/** Changes a user's password. */
@Override
@POST
@ResourceMethodSignature(input = UserChangePasswordRequest.class)
public Object post(Context context, Request request, Response response, Object payload)
throws ResourceException {
UserChangePasswordRequest changePasswordRequest = (UserChangePasswordRequest) payload;
if (changePasswordRequest != null) {
UserChangePasswordResource resource = changePasswordRequest.getData();
try {
if (!isAnonymousUser(resource.getUserId(), request)) {
getSecuritySystem().changePassword(resource.getUserId(), resource.getNewPassword());
response.setStatus(Status.SUCCESS_NO_CONTENT);
} else {
response.setStatus(
Status.CLIENT_ERROR_BAD_REQUEST, "Anonymous user cannot change password!");
getLogger().debug("Anonymous user password change is blocked!");
}
} catch (UserNotFoundException e) {
getLogger().debug("Invalid user ID!", e);
throw new ResourceException(
Status.CLIENT_ERROR_BAD_REQUEST, "Invalid credentials supplied.");
} catch (InvalidConfigurationException e) {
// this should never happen
getLogger().warn("Failed to set password!", e);
throw new ResourceException(Status.CLIENT_ERROR_BAD_REQUEST, "Failed to set password!.");
}
}
// don't return anything because the status is a 204
return null;
}
