public boolean checkAndChangePassword(
     final User user, final String oldPassword, final String password) throws MailException {
   if (user.checkPassword(oldPassword)) {
     ((UserImpl) user).setPassword(password);
     entityManager.merge(user);
     final UserString email = user.getEmail();
     if (email != null)
       MailSender.sendPasswordChangeMail(user.getName().toString(), password, email.nonEscaped());
     return true;
   }
   return false;
 }
 public void forgotPassword(final String email) throws UserNotFoundException, MailException {
   final Query query =
       entityManager.createQuery("select u from UserImpl u where u.email=:cryptedMail");
   query.setParameter("cryptedMail", CipherHelper.cipher(email));
   final List<UserImpl> list = query.getResultList();
   if (list.isEmpty()) throw new UserNotFoundException();
   for (final UserImpl user : list) {
     final String password = Helper.randomstring();
     user.setPassword(password);
     MailSender.forgotPasswordMail(user.getName(), password, email);
     entityManager.merge(user);
   }
 }