public Result doResetPassword() {
    com.feth.play.module.pa.controllers.AuthenticateDI.noCache(this.session.response());
    final Form<ModelAuth.PasswordReset> filledForm = getResetPasswordForm().bindFromRequest();
    if (filledForm.hasErrors()) {

      boolean disableIndexing = false;
      ContentInner contentInner = renderResetPasswordView(filledForm);

      return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
    } else {
      final String token = filledForm.get().token;
      final String newPassword = filledForm.get().password;

      final EntryTokenAction tokenAction =
          Auth.isTokenValid(token, EntryTokenAction.Type.PASSWORD_RESET);
      if (tokenAction == null) {

        ContentInner contentInner =
            new PageAuthAccount(this.session, this.onRenderListener).renderNoTokenOrInvalidView();
        boolean disableIndexing = false;

        return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
      }
      final EntryUser user = tokenAction.targetUser;
      try {
        // Pass true for the second parameter if you want to
        // automatically create a password and the exception never to
        // happen
        user.resetPassword(new ProviderUsernamePasswordAuthUser(newPassword), false);
      } catch (final RuntimeException re) {
        this.session.flash(
            Auth.FLASH_MESSAGE_KEY,
            Messages.get("playauthenticate.reset_password.message.no_password_account"));
      }
      final boolean login = ProviderUsernamePasswordAuth.getProvider().isLoginAfterPasswordReset();
      if (login) {
        // automatically log in
        this.session.flash(
            Auth.FLASH_MESSAGE_KEY,
            Messages.get("playauthenticate.reset_password.message.success.auto_login"));

        return PlayAuthenticate.loginAndRedirect(
            this.session.ctx(), new ProviderLoginUsernamePasswordAuthUser(user.email));
      } else {
        // send the user to the login page
        this.session.flash(
            Auth.FLASH_MESSAGE_KEY,
            Messages.get("playauthenticate.reset_password.message.success.manual_login"));
      }
      return this.onRenderListener.redirectToLogin();
    }
  }
  public Result doRemindPassword() {
    com.feth.play.module.pa.controllers.AuthenticateDI.noCache(this.session.response());
    final Form<ModelAuth.Identity> filledForm = getForgotPasswordForm().bindFromRequest();
    if (filledForm.hasErrors()) {
      // User did not fill in his/her email

      boolean disableIndexing = false;
      ContentInner contentInner = renderRemindPasswordView(filledForm);

      return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
    } else {
      // The email address given *BY AN UNKNWON PERSON* to the form - we
      // should find out if we actually have a user with this email
      // address and whether password login is enabled for him/her. Also
      // only send if the email address of the user has been verified.
      final String email = filledForm.get().email;

      // We don't want to expose whether a given email address is signed
      // up, so just say an email has been sent, even though it might not
      // be true - that's protecting our user privacy.
      this.session.flash(
          Auth.FLASH_MESSAGE_KEY,
          Messages.get("playauthenticate.reset_password.message.instructions_sent", email));

      final EntryUser user = EntryUser.findByEmail(email);
      if (user != null) {
        // yep, we have a user with this email that is active - we do
        // not know if the user owning that account has requested this
        // reset, though.
        final ProviderUsernamePasswordAuth provider = ProviderUsernamePasswordAuth.getProvider();
        // User exists
        if (user.emailValidated) {
          provider.sendPasswordResetMailing(user, this.session.ctx());
          // In case you actually want to let (the unknown person)
          // know whether a user was found/an email was sent, use,
          // change the flash message
        } else {
          // We need to change the message here, otherwise the user
          // does not understand whats going on - we should not verify
          // with the password reset, as a "bad" user could then sign
          // up with a fake email via OAuth and get it verified by an
          // a unsuspecting user that clicks the link.
          this.session.flash(
              Auth.FLASH_MESSAGE_KEY,
              Messages.get("playauthenticate.reset_password.message.email_not_verified"));

          // You might want to re-send the verification email here...
          provider.sendVerifyEmailMailingAfterSignup(user, this.session.ctx());
        }
      }

      return this.onRenderListener.redirectToMain();
    }
  }