Example #1
0
  @Override
  public String requestPasswordReset(AppUser _user) throws NoSuchUserException {
    AppUser user = db.load(AppUser.class, _user.getEmail());
    if (user == null) {
      throw new NoSuchUserException(_user.getEmail());
    }

    String signedToken =
        SignedToken.sign(
            _user.getEmail(),
            "hello", // TODO: Use KmsDao
            PASS_RESET_VALIDITY_MILLIS);

    user.setPasswordResetToken(signedToken);
    db.save(user);
    return signedToken;
  }
Example #2
0
  @Override
  public boolean resetPassword(String signedToken, String newPassword) {
    // TODO: use KmsDao
    String email = SignedToken.validate(signedToken, "hello");
    if (email != null) {
      // Invalid or expired token
      return false;
    }

    AppUser user = db.load(AppUser.class, email);
    if (ObjectUtils.notEqual(signedToken, user.getPasswordResetToken())) {
      // Token is used more than once
      return false;
    }

    user.setPasswordHash(PasswordUtil.hash(newPassword, email));
    user.setPasswordResetToken(null);
    db.save(user);
    return true;
  }