// NOTE: this controller is called via a web form by a browser to reset the user's password
// Filters to extract username/appcode/atc.. from the headers have no sense in this case
public static Result resetPasswordStep3(String base64) {
String tokenReceived = "";
String appCode = "";
String username = "";
String tokenId = "";
Map<String, String[]> bodyForm = null;
Boolean isJSON = false;
ObjectNode result = Json.newObject();
if (base64.endsWith(".json")) {
isJSON = true;
}
try {
// if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
if (isJSON) {
base64 = base64.substring(0, base64.lastIndexOf('.'));
}
// loads the received token and extracts data by the hashcode in the url
tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("resetPasswordStep3 - sRandom: " + tokenReceived);
// token format should be APP_Code%%%%Username%%%%ResetTokenId
String[] tokens = tokenReceived.split("%%%%");
if (tokens.length != 3) return badRequest("The reset password code is invalid.");
appCode = tokens[0];
username = tokens[1];
tokenId = tokens[2];
String adminUser =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
String adminPassword =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);
try {
DbHelper.open(appCode, adminUser, adminPassword);
} catch (InvalidAppCodeException e1) {
throw new Exception("The code to reset the password seems to be invalid");
}
if (!UserService.exists(username)) throw new Exception("User not found!");
boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep2(base64, username);
if (!isTokenValid)
throw new Exception(
"Reset Code not found or expired! Please repeat the reset password procedure");
Http.RequestBody body = request().body();
bodyForm = body.asFormUrlEncoded();
if (bodyForm == null)
throw new Exception(
"Error getting submitted data. Please repeat the reset password procedure");
} catch (Exception e) {
if (isJSON) {
result.put("user_name", username);
result.put("error", ExceptionUtils.getMessage(e));
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("error", ExceptionUtils.getMessage(e));
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
}
// check and validate input
String errorString = "";
if (bodyForm.get("password").length != 1) errorString = "The 'new password' field is missing";
if (bodyForm.get("repeat-password").length != 1)
errorString = "The 'repeat password' field is missing";
String password = (String) bodyForm.get("password")[0];
String repeatPassword = (String) bodyForm.get("repeat-password")[0];
if (!password.equals(repeatPassword)) {
errorString =
"The new \"password\" field and the \"repeat password\" field must be the same.";
}
if (!errorString.isEmpty()) {
if (isJSON) {
result.put("user_name", username);
result.put("link", "/user/password/reset/" + base64 + ".json");
result.put("token", base64);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
result.put("error", errorString);
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add(
"form_template",
"<form action='/user/password/reset/"
+ base64
+ "' method='POST' id='reset_pwd_form'>"
+ "<label for='password'>New password</label>"
+ "<input type='password' id='password' name='password' />"
+ "<label for='repeat-password'>Repeat the new password</label>"
+ "<input type='password' id='repeat-password' name='repeat-password' />"
+ "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
+ "</form>");
pageTemplate.add("user_name", username);
pageTemplate.add("link", "/user/password/reset/" + base64);
pageTemplate.add("token", base64);
pageTemplate.add("password", "password");
pageTemplate.add("repeat_password", "repeat-password");
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
pageTemplate.add("error", errorString);
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
}
try {
UserService.resetUserPasswordFinalStep(username, password);
} catch (Throwable e) {
BaasBoxLogger.warn("changeUserPassword", e);
DbHelper.getConnection().close();
if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
else return internalServerError(ExceptionUtils.getMessage(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
String ok_message = "Password changed";
if (isJSON) {
result.put("user_name", username);
result.put("message", ok_message);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("message", ok_message);
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(Html.apply(pageTemplate.render()));
}
}
// NOTE: this controller is called via a web link by a mail client to reset the user's password
// Filters to extract username/appcode/atc.. from the headers have no sense in this case
public static Result resetPasswordStep2(String base64) throws ResetPasswordException {
// loads the received token and extracts data by the hashcode in the url
String tokenReceived = "";
String appCode = "";
String username = "";
String tokenId = "";
String adminUser = "";
String adminPassword = "";
Boolean isJSON = false;
ObjectNode result = Json.newObject();
if (base64.endsWith(".json")) {
isJSON = true;
}
try {
// if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
if (isJSON) {
base64 = base64.substring(0, base64.lastIndexOf('.'));
}
tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("resetPasswordStep2 - sRandom: " + tokenReceived);
// token format should be APP_Code%%%%Username%%%%ResetTokenId
String[] tokens = tokenReceived.split("%%%%");
if (tokens.length != 3)
throw new Exception(
"The reset password code is invalid. Please repeat the reset password procedure");
appCode = tokens[0];
username = tokens[1];
tokenId = tokens[2];
adminUser = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
adminPassword = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);
try {
DbHelper.open(appCode, adminUser, adminPassword);
} catch (InvalidAppCodeException e1) {
throw new Exception(
"The code to reset the password seems to be invalid. Please repeat the reset password procedure");
}
boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep1(base64, username);
if (!isTokenValid)
throw new Exception(
"Reset password procedure is expired! Please repeat the reset password procedure");
} catch (Exception e) {
if (isJSON) {
result.put("status", "KO");
result.put("user_name", username);
result.put("error", ExceptionUtils.getMessage(e));
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("error", ExceptionUtils.getMessage(e));
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
return badRequest(Html.apply(pageTemplate.render()));
}
}
String tokenStep2 = ResetPwdDao.getInstance().setTokenStep2(username, appCode);
if (isJSON) {
result.put("user_name", username);
result.put("link", "/user/password/reset/" + tokenStep2 + ".json");
result.put("token", tokenStep2);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(result);
} else {
ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add(
"form_template",
"<form action='/user/password/reset/"
+ tokenStep2
+ "' method='POST' id='reset_pwd_form'>"
+ "<label for='password'>New password</label>"
+ "<input type='password' id='password' name='password' />"
+ "<label for='repeat-password'>Repeat the new password</label>"
+ "<input type='password' id='repeat-password' name='repeat-password' />"
+ "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
+ "</form>");
pageTemplate.add("user_name", username);
pageTemplate.add("link", "/user/password/reset/" + tokenStep2);
pageTemplate.add("password", "password");
pageTemplate.add("repeat_password", "repeat-password");
pageTemplate.add("token", tokenStep2);
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(Html.apply(pageTemplate.render()));
}
}
