View Javadoc

1   package org.appfuse.webapp.controller;
2   
3   import java.util.Locale;
4   
5   import javax.servlet.http.HttpServletRequest;
6   
7   import org.apache.commons.lang.StringUtils;
8   import org.appfuse.model.User;
9   import org.appfuse.webapp.util.RequestUtil;
10  import org.springframework.security.access.AccessDeniedException;
11  import org.springframework.security.core.userdetails.UsernameNotFoundException;
12  import org.springframework.stereotype.Controller;
13  import org.springframework.web.bind.annotation.RequestMapping;
14  import org.springframework.web.bind.annotation.RequestMethod;
15  import org.springframework.web.bind.annotation.RequestParam;
16  import org.springframework.web.servlet.ModelAndView;
17  
18  /**
19   * Update Password Controller.
20   * 
21   * @author ivangsa
22   */
23  @Controller
24  public class UpdatePasswordController extends BaseFormController {
25  
26      public static final String RECOVERY_PASSWORD_TEMPLATE = "/updatePassword?username={username}&token={token}";
27  
28      /**
29       *
30       * @param username
31       * @param request
32       * @return
33       */
34      @RequestMapping(value = "/requestRecoveryToken*", method = RequestMethod.GET)
35      public String requestRecoveryToken(
36              @RequestParam(value = "username", required = true) final String username,
37              final HttpServletRequest request)
38      {
39          log.debug("Sending recovery token to user " + username);
40          try {
41              getUserManager().sendPasswordRecoveryEmail(username, RequestUtil.getAppURL(request) + RECOVERY_PASSWORD_TEMPLATE);
42          } catch (final UsernameNotFoundException ignored) {
43              // lets ignore this
44          }
45          saveMessage(request, getText("updatePassword.recoveryToken.sent", request.getLocale()));
46          return "redirect:/";
47      }
48  
49      /**
50       *
51       * @param username
52       * @param token
53       * @return
54       */
55      @RequestMapping(value = "/updatePassword*", method = RequestMethod.GET)
56      public ModelAndView showForm(
57              @RequestParam(value = "username", required = false) String username,
58              @RequestParam(value = "token", required = false) final String token,
59              final HttpServletRequest request)
60      {
61          if (StringUtils.isBlank(username)) {
62              username = request.getRemoteUser();
63          }
64          if (StringUtils.isNotBlank(token) && !getUserManager().isRecoveryTokenValid(username, token)) {
65              saveError(request, getText("updatePassword.invalidToken", request.getLocale()));
66              return new ModelAndView("redirect:/");
67          }
68  
69          return new ModelAndView("updatePasswordForm").addObject("username", username).addObject("token", token);
70      }
71  
72      /**
73       *
74       * @param username
75       * @param token
76       * @param password
77       * @param request
78       * @return
79       * @throws Exception
80       */
81      @RequestMapping(value = "/updatePassword*", method = RequestMethod.POST)
82      public ModelAndView onSubmit(
83              @RequestParam(value = "username", required = true) final String username,
84              @RequestParam(value = "token", required = false) final String token,
85              @RequestParam(value = "currentPassword", required = false) final String currentPassword,
86              @RequestParam(value = "password", required = true) final String password,
87              final HttpServletRequest request)
88              throws Exception
89      {
90          log.debug("PasswordRecoveryController onSubmit for username: " + username);
91  
92          final Locale locale = request.getLocale();
93          if (StringUtils.isEmpty(password)) {
94              saveError(request, getText("errors.required", getText("updatePassword.newPassword.label", locale), locale));
95              return showForm(username, null, request);
96          }
97  
98          User user = null;
99          final boolean usingToken = StringUtils.isNotBlank(token);
100         if (usingToken) {
101             log.debug("Updating Password for username " + username + ", using reset token");
102             user = getUserManager().updatePassword(username, null, token, password,
103                     RequestUtil.getAppURL(request));
104 
105         } else {
106             log.debug("Updating Password for username " + username + ", using current password");
107             if (!username.equals(request.getRemoteUser())) {
108                 throw new AccessDeniedException("You do not have permission to modify other users password.");
109             }
110             user = getUserManager().updatePassword(username, currentPassword, null, password,
111                     RequestUtil.getAppURL(request));
112         }
113 
114         if (user != null) {
115             saveMessage(request, getText("updatePassword.success", new Object[] { username }, locale));
116         }
117         else {
118             if (usingToken) {
119                 saveError(request, getText("updatePassword.invalidToken", locale));
120             }
121             else {
122                 saveError(request, getText("updatePassword.invalidPassword", locale));
123                 return showForm(username, null, request);
124             }
125         }
126 
127         return new ModelAndView("redirect:/");
128     }
129 
130 }