@With({AdminCredentialWrapFilter.class, ConnectToDBFilter.class})
public static Result resetPasswordStep1(String username) {
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
// check and validate input
if (username == null)
return badRequest(
"The 'username' field is missing in the URL, please check the documentation");
if (!UserService.exists(username)) return badRequest("Username " + username + " not found!");
QueryParams criteria =
QueryParams.getInstance().where("user.name=?").params(new String[] {username});
ODocument user;
try {
List<ODocument> users = UserService.getUsers(criteria);
user = UserService.getUsers(criteria).get(0);
ODocument attrObj = user.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
if (attrObj == null || attrObj.field("email") == null)
return badRequest(
"Cannot reset password, the \"email\" attribute is not defined into the user's private profile");
// if (UserService.checkResetPwdAlreadyRequested(username)) return badRequest("You have
// already requested a reset of your password.");
String appCode = (String) Http.Context.current.get().args.get("appcode");
UserService.sendResetPwdMail(appCode, user);
} catch (PasswordRecoveryException e) {
BaasBoxLogger.warn("resetPasswordStep1", e);
return badRequest(ExceptionUtils.getMessage(e));
} catch (Exception e) {
BaasBoxLogger.warn("resetPasswordStep1", e);
return internalServerError(ExceptionUtils.getFullStackTrace(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
return ok();
}
// NOTE: this controller is called via a web form by a browser to reset the user's password
// Filters to extract username/appcode/atc.. from the headers have no sense in this case
public static Result resetPasswordStep3(String base64) {
String tokenReceived = "";
String appCode = "";
String username = "";
String tokenId = "";
Map<String, String[]> bodyForm = null;
try {
// loads the received token and extracts data by the hashcode in the url
tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
Logger.debug("resetPasswordStep3 - sRandom: " + tokenReceived);
// token format should be APP_Code%%%%Username%%%%ResetTokenId
String[] tokens = tokenReceived.split("%%%%");
if (tokens.length != 3) return badRequest("The reset password code is invalid.");
appCode = tokens[0];
username = tokens[1];
tokenId = tokens[2];
String adminUser =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
String adminPassword =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);
try {
DbHelper.open(appCode, adminUser, adminPassword);
} catch (InvalidAppCodeException e1) {
throw new Exception("The code to reset the password seems to be invalid");
}
if (!UserService.exists(username)) throw new Exception("User not found!");
boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep2(base64, username);
if (!isTokenValid)
throw new Exception(
"Reset Code not found or expired! Please repeat the reset password procedure");
Http.RequestBody body = request().body();
bodyForm = body.asFormUrlEncoded();
if (bodyForm == null)
throw new Exception(
"Error getting submitted data. Please repeat the reset password procedure");
} catch (Exception e) {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("error", e.getMessage());
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
// check and validate input
String errorString = "";
if (bodyForm.get("password").length != 1) errorString = "The 'new password' field is missing";
if (bodyForm.get("repeat-password").length != 1)
errorString = "The 'repeat password' field is missing";
String password = (String) bodyForm.get("password")[0];
String repeatPassword = (String) bodyForm.get("repeat-password")[0];
if (!password.equals(repeatPassword)) {
errorString =
"The new \"password\" field and the \"repeat password\" field must be the same.";
}
if (!errorString.isEmpty()) {
ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add(
"form_template",
"<form action='/user/password/reset/"
+ base64
+ "' method='POST' id='reset_pwd_form'>"
+ "<label for='password'>New password</label>"
+ "<input type='password' id='password' name='password' />"
+ "<label for='repeat-password'>Repeat the new password</label>"
+ "<input type='password' id='repeat-password' name='repeat-password' />"
+ "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
+ "</form>");
pageTemplate.add("user_name", username);
pageTemplate.add("link", "/user/password/reset/" + base64);
pageTemplate.add("password", "password");
pageTemplate.add("repeat_password", "repeat-password");
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
pageTemplate.add("error", errorString);
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
try {
UserService.resetUserPasswordFinalStep(username, password);
} catch (Throwable e) {
Logger.warn("changeUserPassword", e);
DbHelper.getConnection().close();
if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
else return internalServerError(e.getMessage());
}
Logger.trace("Method End");
String ok_message = "Password changed";
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("message", ok_message);
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(Html.apply(pageTemplate.render()));
}