public Result doRemindPassword() {
com.feth.play.module.pa.controllers.AuthenticateDI.noCache(this.session.response());
final Form<ModelAuth.Identity> filledForm = getForgotPasswordForm().bindFromRequest();
if (filledForm.hasErrors()) {
// User did not fill in his/her email
boolean disableIndexing = false;
ContentInner contentInner = renderRemindPasswordView(filledForm);
return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
} else {
// The email address given *BY AN UNKNWON PERSON* to the form - we
// should find out if we actually have a user with this email
// address and whether password login is enabled for him/her. Also
// only send if the email address of the user has been verified.
final String email = filledForm.get().email;
// We don't want to expose whether a given email address is signed
// up, so just say an email has been sent, even though it might not
// be true - that's protecting our user privacy.
this.session.flash(
Auth.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.instructions_sent", email));
final EntryUser user = EntryUser.findByEmail(email);
if (user != null) {
// yep, we have a user with this email that is active - we do
// not know if the user owning that account has requested this
// reset, though.
final ProviderUsernamePasswordAuth provider = ProviderUsernamePasswordAuth.getProvider();
// User exists
if (user.emailValidated) {
provider.sendPasswordResetMailing(user, this.session.ctx());
// In case you actually want to let (the unknown person)
// know whether a user was found/an email was sent, use,
// change the flash message
} else {
// We need to change the message here, otherwise the user
// does not understand whats going on - we should not verify
// with the password reset, as a "bad" user could then sign
// up with a fake email via OAuth and get it verified by an
// a unsuspecting user that clicks the link.
this.session.flash(
Auth.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.email_not_verified"));
// You might want to re-send the verification email here...
provider.sendVerifyEmailMailingAfterSignup(user, this.session.ctx());
}
}
return this.onRenderListener.redirectToMain();
}
}
public Result doResetPassword() {
com.feth.play.module.pa.controllers.AuthenticateDI.noCache(this.session.response());
final Form<ModelAuth.PasswordReset> filledForm = getResetPasswordForm().bindFromRequest();
if (filledForm.hasErrors()) {
boolean disableIndexing = false;
ContentInner contentInner = renderResetPasswordView(filledForm);
return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
} else {
final String token = filledForm.get().token;
final String newPassword = filledForm.get().password;
final EntryTokenAction tokenAction =
Auth.isTokenValid(token, EntryTokenAction.Type.PASSWORD_RESET);
if (tokenAction == null) {
ContentInner contentInner =
new PageAuthAccount(this.session, this.onRenderListener).renderNoTokenOrInvalidView();
boolean disableIndexing = false;
return Results.badRequest(this.onRenderListener.onRender(contentInner, disableIndexing));
}
final EntryUser user = tokenAction.targetUser;
try {
// Pass true for the second parameter if you want to
// automatically create a password and the exception never to
// happen
user.resetPassword(new ProviderUsernamePasswordAuthUser(newPassword), false);
} catch (final RuntimeException re) {
this.session.flash(
Auth.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.no_password_account"));
}
final boolean login = ProviderUsernamePasswordAuth.getProvider().isLoginAfterPasswordReset();
if (login) {
// automatically log in
this.session.flash(
Auth.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.success.auto_login"));
return PlayAuthenticate.loginAndRedirect(
this.session.ctx(), new ProviderLoginUsernamePasswordAuthUser(user.email));
} else {
// send the user to the login page
this.session.flash(
Auth.FLASH_MESSAGE_KEY,
Messages.get("playauthenticate.reset_password.message.success.manual_login"));
}
return this.onRenderListener.redirectToLogin();
}
}
