// password reset functionality  ---  Sajid Shajahan
  @RequestMapping(
      value = "/admin/users/resetPasswordSecurityQtn.html",
      method = RequestMethod.POST,
      produces = "application/json")
  public @ResponseBody String resetPasswordSecurityQtn(
      @ModelAttribute(value = "userReset") UserReset userReset,
      HttpServletRequest request,
      HttpServletResponse response,
      Locale locale) {

    MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
    Language userLanguage = null;
    Locale userLocale = null;
    AjaxResponse resp = new AjaxResponse();

    // String question1 = request.getParameter("question1");
    // String question2 = request.getParameter("question2");
    // String question3 = request.getParameter("question3");

    String answer1 = request.getParameter("answer1");
    String answer2 = request.getParameter("answer2");
    String answer3 = request.getParameter("answer3");

    try {

      HttpSession session = request.getSession();
      User dbUser = userService.getByUserName((String) session.getAttribute("username_reset"));

      if (dbUser != null) {

        if (dbUser.getAnswer1().equals(answer1.trim())
            && dbUser.getAnswer2().equals(answer2.trim())
            && dbUser.getAnswer3().equals(answer3.trim())) {
          userLanguage = dbUser.getDefaultLanguage();
          userLocale = LocaleUtils.getLocale(userLanguage);

          String tempPass = userReset.generateRandomString();
          String pass = passwordEncoder.encodePassword(tempPass, null);

          dbUser.setAdminPassword(pass);
          userService.update(dbUser);

          // send email

          try {
            String[] storeEmail = {store.getStoreEmailAddress()};

            Map<String, String> templateTokens =
                EmailUtils.createEmailObjectsMap(
                    request.getContextPath(), store, messages, userLocale);
            templateTokens.put(
                EmailConstants.EMAIL_RESET_PASSWORD_TXT,
                messages.getMessage("email.user.resetpassword.text", userLocale));
            templateTokens.put(
                EmailConstants.EMAIL_CONTACT_OWNER,
                messages.getMessage("email.contactowner", storeEmail, userLocale));
            templateTokens.put(
                EmailConstants.EMAIL_PASSWORD_LABEL,
                messages.getMessage("label.generic.password", userLocale));
            templateTokens.put(EmailConstants.EMAIL_USER_PASSWORD, tempPass);

            Email email = new Email();
            email.setFrom(store.getStorename());
            email.setFromEmail(store.getStoreEmailAddress());
            email.setSubject(messages.getMessage("label.generic.changepassword", userLocale));
            email.setTo(dbUser.getAdminEmail());
            email.setTemplateName(RESET_PASSWORD_TPL);
            email.setTemplateTokens(templateTokens);

            emailService.sendHtmlEmail(store, email);

          } catch (Exception e) {
            LOGGER.error("Cannot send email to user", e);
          }

          resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
          resp.setStatusMessage(messages.getMessage("User.resetPassword.resetSuccess", locale));
        } else {
          resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
          resp.setStatusMessage(messages.getMessage("User.resetPassword.wrongSecurityQtn", locale));
        }
      } else {
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        resp.setStatusMessage(messages.getMessage("User.resetPassword.userNotFound", locale));
      }

    } catch (ServiceException e) {
      e.printStackTrace();
      resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
      resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale));
    }

    String returnString = resp.toJSONString();
    return returnString;
  }
  @PreAuthorize("hasRole('CUSTOMER')")
  @RequestMapping(
      value = "/admin/customers/resetPassword.html",
      method = RequestMethod.POST,
      produces = "application/json")
  public @ResponseBody String resetPassword(
      HttpServletRequest request, HttpServletResponse response) {

    String customerId = request.getParameter("customerId");

    MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
    AjaxResponse resp = new AjaxResponse();

    try {

      Long id = Long.parseLong(customerId);

      Customer customer = customerService.getById(id);

      if (customer == null) {
        resp.setErrorString("Customer does not exist");
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        return resp.toJSONString();
      }

      if (customer.getMerchantStore().getId().intValue() != store.getId().intValue()) {
        resp.setErrorString("Invalid customer id");
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        return resp.toJSONString();
      }

      Language userLanguage = customer.getDefaultLanguage();

      Locale customerLocale = LocaleUtils.getLocale(userLanguage);

      String password = UserReset.generateRandomString();
      String encodedPassword = passwordEncoder.encodePassword(password, null);

      customer.setPassword(encodedPassword);

      customerService.saveOrUpdate(customer);

      // send email

      try {

        // creation of a user, send an email
        String[] storeEmail = {store.getStoreEmailAddress()};

        Map<String, String> templateTokens =
            EmailUtils.createEmailObjectsMap(
                request.getContextPath(), store, messages, customerLocale);
        templateTokens.put(
            EmailConstants.LABEL_HI, messages.getMessage("label.generic.hi", customerLocale));
        templateTokens.put(
            EmailConstants.EMAIL_CUSTOMER_FIRSTNAME, customer.getBilling().getFirstName());
        templateTokens.put(
            EmailConstants.EMAIL_CUSTOMER_LASTNAME, customer.getBilling().getLastName());
        templateTokens.put(
            EmailConstants.EMAIL_RESET_PASSWORD_TXT,
            messages.getMessage("email.customer.resetpassword.text", customerLocale));
        templateTokens.put(
            EmailConstants.EMAIL_CONTACT_OWNER,
            messages.getMessage("email.contactowner", storeEmail, customerLocale));
        templateTokens.put(
            EmailConstants.EMAIL_PASSWORD_LABEL,
            messages.getMessage("label.generic.password", customerLocale));
        templateTokens.put(EmailConstants.EMAIL_CUSTOMER_PASSWORD, password);

        Email email = new Email();
        email.setFrom(store.getStorename());
        email.setFromEmail(store.getStoreEmailAddress());
        email.setSubject(messages.getMessage("label.generic.changepassword", customerLocale));
        email.setTo(customer.getEmailAddress());
        email.setTemplateName(RESET_PASSWORD_TPL);
        email.setTemplateTokens(templateTokens);

        emailService.sendHtmlEmail(store, email);
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);

      } catch (Exception e) {
        LOGGER.error("Cannot send email to user", e);
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
      }

    } catch (Exception e) {
      LOGGER.error("An exception occured while changing password", e);
      resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
    }

    return resp.toJSONString();
  }