/**
* @param username
* @param token
* @param password
* @param request
* @return
* @throws Exception
*/
@RequestMapping(value = "/updatePassword*", method = RequestMethod.POST)
public ModelAndView onSubmit(
@RequestParam(value = "username", required = true) final String username,
@RequestParam(value = "token", required = false) final String token,
@RequestParam(value = "currentPassword", required = false) final String currentPassword,
@RequestParam(value = "password", required = true) final String password,
final HttpServletRequest request)
throws Exception {
log.debug("PasswordRecoveryController onSubmit for username: "******"errors.required", getText("updatePassword.newPassword.label", locale), locale));
return showForm(username, null, request);
}
User user = null;
final boolean usingToken = StringUtils.isNotBlank(token);
if (usingToken) {
log.debug("Updating Password for username " + username + ", using reset token");
user =
getUserManager()
.updatePassword(username, null, token, password, RequestUtil.getAppURL(request));
} else {
log.debug("Updating Password for username " + username + ", using current password");
if (!username.equals(request.getRemoteUser())) {
throw new AccessDeniedException(
"You do not have permission to modify other users password.");
}
user =
getUserManager()
.updatePassword(
username, currentPassword, null, password, RequestUtil.getAppURL(request));
}
if (user != null) {
saveMessage(request, getText("updatePassword.success", new Object[] {username}, locale));
} else {
if (usingToken) {
saveError(request, getText("updatePassword.invalidToken", locale));
} else {
saveError(request, getText("updatePassword.invalidPassword", locale));
return showForm(username, null, request);
}
}
return new ModelAndView("redirect:/");
}
/**
* @param username
* @param request
* @return
*/
@RequestMapping(value = "/requestRecoveryToken*", method = RequestMethod.GET)
public String requestRecoveryToken(
@RequestParam(value = "username", required = true) final String username,
final HttpServletRequest request) {
log.debug("Sending recovery token to user " + username);
try {
getUserManager()
.sendPasswordRecoveryEmail(
username, RequestUtil.getAppURL(request) + RECOVERY_PASSWORD_TEMPLATE);
} catch (final UsernameNotFoundException ignored) {
// lets ignore this
}
saveMessage(request, getText("updatePassword.recoveryToken.sent", request.getLocale()));
return "redirect:/";
}