// password reset functionality --- Sajid Shajahan
@RequestMapping(
value = "/admin/users/resetPasswordSecurityQtn.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String resetPasswordSecurityQtn(
@ModelAttribute(value = "userReset") UserReset userReset,
HttpServletRequest request,
HttpServletResponse response,
Locale locale) {
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
Language userLanguage = null;
Locale userLocale = null;
AjaxResponse resp = new AjaxResponse();
// String question1 = request.getParameter("question1");
// String question2 = request.getParameter("question2");
// String question3 = request.getParameter("question3");
String answer1 = request.getParameter("answer1");
String answer2 = request.getParameter("answer2");
String answer3 = request.getParameter("answer3");
try {
HttpSession session = request.getSession();
User dbUser = userService.getByUserName((String) session.getAttribute("username_reset"));
if (dbUser != null) {
if (dbUser.getAnswer1().equals(answer1.trim())
&& dbUser.getAnswer2().equals(answer2.trim())
&& dbUser.getAnswer3().equals(answer3.trim())) {
userLanguage = dbUser.getDefaultLanguage();
userLocale = LocaleUtils.getLocale(userLanguage);
String tempPass = userReset.generateRandomString();
String pass = passwordEncoder.encodePassword(tempPass, null);
dbUser.setAdminPassword(pass);
userService.update(dbUser);
// send email
try {
String[] storeEmail = {store.getStoreEmailAddress()};
Map<String, String> templateTokens =
EmailUtils.createEmailObjectsMap(
request.getContextPath(), store, messages, userLocale);
templateTokens.put(
EmailConstants.EMAIL_RESET_PASSWORD_TXT,
messages.getMessage("email.user.resetpassword.text", userLocale));
templateTokens.put(
EmailConstants.EMAIL_CONTACT_OWNER,
messages.getMessage("email.contactowner", storeEmail, userLocale));
templateTokens.put(
EmailConstants.EMAIL_PASSWORD_LABEL,
messages.getMessage("label.generic.password", userLocale));
templateTokens.put(EmailConstants.EMAIL_USER_PASSWORD, tempPass);
Email email = new Email();
email.setFrom(store.getStorename());
email.setFromEmail(store.getStoreEmailAddress());
email.setSubject(messages.getMessage("label.generic.changepassword", userLocale));
email.setTo(dbUser.getAdminEmail());
email.setTemplateName(RESET_PASSWORD_TPL);
email.setTemplateTokens(templateTokens);
emailService.sendHtmlEmail(store, email);
} catch (Exception e) {
LOGGER.error("Cannot send email to user", e);
}
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
resp.setStatusMessage(messages.getMessage("User.resetPassword.resetSuccess", locale));
} else {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.wrongSecurityQtn", locale));
}
} else {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.userNotFound", locale));
}
} catch (ServiceException e) {
e.printStackTrace();
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale));
}
String returnString = resp.toJSONString();
return returnString;
}
@PreAuthorize("hasRole('AUTH')")
@RequestMapping(value = "/admin/users/savePassword.html", method = RequestMethod.POST)
public String changePassword(
@ModelAttribute("password") Password password,
BindingResult result,
Model model,
HttpServletRequest request,
HttpServletResponse response,
Locale locale)
throws Exception {
setMenu(model, request);
String userName = request.getRemoteUser();
User dbUser = userService.getByUserName(userName);
if (password.getUser().getId().longValue() != dbUser.getId().longValue()) {
return "redirect:/admin/users/displayUser.html";
}
// validate password not empty
if (StringUtils.isBlank(password.getPassword())) {
ObjectError error =
new ObjectError(
"password",
new StringBuilder()
.append(messages.getMessage("label.generic.password", locale))
.append(" ")
.append(messages.getMessage("message.cannot.empty", locale))
.toString());
result.addError(error);
return ControllerConstants.Tiles.User.password;
}
String tempPass = passwordEncoder.encodePassword(password.getPassword(), null);
// password match
if (!tempPass.equals(dbUser.getAdminPassword())) {
ObjectError error =
new ObjectError("password", messages.getMessage("message.password.invalid", locale));
result.addError(error);
return ControllerConstants.Tiles.User.password;
}
if (StringUtils.isBlank(password.getNewPassword())) {
ObjectError error =
new ObjectError(
"newPassword",
new StringBuilder()
.append(messages.getMessage("label.generic.newpassword", locale))
.append(" ")
.append(messages.getMessage("message.cannot.empty", locale))
.toString());
result.addError(error);
}
if (StringUtils.isBlank(password.getRepeatPassword())) {
ObjectError error =
new ObjectError(
"newPasswordAgain",
new StringBuilder()
.append(messages.getMessage("label.generic.newpassword.repeat", locale))
.append(" ")
.append(messages.getMessage("message.cannot.empty", locale))
.toString());
result.addError(error);
}
if (!password.getRepeatPassword().equals(password.getNewPassword())) {
ObjectError error =
new ObjectError(
"newPasswordAgain", messages.getMessage("message.password.different", locale));
result.addError(error);
}
if (password.getNewPassword().length() < 6) {
ObjectError error =
new ObjectError("newPassword", messages.getMessage("message.password.length", locale));
result.addError(error);
}
if (result.hasErrors()) {
return ControllerConstants.Tiles.User.password;
}
String pass = passwordEncoder.encodePassword(password.getNewPassword(), null);
dbUser.setAdminPassword(pass);
userService.update(dbUser);
model.addAttribute("success", "success");
return ControllerConstants.Tiles.User.password;
}