public String resetPassword() {
if (checkResetPasswdErrors()) {
return INPUT;
}
try {
User usr = this.userService.getUserById(user.getId());
// can't find user, means the reset password link has been expired
if (usr == null) {
addActionError("reset.password.user.account.information.invalid");
return INPUT;
}
// reset password hash code is null, means the reset password link has been expired
if (usr.getResetPasswdHashCode() == null) {
// The reset password link has been expired
addActionError(getText("reset.password.user.account.information.expired"));
return INPUT;
}
if (usr.getResetPasswdHashCode() != null
&& (!usr.getResetPasswdHashCode().equals(user.getResetPasswdHashCode()))) {
addActionError(getText("reset.password.user.account.information.expired"));
return INPUT;
}
//
usr.setPassword(MD5.hash(user.getPassword()));
usr.setResetPasswdHashCode(null);
this.userService.updateUser(usr);
// sign a persistent User
user = usr;
// find any previous blocked ip, if find, just remove it.
String ipAddress = request.getRemoteAddr();
this.blockIPService.deleteBlockIPByIp(ipAddress);
// set action finished messsage
addActionMessage(
getText(
"reset.password.new.password.reset.success.msg",
new String[] {user.getDisplayName()}));
// set page title and navigation label
setNavBarAndTitleForResetPwd();
} catch (Exception e) {
logger.error(e.getMessage());
addActionError(getText("reset.password.new.password.reset.failed"));
return ERROR;
}
return SUCCESS;
}
public String forgotPassword() {
try {
// security code error. just return immediately, not go further.
if (isSecurityCodeError(securityCode)) {
addFieldError("securityCode", getText("security.code.invalid"));
return INPUT;
}
User foundUser =
this.userService.getUserByNameEmail(
user.getFirstName(), user.getLastName(), user.getEmail());
// can find the user in the database
if (foundUser == null) {
addActionError(getText("forgot.password.user.name.or.email.invalid"));
return INPUT;
}
// user account is inactive
if (!foundUser.isActivated()) {
addActionError(getText("forgot.password.user.account.inactive"));
return INPUT;
}
if (foundUser.getPassword().equals("ldap")) {
addActionError(getText("forgot.password.cannot.reset.ldap.account"));
return INPUT;
}
String displayName = foundUser.getDisplayName();
String userFullName = user.getFirstName() + " " + user.getLastName();
// user first name and last name is not the same first name and last name as the registered
if (!StringUtils.equals(userFullName, displayName)) {
addActionError(getText("forgot.password.user.name.or.email.invalid"));
return INPUT;
}
String resetPasswdCode = generateSecurityHash(foundUser.getEmail());
foundUser.setResetPasswdHashCode(resetPasswdCode);
this.userService.updateUser(foundUser);
// construct a reset password url for email
String resetPwdUrl =
constructResetPwdUrl(
foundUser.getId(), foundUser.getUidHashCode(), foundUser.getResetPasswdHashCode());
// site name
String serverQName = getServerQName();
// start to send an email to user
sendResetPasswdEmailToUser(serverQName, foundUser.getEmail(), resetPwdUrl);
// set action finished messsage
addActionMessage(
getText(
"forgot.password.request.for.reset.password.finished.msg",
new String[] {displayName}));
// set the page title and nav label
setNavBarAndTitleForForgotPwd();
} catch (Exception e) {
logger.error(e.getMessage());
addActionError(getText("forgot.password.request.for.reset.password.failed"));
return ERROR;
}
return SUCCESS;
}