// password reset functionality --- Sajid Shajahan @RequestMapping( value = "/admin/users/resetPasswordSecurityQtn.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String resetPasswordSecurityQtn( @ModelAttribute(value = "userReset") UserReset userReset, HttpServletRequest request, HttpServletResponse response, Locale locale) { MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE); Language userLanguage = null; Locale userLocale = null; AjaxResponse resp = new AjaxResponse(); // String question1 = request.getParameter("question1"); // String question2 = request.getParameter("question2"); // String question3 = request.getParameter("question3"); String answer1 = request.getParameter("answer1"); String answer2 = request.getParameter("answer2"); String answer3 = request.getParameter("answer3"); try { HttpSession session = request.getSession(); User dbUser = userService.getByUserName((String) session.getAttribute("username_reset")); if (dbUser != null) { if (dbUser.getAnswer1().equals(answer1.trim()) && dbUser.getAnswer2().equals(answer2.trim()) && dbUser.getAnswer3().equals(answer3.trim())) { userLanguage = dbUser.getDefaultLanguage(); userLocale = LocaleUtils.getLocale(userLanguage); String tempPass = userReset.generateRandomString(); String pass = passwordEncoder.encodePassword(tempPass, null); dbUser.setAdminPassword(pass); userService.update(dbUser); // send email try { String[] storeEmail = {store.getStoreEmailAddress()}; Map<String, String> templateTokens = EmailUtils.createEmailObjectsMap( request.getContextPath(), store, messages, userLocale); templateTokens.put( EmailConstants.EMAIL_RESET_PASSWORD_TXT, messages.getMessage("email.user.resetpassword.text", userLocale)); templateTokens.put( EmailConstants.EMAIL_CONTACT_OWNER, messages.getMessage("email.contactowner", storeEmail, userLocale)); templateTokens.put( EmailConstants.EMAIL_PASSWORD_LABEL, messages.getMessage("label.generic.password", userLocale)); templateTokens.put(EmailConstants.EMAIL_USER_PASSWORD, tempPass); Email email = new Email(); email.setFrom(store.getStorename()); email.setFromEmail(store.getStoreEmailAddress()); email.setSubject(messages.getMessage("label.generic.changepassword", userLocale)); email.setTo(dbUser.getAdminEmail()); email.setTemplateName(RESET_PASSWORD_TPL); email.setTemplateTokens(templateTokens); emailService.sendHtmlEmail(store, email); } catch (Exception e) { LOGGER.error("Cannot send email to user", e); } resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED); resp.setStatusMessage(messages.getMessage("User.resetPassword.resetSuccess", locale)); } else { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.wrongSecurityQtn", locale)); } } else { resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.userNotFound", locale)); } } catch (ServiceException e) { e.printStackTrace(); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale)); } String returnString = resp.toJSONString(); return returnString; }
@PreAuthorize("hasRole('CUSTOMER')") @RequestMapping( value = "/admin/customers/resetPassword.html", method = RequestMethod.POST, produces = "application/json") public @ResponseBody String resetPassword( HttpServletRequest request, HttpServletResponse response) { String customerId = request.getParameter("customerId"); MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE); AjaxResponse resp = new AjaxResponse(); try { Long id = Long.parseLong(customerId); Customer customer = customerService.getById(id); if (customer == null) { resp.setErrorString("Customer does not exist"); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); return resp.toJSONString(); } if (customer.getMerchantStore().getId().intValue() != store.getId().intValue()) { resp.setErrorString("Invalid customer id"); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); return resp.toJSONString(); } Language userLanguage = customer.getDefaultLanguage(); Locale customerLocale = LocaleUtils.getLocale(userLanguage); String password = UserReset.generateRandomString(); String encodedPassword = passwordEncoder.encodePassword(password, null); customer.setPassword(encodedPassword); customerService.saveOrUpdate(customer); // send email try { // creation of a user, send an email String[] storeEmail = {store.getStoreEmailAddress()}; Map<String, String> templateTokens = EmailUtils.createEmailObjectsMap( request.getContextPath(), store, messages, customerLocale); templateTokens.put( EmailConstants.LABEL_HI, messages.getMessage("label.generic.hi", customerLocale)); templateTokens.put( EmailConstants.EMAIL_CUSTOMER_FIRSTNAME, customer.getBilling().getFirstName()); templateTokens.put( EmailConstants.EMAIL_CUSTOMER_LASTNAME, customer.getBilling().getLastName()); templateTokens.put( EmailConstants.EMAIL_RESET_PASSWORD_TXT, messages.getMessage("email.customer.resetpassword.text", customerLocale)); templateTokens.put( EmailConstants.EMAIL_CONTACT_OWNER, messages.getMessage("email.contactowner", storeEmail, customerLocale)); templateTokens.put( EmailConstants.EMAIL_PASSWORD_LABEL, messages.getMessage("label.generic.password", customerLocale)); templateTokens.put(EmailConstants.EMAIL_CUSTOMER_PASSWORD, password); Email email = new Email(); email.setFrom(store.getStorename()); email.setFromEmail(store.getStoreEmailAddress()); email.setSubject(messages.getMessage("label.generic.changepassword", customerLocale)); email.setTo(customer.getEmailAddress()); email.setTemplateName(RESET_PASSWORD_TPL); email.setTemplateTokens(templateTokens); emailService.sendHtmlEmail(store, email); resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS); } catch (Exception e) { LOGGER.error("Cannot send email to user", e); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); } } catch (Exception e) { LOGGER.error("An exception occured while changing password", e); resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE); } return resp.toJSONString(); }