/**
* This method is used to check if the user has provided answers for all the password/passphrase
* reset questions.
*/
private int setResetQuestions() throws Exception {
if (user == null) {
replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("userNotExists.message"));
return MODULE_ENTRY_POINT;
}
if (!user.isActive()) {
replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("userNotActive.message"));
return MODULE_ENTRY_POINT;
}
PWResetModelImpl resetModel = new PWResetModelImpl();
resetModel.populateLockoutValues(user.getRealm());
resetLockout = new PWResetAccountLockout(resetModel);
if (resetLockout.isLockout(user.getUniversalId())) {
replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("lockoutMsg.message"));
return MODULE_ENTRY_POINT;
}
Map<String, String> qaMap = new HashMap<String, String>();
PasswordResetOptionsModel model = new PasswordResetOptionsModel(getHttpServletRequest(), null);
List<PasswordResetOptionsData> answers_ = model.getUserAnswers(user);
List<PasswordResetOptionsData> answers = new ArrayList<PasswordResetOptionsData>();
for (PasswordResetOptionsData ans : answers_) {
if (ans.getDataStatus() == PasswordResetOptionsData.DEFAULT_ON
&& StringUtils.isNotEmpty(ans.getAnswer())) answers.add(ans);
}
if (answers == null || answers.size() == 0) {
replaceHeader(MODULE_ENTRY_POINT, getLocalizedString("noQuestions.message"));
return MODULE_ENTRY_POINT;
}
Collections.shuffle(answers);
int maxQuestions =
new UMUserPasswordResetOptionsModelImpl()
.getMaxNumQuestions(DNMapper.orgNameToRealmName(user.getRealm()));
if (answers.size() > maxQuestions) answers = answers.subList(0, maxQuestions);
int i = 0;
for (PasswordResetOptionsData qn : answers) {
replaceCallback(2, i++, new NameCallback(qn.getQuestion()));
qaMap.put(qn.getQuestion(), qn.getAnswer());
}
sharedState.put("QAMap", qaMap);
return MODULE_VALIDATE_ANSWERS;
}
/**
* This method is used to validate the security answers and on on successful validation, it resets
* the password and sends a mail to the user with the generated password.
*
* @param callbacks
* @return
* @throws Exception
*/
private int validateAnswers(Callback[] callbacks) throws Exception {
for (Callback callback_ : callbacks) {
if (callback_ instanceof NameCallback) {
NameCallback callback = (NameCallback) callback_;
if (StringUtils.isEmpty(callback.getName())) {
replaceHeader(MODULE_VALIDATE_ANSWERS, getLocalizedString("missingAnswer.message"));
return MODULE_VALIDATE_ANSWERS;
}
}
}
Map<String, String> qaMap = (Map<String, String>) sharedState.get("QAMap");
for (Callback callback_ : callbacks) {
if (callback_ instanceof NameCallback) {
NameCallback callback = (NameCallback) callback_;
if (!qaMap.get(callback.getPrompt()).equals(callback.getName().trim())) {
resetLockout.invalidAnswer(user);
debug.error("Invalid password reset answers provided for " + user.getUniversalId());
int warningCount = resetLockout.getWarnUserCount(user.getUniversalId());
if (warningCount < 0) {
replaceHeader(
MODULE_SUCCESS_MSG,
"<font color=\"red\">" + getLocalizedString("lockoutMsg.message") + "</font>");
return MODULE_SUCCESS_MSG;
} else if (warningCount > 0) {
replaceHeader(
MODULE_VALIDATE_ANSWERS,
MessageFormat.format(
getLocalizedString("lockoutWarning.message"), new Object[] {warningCount}));
return MODULE_VALIDATE_ANSWERS;
} else {
replaceHeader(MODULE_VALIDATE_ANSWERS, getLocalizedString("wrongAnswer.message"));
return MODULE_VALIDATE_ANSWERS;
}
}
}
}
resetLockout.removeUserLockoutEntry(user.getUniversalId());
String resetPassword = new RandomPasswordGenerator().generatePassword(user);
// ensure the random generated password meets the password criteria
while (!isValidPWD(resetPassword))
resetPassword = new RandomPasswordGenerator().generatePassword(user);
Map<String, Set> attrMap = new HashMap<String, Set>();
Set<String> attribVals = new HashSet<String>();
attribVals.add(resetPassword);
attrMap.put(
CommonUtilities.getProperty(PassphraseConstants.USER_PASSWORD_ATTRIBUTE), attribVals);
// Enable the force password reset flag
Set<String> passwordResetFlag = new HashSet<String>();
passwordResetFlag.add("true");
attrMap.put(
CommonUtilities.getProperty(PassphraseConstants.USER_PASSWORD_RESET_FLAG_ATTRIBUTE),
passwordResetFlag);
user.setAttributes(attrMap);
user.store();
debug.message("Password has been reset for the user: "******"emailNotify.message"));
} catch (Exception e) {
debug.error("Error sending password reset mail:", e);
replaceHeader(MODULE_SUCCESS_MSG, getLocalizedString("sendEmailFailed.message"));
}
return MODULE_SUCCESS_MSG;
}