter("deleteDate", new Date());
+        q.setParameter("createDateMin", new DateTime().withFieldAdded(DurationFieldType.hours(), -1 * Constants.PASSWORD_RECOVERY_EXPIRATION_HOUR).toDate());
+        q.executeUpdate();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/event/PasswordLostEvent.java b/docs-core/src/main/java/com/sismics/docs/core/event/PasswordLostEvent.java
new file mode 100644
index 00000000..78f39d73
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/event/PasswordLostEvent.java
@@ -0,0 +1,46 @@
+package com.sismics.docs.core.event;
+
+import com.google.common.base.MoreObjects;
+import com.sismics.docs.core.model.jpa.PasswordRecovery;
+import com.sismics.docs.core.model.jpa.User;
+
+/**
+ * Event fired on user's password lost event.
+ *
+ * @author jtremeaux 
+ */
+public class PasswordLostEvent {
+    /**
+     * User.
+     */
+    private User user;
+
+    /**
+     * Password recovery request.
+     */
+    private PasswordRecovery passwordRecovery;
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+
+    public PasswordRecovery getPasswordRecovery() {
+        return passwordRecovery;
+    }
+
+    public void setPasswordRecovery(PasswordRecovery passwordRecovery) {
+        this.passwordRecovery = passwordRecovery;
+    }
+
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("user", user)
+                .add("passwordRecovery", "**hidden**")
+                .toString();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/listener/async/PasswordLostAsyncListener.java b/docs-core/src/main/java/com/sismics/docs/core/listener/async/PasswordLostAsyncListener.java
new file mode 100644
index 00000000..8c4aa48b
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/listener/async/PasswordLostAsyncListener.java
@@ -0,0 +1,53 @@
+package com.sismics.docs.core.listener.async;
+
+import com.google.common.eventbus.Subscribe;
+import com.sismics.docs.core.constant.Constants;
+import com.sismics.docs.core.event.PasswordLostEvent;
+import com.sismics.docs.core.model.jpa.PasswordRecovery;
+import com.sismics.docs.core.model.jpa.User;
+import com.sismics.docs.core.util.TransactionUtil;
+import com.sismics.util.EmailUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Listener for password recovery requests.
+ *
+ * @author jtremeaux 
+ */
+public class PasswordLostAsyncListener {
+    /**
+     * Logger.
+     */
+    private static final Logger log = LoggerFactory.getLogger(PasswordLostAsyncListener.class);
+
+    /**
+     * Handle events.
+     * 
+     * @param passwordLostEvent Event
+     */
+    @Subscribe
+    public void onPasswordLost(final PasswordLostEvent passwordLostEvent) {
+        if (log.isInfoEnabled()) {
+            log.info("Password lost event: " + passwordLostEvent.toString());
+        }
+        
+        TransactionUtil.handle(new Runnable() {
+            @Override
+            public void run() {
+                final User user = passwordLostEvent.getUser();
+                final PasswordRecovery passwordRecovery = passwordLostEvent.getPasswordRecovery();
+                
+                // Send the password recovery email
+                Map<String, Object> paramRootMap = new HashMap<>();
+                paramRootMap.put("user_name", user.getUsername());
+                paramRootMap.put("password_recovery_key", passwordRecovery.getId());
+        
+                EmailUtil.sendEmail(Constants.EMAIL_TEMPLATE_PASSWORD_RECOVERY, user, paramRootMap);
+            }
+        });
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/context/AppContext.java b/docs-core/src/main/java/com/sismics/docs/core/model/context/AppContext.java
index 78a7cb45..b869eee6 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/context/AppContext.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/context/AppContext.java
@@ -1,5 +1,16 @@
 package com.sismics.docs.core.model.context;
 
+import com.google.common.eventbus.AsyncEventBus;
+import com.google.common.eventbus.EventBus;
+import com.sismics.docs.core.constant.ConfigType;
+import com.sismics.docs.core.dao.jpa.ConfigDao;
+import com.sismics.docs.core.listener.async.*;
+import com.sismics.docs.core.listener.sync.DeadEventListener;
+import com.sismics.docs.core.model.jpa.Config;
+import com.sismics.docs.core.service.IndexingService;
+import com.sismics.docs.core.util.PdfUtil;
+import com.sismics.util.EnvironmentUtil;
+
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutorService;
@@ -7,19 +18,6 @@ import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
-import com.google.common.eventbus.AsyncEventBus;
-import com.google.common.eventbus.EventBus;
-import com.lowagie.text.FontFactory;
-import com.sismics.docs.core.constant.ConfigType;
-import com.sismics.docs.core.dao.jpa.ConfigDao;
-import com.sismics.docs.core.event.TemporaryFileCleanupAsyncEvent;
-import com.sismics.docs.core.listener.async.*;
-import com.sismics.docs.core.listener.sync.DeadEventListener;
-import com.sismics.docs.core.model.jpa.Config;
-import com.sismics.docs.core.service.IndexingService;
-import com.sismics.docs.core.util.PdfUtil;
-import com.sismics.util.EnvironmentUtil;
-
 /**
  * Global application context.
  *
@@ -41,6 +39,11 @@ public class AppContext {
      */
     private EventBus asyncEventBus;
 
+    /**
+     * Asynchronous bus for email sending.
+     */
+    private EventBus mailEventBus;
+
     /**
      * Indexing service.
      */
@@ -83,6 +86,9 @@ public class AppContext {
         asyncEventBus.register(new DocumentDeletedAsyncListener());
         asyncEventBus.register(new RebuildIndexAsyncListener());
         asyncEventBus.register(new TemporaryFileCleanupAsyncListener());
+
+        mailEventBus = newAsyncEventBus();
+        mailEventBus.register(new PasswordLostAsyncListener());
     }
 
     /**
@@ -138,29 +144,18 @@ public class AppContext {
         }
     }
 
-    /**
-     * Getter of eventBus.
-     *
-     * @return eventBus
-     */
     public EventBus getEventBus() {
         return eventBus;
     }
 
-    /**
-     * Getter of asyncEventBus.
-     *
-     * @return asyncEventBus
-     */
     public EventBus getAsyncEventBus() {
         return asyncEventBus;
     }
 
-    /**
-     * Getter of indexingService.
-     *
-     * @return indexingService
-     */
+    public EventBus getMailEventBus() {
+        return mailEventBus;
+    }
+
     public IndexingService getIndexingService() {
         return indexingService;
     }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/PasswordRecovery.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/PasswordRecovery.java
new file mode 100644
index 00000000..6306c807
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/PasswordRecovery.java
@@ -0,0 +1,82 @@
+package com.sismics.docs.core.model.jpa;
+
+import com.google.common.base.MoreObjects;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+import java.util.Date;
+
+/**
+ * Password recovery entity.
+ * 
+ * @author jtremeaux
+ */
+@Entity
+@Table(name = "T_PASSWORD_RECOVERY")
+public class PasswordRecovery {
+    /**
+     * Identifier.
+     */
+    @Id
+    @Column(name = "PWR_ID_C", length = 36)
+    private String id;
+    
+    /**
+     * Username.
+     */
+    @Column(name = "PWR_USERNAME_C", nullable = false, length = 50)
+    private String username;
+    
+    /**
+     * Creation date.
+     */
+    @Column(name = "PWR_CREATEDATE_D", nullable = false)
+    private Date createDate;
+    
+    /**
+     * Delete date.
+     */
+    @Column(name = "PWR_DELETEDATE_D")
+    private Date deleteDate;
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public Date getCreateDate() {
+        return createDate;
+    }
+
+    public void setCreateDate(Date createDate) {
+        this.createDate = createDate;
+    }
+
+    public Date getDeleteDate() {
+        return deleteDate;
+    }
+
+    public void setDeleteDate(Date deleteDate) {
+        this.deleteDate = deleteDate;
+    }
+    
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("id", id)
+                .toString();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/AuditLogUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/AuditLogUtil.java
index d2d0913c..60b04820 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/AuditLogUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/AuditLogUtil.java
@@ -22,6 +22,10 @@ public class AuditLogUtil {
      * @param userId User ID
      */
     public static void create(Loggable loggable, AuditLogType type, String userId) {
+        if (userId == null) {
+            userId = "admin";
+        }
+
         // Get the entity ID
         EntityManager em = ThreadLocalContext.get().getEntityManager();
         String entityId = (String) em.getEntityManagerFactory().getPersistenceUnitUtil().getIdentifier(loggable);
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/UserUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/UserUtil.java
deleted file mode 100644
index 7f19c0d1..00000000
--- a/docs-core/src/main/java/com/sismics/docs/core/util/UserUtil.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package com.sismics.docs.core.util;
-
-import com.sismics.docs.core.model.jpa.User;
-
-/**
- * Utilitaires sur les utilisateurs.
- *
- * @author jtremeaux 
- */
-public class UserUtil {
-    /**
-     * Retourne the user's username.
-     * 
-     * @param user User
-     * @return User name
-     */
-    public static String getUserName(User user) {
-        return user.getUsername();
-    }
-}
diff --git a/docs-core/src/main/java/com/sismics/util/EmailUtil.java b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
new file mode 100644
index 00000000..13ddefbc
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
@@ -0,0 +1,125 @@
+package com.sismics.util;
+
+import com.google.common.base.Strings;
+import com.sismics.docs.core.constant.ConfigType;
+import com.sismics.docs.core.constant.Constants;
+import com.sismics.docs.core.dao.jpa.ConfigDao;
+import com.sismics.docs.core.model.jpa.Config;
+import com.sismics.docs.core.model.jpa.User;
+import com.sismics.docs.core.util.ConfigUtil;
+import freemarker.template.Configuration;
+import freemarker.template.DefaultObjectWrapperBuilder;
+import freemarker.template.Template;
+import org.apache.commons.mail.HtmlEmail;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.json.Json;
+import javax.json.JsonObject;
+import javax.json.JsonReader;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.Locale;
+import java.util.Map;
+
+/**
+ * Emails utilities.
+ * 
+ * @author jtremeaux
+ */
+public class EmailUtil {
+    /**
+     * Logger.
+     */
+    private static final Logger log = LoggerFactory.getLogger(EmailUtil.class);
+
+    /**
+     * Returns an email content as string.
+     * The content is formatted from the given Freemarker template and parameters.
+     * 
+     * @param templateName Template name
+     * @param paramRootMap Map of Freemarker parameters
+     * @param locale Locale
+     * @return Template as string
+     * @throws Exception e
+     */
+    private static String getFormattedHtml(String templateName, Map<String, Object> paramRootMap, Locale locale) throws Exception {
+        Configuration cfg = new Configuration(Configuration.VERSION_2_3_23);
+        cfg.setClassForTemplateLoading(EmailUtil.class, "/email_template");
+        cfg.setObjectWrapper(new DefaultObjectWrapperBuilder(Configuration.VERSION_2_3_23).build());
+        Template template = cfg.getTemplate(templateName + "/template.ftl");
+        paramRootMap.put("messages", new ResourceBundleModel(MessageUtil.getMessage(locale),
+                new DefaultObjectWrapperBuilder(Configuration.VERSION_2_3_23).build()));
+        StringWriter sw = new StringWriter();
+        template.process(paramRootMap, sw);
+        
+        return sw.toString();
+    }
+    
+    /**
+     * Sending an email to a user.
+     * 
+     * @param templateName Template name
+     * @param recipientUser Recipient user
+     * @param subject Email subject
+     * @param paramMap Email parameters
+     */
+    public static void sendEmail(String templateName, User recipientUser, String subject, Map<String, Object> paramMap) {
+        if (log.isInfoEnabled()) {
+            log.info("Sending email from template=" + templateName + " to user " + recipientUser);
+        }
+        
+        try {
+            // Build email headers
+            HtmlEmail email = new HtmlEmail();
+            email.setCharset("UTF-8");
+            email.setHostName(ConfigUtil.getConfigStringValue(ConfigType.SMTP_HOSTNAME));
+            email.setSmtpPort(ConfigUtil.getConfigIntegerValue(ConfigType.SMTP_PORT));
+            email.addTo(recipientUser.getEmail(), recipientUser.getUsername());
+            ConfigDao configDao = new ConfigDao();
+            Config themeConfig = configDao.getById(ConfigType.THEME);
+            String appName = "Sismics Docs";
+            if (themeConfig != null) {
+                try (JsonReader reader = Json.createReader(new StringReader(themeConfig.getValue()))) {
+                    JsonObject themeJson = reader.readObject();
+                    appName = themeJson.getString("name", "Sismics Docs");
+                }
+            }
+            email.setFrom(ConfigUtil.getConfigStringValue(ConfigType.SMTP_FROM), appName);
+            java.util.Locale userLocale = LocaleUtil.getLocale(System.getenv(Constants.DEFAULT_LANGUAGE_ENV));
+            email.setSubject(subject);
+            email.setTextMsg(MessageUtil.getMessage(userLocale, "email.no_html.error"));
+
+            // Add automatic parameters
+            String baseUrl = System.getenv(Constants.BASE_URL_ENV);
+            if (Strings.isNullOrEmpty(baseUrl)) {
+                log.error("DOCS_BASE_URL environnement variable needs to be set for proper email links");
+                baseUrl = ""; // At least the mail will be sent...
+            }
+            paramMap.put("base_url", baseUrl);
+            paramMap.put("app_name", appName);
+
+            // Build HTML content from Freemarker template
+            String htmlEmailTemplate = getFormattedHtml(templateName, paramMap, userLocale);
+            email.setHtmlMsg(htmlEmailTemplate);
+
+            // Send the email
+            email.send();
+        } catch (Exception e) {
+            log.error("Error sending email with template=" + templateName + " to user " + recipientUser, e);
+        }
+    }
+
+    /**
+     * Sending an email to a user.
+     *
+     * @param templateName Template name
+     * @param recipientUser Recipient user
+     * @param paramMap Email parameters
+     */
+    public static void sendEmail(String templateName, User recipientUser, Map<String, Object> paramMap) {
+        java.util.Locale userLocale = LocaleUtil.getLocale(System.getenv(Constants.DEFAULT_LANGUAGE_ENV));
+        String subject = MessageUtil.getMessage(userLocale, "email.template." + templateName + ".subject");
+        sendEmail(templateName, recipientUser, subject, paramMap);
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/util/LocaleUtil.java b/docs-core/src/main/java/com/sismics/util/LocaleUtil.java
new file mode 100644
index 00000000..11ab9c7b
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/util/LocaleUtil.java
@@ -0,0 +1,36 @@
+package com.sismics.util;
+
+import com.google.common.base.Strings;
+
+import java.util.Locale;
+
+/**
+ * Locale utilities.
+ *
+ * @author jtremeaux
+ */
+public class LocaleUtil {
+    /**
+     * Returns a locale from the language / country / variation code (ex: fr_FR).
+     * 
+     * @param localeCode Locale code
+     * @return Locale instance
+     */
+    public static Locale getLocale(String localeCode) {
+        if (Strings.isNullOrEmpty(localeCode)) {
+            return Locale.ENGLISH;
+        }
+
+        String[] localeCodeArray = localeCode.split("_");
+        String language = localeCodeArray[0];
+        String country = "";
+        String variant = "";
+        if (localeCodeArray.length >= 2) {
+            country = localeCodeArray[1];
+        }
+        if (localeCodeArray.length >= 3) {
+            variant = localeCodeArray[2];
+        }
+        return new Locale(language, country, variant);
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/util/MessageUtil.java b/docs-core/src/main/java/com/sismics/util/MessageUtil.java
new file mode 100644
index 00000000..a2898bd0
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/util/MessageUtil.java
@@ -0,0 +1,43 @@
+package com.sismics.util;
+
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+/**
+ * Messages utilities.
+ *
+ * @author jtremeaux
+ */
+public class MessageUtil {
+    /**
+     * Returns a localized message in the specified language.
+     * Returns **key** if no message exists for this key.
+     * 
+     * @param locale Locale
+     * @param key Message key
+     * @param args Arguments to format
+     * @return Formatted message
+     */
+    public static String getMessage(Locale locale, String key, Object... args) {
+        ResourceBundle resources = ResourceBundle.getBundle("messages", locale);
+        String message;
+        try {
+            message = resources.getString(key);
+        } catch (MissingResourceException e) {
+            message = "**" + key + "**";
+        }
+        return MessageFormat.format(message, args);
+    }
+
+    /**
+     * Returns the resource bundle corresponding to the specified language.
+     * 
+     * @param locale Locale
+     * @return Resource bundle
+     */
+    public static ResourceBundle getMessage(Locale locale) {
+        return ResourceBundle.getBundle("messages", locale);
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/util/ResourceBundleModel.java b/docs-core/src/main/java/com/sismics/util/ResourceBundleModel.java
new file mode 100644
index 00000000..cff2a583
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/util/ResourceBundleModel.java
@@ -0,0 +1,55 @@
+package com.sismics.util;
+
+import freemarker.ext.beans.BeansWrapper;
+import freemarker.ext.beans.StringModel;
+import freemarker.template.TemplateModel;
+import freemarker.template.TemplateModelException;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+/**
+ * Override of {@link freemarker.ext.beans.ResourceBundleModel}
+ * to threat single quotes uniformely.
+ * 
+ * @author bgamard
+ */
+public class ResourceBundleModel extends freemarker.ext.beans.ResourceBundleModel {
+
+    /**
+     * Default constructor.
+     * 
+     * @param bundle Resource bundle
+     * @param wrapper Beans wrapper
+     */
+    public ResourceBundleModel(ResourceBundle bundle, BeansWrapper wrapper) {
+        super(bundle, wrapper);
+    }
+
+    @SuppressWarnings("rawtypes")
+    @Override
+    public Object exec(List arguments) throws TemplateModelException {
+        // Must have at least one argument - the key
+        if (arguments.size() < 1)
+            throw new TemplateModelException("No message key was specified");
+        // Read it
+        Iterator it = arguments.iterator();
+        String key = unwrap((TemplateModel) it.next()).toString();
+        try {
+            // Copy remaining arguments into an Object[]
+            int args = arguments.size() - 1;
+            Object[] params = new Object[args];
+            for (int i = 0; i < args; ++i)
+                params[i] = unwrap((TemplateModel) it.next());
+
+            // Invoke format
+            return new StringModel(format(key, params), wrapper);
+        } catch (MissingResourceException e) {
+            throw new TemplateModelException("No such key: " + key);
+        } catch (Exception e) {
+            throw new TemplateModelException(e.getMessage());
+        }
+    }
+}
diff --git a/docs-core/src/main/resources/META-INF/persistence.xml b/docs-core/src/main/resources/META-INF/persistence.xml
index 7c40e310..b62e7679 100644
--- a/docs-core/src/main/resources/META-INF/persistence.xml
+++ b/docs-core/src/main/resources/META-INF/persistence.xml
@@ -4,6 +4,6 @@
   xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
   version="2.0">
   <persistence-unit name="transactions-optional" transaction-type="RESOURCE_LOCAL">
-    <provider>org.hibernate.ejb.HibernatePersistence</provider>
+    <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
   </persistence-unit>
 </persistence>
\ No newline at end of file
diff --git a/docs-core/src/main/resources/config.properties b/docs-core/src/main/resources/config.properties
index a56b42a4..ca77caa4 100644
--- a/docs-core/src/main/resources/config.properties
+++ b/docs-core/src/main/resources/config.properties
@@ -1 +1 @@
-db.version=12
\ No newline at end of file
+db.version=13
\ No newline at end of file
diff --git a/docs-core/src/main/resources/db/update/dbupdate-013-0.sql b/docs-core/src/main/resources/db/update/dbupdate-013-0.sql
new file mode 100644
index 00000000..1407d548
--- /dev/null
+++ b/docs-core/src/main/resources/db/update/dbupdate-013-0.sql
@@ -0,0 +1,2 @@
+create cached table T_PASSWORD_RECOVERY ( PWR_ID_C varchar(36) not null, PWR_USERNAME_C varchar(50) not null, PWR_CREATEDATE_D datetime, PWR_DELETEDATE_D datetime, primary key (PWR_ID_C) );
+update T_CONFIG set CFG_VALUE_C = '13' where CFG_ID_C = 'DB_VERSION';
diff --git a/docs-core/src/main/resources/email_template/layout.ftl b/docs-core/src/main/resources/email_template/layout.ftl
new file mode 100644
index 00000000..74a8dd09
--- /dev/null
+++ b/docs-core/src/main/resources/email_template/layout.ftl
@@ -0,0 +1,16 @@
+<#macro email>
+  <table style="width: 100%; font-family: -apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';">
+    <tr style="background: #242424; color: #fff;">
+      <td style="padding: 12px; font-size: 16px; font-weight: bold;">
+        ${base_url}
+      </td>
+    </tr>
+    <tr>
+      <td style="padding-bottom: 10px; padding-top: 10px;">
+        <div style="border: 1px solid #ddd; padding: 10px;">
+          <#nested>
+        </div>
+      </td>
+    </tr>
+  </table>
+</#macro>
\ No newline at end of file
diff --git a/docs-core/src/main/resources/email_template/password_recovery/template.ftl b/docs-core/src/main/resources/email_template/password_recovery/template.ftl
new file mode 100644
index 00000000..84c371fa
--- /dev/null
+++ b/docs-core/src/main/resources/email_template/password_recovery/template.ftl
@@ -0,0 +1,8 @@
+<#import "../layout.ftl" as layout>
+<@layout.email>
+  <h2>${app_name} - ${messages['email.template.password_recovery.subject']}</h2>
+  <p>${messages('email.template.password_recovery.hello', user_name)}</p>
+  <p>${messages['email.template.password_recovery.instruction1']}</p>
+  <p>${messages['email.template.password_recovery.instruction2']}</p>
+  <a href="${base_url}/#/passwordreset/${password_recovery_key}">${messages['email.template.password_recovery.click_here']}</a>
+</@layout.email>
\ No newline at end of file
diff --git a/docs-core/src/main/resources/messages.properties b/docs-core/src/main/resources/messages.properties
new file mode 100644
index 00000000..fc8d7a39
--- /dev/null
+++ b/docs-core/src/main/resources/messages.properties
@@ -0,0 +1,5 @@
+email.template.password_recovery.subject=Please reset your password
+email.template.password_recovery.hello=Hello {0}.
+email.template.password_recovery.instruction1=We have received a request to reset your password.<br/>If you did not request help, then feel free to ignore this email.
+email.template.password_recovery.instruction2=To reset your password, please visit the link below:
+email.template.password_recovery.click_here=Click here to reset your password
\ No newline at end of file
diff --git a/docs-core/src/main/resources/messages_fr.properties b/docs-core/src/main/resources/messages_fr.properties
new file mode 100644
index 00000000..6ddc4b41
--- /dev/null
+++ b/docs-core/src/main/resources/messages_fr.properties
@@ -0,0 +1,5 @@
+email.template.password_recovery.subject=Réinitialiser votre mot de passe
+email.template.password_recovery.hello=Bonjour {0}.
+email.template.password_recovery.instruction1=Nous avons reçu une demande de réinitialisation de mot de passe.<br/>Si vous n''avez rien demandé, vous pouvez ignorer cet mail.
+email.template.password_recovery.instruction2=Pour réinitialiser votre mot de passe, cliquez sur le lien ci-dessous :
+email.template.password_recovery.click_here=Cliquez ici pour réinitialiser votre mot de passe.
\ No newline at end of file
diff --git a/docs-web-common/pom.xml b/docs-web-common/pom.xml
index 5a7e8a30..efa9aced 100644
--- a/docs-web-common/pom.xml
+++ b/docs-web-common/pom.xml
@@ -93,7 +93,13 @@
       <artifactId>jersey-container-grizzly2-servlet</artifactId>
       <scope>test</scope>
     </dependency>
-    
+
+    <dependency>
+      <groupId>org.subethamail</groupId>
+      <artifactId>subethasmtp-wiser</artifactId>
+      <scope>test</scope>
+    </dependency>
+
   </dependencies>
   
   <!-- Install test jar -->
diff --git a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
index a344443d..0d00e9a4 100644
--- a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
+++ b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
@@ -1,11 +1,9 @@
 package com.sismics.docs.rest;
 
-import java.net.URI;
-
-import javax.ws.rs.core.Application;
-import javax.ws.rs.core.UriBuilder;
-
+import com.sismics.docs.rest.util.ClientUtil;
 import com.sismics.util.filter.HeaderBasedSecurityFilter;
+import com.sismics.util.filter.RequestContextFilter;
+import com.sismics.util.filter.TokenBasedSecurityFilter;
 import org.glassfish.grizzly.http.server.HttpServer;
 import org.glassfish.grizzly.servlet.ServletRegistration;
 import org.glassfish.grizzly.servlet.WebappContext;
@@ -17,10 +15,17 @@ import org.glassfish.jersey.test.spi.TestContainerException;
 import org.glassfish.jersey.test.spi.TestContainerFactory;
 import org.junit.After;
 import org.junit.Before;
+import org.subethamail.wiser.Wiser;
+import org.subethamail.wiser.WiserMessage;
 
-import com.sismics.docs.rest.util.ClientUtil;
-import com.sismics.util.filter.RequestContextFilter;
-import com.sismics.util.filter.TokenBasedSecurityFilter;
+import javax.mail.MessagingException;
+import javax.mail.internet.MimeMessage;
+import javax.ws.rs.core.Application;
+import javax.ws.rs.core.UriBuilder;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.util.List;
 
 /**
  * Base class of integration tests with Jersey.
@@ -37,6 +42,11 @@ public abstract class BaseJerseyTest extends JerseyTest {
      * Utility class for the REST client.
      */
     protected ClientUtil clientUtil;
+
+    /**
+     * Test mail server.
+     */
+    private Wiser wiser;
     
     @Override
     protected TestContainerFactory getTestContainerFactory() throws TestContainerException {
@@ -66,7 +76,11 @@ public abstract class BaseJerseyTest extends JerseyTest {
         System.setProperty("docs.header_authentication", "true");
 
         clientUtil = new ClientUtil(target());
-        
+
+        wiser = new Wiser();
+        wiser.setPort(2500);
+        wiser.start();
+
         httpServer = HttpServer.createSimpleServer(getClass().getResource("/").getFile(), "localhost", getPort());
         WebappContext context = new WebappContext("GrizzlyContext", "/docs");
         context.addFilter("requestContextFilter", RequestContextFilter.class)
@@ -86,6 +100,26 @@ public abstract class BaseJerseyTest extends JerseyTest {
         httpServer.start();
     }
 
+    /**
+     * Extract an email from the list and consume it.
+     *
+     * @return Texte de l'email
+     * @throws MessagingException e
+     * @throws IOException e
+     */
+    protected String popEmail() throws MessagingException, IOException {
+        List<WiserMessage> wiserMessageList = wiser.getMessages();
+        if (wiserMessageList.isEmpty()) {
+            return null;
+        }
+        WiserMessage wiserMessage = wiserMessageList.get(wiserMessageList.size() - 1);
+        wiserMessageList.remove(wiserMessageList.size() - 1);
+        MimeMessage message = wiserMessage.getMimeMessage();
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        message.writeTo(os);
+        return os.toString();
+    }
+
     @Override
     @After
     public void tearDown() throws Exception {
diff --git a/docs-web/pom.xml b/docs-web/pom.xml
index 3573646e..4d239548 100644
--- a/docs-web/pom.xml
+++ b/docs-web/pom.xml
@@ -121,6 +121,12 @@
       <artifactId>jersey-container-grizzly2-servlet</artifactId>
       <scope>test</scope>
     </dependency>
+
+    <dependency>
+      <groupId>org.subethamail</groupId>
+      <artifactId>subethasmtp-wiser</artifactId>
+      <scope>test</scope>
+    </dependency>
     
   </dependencies>
 
diff --git a/docs-web/src/dev/resources/config.properties b/docs-web/src/dev/resources/config.properties
index 17c44aa4..b41be0b3 100644
--- a/docs-web/src/dev/resources/config.properties
+++ b/docs-web/src/dev/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=12
\ No newline at end of file
+db.version=13
\ No newline at end of file
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
index aaca4646..1226fa27 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -11,6 +11,8 @@ import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.dao.jpa.dto.UserDto;
 import com.sismics.docs.core.event.DocumentDeletedAsyncEvent;
 import com.sismics.docs.core.event.FileDeletedAsyncEvent;
+import com.sismics.docs.core.event.PasswordLostEvent;
+import com.sismics.docs.core.model.context.AppContext;
 import com.sismics.docs.core.model.jpa.*;
 import com.sismics.docs.core.util.ConfigUtil;
 import com.sismics.docs.core.util.EncryptionUtil;
@@ -901,7 +903,110 @@ public class UserResource extends BaseResource {
                 .add("status", "ok");
         return Response.ok().entity(response.build()).build();
     }
-    
+
+    /**
+     * Create a key to reset a password and send it by email.
+     *
+     * @api {post} /user/password_lost Create a key to reset a password and send it by email
+     * @apiName PostUserPasswordLost
+     * @apiGroup User
+     * @apiParam {String} username Username
+     * @apiSuccess {String} status Status OK
+     * @apiError (client) UserNotFound The user is not found
+     * @apiError (client) ValidationError Validation error
+     * @apiPermission none
+     * @apiVersion 1.5.0
+     *
+     * @param username Username
+     * @return Response
+     */
+    @POST
+    @Path("password_lost")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response passwordLost(@FormParam("username") String username) {
+        authenticate();
+
+        // Validate input data
+        ValidationUtil.validateStringNotBlank("username", username);
+
+        // Check for user existence
+        UserDao userDao = new UserDao();
+        User user = userDao.getActiveByUsername(username);
+        if (user == null) {
+            throw new ClientException("UserNotFound", "User not found: " + username);
+        }
+
+        // Create the password recovery key
+        PasswordRecoveryDao passwordRecoveryDao = new PasswordRecoveryDao();
+        PasswordRecovery passwordRecovery = new PasswordRecovery();
+        passwordRecovery.setUsername(user.getUsername());
+        passwordRecoveryDao.create(passwordRecovery);
+
+        // Fire a password lost event
+        PasswordLostEvent passwordLostEvent = new PasswordLostEvent();
+        passwordLostEvent.setUser(user);
+        passwordLostEvent.setPasswordRecovery(passwordRecovery);
+        AppContext.getInstance().getMailEventBus().post(passwordLostEvent);
+
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+
+    /**
+     * Reset the user's password.
+     *
+     * @api {post} /user/password_reset Reset the user's password
+     * @apiName PostUserPasswordReset
+     * @apiGroup User
+     * @apiParam {String} key Password recovery key
+     * @apiParam {String} password New password
+     * @apiSuccess {String} status Status OK
+     * @apiError (client) KeyNotFound Password recovery key not found
+     * @apiError (client) ValidationError Validation error
+     * @apiPermission none
+     * @apiVersion 1.5.0
+     *
+     * @param passwordResetKey Password reset key
+     * @param password New password
+     * @return Response
+     */
+    @POST
+    @Path("password_reset")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response passwordReset(
+            @FormParam("key") String passwordResetKey,
+            @FormParam("password") String password) {
+        authenticate();
+
+        // Validate input data
+        ValidationUtil.validateRequired("key", passwordResetKey);
+        password = ValidationUtil.validateLength(password, "password", 8, 50, true);
+
+        // Load the password recovery key
+        PasswordRecoveryDao passwordRecoveryDao = new PasswordRecoveryDao();
+        PasswordRecovery passwordRecovery = passwordRecoveryDao.getActiveById(passwordResetKey);
+        if (passwordRecovery == null) {
+            throw new ClientException("KeyNotFound", "Password recovery key not found");
+        }
+
+        UserDao userDao = new UserDao();
+        User user = userDao.getActiveByUsername(passwordRecovery.getUsername());
+
+        // Change the password
+        user.setPassword(password);
+        user = userDao.updatePassword(user, principal.getId());
+
+        // Deletes password recovery requests
+        passwordRecoveryDao.deleteActiveByLogin(user.getUsername());
+
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+
     /**
      * Returns the authentication token value.
      *
diff --git a/docs-web/src/prod/resources/config.properties b/docs-web/src/prod/resources/config.properties
index 17c44aa4..b41be0b3 100644
--- a/docs-web/src/prod/resources/config.properties
+++ b/docs-web/src/prod/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=12
\ No newline at end of file
+db.version=13
\ No newline at end of file
diff --git a/docs-web/src/stress/resources/config.properties b/docs-web/src/stress/resources/config.properties
index 17c44aa4..b41be0b3 100644
--- a/docs-web/src/stress/resources/config.properties
+++ b/docs-web/src/stress/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=12
\ No newline at end of file
+db.version=13
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
index 4d5bdfa7..6cddb206 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -1,5 +1,6 @@
 package com.sismics.docs.rest;
 
+import com.sismics.docs.core.model.context.AppContext;
 import com.sismics.util.filter.TokenBasedSecurityFilter;
 import com.sismics.util.totp.GoogleAuthenticator;
 import org.junit.Assert;
@@ -13,6 +14,8 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import java.util.Date;
 import java.util.Locale;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * Exhaustive test of the user resource.
@@ -354,4 +357,79 @@ public class TestUserResource extends BaseJerseyTest {
                 .get(JsonObject.class);
         Assert.assertFalse(json.getBoolean("totp_enabled"));
     }
+
+    @Test
+    public void testResetPassword() throws Exception {
+        // Login admin
+        String adminToken = clientUtil.login("admin", "admin", false);
+
+        // Change SMTP configuration to target Wiser
+        target().path("/app/config_smtp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()
+                        .param("hostname", "localhost")
+                        .param("port", "2500")
+                        .param("from", "contact@sismicsdocs.com")
+                ), JsonObject.class);
+
+        // Create absent_minded who lost his password
+        clientUtil.createUser("absent_minded");
+
+        // User no_such_user try to recovery its password: invalid user
+        Response response = target().path("/user/password_lost").request()
+                .post(Entity.form(new Form()
+                        .param("username", "no_such_user")));
+        Assert.assertEquals(Response.Status.BAD_REQUEST, Response.Status.fromStatusCode(response.getStatus()));
+        JsonObject json = response.readEntity(JsonObject.class);
+        Assert.assertEquals("UserNotFound", json.getString("type"));
+
+        // User absent_minded try to recovery its password: OK
+        json = target().path("/user/password_lost").request()
+                .post(Entity.form(new Form()
+                        .param("username", "absent_minded")), JsonObject.class);
+        Assert.assertEquals("ok", json.getString("status"));
+        AppContext.getInstance().waitForAsync();
+        String emailBody = popEmail();
+        Assert.assertNotNull("No email to consume", emailBody);
+        Assert.assertTrue(emailBody.contains("Please reset your password"));
+        Pattern keyPattern = Pattern.compile("/passwordreset/(.+?)\"");
+        Matcher keyMatcher = keyPattern.matcher(emailBody);
+        Assert.assertTrue("Token not found", keyMatcher.find());
+        String key = keyMatcher.group(1).replaceAll("=", "");
+
+        // User absent_minded resets its password: invalid key
+        response = target().path("/user/password_reset").request()
+                .post(Entity.form(new Form()
+                        .param("key", "no_such_key")
+                        .param("password", "87654321")));
+        Assert.assertEquals(Response.Status.BAD_REQUEST, Response.Status.fromStatusCode(response.getStatus()));
+        json = response.readEntity(JsonObject.class);
+        Assert.assertEquals("KeyNotFound", json.getString("type"));
+
+        // User absent_minded resets its password: password invalid
+        response = target().path("/user/password_reset").request()
+                .post(Entity.form(new Form()
+                        .param("key", key)
+                        .param("password", " 1 ")));
+        Assert.assertEquals(Response.Status.BAD_REQUEST, Response.Status.fromStatusCode(response.getStatus()));
+        json = response.readEntity(JsonObject.class);
+        Assert.assertEquals("ValidationError", json.getString("type"));
+        Assert.assertTrue(json.getString("message"), json.getString("message").contains("password"));
+
+        // User absent_minded resets its password: OK
+        json = target().path("/user/password_reset").request()
+                .post(Entity.form(new Form()
+                        .param("key", key)
+                        .param("password", "87654321")), JsonObject.class);
+        Assert.assertEquals("ok", json.getString("status"));
+
+        // User absent_minded resets its password: expired key
+        response = target().path("/user/password_reset").request()
+                .post(Entity.form(new Form()
+                        .param("key", key)
+                        .param("password", "87654321")));
+        Assert.assertEquals(Response.Status.BAD_REQUEST, Response.Status.fromStatusCode(response.getStatus()));
+        json = response.readEntity(JsonObject.class);
+        Assert.assertEquals("KeyNotFound", json.getString("type"));
+    }
 }
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index b3cadb17..4059a000 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,6 +19,8 @@
     <org.apache.commons.commons-compress.version>1.10</org.apache.commons.commons-compress.version>
     <commons-lang.commons-lang.version>2.6</commons-lang.commons-lang.version>
     <commons-io.commons-io.version>2.4</commons-io.commons-io.version>
+    <org.apache.commons.commons-email.version>1.5</org.apache.commons.commons-email.version>
+    <org.freemarker.freemarker.version>2.3.23</org.freemarker.freemarker.version>
     <commons-dbcp.version>1.4</commons-dbcp.version>
     <com.google.guava.guava.version>19.0</com.google.guava.guava.version>
     <log4j.log4j.version>1.2.16</log4j.log4j.version>
@@ -27,6 +29,7 @@
     <junit.junit.version>4.12</junit.junit.version>
     <com.h2database.h2.version>1.4.191</com.h2database.h2.version>
     <org.glassfish.jersey.version>2.22.2</org.glassfish.jersey.version>
+    <org.glassfish.javax.json.version>1.0.4</org.glassfish.javax.json.version>
     <org.mindrot.jbcrypt>0.3m</org.mindrot.jbcrypt>
     <org.apache.lucene.version>5.5.0</org.apache.lucene.version>
     <org.imgscalr.imgscalr-lib.version>4.2</org.imgscalr.imgscalr-lib.version>
@@ -40,6 +43,7 @@
     <com.twelvemonkeys.imageio.version>3.2.1</com.twelvemonkeys.imageio.version>
     <com.levigo.jbig2.levigo-jbig2-imageio.version>1.6.5</com.levigo.jbig2.levigo-jbig2-imageio.version>
     <com.github.jai-imageio.jai-imageio-core.version>1.3.1</com.github.jai-imageio.jai-imageio-core.version>
+    <org.subethamail.subethasmtp-wiser.version>1.2</org.subethamail.subethasmtp-wiser.version>
 
     <org.eclipse.jetty.jetty-server.version>9.2.13.v20150730</org.eclipse.jetty.jetty-server.version>
     <org.eclipse.jetty.jetty-webapp.version>9.2.13.v20150730</org.eclipse.jetty.jetty-webapp.version>
@@ -193,6 +197,12 @@
         <artifactId>commons-io</artifactId>
         <version>${commons-io.commons-io.version}</version>
       </dependency>
+
+      <dependency>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-email</artifactId>
+        <version>${org.apache.commons.commons-email.version}</version>
+      </dependency>
       
       <dependency>
         <groupId>com.google.guava</groupId>
@@ -284,7 +294,13 @@
         <artifactId>jersey-container-grizzly2-servlet</artifactId>
         <version>${org.glassfish.jersey.version}</version>
       </dependency>
-      
+
+      <dependency>
+        <groupId>org.glassfish</groupId>
+        <artifactId>javax.json</artifactId>
+        <version>${org.glassfish.javax.json.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>com.h2database</groupId>
         <artifactId>h2</artifactId>
@@ -314,7 +330,13 @@
         <artifactId>commons-dbcp</artifactId>
         <version>${commons-dbcp.version}</version>
       </dependency>
-      
+
+      <dependency>
+        <groupId>org.freemarker</groupId>
+        <artifactId>freemarker</artifactId>
+        <version>${org.freemarker.freemarker.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>joda-time</groupId>
         <artifactId>joda-time</artifactId>
@@ -375,6 +397,12 @@
         <version>${fr.opensagres.xdocreport.version}</version>
       </dependency>
 
+      <dependency>
+        <groupId>org.subethamail</groupId>
+        <artifactId>subethasmtp-wiser</artifactId>
+        <version>${org.subethamail.subethasmtp-wiser.version}</version>
+      </dependency>
+
       <!-- Servlet listener to register SPI ImageIO plugins -->
       <dependency>
         <groupId>com.twelvemonkeys.servlet</groupId>

From 332fd9d1f698088cc69dbb0a52aba296339bf319 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Fri, 17 Nov 2017 22:26:20 +0100
Subject: [PATCH 02/17] fix tests

---
 .../src/test/java/com/sismics/docs/rest/BaseJerseyTest.java    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
index 0d00e9a4..a434b227 100644
--- a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
+++ b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
@@ -127,5 +127,8 @@ public abstract class BaseJerseyTest extends JerseyTest {
         if (httpServer != null) {
             httpServer.shutdownNow();
         }
+        if (wiser != null) {
+            wiser.stop();
+        }
     }
 }

From 4cf1f29e0a778fc990a22a966d0884169581b717 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Fri, 17 Nov 2017 23:17:05 +0100
Subject: [PATCH 03/17] Closes #161: password recovery by email

---
 .../main/java/com/sismics/util/EmailUtil.java |  4 +-
 .../main/resources/email_template/layout.ftl  |  2 +-
 .../docs/rest/resource/AppResource.java       | 71 ++++++++++---------
 docs-web/src/main/webapp/src/app/docs/app.js  |  9 +++
 .../webapp/src/app/docs/controller/Login.js   | 12 ++--
 .../docs/controller/LoginModalPasswordLost.js |  6 +-
 .../src/app/docs/controller/PasswordReset.js  | 20 ++++++
 .../controller/settings/SettingsConfig.js     | 21 ++++--
 docs-web/src/main/webapp/src/index.html       |  1 +
 docs-web/src/main/webapp/src/locale/en.json   | 19 ++++-
 .../webapp/src/partial/docs/passwordlost.html |  4 +-
 .../src/partial/docs/passwordreset.html       | 25 +++++++
 .../src/partial/docs/settings.config.html     | 50 +++++++++++++
 13 files changed, 188 insertions(+), 56 deletions(-)
 create mode 100644 docs-web/src/main/webapp/src/app/docs/controller/PasswordReset.js
 create mode 100644 docs-web/src/main/webapp/src/partial/docs/passwordreset.html

diff --git a/docs-core/src/main/java/com/sismics/util/EmailUtil.java b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
index 13ddefbc..af6c88fa 100644
--- a/docs-core/src/main/java/com/sismics/util/EmailUtil.java
+++ b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
@@ -75,6 +75,8 @@ public class EmailUtil {
             email.setCharset("UTF-8");
             email.setHostName(ConfigUtil.getConfigStringValue(ConfigType.SMTP_HOSTNAME));
             email.setSmtpPort(ConfigUtil.getConfigIntegerValue(ConfigType.SMTP_PORT));
+            email.setAuthentication(ConfigUtil.getConfigStringValue(ConfigType.SMTP_USERNAME),
+                    ConfigUtil.getConfigStringValue(ConfigType.SMTP_PASSWORD));
             email.addTo(recipientUser.getEmail(), recipientUser.getUsername());
             ConfigDao configDao = new ConfigDao();
             Config themeConfig = configDao.getById(ConfigType.THEME);
@@ -87,7 +89,7 @@ public class EmailUtil {
             }
             email.setFrom(ConfigUtil.getConfigStringValue(ConfigType.SMTP_FROM), appName);
             java.util.Locale userLocale = LocaleUtil.getLocale(System.getenv(Constants.DEFAULT_LANGUAGE_ENV));
-            email.setSubject(subject);
+            email.setSubject(appName + " - " + subject);
             email.setTextMsg(MessageUtil.getMessage(userLocale, "email.no_html.error"));
 
             // Add automatic parameters
diff --git a/docs-core/src/main/resources/email_template/layout.ftl b/docs-core/src/main/resources/email_template/layout.ftl
index 74a8dd09..0ceae478 100644
--- a/docs-core/src/main/resources/email_template/layout.ftl
+++ b/docs-core/src/main/resources/email_template/layout.ftl
@@ -2,7 +2,7 @@
   <table style="width: 100%; font-family: -apple-system,BlinkMacSystemFont,'Segoe UI',Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji','Segoe UI Symbol';">
     <tr style="background: #242424; color: #fff;">
       <td style="padding: 12px; font-size: 16px; font-weight: bold;">
-        ${base_url}
+        ${app_name}
       </td>
     </tr>
     <tr>
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index 0586d6bd..ca422cbe 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -1,32 +1,11 @@
 package com.sismics.docs.rest.resource;
 
-import java.io.IOException;
-import java.nio.file.DirectoryStream;
-import java.nio.file.Files;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.ResourceBundle;
-
-import javax.json.Json;
-import javax.json.JsonArrayBuilder;
-import javax.json.JsonObjectBuilder;
-import javax.persistence.EntityManager;
-import javax.persistence.Query;
-import javax.ws.rs.*;
-import javax.ws.rs.core.Response;
-
+import com.google.common.base.Strings;
 import com.sismics.docs.core.constant.ConfigType;
-import com.sismics.docs.core.dao.jpa.*;
+import com.sismics.docs.core.dao.jpa.ConfigDao;
+import com.sismics.docs.core.dao.jpa.FileDao;
+import com.sismics.docs.core.dao.jpa.UserDao;
 import com.sismics.docs.core.event.RebuildIndexAsyncEvent;
-import com.sismics.rest.util.ValidationUtil;
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Appender;
-import org.apache.log4j.Level;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.docs.core.model.jpa.User;
 import com.sismics.docs.core.util.ConfigUtil;
@@ -36,10 +15,28 @@ import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.rest.constant.BaseFunction;
 import com.sismics.rest.exception.ForbiddenClientException;
 import com.sismics.rest.exception.ServerException;
+import com.sismics.rest.util.ValidationUtil;
 import com.sismics.util.context.ThreadLocalContext;
 import com.sismics.util.log4j.LogCriteria;
 import com.sismics.util.log4j.LogEntry;
 import com.sismics.util.log4j.MemoryAppender;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Appender;
+import org.apache.log4j.Level;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.json.Json;
+import javax.json.JsonArrayBuilder;
+import javax.json.JsonObjectBuilder;
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+import javax.ws.rs.*;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.nio.file.DirectoryStream;
+import java.nio.file.Files;
+import java.util.*;
 
 /**
  * General app REST resource.
@@ -126,6 +123,7 @@ public class AppResource extends BaseResource {
      * @apiParam {String} username SMTP username
      * @apiParam {String} password SMTP password
      * @apiError (client) ForbiddenError Access denied
+     * @apiError (client) ValidationError Validation error
      * @apiPermission admin
      * @apiVersion 1.5.0
      *
@@ -147,18 +145,25 @@ public class AppResource extends BaseResource {
             throw new ForbiddenClientException();
         }
         checkBaseFunction(BaseFunction.ADMIN);
-        ValidationUtil.validateRequired(hostname, "hostname");
-        ValidationUtil.validateInteger(portStr, "port");
-        ValidationUtil.validateRequired(from, "from");
+        if (!Strings.isNullOrEmpty(portStr)) {
+            ValidationUtil.validateInteger(portStr, "port");
+        }
 
+        // Just update the changed configuration
         ConfigDao configDao = new ConfigDao();
-        configDao.update(ConfigType.SMTP_HOSTNAME, hostname);
-        configDao.update(ConfigType.SMTP_PORT, portStr);
-        configDao.update(ConfigType.SMTP_FROM, from);
-        if (username != null) {
+        if (!Strings.isNullOrEmpty(hostname)) {
+            configDao.update(ConfigType.SMTP_HOSTNAME, hostname);
+        }
+        if (!Strings.isNullOrEmpty(portStr)) {
+            configDao.update(ConfigType.SMTP_PORT, portStr);
+        }
+        if (!Strings.isNullOrEmpty(from)) {
+            configDao.update(ConfigType.SMTP_FROM, from);
+        }
+        if (!Strings.isNullOrEmpty(username)) {
             configDao.update(ConfigType.SMTP_USERNAME, username);
         }
-        if (password != null) {
+        if (!Strings.isNullOrEmpty(password)) {
             configDao.update(ConfigType.SMTP_PASSWORD, password);
         }
 
diff --git a/docs-web/src/main/webapp/src/app/docs/app.js b/docs-web/src/main/webapp/src/app/docs/app.js
index 707bef6a..bcaa03b7 100644
--- a/docs-web/src/main/webapp/src/app/docs/app.js
+++ b/docs-web/src/main/webapp/src/app/docs/app.js
@@ -28,6 +28,15 @@ angular.module('docs',
         }
       }
     })
+    .state('passwordreset', {
+      url: '/passwordreset/:key',
+      views: {
+        'page': {
+          templateUrl: 'partial/docs/passwordreset.html',
+          controller: 'PasswordReset'
+        }
+      }
+    })
     .state('tag', {
       url: '/tag',
       abstract: true,
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/Login.js b/docs-web/src/main/webapp/src/app/docs/controller/Login.js
index 7b008144..32b3a000 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/Login.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/Login.js
@@ -46,22 +46,22 @@ angular.module('docs').controller('Login', function(Restangular, $scope, $rootSc
     $uibModal.open({
       templateUrl: 'partial/docs/passwordlost.html',
       controller: 'LoginModalPasswordLost'
-    }).result.then(function (email) {
-      if (name === null) {
+    }).result.then(function (username) {
+      if (username === null) {
         return;
       }
 
       // Send a password lost email
-      Restangular.one('user').post('passwordLost', {
-        email: email
+      Restangular.one('user').post('password_lost', {
+        username: username
       }).then(function () {
         var title = $translate.instant('login.password_lost_sent_title');
-        var msg = $translate.instant('login.password_lost_sent_message', { email: email });
+        var msg = $translate.instant('login.password_lost_sent_message', { username: username });
         var btns = [{result: 'ok', label: $translate.instant('ok'), cssClass: 'btn-primary'}];
         $dialog.messageBox(title, msg, btns);
       }, function () {
         var title = $translate.instant('login.password_lost_error_title');
-        var msg = $translate.instant('login.password_lost_error_message', { email: email });
+        var msg = $translate.instant('login.password_lost_error_message');
         var btns = [{result: 'ok', label: $translate.instant('ok'), cssClass: 'btn-primary'}];
         $dialog.messageBox(title, msg, btns);
       });
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js b/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
index 534b9f46..16517457 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
@@ -4,8 +4,8 @@
  * Login modal password lost controller.
  */
 angular.module('docs').controller('LoginModalPasswordLost', function ($scope, $uibModalInstance) {
-  $scope.email = '';
-  $scope.close = function(name) {
-    $uibModalInstance.close(name);
+  $scope.username = '';
+  $scope.close = function(username) {
+    $uibModalInstance.close(username);
   }
 });
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/PasswordReset.js b/docs-web/src/main/webapp/src/app/docs/controller/PasswordReset.js
new file mode 100644
index 00000000..f525ac92
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/PasswordReset.js
@@ -0,0 +1,20 @@
+'use strict';
+
+/**
+ * Password reset controller.
+ */
+angular.module('docs').controller('PasswordReset', function($scope, Restangular, $state, $stateParams, $translate, $dialog) {
+  $scope.submit = function () {
+    Restangular.one('user').post('password_reset', {
+      key: $stateParams.key,
+      password: $scope.password
+    }).then(function () {
+      $state.go('login');
+    }, function () {
+      var title = $translate.instant('passwordreset.error_title');
+      var msg = $translate.instant('passwordreset.error_message');
+      var btns = [{result: 'ok', label: $translate.instant('ok'), cssClass: 'btn-primary'}];
+      $dialog.messageBox(title, msg, btns);
+    });
+  };
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js b/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
index 7efaac1d..32d55dd0 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
@@ -5,29 +5,29 @@
  */
 angular.module('docs').controller('SettingsConfig', function($scope, $rootScope, Restangular) {
   // Get the app configuration
-  Restangular.one('app').get().then(function(data) {
+  Restangular.one('app').get().then(function (data) {
     $scope.app = data;
   });
 
   // Enable/disable guest login
-  $scope.changeGuestLogin = function(enabled) {
+  $scope.changeGuestLogin = function (enabled) {
     Restangular.one('app').post('guest_login', {
       enabled: enabled
-    }).then(function() {
+    }).then(function () {
       $scope.app.guest_login = enabled;
     });
   };
 
   // Fetch the current theme configuration
-  Restangular.one('theme').get().then(function(data) {
+  Restangular.one('theme').get().then(function (data) {
     $scope.theme = data;
     $rootScope.appName = $scope.theme.name;
   });
 
   // Update the theme
-  $scope.update = function() {
+  $scope.update = function () {
     $scope.theme.name = $scope.theme.name.length === 0 ? 'Sismics Docs' : $scope.theme.name;
-    Restangular.one('theme').post('', $scope.theme).then(function() {
+    Restangular.one('theme').post('', $scope.theme).then(function () {
       var stylesheet = $('#theme-stylesheet')[0];
       stylesheet.href = stylesheet.href.replace(/\?.*|$/, '?' + new Date().getTime());
       $rootScope.appName = $scope.theme.name;
@@ -36,7 +36,7 @@ angular.module('docs').controller('SettingsConfig', function($scope, $rootScope,
   
   // Send an image
   $scope.sendingImage = false;
-  $scope.sendImage = function(type, image) {
+  $scope.sendImage = function (type, image) {
     // Build the payload
     var formData = new FormData();
     formData.append('image', image);
@@ -64,4 +64,11 @@ angular.module('docs').controller('SettingsConfig', function($scope, $rootScope,
       }
     });
   };
+
+  // Edit SMTP config
+  $scope.editSmtpConfig = function () {
+    Restangular.one('app').post('config_smtp', $scope.smtp).then(function () {
+      $scope.smtpUpdated = true;
+    });
+  };
 });
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/index.html b/docs-web/src/main/webapp/src/index.html
index fa1ac830..3d237b6e 100644
--- a/docs-web/src/main/webapp/src/index.html
+++ b/docs-web/src/main/webapp/src/index.html
@@ -49,6 +49,7 @@
     <script src="app/docs/controller/Main.js" type="text/javascript"></script>
     <script src="app/docs/controller/Login.js" type="text/javascript"></script>
     <script src="app/docs/controller/LoginModalPasswordLost.js" type="text/javascript"></script>
+    <script src="app/docs/controller/PasswordReset.js" type="text/javascript"></script>
     <script src="app/docs/controller/Navigation.js" type="text/javascript"></script>
     <script src="app/docs/controller/Footer.js" type="text/javascript"></script>
     <script src="app/docs/controller/document/Document.js" type="text/javascript"></script>
diff --git a/docs-web/src/main/webapp/src/locale/en.json b/docs-web/src/main/webapp/src/locale/en.json
index 11723edb..fc54b550 100644
--- a/docs-web/src/main/webapp/src/locale/en.json
+++ b/docs-web/src/main/webapp/src/locale/en.json
@@ -12,15 +12,21 @@
     "login_failed_message": "Username or password invalid",
     "password_lost_btn": "Password lost?",
     "password_lost_sent_title": "Password reset email sent",
-    "password_lost_sent_message": "An email has been sent to <strong>{{ email }}</strong> to reset your password",
+    "password_lost_sent_message": "An email has been sent to <strong>{{ username }}</strong> to reset your password",
     "password_lost_error_title": "Password reset error",
     "password_lost_error_message": "Unable to send a password reset email, please contact your administrator for a manual reset"
   },
   "passwordlost": {
     "title": "Password lost",
-    "message": "Please enter your email address to receive a password reset link",
+    "message": "Please enter your username to receive a password reset link. If you don't remember your username, please contact your administrator",
     "submit": "Reset my password"
   },
+  "passwordreset": {
+    "message": "Please enter a new password",
+    "submit": "Change my password",
+    "error_title": "Error changing your password",
+    "error_message": "Your password recovery request is expired, please ask a new one on the login page"
+  },
   "index": {
     "toggle_navigation": "Toggle navigation",
     "nav_documents": "Documents",
@@ -295,7 +301,14 @@
       "custom_css_placeholder": "Custom CSS to add after the main stylesheet",
       "logo": "Logo (squared size)",
       "background_image": "Background image",
-      "uploading_image": "Uploading the image..."
+      "uploading_image": "Uploading the image...",
+      "title_smtp": "Email <small>configuration</small>",
+      "smtp_hostname": "SMTP hostname",
+      "smtp_port": "SMTP port",
+      "smtp_from": "Sender e-mail",
+      "smtp_username": "SMTP username",
+      "smtp_password": "SMTP password",
+      "smtp_updated": "SMTP configuration updated successfully"
     },
     "log": {
       "title": "Server <small>logs</small>",
diff --git a/docs-web/src/main/webapp/src/partial/docs/passwordlost.html b/docs-web/src/main/webapp/src/partial/docs/passwordlost.html
index 73d042c0..2bb1baac 100644
--- a/docs-web/src/main/webapp/src/partial/docs/passwordlost.html
+++ b/docs-web/src/main/webapp/src/partial/docs/passwordlost.html
@@ -5,11 +5,11 @@
 <div class="modal-body">
   <p>
     <label for="share-result">{{ 'passwordlost.message' | translate }}</label>
-    <input name="email" class="form-control" type="email" required id="share-result" ng-model="email" />
+    <input name="username" class="form-control" type="text" required id="share-result" ng-model="username" />
   </p>
 </div>
 <div class="modal-footer">
-  <button ng-click="close(email)" class="btn btn-primary" ng-disabled="!form.$valid">
+  <button ng-click="close(username)" class="btn btn-primary" ng-disabled="!form.$valid">
     <span class="glyphicon glyphicon-envelope"></span> {{ 'passwordlost.submit' | translate }}
   </button>
   <button ng-click="close(null)" class="btn btn-default">{{ 'cancel' | translate }}</button>
diff --git a/docs-web/src/main/webapp/src/partial/docs/passwordreset.html b/docs-web/src/main/webapp/src/partial/docs/passwordreset.html
new file mode 100644
index 00000000..dd4bf142
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/passwordreset.html
@@ -0,0 +1,25 @@
+<div class="row">
+  <div class="col-xs-offset-1 col-xs-10 col-sm-offset-2 col-sm-8">
+    <form class="form-horizontal" name="form" novalidate>
+      <div class="form-group" ng-class="{ 'has-error': !form.password.$valid && form.$dirty }">
+        <label for="inputPassword" class="col-sm-4 control-label">{{ 'passwordreset.message' | translate }}</label>
+        <div class="col-sm-4">
+          <input type="password" name="password" ng-model="password" required ng-minlength="8" ng-maxlength="50" class="form-control" id="inputPassword">
+        </div>
+        <div class="col-sm-4">
+          <span class="help-block" ng-show="form.password.$error.required && form.$dirty">{{ 'validation.required' | translate }}</span>
+          <span class="help-block" ng-show="form.password.$error.minlength && form.$dirty">{{ 'validation.too_short' | translate }}</span>
+          <span class="help-block" ng-show="form.password.$error.maxlength && form.$dirty">{{ 'validation.too_long' | translate }}</span>
+        </div>
+      </div>
+      <div class="form-group">
+        <div class="col-sm-offset-4 col-sm-5">
+          <button class="btn btn-primary" ng-disabled="!form.$valid" ng-click="submit()">
+            <span class="glyphicon glyphicon-lock"></span>
+            {{ 'passwordreset.submit' | translate }}
+          </button>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.config.html b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
index 9d1ad83a..b4cb36ac 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.config.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
@@ -73,4 +73,54 @@
       </p>
     </div>
   </div>
+</form>
+
+<h1 translate="settings.config.title_smtp"></h1>
+<div uib-alert ng-class="'alert-success'" ng-show="smtpUpdated">{{ 'settings.config.smtp_updated' | translate }}</div>
+<form class="form-horizontal" name="smtpForm" ng-show="!smtpUpdated" novalidate>
+  <div class="form-group" ng-class="{ 'has-error': !smtpForm.hostname.$valid && smtpForm.$dirty }">
+    <label class="col-sm-2 control-label" for="smtpHostname">{{ 'settings.config.smtp_hostname' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="hostname" type="text" class="form-control" id="smtpHostname" ng-model="smtp.hostname" />
+    </div>
+  </div>
+
+  <div class="form-group" ng-class="{ 'has-error': !smtpForm.port.$valid && smtpForm.$dirty }">
+    <label class="col-sm-2 control-label" for="smtpPort">{{ 'settings.config.smtp_port' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="port" type="number" class="form-control" id="smtpPort" ng-model="smtp.port" />
+    </div>
+  </div>
+
+  <div class="form-group" ng-class="{ 'has-error': !smtpForm.from.$valid && smtpForm.$dirty }">
+    <label class="col-sm-2 control-label" for="smtpFrom">{{ 'settings.config.smtp_from' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="from" type="email" class="form-control" id="smtpFrom" ng-model="smtp.from" />
+    </div>
+    <div class="col-sm-3">
+      <span class="help-block" ng-show="smtpForm.from.$error.email && smtpForm.$dirty">{{ 'validation.email' | translate }}</span>
+    </div>
+  </div>
+
+  <div class="form-group">
+    <label class="col-sm-2 control-label" for="smtpUsername">{{ 'settings.config.smtp_username' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="username" type="text" class="form-control" id="smtpUsername" ng-model="smtp.username" />
+    </div>
+  </div>
+
+  <div class="form-group">
+    <label class="col-sm-2 control-label" for="smtpPassword">{{ 'settings.config.smtp_password' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="password" type="password" class="form-control" id="smtpPassword" ng-model="smtp.password" />
+    </div>
+  </div>
+
+  <div class="form-group">
+    <div class="col-sm-offset-2 col-sm-10">
+      <button type="submit" class="btn btn-primary" ng-click="editSmtpConfig()" ng-disabled="!smtpForm.$valid">
+        <span class="glyphicon glyphicon-pencil"></span> {{ 'edit' | translate }}
+      </button>
+    </div>
+  </div>
 </form>
\ No newline at end of file

From fdb95484c1b7a0bc283eb9724cec25ba90bf810d Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Fri, 17 Nov 2017 23:47:53 +0100
Subject: [PATCH 04/17] fix sending email to an unauthenticated smtp server

---
 docs-core/src/main/java/com/sismics/util/EmailUtil.java | 9 ++++++---
 docs-core/src/main/resources/messages.properties        | 3 ++-
 docs-core/src/main/resources/messages_fr.properties     | 3 ++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/util/EmailUtil.java b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
index af6c88fa..51b4b2e9 100644
--- a/docs-core/src/main/java/com/sismics/util/EmailUtil.java
+++ b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
@@ -75,10 +75,13 @@ public class EmailUtil {
             email.setCharset("UTF-8");
             email.setHostName(ConfigUtil.getConfigStringValue(ConfigType.SMTP_HOSTNAME));
             email.setSmtpPort(ConfigUtil.getConfigIntegerValue(ConfigType.SMTP_PORT));
-            email.setAuthentication(ConfigUtil.getConfigStringValue(ConfigType.SMTP_USERNAME),
-                    ConfigUtil.getConfigStringValue(ConfigType.SMTP_PASSWORD));
-            email.addTo(recipientUser.getEmail(), recipientUser.getUsername());
             ConfigDao configDao = new ConfigDao();
+            Config usernameConfig = configDao.getById(ConfigType.SMTP_USERNAME);
+            Config passwordConfig = configDao.getById(ConfigType.SMTP_PASSWORD);
+            if (usernameConfig != null && passwordConfig != null) {
+                email.setAuthentication(usernameConfig.getValue(), passwordConfig.getValue());
+            }
+            email.addTo(recipientUser.getEmail(), recipientUser.getUsername());
             Config themeConfig = configDao.getById(ConfigType.THEME);
             String appName = "Sismics Docs";
             if (themeConfig != null) {
diff --git a/docs-core/src/main/resources/messages.properties b/docs-core/src/main/resources/messages.properties
index fc8d7a39..06a43b5a 100644
--- a/docs-core/src/main/resources/messages.properties
+++ b/docs-core/src/main/resources/messages.properties
@@ -2,4 +2,5 @@ email.template.password_recovery.subject=Please reset your password
 email.template.password_recovery.hello=Hello {0}.
 email.template.password_recovery.instruction1=We have received a request to reset your password.<br/>If you did not request help, then feel free to ignore this email.
 email.template.password_recovery.instruction2=To reset your password, please visit the link below:
-email.template.password_recovery.click_here=Click here to reset your password
\ No newline at end of file
+email.template.password_recovery.click_here=Click here to reset your password
+email.no_html.error=Your email client does not support HTML messages
\ No newline at end of file
diff --git a/docs-core/src/main/resources/messages_fr.properties b/docs-core/src/main/resources/messages_fr.properties
index 6ddc4b41..4bfc2450 100644
--- a/docs-core/src/main/resources/messages_fr.properties
+++ b/docs-core/src/main/resources/messages_fr.properties
@@ -2,4 +2,5 @@ email.template.password_recovery.subject=R
 email.template.password_recovery.hello=Bonjour {0}.
 email.template.password_recovery.instruction1=Nous avons reçu une demande de réinitialisation de mot de passe.<br/>Si vous n''avez rien demandé, vous pouvez ignorer cet mail.
 email.template.password_recovery.instruction2=Pour réinitialiser votre mot de passe, cliquez sur le lien ci-dessous :
-email.template.password_recovery.click_here=Cliquez ici pour réinitialiser votre mot de passe.
\ No newline at end of file
+email.template.password_recovery.click_here=Cliquez ici pour réinitialiser votre mot de passe.
+email.no_html.error=Votre client mail ne supporte pas les messages au format HTML
\ No newline at end of file

From df1d013b1ceba14d5edd542fceb521b0a9c6ee44 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Sat, 18 Nov 2017 19:34:13 +0100
Subject: [PATCH 05/17] Closes #165: smtp hostname/port/username/password
 configurables with env

---
 .../sismics/docs/core/constant/Constants.java |  8 ++
 .../main/java/com/sismics/util/EmailUtil.java | 44 ++++++++--
 .../docs/rest/resource/AppResource.java       | 85 +++++++++++++++++--
 .../controller/settings/SettingsConfig.js     |  9 +-
 .../src/partial/docs/settings.config.html     | 35 ++++----
 .../sismics/docs/rest/TestAppResource.java    | 22 ++++-
 6 files changed, 168 insertions(+), 35 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
index 9ac980b2..50cbcbd4 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
@@ -55,6 +55,14 @@ public class Constants {
      */
     public static final String DEFAULT_LANGUAGE_ENV = "DOCS_DEFAULT_LANGUAGE";
 
+    /**
+     * SMTP configuration environnement variables.
+     */
+    public static final String SMTP_HOSTNAME_ENV = "DOCS_SMTP_HOSTNAME";
+    public static final String SMTP_PORT_ENV = "DOCS_SMTP_PORT";
+    public static final String SMTP_USERNAME_ENV = "DOCS_SMTP_USERNAME";
+    public static final String SMTP_PASSWORD_ENV = "DOCS_SMTP_PASSWORD";
+
     /**
      * Expiration time of the password recovery in hours.
      */
diff --git a/docs-core/src/main/java/com/sismics/util/EmailUtil.java b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
index 51b4b2e9..88269e0d 100644
--- a/docs-core/src/main/java/com/sismics/util/EmailUtil.java
+++ b/docs-core/src/main/java/com/sismics/util/EmailUtil.java
@@ -73,15 +73,41 @@ public class EmailUtil {
             // Build email headers
             HtmlEmail email = new HtmlEmail();
             email.setCharset("UTF-8");
-            email.setHostName(ConfigUtil.getConfigStringValue(ConfigType.SMTP_HOSTNAME));
-            email.setSmtpPort(ConfigUtil.getConfigIntegerValue(ConfigType.SMTP_PORT));
             ConfigDao configDao = new ConfigDao();
-            Config usernameConfig = configDao.getById(ConfigType.SMTP_USERNAME);
-            Config passwordConfig = configDao.getById(ConfigType.SMTP_PASSWORD);
-            if (usernameConfig != null && passwordConfig != null) {
-                email.setAuthentication(usernameConfig.getValue(), passwordConfig.getValue());
+
+            // Hostname
+            String envHostname = System.getenv(Constants.SMTP_HOSTNAME_ENV);
+            if (envHostname == null) {
+                email.setHostName(ConfigUtil.getConfigStringValue(ConfigType.SMTP_HOSTNAME));
+            } else {
+                email.setHostName(envHostname);
             }
+
+            // Port
+            String envPort = System.getenv(Constants.SMTP_PORT_ENV);
+            if (envPort == null) {
+                email.setSmtpPort(ConfigUtil.getConfigIntegerValue(ConfigType.SMTP_PORT));
+            } else {
+                email.setSmtpPort(Integer.valueOf(envPort));
+            }
+
+            // Username and password
+            String envUsername = System.getenv(Constants.SMTP_USERNAME_ENV);
+            String envPassword = System.getenv(Constants.SMTP_PASSWORD_ENV);
+            if (envUsername == null || envPassword == null) {
+                Config usernameConfig = configDao.getById(ConfigType.SMTP_USERNAME);
+                Config passwordConfig = configDao.getById(ConfigType.SMTP_PASSWORD);
+                if (usernameConfig != null && passwordConfig != null) {
+                    email.setAuthentication(usernameConfig.getValue(), passwordConfig.getValue());
+                }
+            } else {
+                email.setAuthentication(envUsername, envPassword);
+            }
+
+            // Recipient
             email.addTo(recipientUser.getEmail(), recipientUser.getUsername());
+
+            // Application name
             Config themeConfig = configDao.getById(ConfigType.THEME);
             String appName = "Sismics Docs";
             if (themeConfig != null) {
@@ -90,8 +116,14 @@ public class EmailUtil {
                     appName = themeJson.getString("name", "Sismics Docs");
                 }
             }
+
+            // From email address (defined only by configuration value in the database)
             email.setFrom(ConfigUtil.getConfigStringValue(ConfigType.SMTP_FROM), appName);
+
+            // Locale (defined only by environment variable)
             java.util.Locale userLocale = LocaleUtil.getLocale(System.getenv(Constants.DEFAULT_LANGUAGE_ENV));
+
+            // Subject and content
             email.setSubject(appName + " - " + subject);
             email.setTextMsg(MessageUtil.getMessage(userLocale, "email.no_html.error"));
 
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index ca422cbe..e190fea9 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -2,10 +2,12 @@ package com.sismics.docs.rest.resource;
 
 import com.google.common.base.Strings;
 import com.sismics.docs.core.constant.ConfigType;
+import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.ConfigDao;
 import com.sismics.docs.core.dao.jpa.FileDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
 import com.sismics.docs.core.event.RebuildIndexAsyncEvent;
+import com.sismics.docs.core.model.jpa.Config;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.docs.core.model.jpa.User;
 import com.sismics.docs.core.util.ConfigUtil;
@@ -110,6 +112,75 @@ public class AppResource extends BaseResource {
 
         return Response.ok().build();
     }
+
+    /**
+     * Get the SMTP server configuration.
+     *
+     * @api {get} /app/config_smtp Get the SMTP server configuration
+     * @apiName GetAppConfigSmtp
+     * @apiGroup App
+     * @apiSuccess {String} hostname SMTP hostname
+     * @apiSuccess {String} port
+     * @apiSuccess {String} username
+     * @apiSuccess {String} password
+     * @apiSuccess {String} from
+     * @apiError (client) ForbiddenError Access denied
+     * @apiPermission admin
+     * @apiVersion 1.5.0
+     *
+     * @return Response
+     */
+    @GET
+    @Path("config_smtp")
+    public Response getConfigSmtp() {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+
+        ConfigDao configDao = new ConfigDao();
+        Config hostnameConfig = configDao.getById(ConfigType.SMTP_HOSTNAME);
+        Config portConfig = configDao.getById(ConfigType.SMTP_PORT);
+        Config usernameConfig = configDao.getById(ConfigType.SMTP_USERNAME);
+        Config passwordConfig = configDao.getById(ConfigType.SMTP_PASSWORD);
+        Config fromConfig = configDao.getById(ConfigType.SMTP_FROM);
+        JsonObjectBuilder response = Json.createObjectBuilder();
+        if (System.getenv(Constants.SMTP_HOSTNAME_ENV) == null) {
+            if (hostnameConfig == null) {
+                response.addNull("hostname");
+            } else {
+                response.add("hostname", hostnameConfig.getValue());
+            }
+        }
+        if (System.getenv(Constants.SMTP_PORT_ENV) == null) {
+            if (portConfig == null) {
+                response.addNull("port");
+            } else {
+                response.add("port", Integer.valueOf(portConfig.getValue()));
+            }
+        }
+        if (System.getenv(Constants.SMTP_USERNAME_ENV) == null) {
+            if (usernameConfig == null) {
+                response.addNull("username");
+            } else {
+                response.add("username", usernameConfig.getValue());
+            }
+        }
+        if (System.getenv(Constants.SMTP_PASSWORD_ENV) == null) {
+            if (passwordConfig == null) {
+                response.addNull("password");
+            } else {
+                response.add("password", passwordConfig.getValue());
+            }
+        }
+        if (fromConfig == null) {
+            response.addNull("from");
+        } else {
+            response.add("from", fromConfig.getValue());
+        }
+
+        return Response.ok().entity(response.build()).build();
+    }
     
     /**
      * Configure the SMTP server.
@@ -119,9 +190,9 @@ public class AppResource extends BaseResource {
      * @apiGroup App
      * @apiParam {String} hostname SMTP hostname
      * @apiParam {Integer} port SMTP port
-     * @apiParam {String} from From address
      * @apiParam {String} username SMTP username
      * @apiParam {String} password SMTP password
+     * @apiParam {String} from From address
      * @apiError (client) ForbiddenError Access denied
      * @apiError (client) ValidationError Validation error
      * @apiPermission admin
@@ -129,18 +200,18 @@ public class AppResource extends BaseResource {
      *
      * @param hostname SMTP hostname
      * @param portStr SMTP port
-     * @param from From address
      * @param username SMTP username
      * @param password SMTP password
+     * @param from From address
      * @return Response
      */
     @POST
     @Path("config_smtp")
     public Response configSmtp(@FormParam("hostname") String hostname,
                                @FormParam("port") String portStr,
-                               @FormParam("from") String from,
                                @FormParam("username") String username,
-                               @FormParam("password") String password) {
+                               @FormParam("password") String password,
+                               @FormParam("from") String from) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -157,15 +228,15 @@ public class AppResource extends BaseResource {
         if (!Strings.isNullOrEmpty(portStr)) {
             configDao.update(ConfigType.SMTP_PORT, portStr);
         }
-        if (!Strings.isNullOrEmpty(from)) {
-            configDao.update(ConfigType.SMTP_FROM, from);
-        }
         if (!Strings.isNullOrEmpty(username)) {
             configDao.update(ConfigType.SMTP_USERNAME, username);
         }
         if (!Strings.isNullOrEmpty(password)) {
             configDao.update(ConfigType.SMTP_PASSWORD, password);
         }
+        if (!Strings.isNullOrEmpty(from)) {
+            configDao.update(ConfigType.SMTP_FROM, from);
+        }
 
         return Response.ok().build();
     }
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js b/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
index 32d55dd0..932b41d0 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/settings/SettingsConfig.js
@@ -65,10 +65,13 @@ angular.module('docs').controller('SettingsConfig', function($scope, $rootScope,
     });
   };
 
+  // Load SMTP config
+  Restangular.one('app/config_smtp').get().then(function (data) {
+    $scope.smtp = data;
+  });
+
   // Edit SMTP config
   $scope.editSmtpConfig = function () {
-    Restangular.one('app').post('config_smtp', $scope.smtp).then(function () {
-      $scope.smtpUpdated = true;
-    });
+    Restangular.one('app').post('config_smtp', $scope.smtp);
   };
 });
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.config.html b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
index b4cb36ac..c47bbab5 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.config.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
@@ -76,22 +76,35 @@
 </form>
 
 <h1 translate="settings.config.title_smtp"></h1>
-<div uib-alert ng-class="'alert-success'" ng-show="smtpUpdated">{{ 'settings.config.smtp_updated' | translate }}</div>
-<form class="form-horizontal" name="smtpForm" ng-show="!smtpUpdated" novalidate>
-  <div class="form-group" ng-class="{ 'has-error': !smtpForm.hostname.$valid && smtpForm.$dirty }">
+<form class="form-horizontal" name="smtpForm" novalidate>
+  <div class="form-group" ng-show="smtp.hasOwnProperty('hostname')" ng-class="{ 'has-error': !smtpForm.hostname.$valid && smtpForm.$dirty }">
     <label class="col-sm-2 control-label" for="smtpHostname">{{ 'settings.config.smtp_hostname' | translate }}</label>
     <div class="col-sm-7">
       <input name="hostname" type="text" class="form-control" id="smtpHostname" ng-model="smtp.hostname" />
     </div>
   </div>
 
-  <div class="form-group" ng-class="{ 'has-error': !smtpForm.port.$valid && smtpForm.$dirty }">
+  <div class="form-group" ng-show="smtp.hasOwnProperty('port')" ng-class="{ 'has-error': !smtpForm.port.$valid && smtpForm.$dirty }">
     <label class="col-sm-2 control-label" for="smtpPort">{{ 'settings.config.smtp_port' | translate }}</label>
     <div class="col-sm-7">
       <input name="port" type="number" class="form-control" id="smtpPort" ng-model="smtp.port" />
     </div>
   </div>
 
+  <div class="form-group" ng-show="smtp.hasOwnProperty('username')">
+    <label class="col-sm-2 control-label" for="smtpUsername">{{ 'settings.config.smtp_username' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="username" type="text" class="form-control" id="smtpUsername" ng-model="smtp.username" />
+    </div>
+  </div>
+
+  <div class="form-group" ng-show="smtp.hasOwnProperty('password')">
+    <label class="col-sm-2 control-label" for="smtpPassword">{{ 'settings.config.smtp_password' | translate }}</label>
+    <div class="col-sm-7">
+      <input name="password" type="password" class="form-control" id="smtpPassword" ng-model="smtp.password" />
+    </div>
+  </div>
+
   <div class="form-group" ng-class="{ 'has-error': !smtpForm.from.$valid && smtpForm.$dirty }">
     <label class="col-sm-2 control-label" for="smtpFrom">{{ 'settings.config.smtp_from' | translate }}</label>
     <div class="col-sm-7">
@@ -102,20 +115,6 @@
     </div>
   </div>
 
-  <div class="form-group">
-    <label class="col-sm-2 control-label" for="smtpUsername">{{ 'settings.config.smtp_username' | translate }}</label>
-    <div class="col-sm-7">
-      <input name="username" type="text" class="form-control" id="smtpUsername" ng-model="smtp.username" />
-    </div>
-  </div>
-
-  <div class="form-group">
-    <label class="col-sm-2 control-label" for="smtpPassword">{{ 'settings.config.smtp_password' | translate }}</label>
-    <div class="col-sm-7">
-      <input name="password" type="password" class="form-control" id="smtpPassword" ng-model="smtp.password" />
-    </div>
-  </div>
-
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
       <button type="submit" class="btn btn-primary" ng-click="editSmtpConfig()" ng-disabled="!smtpForm.$valid">
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
index 0434148b..313336ee 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -163,14 +163,34 @@ public class TestAppResource extends BaseJerseyTest {
         // Login admin
         String adminToken = clientUtil.login("admin", "admin", false);
 
+        // Get SMTP configuration
+        JsonObject json = target().path("/app/config_smtp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        Assert.assertTrue(json.isNull("hostname"));
+        Assert.assertTrue(json.isNull("port"));
+        Assert.assertTrue(json.isNull("username"));
+        Assert.assertTrue(json.isNull("password"));
+        Assert.assertTrue(json.isNull("from"));
+
         // Change SMTP configuration
         target().path("/app/config_smtp").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()
                         .param("hostname", "smtp.sismics.com")
                         .param("port", "1234")
-                        .param("from", "contact@sismics.com")
                         .param("username", "sismics")
+                        .param("from", "contact@sismics.com")
                 ), JsonObject.class);
+
+        // Get SMTP configuration
+        json = target().path("/app/config_smtp").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        Assert.assertEquals("smtp.sismics.com", json.getString("hostname"));
+        Assert.assertEquals(1234, json.getInt("port"));
+        Assert.assertEquals("sismics", json.getString("username"));
+        Assert.assertTrue(json.isNull("password"));
+        Assert.assertEquals("contact@sismics.com", json.getString("from"));
     }
 }
\ No newline at end of file

From 287ed06b6af0ade772566e3be0aa1ad28a406f8f Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Sat, 18 Nov 2017 19:45:08 +0100
Subject: [PATCH 06/17] prevent lastpass autofill in non editable fields

---
 docs-core/src/main/resources/messages_fr.properties       | 2 +-
 .../src/main/webapp/src/partial/docs/settings.config.html | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs-core/src/main/resources/messages_fr.properties b/docs-core/src/main/resources/messages_fr.properties
index 4bfc2450..1262dd0b 100644
--- a/docs-core/src/main/resources/messages_fr.properties
+++ b/docs-core/src/main/resources/messages_fr.properties
@@ -1,6 +1,6 @@
 email.template.password_recovery.subject=Réinitialiser votre mot de passe
 email.template.password_recovery.hello=Bonjour {0}.
-email.template.password_recovery.instruction1=Nous avons reçu une demande de réinitialisation de mot de passe.<br/>Si vous n''avez rien demandé, vous pouvez ignorer cet mail.
+email.template.password_recovery.instruction1=Nous avons reçu une demande de réinitialisation de mot de passe.<br/>Si vous n'avez rien demandé, vous pouvez ignorer cet mail.
 email.template.password_recovery.instruction2=Pour réinitialiser votre mot de passe, cliquez sur le lien ci-dessous :
 email.template.password_recovery.click_here=Cliquez ici pour réinitialiser votre mot de passe.
 email.no_html.error=Votre client mail ne supporte pas les messages au format HTML
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.config.html b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
index c47bbab5..da659568 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.config.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
@@ -80,28 +80,28 @@
   <div class="form-group" ng-show="smtp.hasOwnProperty('hostname')" ng-class="{ 'has-error': !smtpForm.hostname.$valid && smtpForm.$dirty }">
     <label class="col-sm-2 control-label" for="smtpHostname">{{ 'settings.config.smtp_hostname' | translate }}</label>
     <div class="col-sm-7">
-      <input name="hostname" type="text" class="form-control" id="smtpHostname" ng-model="smtp.hostname" />
+      <input name="hostname" type="text" ng-disabled="!smtp.hasOwnProperty('hostname')" class="form-control" id="smtpHostname" ng-model="smtp.hostname" />
     </div>
   </div>
 
   <div class="form-group" ng-show="smtp.hasOwnProperty('port')" ng-class="{ 'has-error': !smtpForm.port.$valid && smtpForm.$dirty }">
     <label class="col-sm-2 control-label" for="smtpPort">{{ 'settings.config.smtp_port' | translate }}</label>
     <div class="col-sm-7">
-      <input name="port" type="number" class="form-control" id="smtpPort" ng-model="smtp.port" />
+      <input name="port" type="number" ng-disabled="!smtp.hasOwnProperty('port')" class="form-control" id="smtpPort" ng-model="smtp.port" />
     </div>
   </div>
 
   <div class="form-group" ng-show="smtp.hasOwnProperty('username')">
     <label class="col-sm-2 control-label" for="smtpUsername">{{ 'settings.config.smtp_username' | translate }}</label>
     <div class="col-sm-7">
-      <input name="username" type="text" class="form-control" id="smtpUsername" ng-model="smtp.username" />
+      <input name="username" type="text" ng-disabled="!smtp.hasOwnProperty('username')" class="form-control" id="smtpUsername" ng-model="smtp.username" />
     </div>
   </div>
 
   <div class="form-group" ng-show="smtp.hasOwnProperty('password')">
     <label class="col-sm-2 control-label" for="smtpPassword">{{ 'settings.config.smtp_password' | translate }}</label>
     <div class="col-sm-7">
-      <input name="password" type="password" class="form-control" id="smtpPassword" ng-model="smtp.password" />
+      <input name="password" type="password" ng-disabled="!smtp.hasOwnProperty('password')" class="form-control" id="smtpPassword" ng-model="smtp.password" />
     </div>
   </div>
 

From b3dc409926c7c482cc0b2f824e2f97010130d6df Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Sat, 18 Nov 2017 20:01:11 +0100
Subject: [PATCH 07/17] cleanup logs for Travis + new process for each test

---
 docs-core/src/test/resources/log4j.properties               | 3 ++-
 .../src/test/java/com/sismics/docs/rest/BaseJerseyTest.java | 6 +++---
 pom.xml                                                     | 4 ++++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/docs-core/src/test/resources/log4j.properties b/docs-core/src/test/resources/log4j.properties
index 0a16867a..b13ac1dc 100644
--- a/docs-core/src/test/resources/log4j.properties
+++ b/docs-core/src/test/resources/log4j.properties
@@ -5,4 +5,5 @@ log4j.appender.CONSOLE.layout.ConversionPattern=%d{DATE} %p %l %m %n
 log4j.appender.MEMORY=com.sismics.util.log4j.MemoryAppender
 log4j.appender.MEMORY.size=1000
 
-log4j.logger.com.sismics=DEBUG
+log4j.logger.com.sismics=INFO
+log4j.logger.org.hibernate=ERROR
\ No newline at end of file
diff --git a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
index a434b227..22af8614 100644
--- a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
+++ b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
@@ -55,10 +55,10 @@ public abstract class BaseJerseyTest extends JerseyTest {
     
     @Override
     protected Application configure() {
-        enable(TestProperties.LOG_TRAFFIC);
         String travisEnv = System.getenv("TRAVIS");
         if (travisEnv == null || !travisEnv.equals("true")) {
-            // Travis don't like entity dumped in the logs
+            // Travis doesn't like big logs
+            enable(TestProperties.LOG_TRAFFIC);
             enable(TestProperties.DUMP_ENTITY);
         }
         return new Application();
@@ -103,7 +103,7 @@ public abstract class BaseJerseyTest extends JerseyTest {
     /**
      * Extract an email from the list and consume it.
      *
-     * @return Texte de l'email
+     * @return Email content
      * @throws MessagingException e
      * @throws IOException e
      */
diff --git a/pom.xml b/pom.xml
index 4059a000..64cb10a4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,6 +113,10 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-surefire-plugin</artifactId>
         <version>${org.apache.maven.plugins.maven-surefire-plugin.version}</version>
+        <configuration>
+          <forkCount>1</forkCount>
+          <reuseForks>false</reuseForks>
+        </configuration>
       </plugin>
       
       <plugin>

From 66f781b71696c1c04d87bdc9cc30802514d8aedc Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Sat, 18 Nov 2017 20:14:50 +0100
Subject: [PATCH 08/17] cleanup logs for Travis

---
 .../java/com/sismics/docs/rest/BaseJerseyTest.java | 14 +++++++-------
 docs-web/src/test/resources/log4j.properties       |  5 +++--
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
index 22af8614..24d90082 100644
--- a/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
+++ b/docs-web-common/src/test/java/com/sismics/docs/rest/BaseJerseyTest.java
@@ -77,10 +77,6 @@ public abstract class BaseJerseyTest extends JerseyTest {
 
         clientUtil = new ClientUtil(target());
 
-        wiser = new Wiser();
-        wiser.setPort(2500);
-        wiser.start();
-
         httpServer = HttpServer.createSimpleServer(getClass().getResource("/").getFile(), "localhost", getPort());
         WebappContext context = new WebappContext("GrizzlyContext", "/docs");
         context.addFilter("requestContextFilter", RequestContextFilter.class)
@@ -98,6 +94,10 @@ public abstract class BaseJerseyTest extends JerseyTest {
         reg.setAsyncSupported(true);
         context.deploy(httpServer);
         httpServer.start();
+
+        wiser = new Wiser();
+        wiser.setPort(2500);
+        wiser.start();
     }
 
     /**
@@ -124,11 +124,11 @@ public abstract class BaseJerseyTest extends JerseyTest {
     @After
     public void tearDown() throws Exception {
         super.tearDown();
-        if (httpServer != null) {
-            httpServer.shutdownNow();
-        }
         if (wiser != null) {
             wiser.stop();
         }
+        if (httpServer != null) {
+            httpServer.shutdownNow();
+        }
     }
 }
diff --git a/docs-web/src/test/resources/log4j.properties b/docs-web/src/test/resources/log4j.properties
index 1d786f52..1d762b75 100644
--- a/docs-web/src/test/resources/log4j.properties
+++ b/docs-web/src/test/resources/log4j.properties
@@ -6,5 +6,6 @@ log4j.appender.MEMORY=com.sismics.util.log4j.MemoryAppender
 log4j.appender.MEMORY.size=1000
 
 log4j.logger.com.sismics=INFO
-log4j.logger.org.hibernate=INFO
-log4j.logger.org.apache.pdfbox=INFO
\ No newline at end of file
+log4j.logger.com.sismics.util.jpa=ERROR
+log4j.logger.org.hibernate=ERROR
+log4j.logger.org.apache.pdfbox=INFO

From fb75bafe96ef2a4e4c47327c55e820034dee16fd Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Mon, 20 Nov 2017 20:34:29 +0100
Subject: [PATCH 09/17] Closes #166: global quota

---
 .../sismics/docs/core/constant/Constants.java | 11 ++++--
 .../sismics/docs/core/dao/jpa/UserDao.java    | 39 ++++++++++---------
 .../docs/rest/resource/AppResource.java       | 16 +++++++-
 .../docs/rest/resource/FileResource.java      | 24 ++++++++++--
 .../controller/document/DocumentDefault.js    |  2 +-
 docs-web/src/main/webapp/src/index.html       |  4 ++
 docs-web/src/main/webapp/src/locale/en.json   |  3 +-
 .../sismics/docs/rest/TestAppResource.java    |  1 +
 docs-web/src/test/resources/log4j.properties  |  1 +
 9 files changed, 71 insertions(+), 30 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
index 50cbcbd4..a9274e41 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/constant/Constants.java
@@ -46,23 +46,28 @@ public class Constants {
     public static final List<String> SUPPORTED_LANGUAGES = Lists.newArrayList("eng", "fra", "ita", "deu", "spa", "por", "pol", "rus", "ukr", "ara", "hin", "chi_sim", "chi_tra", "jpn", "tha", "kor");
 
     /**
-     * Base URL environnement variable.
+     * Base URL environment variable.
      */
     public static final String BASE_URL_ENV = "DOCS_BASE_URL";
 
     /**
-     * Default language environnement variable.
+     * Default language environment variable.
      */
     public static final String DEFAULT_LANGUAGE_ENV = "DOCS_DEFAULT_LANGUAGE";
 
     /**
-     * SMTP configuration environnement variables.
+     * SMTP configuration environment variables.
      */
     public static final String SMTP_HOSTNAME_ENV = "DOCS_SMTP_HOSTNAME";
     public static final String SMTP_PORT_ENV = "DOCS_SMTP_PORT";
     public static final String SMTP_USERNAME_ENV = "DOCS_SMTP_USERNAME";
     public static final String SMTP_PASSWORD_ENV = "DOCS_SMTP_PASSWORD";
 
+    /**
+     * Global quota environment variable.
+     */
+    public static final String GLOBAL_QUOTA_ENV = "DOCS_GLOBAL_QUOTA";
+
     /**
      * Expiration time of the password recovery in hours.
      */
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
index 209fa97c..bd17e5b1 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
@@ -1,19 +1,5 @@
 package com.sismics.docs.core.dao.jpa;
 
-import java.sql.Timestamp;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-
-import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-import javax.persistence.Query;
-
-import org.mindrot.jbcrypt.BCrypt;
-
 import com.google.common.base.Joiner;
 import com.sismics.docs.core.constant.AuditLogType;
 import com.sismics.docs.core.dao.jpa.criteria.UserCriteria;
@@ -24,6 +10,13 @@ import com.sismics.docs.core.util.jpa.QueryParam;
 import com.sismics.docs.core.util.jpa.QueryUtil;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.util.context.ThreadLocalContext;
+import org.mindrot.jbcrypt.BCrypt;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.Query;
+import java.sql.Timestamp;
+import java.util.*;
 
 /**
  * User DAO.
@@ -59,7 +52,7 @@ public class UserDao {
      * @param user User to create
      * @param userId User ID
      * @return User ID
-     * @throws Exception
+     * @throws Exception e
      */
     public String create(User user, String userId) throws Exception {
         // Create the user UUID
@@ -116,9 +109,8 @@ public class UserDao {
      * Updates a user's quota.
      * 
      * @param user User to update
-     * @return Updated user
      */
-    public User updateQuota(User user) {
+    public void updateQuota(User user) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
         
         // Get the user
@@ -128,8 +120,6 @@ public class UserDao {
 
         // Update the user
         userFromDb.setStorageQuota(user.getStorageQuota());
-        
-        return user;
     }
     
     /**
@@ -298,4 +288,15 @@ public class UserDao {
         }
         return userDtoList;
     }
+
+    /**
+     * Returns the global storage used by all users.
+     *
+     * @return Current global storage
+     */
+    public long getGlobalStorageCurrent() {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query query = em.createNativeQuery("select sum(u.USE_STORAGECURRENT_N) from T_USER u where u.USE_DELETEDATE_D is null");
+        return ((Number) query.getSingleResult()).longValue();
+    }
 }
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index e190fea9..ec4cbb15 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -63,6 +63,8 @@ public class AppResource extends BaseResource {
      * @apiSuccess {Boolean} guest_login True if guest login is enabled
      * @apiSuccess {String} total_memory Allocated JVM memory (in bytes)
      * @apiSuccess {String} free_memory Free JVM memory (in bytes)
+     * @apiSuccess {String} global_storage_current Global storage currently used (in bytes)
+     * @apiSuccess {String} global_storage_quota Maximum global storage (in bytes)
      * @apiPermission none
      * @apiVersion 1.5.0
      *
@@ -74,14 +76,24 @@ public class AppResource extends BaseResource {
         String currentVersion = configBundle.getString("api.current_version");
         String minVersion = configBundle.getString("api.min_version");
         Boolean guestLogin = ConfigUtil.getConfigBooleanValue(ConfigType.GUEST_LOGIN);
+        UserDao userDao = new UserDao();
+        String globalQuotaStr = System.getenv(Constants.GLOBAL_QUOTA_ENV);
+        long globalQuota = 0;
+        if (!Strings.isNullOrEmpty(globalQuotaStr)) {
+            globalQuota = Long.valueOf(globalQuotaStr);
+        }
 
         JsonObjectBuilder response = Json.createObjectBuilder()
                 .add("current_version", currentVersion.replace("-SNAPSHOT", ""))
                 .add("min_version", minVersion)
                 .add("guest_login", guestLogin)
                 .add("total_memory", Runtime.getRuntime().totalMemory())
-                .add("free_memory", Runtime.getRuntime().freeMemory());
-        
+                .add("free_memory", Runtime.getRuntime().freeMemory())
+                .add("global_storage_current", userDao.getGlobalStorageCurrent());
+        if (globalQuota > 0) {
+            response.add("global_storage_quota", globalQuota);
+        }
+
         return Response.ok().entity(response.build()).build();
     }
 
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
index e88491a0..cc208edd 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
@@ -3,6 +3,7 @@ package com.sismics.docs.rest.resource;
 import com.google.common.base.Strings;
 import com.google.common.collect.Lists;
 import com.google.common.io.ByteStreams;
+import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.constant.PermType;
 import com.sismics.docs.core.dao.jpa.AclDao;
 import com.sismics.docs.core.dao.jpa.DocumentDao;
@@ -14,7 +15,10 @@ import com.sismics.docs.core.event.FileCreatedAsyncEvent;
 import com.sismics.docs.core.event.FileDeletedAsyncEvent;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.docs.core.model.jpa.User;
-import com.sismics.docs.core.util.*;
+import com.sismics.docs.core.util.DirectoryUtil;
+import com.sismics.docs.core.util.EncryptionUtil;
+import com.sismics.docs.core.util.FileUtil;
+import com.sismics.docs.core.util.PdfUtil;
 import com.sismics.rest.exception.ClientException;
 import com.sismics.rest.exception.ForbiddenClientException;
 import com.sismics.rest.exception.ServerException;
@@ -34,7 +38,9 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.StreamingOutput;
-import java.io.*;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -130,11 +136,21 @@ public class FileResource extends BaseResource {
             throw new ServerException("ErrorGuessMime", "Error guessing mime type", e);
         }
 
-        // Validate quota
+        // Validate user quota
         if (user.getStorageCurrent() + fileSize > user.getStorageQuota()) {
             throw new ClientException("QuotaReached", "Quota limit reached");
         }
-        
+
+        // Validate global quota
+        String globalStorageQuotaStr = System.getenv(Constants.GLOBAL_QUOTA_ENV);
+        if (!Strings.isNullOrEmpty(globalStorageQuotaStr)) {
+            long globalStorageQuota = Long.valueOf(globalStorageQuotaStr);
+            long globalStorageCurrent = userDao.getGlobalStorageCurrent();
+            if (globalStorageCurrent + fileSize > globalStorageQuota) {
+                throw new ClientException("QuotaReached", "Global quota limit reached");
+            }
+        }
+
         try {
             // Get files of this document
             FileDao fileDao = new FileDao();
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js b/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
index fd0e998b..21ad90e5 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
@@ -77,7 +77,7 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
         })
         .error(function (data) {
           newfile.status = $translate.instant('document.default.upload_error');
-          if (data.type == 'QuotaReached') {
+          if (data.type === 'QuotaReached') {
             newfile.status += ' - ' + $translate.instant('document.default.upload_error_quota');
           }
         });
diff --git a/docs-web/src/main/webapp/src/index.html b/docs-web/src/main/webapp/src/index.html
index 3d237b6e..73af3dd6 100644
--- a/docs-web/src/main/webapp/src/index.html
+++ b/docs-web/src/main/webapp/src/index.html
@@ -157,6 +157,10 @@
 
     <div class="row" ng-controller="Footer">
       <div class="col-md-12 footer text-center text-muted">
+        <div class="alert alert-danger" ng-show="app.global_storage_quota && app.global_storage_quota * 0.8 < app.global_storage_current"
+             translate="index.global_quota_warning"
+             translate-values="{ current: app.global_storage_current / 1000000, percent: app.global_storage_current / app.global_storage_quota * 100, total: app.global_storage_quota / 1000000 }">
+        </div>
         <ul class="list-inline">
           <li uib-dropdown class="dropdown">
             <a href uib-dropdown-toggle>
diff --git a/docs-web/src/main/webapp/src/locale/en.json b/docs-web/src/main/webapp/src/locale/en.json
index fc54b550..b17d36ac 100644
--- a/docs-web/src/main/webapp/src/locale/en.json
+++ b/docs-web/src/main/webapp/src/locale/en.json
@@ -35,7 +35,8 @@
     "error_info": "{{ count }} new error{{ count > 1 ? 's' : '' }}",
     "logged_as": "Logged in as {{ username }}",
     "nav_settings": "Settings",
-    "logout": "Logout"
+    "logout": "Logout",
+    "global_quota_warning": "<strong>Warning!</strong> Global quota almost reached at {{ current | number: 0 }}MB ({{ percent | number: 1 }}%) used on {{ total | number: 0 }}MB"
   },
   "document": {
     "search_simple": "Simple search",
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
index 313336ee..e5376fea 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -36,6 +36,7 @@ public class TestAppResource extends BaseJerseyTest {
         Long totalMemory = json.getJsonNumber("total_memory").longValue();
         Assert.assertTrue(totalMemory > 0 && totalMemory > freeMemory);
         Assert.assertFalse(json.getBoolean("guest_login"));
+        Assert.assertTrue(json.containsKey("global_storage_current"));
 
         // Rebuild Lucene index
         Response response = target().path("/app/batch/reindex").request()
diff --git a/docs-web/src/test/resources/log4j.properties b/docs-web/src/test/resources/log4j.properties
index 1d762b75..85def7fe 100644
--- a/docs-web/src/test/resources/log4j.properties
+++ b/docs-web/src/test/resources/log4j.properties
@@ -9,3 +9,4 @@ log4j.logger.com.sismics=INFO
 log4j.logger.com.sismics.util.jpa=ERROR
 log4j.logger.org.hibernate=ERROR
 log4j.logger.org.apache.pdfbox=INFO
+log4j.logger.com.mchange=ERROR

From d786862a609c692d1b5ddfe66b29c885ee40b006 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Mon, 20 Nov 2017 21:21:50 +0100
Subject: [PATCH 10/17] Closes #167: disable users

---
 .../sismics/docs/core/dao/jpa/UserDao.java    | 25 +++++++++++---
 .../docs/core/dao/jpa/dto/UserDto.java        | 16 ++++++++-
 .../com/sismics/docs/core/model/jpa/User.java | 22 ++++++++++---
 .../src/main/resources/config.properties      |  2 +-
 .../resources/db/update/dbupdate-014-0.sql    |  2 ++
 .../sismics/util/filter/SecurityFilter.java   |  2 +-
 docs-web/src/dev/resources/config.properties  |  2 +-
 .../docs/rest/resource/AppResource.java       |  2 ++
 .../docs/rest/resource/UserResource.java      | 30 ++++++++++++++---
 docs-web/src/main/webapp/src/locale/en.json   |  3 +-
 .../src/partial/docs/settings.user.edit.html  | 13 +++++++-
 .../src/partial/docs/settings.user.html       |  3 +-
 docs-web/src/prod/resources/config.properties |  2 +-
 .../src/stress/resources/config.properties    |  2 +-
 .../sismics/docs/rest/TestAppResource.java    |  1 +
 .../sismics/docs/rest/TestUserResource.java   | 33 ++++++++++++++++++-
 16 files changed, 138 insertions(+), 22 deletions(-)
 create mode 100644 docs-core/src/main/resources/db/update/dbupdate-014-0.sql

diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
index bd17e5b1..c727bddb 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
@@ -10,6 +10,7 @@ import com.sismics.docs.core.util.jpa.QueryParam;
 import com.sismics.docs.core.util.jpa.QueryUtil;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.util.context.ThreadLocalContext;
+import org.joda.time.DateTime;
 import org.mindrot.jbcrypt.BCrypt;
 
 import javax.persistence.EntityManager;
@@ -37,7 +38,7 @@ public class UserDao {
         q.setParameter("username", username);
         try {
             User user = (User) q.getSingleResult();
-            if (!BCrypt.checkpw(password, user.getPassword())) {
+            if (!BCrypt.checkpw(password, user.getPassword()) || user.getDisableDate() != null) {
                 return null;
             }
             return user;
@@ -98,7 +99,8 @@ public class UserDao {
         userFromDb.setStorageQuota(user.getStorageQuota());
         userFromDb.setStorageCurrent(user.getStorageCurrent());
         userFromDb.setTotpKey(user.getTotpKey());
-        
+        userFromDb.setDisableDate(user.getDisableDate());
+
         // Create audit log
         AuditLogUtil.create(userFromDb, AuditLogType.UPDATE, userId);
         
@@ -246,7 +248,7 @@ public class UserDao {
         Map<String, Object> parameterMap = new HashMap<>();
         List<String> criteriaList = new ArrayList<>();
         
-        StringBuilder sb = new StringBuilder("select u.USE_ID_C as c0, u.USE_USERNAME_C as c1, u.USE_EMAIL_C as c2, u.USE_CREATEDATE_D as c3, u.USE_STORAGECURRENT_N as c4, u.USE_STORAGEQUOTA_N as c5, u.USE_TOTPKEY_C as c6");
+        StringBuilder sb = new StringBuilder("select u.USE_ID_C as c0, u.USE_USERNAME_C as c1, u.USE_EMAIL_C as c2, u.USE_CREATEDATE_D as c3, u.USE_STORAGECURRENT_N as c4, u.USE_STORAGEQUOTA_N as c5, u.USE_TOTPKEY_C as c6, u.USE_DISABLEDATE_D as c7");
         sb.append(" from T_USER u ");
         
         // Add search criterias
@@ -283,7 +285,10 @@ public class UserDao {
             userDto.setCreateTimestamp(((Timestamp) o[i++]).getTime());
             userDto.setStorageCurrent(((Number) o[i++]).longValue());
             userDto.setStorageQuota(((Number) o[i++]).longValue());
-            userDto.setTotpKey((String) o[i]);
+            userDto.setTotpKey((String) o[i++]);
+            if (o[i] != null) {
+                userDto.setDisableTimestamp(((Timestamp) o[i]).getTime());
+            }
             userDtoList.add(userDto);
         }
         return userDtoList;
@@ -299,4 +304,16 @@ public class UserDao {
         Query query = em.createNativeQuery("select sum(u.USE_STORAGECURRENT_N) from T_USER u where u.USE_DELETEDATE_D is null");
         return ((Number) query.getSingleResult()).longValue();
     }
+
+    /**
+     * Returns the number of active users.
+     *
+     * @return Number of active users
+     */
+    public long getActiveUserCount() {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query query = em.createNativeQuery("select count(u.USE_ID_C) from T_USER u where u.USE_DELETEDATE_D is null and (u.USE_DISABLEDATE_D is null or u.USE_DISABLEDATE_D > :date)");
+        query.setParameter("date", DateTime.now().minusMonths(1).toDate());
+        return ((Number) query.getSingleResult()).longValue();
+    }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
index 081e3a5b..9085523c 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
@@ -26,6 +26,11 @@ public class UserDto {
      */
     private Long createTimestamp;
 
+    /**
+     * Disable date of this user.
+     */
+    private Long disableTimestamp;
+
     /**
      * Storage quota.
      */
@@ -72,7 +77,16 @@ public class UserDto {
     public void setCreateTimestamp(Long createTimestamp) {
         this.createTimestamp = createTimestamp;
     }
-    
+
+    public Long getDisableTimestamp() {
+        return disableTimestamp;
+    }
+
+    public UserDto setDisableTimestamp(Long disableTimestamp) {
+        this.disableTimestamp = disableTimestamp;
+        return this;
+    }
+
     public Long getStorageQuota() {
         return storageQuota;
     }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/User.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/User.java
index 0f37b50c..b06d6d60 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/User.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/User.java
@@ -1,13 +1,12 @@
 package com.sismics.docs.core.model.jpa;
 
-import java.util.Date;
+import com.google.common.base.MoreObjects;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
 import javax.persistence.Table;
-
-import com.google.common.base.MoreObjects;
+import java.util.Date;
 
 /**
  * User entity.
@@ -84,6 +83,12 @@ public class User implements Loggable {
     @Column(name = "USE_DELETEDATE_D")
     private Date deleteDate;
     
+    /**
+     * Disable date.
+     */
+    @Column(name = "USE_DISABLEDATE_D")
+    private Date disableDate;
+
     public String getId() {
         return id;
     }
@@ -147,7 +152,16 @@ public class User implements Loggable {
         this.deleteDate = deleteDate;
         return this;
     }
-    
+
+    public Date getDisableDate() {
+        return disableDate;
+    }
+
+    public User setDisableDate(Date disableDate) {
+        this.disableDate = disableDate;
+        return this;
+    }
+
     public String getPrivateKey() {
         return privateKey;
     }
diff --git a/docs-core/src/main/resources/config.properties b/docs-core/src/main/resources/config.properties
index ca77caa4..f1624659 100644
--- a/docs-core/src/main/resources/config.properties
+++ b/docs-core/src/main/resources/config.properties
@@ -1 +1 @@
-db.version=13
\ No newline at end of file
+db.version=14
\ No newline at end of file
diff --git a/docs-core/src/main/resources/db/update/dbupdate-014-0.sql b/docs-core/src/main/resources/db/update/dbupdate-014-0.sql
new file mode 100644
index 00000000..b4bdb01d
--- /dev/null
+++ b/docs-core/src/main/resources/db/update/dbupdate-014-0.sql
@@ -0,0 +1,2 @@
+alter table T_USER add column USE_DISABLEDATE_D datetime;
+update T_CONFIG set CFG_VALUE_C = '14' where CFG_ID_C = 'DB_VERSION';
diff --git a/docs-web-common/src/main/java/com/sismics/util/filter/SecurityFilter.java b/docs-web-common/src/main/java/com/sismics/util/filter/SecurityFilter.java
index b4bad6e1..c4bb86a8 100644
--- a/docs-web-common/src/main/java/com/sismics/util/filter/SecurityFilter.java
+++ b/docs-web-common/src/main/java/com/sismics/util/filter/SecurityFilter.java
@@ -57,7 +57,7 @@ public abstract class SecurityFilter implements Filter {
      */
     private void injectUser(HttpServletRequest request, User user) {
         // Check if the user is still valid
-        if (user != null && user.getDeleteDate() == null) {
+        if (user != null && user.getDeleteDate() == null && user.getDisableDate() == null) {
             injectAuthenticatedUser(request, user);
         } else {
             injectAnonymousUser(request);
diff --git a/docs-web/src/dev/resources/config.properties b/docs-web/src/dev/resources/config.properties
index b41be0b3..743723d1 100644
--- a/docs-web/src/dev/resources/config.properties
+++ b/docs-web/src/dev/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=13
\ No newline at end of file
+db.version=14
\ No newline at end of file
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index ec4cbb15..41d2a5ad 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -63,6 +63,7 @@ public class AppResource extends BaseResource {
      * @apiSuccess {Boolean} guest_login True if guest login is enabled
      * @apiSuccess {String} total_memory Allocated JVM memory (in bytes)
      * @apiSuccess {String} free_memory Free JVM memory (in bytes)
+     * @apiSuccess {String} active_user_count Number of active users
      * @apiSuccess {String} global_storage_current Global storage currently used (in bytes)
      * @apiSuccess {String} global_storage_quota Maximum global storage (in bytes)
      * @apiPermission none
@@ -89,6 +90,7 @@ public class AppResource extends BaseResource {
                 .add("guest_login", guestLogin)
                 .add("total_memory", Runtime.getRuntime().totalMemory())
                 .add("free_memory", Runtime.getRuntime().freeMemory())
+                .add("active_user_count", userDao.getActiveUserCount())
                 .add("global_storage_current", userDao.getGlobalStorageCurrent());
         if (globalQuota > 0) {
             response.add("global_storage_quota", globalQuota);
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
index 1226fa27..ae092942 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -186,6 +186,7 @@ public class UserResource extends BaseResource {
      * @apiParam {String{8..50}} password Password
      * @apiParam {String{1..100}} email E-mail
      * @apiParam {Number} storage_quota Storage quota (in bytes)
+     * @apiParam {Boolean} disabled Disabled status
      * @apiSuccess {String} status Status OK
      * @apiError (client) ForbiddenError Access denied
      * @apiError (client) ValidationError Validation error
@@ -204,7 +205,8 @@ public class UserResource extends BaseResource {
         @PathParam("username") String username,
         @FormParam("password") String password,
         @FormParam("email") String email,
-        @FormParam("storage_quota") String storageQuotaStr) {
+        @FormParam("storage_quota") String storageQuotaStr,
+        @FormParam("disabled") Boolean disabled) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -218,7 +220,7 @@ public class UserResource extends BaseResource {
         UserDao userDao = new UserDao();
         User user = userDao.getActiveByUsername(username);
         if (user == null) {
-            throw new ClientException("UserNotFound", "The user doesn't exist");
+            throw new ClientException("UserNotFound", "The user does not exist");
         }
 
         // Update the user
@@ -229,6 +231,22 @@ public class UserResource extends BaseResource {
             Long storageQuota = ValidationUtil.validateLong(storageQuotaStr, "storage_quota");
             user.setStorageQuota(storageQuota);
         }
+        if (disabled != null) {
+            // Cannot disable the admin user or the guest user
+            RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
+            Set<String> baseFunctionSet = userBaseFuction.findByRoleId(Sets.newHashSet(user.getRoleId()));
+            if (Constants.GUEST_USER_ID.equals(username) || baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
+                disabled = false;
+            }
+
+            if (disabled && user.getDisableDate() == null) {
+                // Recording the disabled date
+                user.setDisableDate(new Date());
+            } else if (!disabled && user.getDisableDate() != null) {
+                // Emptying the disabled date
+                user.setDisableDate(null);
+            }
+        }
         user = userDao.update(user, principal.getId());
         
         // Change the password
@@ -631,6 +649,7 @@ public class UserResource extends BaseResource {
      * @apiSuccess {Number} storage_quota Storage quota (in bytes)
      * @apiSuccess {Number} storage_current Quota used (in bytes)
      * @apiSuccess {String[]} groups Groups
+     * @apiSuccess {Boolean} disabled True if the user is disabled
      * @apiError (client) ForbiddenError Access denied
      * @apiError (client) UserNotFound The user does not exist
      * @apiPermission user
@@ -668,7 +687,8 @@ public class UserResource extends BaseResource {
                 .add("groups", groups)
                 .add("email", user.getEmail())
                 .add("storage_quota", user.getStorageQuota())
-                .add("storage_current", user.getStorageCurrent());
+                .add("storage_current", user.getStorageCurrent())
+                .add("disabled", user.getDisableDate() != null);
         return Response.ok().entity(response.build()).build();
     }
     
@@ -688,6 +708,7 @@ public class UserResource extends BaseResource {
      * @apiSuccess {Number} users.storage_quota Storage quota (in bytes)
      * @apiSuccess {Number} users.storage_current Quota used (in bytes)
      * @apiSuccess {Number} users.create_date Create date (timestamp)
+     * @apiSuccess {Number} users.disabled True if the user is disabled
      * @apiError (client) ForbiddenError Access denied
      * @apiPermission user
      * @apiVersion 1.5.0
@@ -730,7 +751,8 @@ public class UserResource extends BaseResource {
                     .add("email", userDto.getEmail())
                     .add("storage_quota", userDto.getStorageQuota())
                     .add("storage_current", userDto.getStorageCurrent())
-                    .add("create_date", userDto.getCreateTimestamp()));
+                    .add("create_date", userDto.getCreateTimestamp())
+                    .add("disabled", userDto.getDisableTimestamp() != null));
         }
         
         JsonObjectBuilder response = Json.createObjectBuilder()
diff --git a/docs-web/src/main/webapp/src/locale/en.json b/docs-web/src/main/webapp/src/locale/en.json
index b17d36ac..a8c9a227 100644
--- a/docs-web/src/main/webapp/src/locale/en.json
+++ b/docs-web/src/main/webapp/src/locale/en.json
@@ -245,7 +245,8 @@
         "storage_quota": "Storage quota",
         "storage_quota_placeholder": "Storage quota (in MB)",
         "password": "Password",
-        "password_confirm": "Password (confirm)"
+        "password_confirm": "Password (confirm)",
+        "disabled": "Disabled user"
       }
     },
     "security": {
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
index 9a0ffedf..a664d8ce 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
@@ -88,12 +88,23 @@
       </div>
     </div>
 
+    <div class="form-group" ng-show="isEdit() && user.username != 'admin' && user.username != 'guest'">
+      <div class="col-sm-offset-2 col-sm-10">
+        <div class="checkbox text-danger">
+          <label>
+            <input name="disabled" type="checkbox" ng-model="user.disabled" />
+            <strong>{{ 'settings.user.edit.disabled' | translate }}</strong>
+          </label>
+        </div>
+      </div>
+    </div>
+
     <div class="form-group">
       <div class="col-sm-offset-2 col-sm-10">
         <button type="submit" class="btn btn-primary" ng-click="edit()" ng-disabled="!editUserForm.$valid">
           <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'edit' : 'add' | translate }}
         </button>
-        <button type="button" class="btn btn-danger" ng-click="remove()" ng-show="isEdit() && user.username != 'guest'">
+        <button type="button" class="btn btn-danger" ng-click="remove()" ng-show="isEdit() && user.username != 'admin' && user.username != 'guest'">
           <span class="glyphicon glyphicon-trash"></span> {{ 'delete' | translate }}
         </button>
       </div>
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.html
index 6cc614c8..d0dae4ad 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.html
@@ -16,7 +16,8 @@
         <tr ng-repeat="user in users | orderBy: 'username'" ng-click="editUser(user)"
             ng-class="{ active: $stateParams.username == user.username }">
           <td>
-            {{ user.username }}
+            <span ng-if="!user.disabled">{{ user.username }}</span>
+            <s ng-if="user.disabled">{{ user.username }}</s>
             <span class="glyphicon glyphicon-lock" ng-show="user.totp_enabled" uib-tooltip="{{ 'settings.user.totp_enabled' | translate }}"></span>
           </td>
           <td>{{ user.create_date | date: dateFormat }}</td>
diff --git a/docs-web/src/prod/resources/config.properties b/docs-web/src/prod/resources/config.properties
index b41be0b3..743723d1 100644
--- a/docs-web/src/prod/resources/config.properties
+++ b/docs-web/src/prod/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=13
\ No newline at end of file
+db.version=14
\ No newline at end of file
diff --git a/docs-web/src/stress/resources/config.properties b/docs-web/src/stress/resources/config.properties
index b41be0b3..743723d1 100644
--- a/docs-web/src/stress/resources/config.properties
+++ b/docs-web/src/stress/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=13
\ No newline at end of file
+db.version=14
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
index e5376fea..dab82572 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -37,6 +37,7 @@ public class TestAppResource extends BaseJerseyTest {
         Assert.assertTrue(totalMemory > 0 && totalMemory > freeMemory);
         Assert.assertFalse(json.getBoolean("guest_login"));
         Assert.assertTrue(json.containsKey("global_storage_current"));
+        Assert.assertTrue(json.getJsonNumber("active_user_count").longValue() > 0);
 
         // Rebuild Lucene index
         Response response = target().path("/app/batch/reindex").request()
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
index 6cddb206..e9fe73a5 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -57,6 +57,7 @@ public class TestUserResource extends BaseJerseyTest {
         Assert.assertNotNull(user.getJsonNumber("storage_current"));
         Assert.assertNotNull(user.getJsonNumber("create_date"));
         Assert.assertFalse(user.getBoolean("totp_enabled"));
+        Assert.assertFalse(user.getBoolean("disabled"));
 
         // Create a user KO (login length validation)
         Response response = target().path("/user").request()
@@ -262,7 +263,7 @@ public class TestUserResource extends BaseJerseyTest {
         Assert.assertEquals("newadminemail@docs.com", json.getString("email"));
 
         // User admin update admin_user1 information
-        json = target().path("/user").request()
+        json = target().path("/user/admin_user1").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()
                         .param("email", " alice2@docs.com ")), JsonObject.class);
@@ -276,6 +277,36 @@ public class TestUserResource extends BaseJerseyTest {
         json = response.readEntity(JsonObject.class);
         Assert.assertEquals("ForbiddenError", json.getString("type"));
 
+        // User admin disable admin_user1
+        json = target().path("/user/admin_user1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()
+                        .param("disabled", "true")), JsonObject.class);
+        Assert.assertEquals("ok", json.getString("status"));
+
+        // User admin_user1 tries to authenticate
+        response = target().path("/user/login").request()
+                .post(Entity.form(new Form()
+                        .param("username", "admin_user1")
+                        .param("password", "12345678")
+                        .param("remember", "false")));
+        Assert.assertEquals(Status.FORBIDDEN.getStatusCode(), response.getStatus());
+
+        // User admin enable admin_user1
+        json = target().path("/user/admin_user1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()
+                        .param("disabled", "false")), JsonObject.class);
+        Assert.assertEquals("ok", json.getString("status"));
+
+        // User admin_user1 tries to authenticate
+        response = target().path("/user/login").request()
+                .post(Entity.form(new Form()
+                        .param("username", "admin_user1")
+                        .param("password", "12345678")
+                        .param("remember", "false")));
+        Assert.assertEquals(Status.OK.getStatusCode(), response.getStatus());
+
         // User admin deletes user admin_user1
         json = target().path("/user/admin_user1").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)

From 3f807b3e51df13144b0b89bf7d832c54c5b4d582 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Mon, 20 Nov 2017 21:25:52 +0100
Subject: [PATCH 11/17] edit -> save

---
 docs-web/src/main/webapp/src/partial/docs/settings.account.html | 2 +-
 docs-web/src/main/webapp/src/partial/docs/settings.config.html  | 2 +-
 .../src/main/webapp/src/partial/docs/settings.group.edit.html   | 2 +-
 .../src/main/webapp/src/partial/docs/settings.user.edit.html    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.account.html b/docs-web/src/main/webapp/src/partial/docs/settings.account.html
index 68e5f4a4..7e81f3c8 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.account.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.account.html
@@ -28,7 +28,7 @@
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
       <button type="submit" class="btn btn-primary" ng-click="editUser()" ng-disabled="!editUserForm.$valid">
-        <span class="glyphicon glyphicon-pencil"></span> {{ 'edit' | translate }}
+        <span class="glyphicon glyphicon-pencil"></span> {{ 'save' | translate }}
       </button>
     </div>
   </div>
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.config.html b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
index da659568..f796e160 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.config.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.config.html
@@ -118,7 +118,7 @@
   <div class="form-group">
     <div class="col-sm-offset-2 col-sm-10">
       <button type="submit" class="btn btn-primary" ng-click="editSmtpConfig()" ng-disabled="!smtpForm.$valid">
-        <span class="glyphicon glyphicon-pencil"></span> {{ 'edit' | translate }}
+        <span class="glyphicon glyphicon-pencil"></span> {{ 'save' | translate }}
       </button>
     </div>
   </div>
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html
index 9deaec3b..ca6432ae 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html
@@ -33,7 +33,7 @@
     <div class="form-group">
       <div class="col-sm-offset-2 col-sm-10">
         <button type="submit" class="btn btn-primary" ng-click="edit()" ng-disabled="!editGroupForm.$valid">
-          <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'edit' : 'add' | translate }}
+          <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'save' : 'add' | translate }}
         </button>
         <button type="button" class="btn btn-danger" ng-click="remove()" ng-show="isEdit()">
           <span class="glyphicon glyphicon-trash"></span> {{ 'delete' | translate }}
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
index a664d8ce..b10cb8bd 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
@@ -102,7 +102,7 @@
     <div class="form-group">
       <div class="col-sm-offset-2 col-sm-10">
         <button type="submit" class="btn btn-primary" ng-click="edit()" ng-disabled="!editUserForm.$valid">
-          <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'edit' : 'add' | translate }}
+          <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'save' : 'add' | translate }}
         </button>
         <button type="button" class="btn btn-danger" ng-click="remove()" ng-show="isEdit() && user.username != 'admin' && user.username != 'guest'">
           <span class="glyphicon glyphicon-trash"></span> {{ 'delete' | translate }}

From 2156848e4a3b3d524dda6d215408c5bc0fd940ef Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Tue, 21 Nov 2017 09:49:33 +0100
Subject: [PATCH 12/17] GET /app returns document count

---
 .../docs/core/dao/jpa/DocumentDao.java        | 30 +++++++++++--------
 .../docs/rest/resource/AppResource.java       |  4 +++
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
index 403f2ee2..24b99c35 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
@@ -1,18 +1,5 @@
 package com.sismics.docs.core.dao.jpa;
 
-import java.sql.Timestamp;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-import javax.persistence.Query;
-
 import com.google.common.base.Joiner;
 import com.google.common.base.Strings;
 import com.sismics.docs.core.constant.AuditLogType;
@@ -28,6 +15,12 @@ import com.sismics.docs.core.util.jpa.QueryParam;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.util.context.ThreadLocalContext;
 
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.Query;
+import java.sql.Timestamp;
+import java.util.*;
+
 /**
  * Document DAO.
  * 
@@ -322,4 +315,15 @@ public class DocumentDao {
         
         return documentFromDb;
     }
+
+    /**
+     * Returns the number of documents.
+     *
+     * @return Number of documents
+     */
+    public long getDocumentCount() {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query query = em.createNativeQuery("select count(d.DOC_ID_C) from T_DOCUMENT d where d.DOC_DELETEDATE_D is null");
+        return ((Number) query.getSingleResult()).longValue();
+    }
 }
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index 41d2a5ad..558761b4 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -4,6 +4,7 @@ import com.google.common.base.Strings;
 import com.sismics.docs.core.constant.ConfigType;
 import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.ConfigDao;
+import com.sismics.docs.core.dao.jpa.DocumentDao;
 import com.sismics.docs.core.dao.jpa.FileDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
 import com.sismics.docs.core.event.RebuildIndexAsyncEvent;
@@ -63,6 +64,7 @@ public class AppResource extends BaseResource {
      * @apiSuccess {Boolean} guest_login True if guest login is enabled
      * @apiSuccess {String} total_memory Allocated JVM memory (in bytes)
      * @apiSuccess {String} free_memory Free JVM memory (in bytes)
+     * @apiSuccess {String} document_count Number of documents
      * @apiSuccess {String} active_user_count Number of active users
      * @apiSuccess {String} global_storage_current Global storage currently used (in bytes)
      * @apiSuccess {String} global_storage_quota Maximum global storage (in bytes)
@@ -78,6 +80,7 @@ public class AppResource extends BaseResource {
         String minVersion = configBundle.getString("api.min_version");
         Boolean guestLogin = ConfigUtil.getConfigBooleanValue(ConfigType.GUEST_LOGIN);
         UserDao userDao = new UserDao();
+        DocumentDao documentDao = new DocumentDao();
         String globalQuotaStr = System.getenv(Constants.GLOBAL_QUOTA_ENV);
         long globalQuota = 0;
         if (!Strings.isNullOrEmpty(globalQuotaStr)) {
@@ -90,6 +93,7 @@ public class AppResource extends BaseResource {
                 .add("guest_login", guestLogin)
                 .add("total_memory", Runtime.getRuntime().totalMemory())
                 .add("free_memory", Runtime.getRuntime().freeMemory())
+                .add("document_count", documentDao.getDocumentCount())
                 .add("active_user_count", userDao.getActiveUserCount())
                 .add("global_storage_current", userDao.getGlobalStorageCurrent());
         if (globalQuota > 0) {

From 5bc73548b3ec4d0e92e72e01a664b1ab5022b5ea Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Tue, 21 Nov 2017 12:01:53 +0100
Subject: [PATCH 13/17] Closes #162: feedback box

---
 docs-web/src/main/webapp/src/app/docs/app.js  |  5 +-
 .../webapp/src/app/docs/controller/Login.js   |  2 +-
 .../docs/controller/LoginModalPasswordLost.js | 11 ---
 .../src/app/docs/controller/ModalFeedback.js  | 11 +++
 .../app/docs/controller/ModalPasswordLost.js  | 11 +++
 .../controller/document/DocumentDefault.js    | 74 ++++++++++---------
 docs-web/src/main/webapp/src/index.html       |  3 +-
 docs-web/src/main/webapp/src/locale/en.json   |  9 ++-
 .../src/partial/docs/document.default.html    |  6 +-
 .../webapp/src/partial/docs/feedback.html     | 17 +++++
 docs-web/src/main/webapp/src/style/main.less  | 29 ++++++++
 11 files changed, 128 insertions(+), 50 deletions(-)
 delete mode 100644 docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
 create mode 100644 docs-web/src/main/webapp/src/app/docs/controller/ModalFeedback.js
 create mode 100644 docs-web/src/main/webapp/src/app/docs/controller/ModalPasswordLost.js
 create mode 100644 docs-web/src/main/webapp/src/partial/docs/feedback.html

diff --git a/docs-web/src/main/webapp/src/app/docs/app.js b/docs-web/src/main/webapp/src/app/docs/app.js
index bcaa03b7..b7cc62c3 100644
--- a/docs-web/src/main/webapp/src/app/docs/app.js
+++ b/docs-web/src/main/webapp/src/app/docs/app.js
@@ -13,7 +13,7 @@ angular.module('docs',
 /**
  * Configuring modules.
  */
-.config(function($locationProvider, $urlRouterProvider, $stateProvider, $httpProvider,
+.config(function($locationProvider, $urlRouterProvider, $stateProvider, $httpProvider, $qProvider,
                  RestangularProvider, $translateProvider, timeAgoSettings, tmhDynamicLocaleProvider) {
   $locationProvider.hashPrefix('');
 
@@ -417,6 +417,9 @@ angular.module('docs',
     
     return angular.isObject(data) && String(data) !== '[object File]' ? param(data) : data;
   }];
+
+  // Silence unhandled rejections
+  $qProvider.errorOnUnhandledRejections(false);
 })
 
 /**
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/Login.js b/docs-web/src/main/webapp/src/app/docs/controller/Login.js
index 32b3a000..d48a5f57 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/Login.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/Login.js
@@ -45,7 +45,7 @@ angular.module('docs').controller('Login', function(Restangular, $scope, $rootSc
   $scope.openPasswordLost = function () {
     $uibModal.open({
       templateUrl: 'partial/docs/passwordlost.html',
-      controller: 'LoginModalPasswordLost'
+      controller: 'ModalPasswordLost'
     }).result.then(function (username) {
       if (username === null) {
         return;
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js b/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
deleted file mode 100644
index 16517457..00000000
--- a/docs-web/src/main/webapp/src/app/docs/controller/LoginModalPasswordLost.js
+++ /dev/null
@@ -1,11 +0,0 @@
-'use strict';
-
-/**
- * Login modal password lost controller.
- */
-angular.module('docs').controller('LoginModalPasswordLost', function ($scope, $uibModalInstance) {
-  $scope.username = '';
-  $scope.close = function(username) {
-    $uibModalInstance.close(username);
-  }
-});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/ModalFeedback.js b/docs-web/src/main/webapp/src/app/docs/controller/ModalFeedback.js
new file mode 100644
index 00000000..f55705d3
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/ModalFeedback.js
@@ -0,0 +1,11 @@
+'use strict';
+
+/**
+ * Modal feedback controller.
+ */
+angular.module('docs').controller('ModalFeedback', function ($scope, $uibModalInstance) {
+  $scope.content = '';
+  $scope.close = function(content) {
+    $uibModalInstance.close(content);
+  }
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/ModalPasswordLost.js b/docs-web/src/main/webapp/src/app/docs/controller/ModalPasswordLost.js
new file mode 100644
index 00000000..59dec913
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/ModalPasswordLost.js
@@ -0,0 +1,11 @@
+'use strict';
+
+/**
+ * Modal password lost controller.
+ */
+angular.module('docs').controller('ModalPasswordLost', function ($scope, $uibModalInstance) {
+  $scope.username = '';
+  $scope.close = function(username) {
+    $uibModalInstance.close(username);
+  }
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js b/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
index 21ad90e5..20997c39 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/document/DocumentDefault.js
@@ -3,16 +3,14 @@
 /**
  * Document default controller.
  */
-angular.module('docs').controller('DocumentDefault', function($scope, $rootScope, $state, Restangular, Upload, $translate) {
+angular.module('docs').controller('DocumentDefault', function ($scope, $rootScope, $state, Restangular, Upload, $translate, $uibModal, $dialog) {
   // Load user audit log
-  Restangular.one('auditlog').get().then(function(data) {
+  Restangular.one('auditlog').get().then(function (data) {
     $scope.logs = data.logs;
   });
 
-  /**
-   * Load unlinked files.
-   */
-  $scope.loadFiles = function() {
+  // Load unlinked files
+  $scope.loadFiles = function () {
     Restangular.one('file/list').get().then(function (data) {
       $scope.files = data.files;
       // TODO Keep currently uploading files
@@ -20,15 +18,12 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
   };
   $scope.loadFiles();
 
-  /**
-   * File has been drag & dropped.
-   * @param files
-   */
-  $scope.fileDropped = function(files) {
+  // File has been drag & dropped
+  $scope.fileDropped = function (files) {
     if (files && files.length) {
       // Adding files to the UI
       var newfiles = [];
-      _.each(files, function(file) {
+      _.each(files, function (file) {
         var newfile = {
           progress: 0,
           name: file.name,
@@ -42,7 +37,7 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
 
       // Uploading files sequentially
       var key = 0;
-      var then = function() {
+      var then = function () {
         if (files[key]) {
           $scope.uploadFile(files[key], newfiles[key++]).then(then);
         }
@@ -51,12 +46,8 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
     }
   };
 
-  /**
-   * Upload a file.
-   * @param file
-   * @param newfile
-   */
-  $scope.uploadFile = function(file, newfile) {
+  // Upload a file
+  $scope.uploadFile = function (file, newfile) {
     // Upload the file
     newfile.status = $translate.instant('document.default.upload_progress');
     return Upload.upload({
@@ -83,20 +74,16 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
         });
   };
 
-  /**
-   * Navigate to the selected file.
-   */
+  //Navigate to the selected file
   $scope.openFile = function (file) {
     $state.go('document.default.file', { fileId: file.id })
   };
 
-  /**
-   * Delete a file.
-   */
+  // Delete a file
   $scope.deleteFile = function ($event, file) {
     $event.stopPropagation();
 
-    Restangular.one('file', file.id).remove().then(function() {
+    Restangular.one('file', file.id).remove().then(function () {
       // File deleted, decrease used quota
       $rootScope.userInfo.storage_current -= file.size;
 
@@ -106,17 +93,36 @@ angular.module('docs').controller('DocumentDefault', function($scope, $rootScope
     return false;
   };
 
-  /**
-   * Returns checked files.
-   */
-  $scope.checkedFiles = function() {
+  // Returns checked files
+  $scope.checkedFiles = function () {
     return _.where($scope.files, { checked: true });
   };
 
-  /**
-   * Add a document with checked files.
-   */
-  $scope.addDocument = function() {
+  // Add a document with checked files
+  $scope.addDocument = function () {
     $state.go('document.add', { files: _.pluck($scope.checkedFiles(), 'id') });
   };
+
+  // Open the feedback modal
+  $scope.openFeedback = function () {
+    $uibModal.open({
+      templateUrl: 'partial/docs/feedback.html',
+      controller: 'ModalFeedback'
+    }).result.then(function (content) {
+      if (content === null) {
+        return;
+      }
+
+      Restangular.withConfig(function (RestangularConfigurer) {
+        RestangularConfigurer.setBaseUrl('https://api.sismicsdocs.com');
+      }).one('api').post('feedback', {
+        content: content
+      }).then(function () {
+        var title = $translate.instant('feedback.sent_title');
+        var msg = $translate.instant('feedback.sent_message');
+        var btns = [{result: 'ok', label: $translate.instant('ok'), cssClass: 'btn-primary'}];
+        $dialog.messageBox(title, msg, btns);
+      });
+    });
+  };
 });
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/index.html b/docs-web/src/main/webapp/src/index.html
index 73af3dd6..86796c0b 100644
--- a/docs-web/src/main/webapp/src/index.html
+++ b/docs-web/src/main/webapp/src/index.html
@@ -48,7 +48,8 @@
     <script src="app/docs/app.js" type="text/javascript"></script>
     <script src="app/docs/controller/Main.js" type="text/javascript"></script>
     <script src="app/docs/controller/Login.js" type="text/javascript"></script>
-    <script src="app/docs/controller/LoginModalPasswordLost.js" type="text/javascript"></script>
+    <script src="app/docs/controller/ModalPasswordLost.js" type="text/javascript"></script>
+    <script src="app/docs/controller/ModalFeedback.js" type="text/javascript"></script>
     <script src="app/docs/controller/PasswordReset.js" type="text/javascript"></script>
     <script src="app/docs/controller/Navigation.js" type="text/javascript"></script>
     <script src="app/docs/controller/Footer.js" type="text/javascript"></script>
diff --git a/docs-web/src/main/webapp/src/locale/en.json b/docs-web/src/main/webapp/src/locale/en.json
index a8c9a227..cbd2d079 100644
--- a/docs-web/src/main/webapp/src/locale/en.json
+++ b/docs-web/src/main/webapp/src/locale/en.json
@@ -146,7 +146,8 @@
       "add_new_document": "Add to new document",
       "latest_activity": "Latest activity",
       "footer_sismics": "Crafted with <span class=\"glyphicon glyphicon-heart\"></span> by <a href=\"https://www.sismics.com\" target=\"_blank\">Sismics</a>",
-      "api_documentation": "API Documentation"
+      "api_documentation": "API Documentation",
+      "feedback": "Give us a feedback"
     },
     "pdf": {
       "export_title": "Export to PDF",
@@ -339,6 +340,12 @@
       "new_entry": "New entry"
     }
   },
+  "feedback": {
+    "title": "Give us a feedback",
+    "message": "Any suggestion or question about Sismics Docs? We listen to you!",
+    "sent_title": "Feedback sent",
+    "sent_message": "Thank you for your feedback! It will help us make Sismics Docs even better."
+  },
   "app_share": {
     "main": "Ask a shared document link to access it",
     "403": {
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.default.html b/docs-web/src/main/webapp/src/partial/docs/document.default.html
index 4db49c57..2ed71792 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.default.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.default.html
@@ -67,4 +67,8 @@
     </h3>
     <audit-log logs="logs" />
   </div>
-</div>
\ No newline at end of file
+</div>
+
+<a href class="feedback" ng-click="openFeedback()">
+  {{ 'document.default.feedback' | translate }}
+</a>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/feedback.html b/docs-web/src/main/webapp/src/partial/docs/feedback.html
new file mode 100644
index 00000000..7c849c0c
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/feedback.html
@@ -0,0 +1,17 @@
+<form name="form">
+<div class="modal-header">
+  <h3>{{ 'feedback.title' | translate }}</h3>
+</div>
+<div class="modal-body">
+  <p>
+    <label for="inputContent">{{ 'feedback.message' | translate }}</label>
+    <textarea name="content" class="form-control" required id="inputContent" ng-model="content"></textarea>
+  </p>
+</div>
+<div class="modal-footer">
+  <button ng-click="close(content)" class="btn btn-primary" ng-disabled="!form.$valid">
+    <span class="glyphicon glyphicon-send"></span> {{ 'send' | translate }}
+  </button>
+  <button ng-click="close(null)" class="btn btn-default">{{ 'cancel' | translate }}</button>
+</div>
+</form>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/style/main.less b/docs-web/src/main/webapp/src/style/main.less
index fdae4870..0a582242 100644
--- a/docs-web/src/main/webapp/src/style/main.less
+++ b/docs-web/src/main/webapp/src/style/main.less
@@ -310,6 +310,35 @@ input[readonly].share-link {
   padding-bottom: 0;
 }
 
+// Feedback
+.feedback {
+  display: block;
+  position: fixed;
+  right: 0;
+  top: 200px;
+  transform: rotate(-90deg) translateY(-100%);
+  background: #ccc;
+  padding: 8px;
+  color: #fff;
+  font-weight: bold;
+  transform-origin: 100% 0;
+
+  &:hover {
+    background: #aaa;
+    text-decoration: none;
+    color: #fff;
+  }
+
+  &:active {
+    background: #444;
+  }
+
+  &:active, &:focus {
+    text-decoration: none;
+    color: #fff;
+  }
+}
+
 // Vertical alignment
 .vertical-center {
   min-height: 100vh;

From e4fe1cfa901fc5b5c1ea7004892d1715a0bae056 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Tue, 21 Nov 2017 19:37:29 +0100
Subject: [PATCH 14/17] fix active user count

---
 .../main/java/com/sismics/docs/core/dao/jpa/UserDao.java   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
index c727bddb..87166a59 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
@@ -312,8 +312,11 @@ public class UserDao {
      */
     public long getActiveUserCount() {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
-        Query query = em.createNativeQuery("select count(u.USE_ID_C) from T_USER u where u.USE_DELETEDATE_D is null and (u.USE_DISABLEDATE_D is null or u.USE_DISABLEDATE_D > :date)");
-        query.setParameter("date", DateTime.now().minusMonths(1).toDate());
+        Query query = em.createNativeQuery("select count(u.USE_ID_C) from T_USER u where u.USE_DELETEDATE_D is null and (u.USE_DISABLEDATE_D is null or u.USE_DISABLEDATE_D >= :fromDate and u.USE_DISABLEDATE_D < :toDate)");
+        DateTime fromDate = DateTime.now().minusMonths(1).dayOfMonth().withMinimumValue().withTimeAtStartOfDay();
+        DateTime toDate = fromDate.plusMonths(1);
+        query.setParameter("fromDate", fromDate.toDate());
+        query.setParameter("toDate", toDate.toDate());
         return ((Number) query.getSingleResult()).longValue();
     }
 }

From 7194f9aac0c0a20a06c24d05b2c3a6d7672e9dae Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Tue, 21 Nov 2017 20:23:35 +0100
Subject: [PATCH 15/17] update fr translation

---
 docs-web/src/main/webapp/src/locale/fr.json | 45 ++++++++++++++++++---
 1 file changed, 39 insertions(+), 6 deletions(-)

diff --git a/docs-web/src/main/webapp/src/locale/fr.json b/docs-web/src/main/webapp/src/locale/fr.json
index e040c75a..9d93d6e7 100644
--- a/docs-web/src/main/webapp/src/locale/fr.json
+++ b/docs-web/src/main/webapp/src/locale/fr.json
@@ -9,7 +9,23 @@
     "submit": "Connexion",
     "login_as_guest": "Connexion en invité",
     "login_failed_title": "Echec de connexion",
-    "login_failed_message": "Nom d'utilisateur ou mot de passe invalide"
+    "login_failed_message": "Nom d'utilisateur ou mot de passe invalide",
+    "password_lost_btn": "Mot de passe perdu ?",
+    "password_lost_sent_title": "Email de réinitialisation de mot de passe envoyé",
+    "password_lost_sent_message": "Un email a été envoyé à <strong>{{ username }}</strong> pour réinitialiser votre mot de passe",
+    "password_lost_error_title": "Erreur lors de la réinitialisation du mot de passe",
+    "password_lost_error_message": "Impossible d'envoyer un email de changement de mot de passe, veuillez contacter votre administrateur pour une réinitialisation manuelle"
+  },
+  "passwordlost": {
+    "title": "Mot de passe perdu",
+    "message": "Veuillez entrer votre nom d'utilisateur pour recevoir un lien de réinitialisation de mot de passe. Si vous ne vous souvenez pas de votre nom d'utilisateur, veuillez contacter votre administrateur",
+    "submit": "RĂ©initialiser mon mot de passe"
+  },
+  "passwordreset": {
+    "message": "Veuillez entrer un nouveau mot de passe",
+    "submit": "Changer mon mot de passe",
+    "error_title": "Erreur lors du changement de mot de passe",
+    "error_message": "Votre demande de changement de mot de passe a expiré, veuillez recommencer depuis la page de connexion"
   },
   "index": {
     "toggle_navigation": "Afficher/cacher la navigation",
@@ -19,7 +35,8 @@
     "error_info": "{{ count }} nouvelle{{ count > 1 ? 's' : '' }} erreur{{ count > 1 ? 's' : '' }}",
     "logged_as": "Connecté en tant que {{ username }}",
     "nav_settings": "Paramètres",
-    "logout": "DĂ©connexion"
+    "logout": "DĂ©connexion",
+    "global_quota_warning": "<strong>Attention !</strong> Quota global presque atteint à {{ current | number: 0 }}Mo ({{ percent | number: 1 }}%) utilisé sur {{ total | number: 0 }}Mo"
   },
   "document": {
     "search_simple": "Recherche simple",
@@ -29,7 +46,7 @@
     "search_before_date": "Avant cette date",
     "search_after_date": "Après cette date",
     "search_tags": "Tags",
-    "search_clear": "RĂ©initialiser",
+    "search_clear": "Vider",
     "any_language": "Toutes les langues",
     "add_document": "Ajouter un document",
     "tags": "Tags",
@@ -129,7 +146,8 @@
       "add_new_document": "Ajouter Ă  un nouveau document",
       "latest_activity": "Activité récente",
       "footer_sismics": "Conçu avec <span class=\"glyphicon glyphicon-heart\"></span> par <a href=\"https://www.sismics.com\" target=\"_blank\">Sismics</a>",
-      "api_documentation": "Documentation API"
+      "api_documentation": "Documentation API",
+      "feedback": "Donnez-nous votre avis"
     },
     "pdf": {
       "export_title": "Exporter en PDF",
@@ -216,6 +234,7 @@
       "add_user": "Ajouter un utilisateur",
       "username": "Nom d'utilisateur",
       "create_date": "Date de création",
+      "totp_enabled": "Authentification en deux étapes activée sur ce compte",
       "edit": {
         "delete_user_title": "Supprimer un utilisateur",
         "delete_user_message": "Etes-vous sûr de vouloir supprimer cet utilisateur ? Tous les documents, fichiers et tags associés seront supprimés",
@@ -227,7 +246,8 @@
         "storage_quota": "Quota de stockage",
         "storage_quota_placeholder": "Quota de stockage (en Mo)",
         "password": "Mot de passe",
-        "password_confirm": "Mot de passe (confirmation)"
+        "password_confirm": "Mot de passe (confirmation)",
+        "disabled": "Utilisateur désactivé"
       }
     },
     "security": {
@@ -284,7 +304,14 @@
       "custom_css_placeholder": "CSS personnalisée ajoutée après la feuille de style principale",
       "logo": "Logo (Taille carrée)",
       "background_image": "Image de fond",
-      "uploading_image": "Envoi de l'image..."
+      "uploading_image": "Envoi de l'image...",
+      "title_smtp": "<small>Configuration</small> email",
+      "smtp_hostname": "HĂ´te SMTP",
+      "smtp_port": "Port SMTP",
+      "smtp_from": "Email d'envoi",
+      "smtp_username": "Nom d'utilisateur SMTP",
+      "smtp_password": "Mot de passe SMTP",
+      "smtp_updated": "Configuration SMTP mise à jour avec succès"
     },
     "log": {
       "title": "<small>Logs</small> serveur",
@@ -313,6 +340,12 @@
       "new_entry": "Nouvelle entrée"
     }
   },
+  "feedback": {
+    "title": "Donnez-nous votre avis",
+    "message": "Vous avez des suggestions ou des questions Ă  propos de Sismics Docs ? Nous vous Ă©coutons !",
+    "sent_title": "Avis envoyé",
+    "sent_message": "Merci pour votre avis ! Cela nous aidera à améliorer Sismics Docs."
+  },
   "app_share": {
     "main": "Demandez un lien de partage d'un document pour y accéder",
     "403": {

From 6596eba6caa34f4f194d19969731d480baacaf97 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Tue, 21 Nov 2017 23:56:32 +0100
Subject: [PATCH 16/17] advertise demo app

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 2172015a..85ffffee 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,14 @@ Docs is an open source, lightweight document management system.
 
 Docs is written in Java, and may be run on any operating system with Java support.
 
+Demo
+----
+
+A demo is available at [demo.sismicsdocs.com](https://demo.sismicsdocs.com)
+- Guest login is enabled with read access on all documents
+- "admin" login with "admin" password
+- "demo" login with "password" password 
+
 Features
 --------
 

From dc28ebfa504c618748d69ddf4a78726040d509c5 Mon Sep 17 00:00:00 2001
From: Benjamin Gamard <b.gamard@sismics.com>
Date: Thu, 23 Nov 2017 01:16:54 +0100
Subject: [PATCH 17/17] fix file modal + fix file link in audit log + high
 quality thumbs

---
 .../src/main/java/com/sismics/docs/core/model/jpa/File.java   | 2 +-
 .../src/main/java/com/sismics/docs/core/util/FileUtil.java    | 4 ++--
 .../main/webapp/src/app/docs/controller/document/FileView.js  | 2 +-
 docs-web/src/main/webapp/src/app/share/controller/FileView.js | 2 +-
 .../src/main/webapp/src/partial/docs/directive.auditlog.html  | 4 ++--
 docs-web/src/main/webapp/src/partial/docs/document.html       | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/File.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/File.java
index 243e0386..3db2ab7b 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/File.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/File.java
@@ -171,7 +171,7 @@ public class File implements Loggable {
     @Override
     public String toMessage() {
         // Attached document ID and name concatenated
-        return documentId + name;
+        return (documentId == null ? Strings.repeat(" ", 36) : documentId) + name;
     }
 
     /**
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
index 6a511bf0..3d67a6a7 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
@@ -129,8 +129,8 @@ public class FileUtil {
         
         if (image != null) {
             // Generate thumbnails from image
-            BufferedImage web = Scalr.resize(image, Scalr.Method.AUTOMATIC, Scalr.Mode.AUTOMATIC, 1280, Scalr.OP_ANTIALIAS);
-            BufferedImage thumbnail = Scalr.resize(image, Scalr.Method.AUTOMATIC, Scalr.Mode.AUTOMATIC, 256, Scalr.OP_ANTIALIAS);
+            BufferedImage web = Scalr.resize(image, Scalr.Method.ULTRA_QUALITY, Scalr.Mode.AUTOMATIC, 1280);
+            BufferedImage thumbnail = Scalr.resize(image, Scalr.Method.ULTRA_QUALITY, Scalr.Mode.AUTOMATIC, 256);
             image.flush();
             
             // Write "web" encrypted image
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/document/FileView.js b/docs-web/src/main/webapp/src/app/docs/controller/document/FileView.js
index d625314a..e6407e6e 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/document/FileView.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/document/FileView.js
@@ -20,7 +20,7 @@ angular.module('docs').controller('FileView', function($uibModal, $state, $state
     $timeout(function () {
       // After all router transitions are passed,
       // if we are still on the file route, go back to the document
-      if ($state.current.name === 'document.view.content.file') {
+      if ($state.current.name === 'document.view.content.file' || $state.current.name === 'document.default.file') {
         $state.go('^', {id: $stateParams.id});
       }
     });
diff --git a/docs-web/src/main/webapp/src/app/share/controller/FileView.js b/docs-web/src/main/webapp/src/app/share/controller/FileView.js
index 800a7ceb..7b431a5b 100644
--- a/docs-web/src/main/webapp/src/app/share/controller/FileView.js
+++ b/docs-web/src/main/webapp/src/app/share/controller/FileView.js
@@ -15,7 +15,7 @@ angular.module('share').controller('FileView', function($uibModal, $state, $stat
   modal.closed = false;
   modal.result.then(function() {
     modal.closed = true;
-  },function() {
+  }, function() {
     modal.closed = true;
     $timeout(function () {
       // After all router transitions are passed,
diff --git a/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html b/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
index 554a9dc1..072552ae 100644
--- a/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
+++ b/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
@@ -20,8 +20,8 @@
             <span ng-switch-when="Document">
               <a ng-href="#/document/view/{{ log.target }}">{{ log.message }}</a>
             </span>
-            <span ng-switch-when="File">
-              <a ng-if="log.message" ng-href="#/document/view/{{ log.message | limitTo: 36 }}/content/file/{{ log.target }}">
+            <span ng-switch-when="File" ng-init="hasDocument = log.message.substring(0, 36).trim().length > 0">
+              <a ng-if="log.message" ng-href="#/document/{{ hasDocument ? 'view/' + log.message.substring(0, 36) + '/content/' : '' }}file/{{ log.target }}">
                 <span ng-if="log.message.length > 36">{{ log.message | limitTo: 1000 : 36 }}</span>
                 <span ng-if="log.message.length == 36">{{ 'open' | translate }}</span>
               </a>
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.html b/docs-web/src/main/webapp/src/partial/docs/document.html
index 7b0d2722..e98d9bd8 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.html
@@ -159,7 +159,7 @@
             next-text="{{ 'pagination.next' | translate }}"
             first-text="{{ 'pagination.first' | translate }}"
             last-text="{{ 'pagination.last' | translate }}"
-            total-items="totalDocuments" items-per-page="limit" max-size="5" ng-model="$parent.currentPage"></ul>
+            total-items="totalDocuments" items-per-page="$parent.limit" max-size="5" ng-model="$parent.currentPage"></ul>
         <label class="sr-only" for="pagesizeSelect">{{ 'document.page_size' | translate }}</label>
         <select ng-model="limit" id="pagesizeSelect" class="form-control">
           <option value="10">{{ 'document.page_size_10' | translate }}</option>