예제 #1
0
  /**
   * @param username
   * @param token
   * @param password
   * @param request
   * @return
   * @throws Exception
   */
  @RequestMapping(value = "/updatePassword*", method = RequestMethod.POST)
  public ModelAndView onSubmit(
      @RequestParam(value = "username", required = true) final String username,
      @RequestParam(value = "token", required = false) final String token,
      @RequestParam(value = "currentPassword", required = false) final String currentPassword,
      @RequestParam(value = "password", required = true) final String password,
      final HttpServletRequest request)
      throws Exception {
    log.debug("PasswordRecoveryController onSubmit for username: "******"errors.required", getText("updatePassword.newPassword.label", locale), locale));
      return showForm(username, null, request);
    }

    User user = null;
    final boolean usingToken = StringUtils.isNotBlank(token);
    if (usingToken) {
      log.debug("Updating Password for username " + username + ", using reset token");
      user =
          getUserManager()
              .updatePassword(username, null, token, password, RequestUtil.getAppURL(request));

    } else {
      log.debug("Updating Password for username " + username + ", using current password");
      if (!username.equals(request.getRemoteUser())) {
        throw new AccessDeniedException(
            "You do not have permission to modify other users password.");
      }
      user =
          getUserManager()
              .updatePassword(
                  username, currentPassword, null, password, RequestUtil.getAppURL(request));
    }

    if (user != null) {
      saveMessage(request, getText("updatePassword.success", new Object[] {username}, locale));
    } else {
      if (usingToken) {
        saveError(request, getText("updatePassword.invalidToken", locale));
      } else {
        saveError(request, getText("updatePassword.invalidPassword", locale));
        return showForm(username, null, request);
      }
    }

    return new ModelAndView("redirect:/");
  }
예제 #2
0
 /**
  * @param username
  * @param request
  * @return
  */
 @RequestMapping(value = "/requestRecoveryToken*", method = RequestMethod.GET)
 public String requestRecoveryToken(
     @RequestParam(value = "username", required = true) final String username,
     final HttpServletRequest request) {
   log.debug("Sending recovery token to user " + username);
   try {
     getUserManager()
         .sendPasswordRecoveryEmail(
             username, RequestUtil.getAppURL(request) + RECOVERY_PASSWORD_TEMPLATE);
   } catch (final UsernameNotFoundException ignored) {
     // lets ignore this
   }
   saveMessage(request, getText("updatePassword.recoveryToken.sent", request.getLocale()));
   return "redirect:/";
 }