/** * Do forgot password. * * @return the result */ public static Result doForgotPassword() { Logger.debug("Account doForgotPassword"); com.feth.play.module.pa.controllers.Authenticate.noCache(response()); final Form<EmailUserIdentity> filledForm = FORGOT_PASSWORD_FORM.bindFromRequest(); if (filledForm.hasErrors()) { // User did not fill in his/her email return badRequest(password_forgot.render(filledForm)); } else { // The email address given *BY AN UNKNWON PERSON* to the form - we // should find out if we actually have a user with this email // address and whether password login is enabled for him/her. Also // only send if the email address of the user has been verified. final String email = filledForm.get().email; final User user = User.findByEmail(email); if (user == null) { // We don't want to expose whether a given email address is signed // up, so just say an email has been sent, even though it might not // be true - that's protecting our user privacy. flash( ControllerUtil.FLASH_WARNING_KEY, "Your email address doesn't match our records. Please try again."); } else { // We don't want to expose whether a given email address is signed // up, so just say an email has been sent, even though it might not // be true - that's protecting our user privacy. flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.reset_password.message.instructions_sent", email)); // yep, we have a user with this email that is active - we do // not know if the user owning that account has requested this // reset, though. final EmailAuthProvider provider = EmailAuthProvider.getProvider(); // User exists if (user.emailValidated) { provider.sendPasswordResetMailing(user, ctx()); // In case you actually want to let (the unknown person) // know whether a user was found/an email was sent, use, // change the flash message } else { // We need to change the message here, otherwise the user // does not understand whats going on - we should not verify // with the password reset, as a "bad" user could then sign // up with a fake email via OAuth and get it verified by an // a unsuspecting user that clicks the link. flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.reset_password.message.email_not_verified")); // You might want to re-send the verification email here... provider.sendVerifyEmailMailingAfterSignup(user, ctx()); } } return redirect(routes.Signup.login()); } }
/** * Do reset password. * * @return the result */ public static Result doResetPassword() { com.feth.play.module.pa.controllers.Authenticate.noCache(response()); final Form<PasswordReset> filledForm = PASSWORD_RESET_FORM.bindFromRequest(); if (filledForm.hasErrors()) { return badRequest(password_reset.render(filledForm)); } else { final String token = filledForm.get().token; final String newPassword = filledForm.get().password; final TokenAction ta = tokenIsValid(token, Type.PASSWORD_RESET); if (ta == null) { return badRequest(no_token_or_invalid.render()); } final User u = ta.targetUser; try { // Pass true for the second parameter if you want to // automatically create a password and the exception never to // happen u.resetPassword(new EmailAuthUser(newPassword), false); } catch (final RuntimeException re) { flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.reset_password.message.no_password_account")); } final boolean login = EmailAuthProvider.getProvider().isLoginAfterPasswordReset(); if (login) { // automatically log in flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.reset_password.message.success.auto_login")); // return PlayAuthenticate.loginAndRedirect(ctx(), // new EmailAuthUser(u.email)); return redirect(routes.Signup.login()); } else { // send the user to the login page flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.reset_password.message.success.manual_login")); } return redirect(routes.Signup.login()); } }
/** * Verify email. * * @return the result */ @SubjectPresent public static Result verifyEmailById(Long userId) { com.feth.play.module.pa.controllers.Authenticate.noCache(response()); final User user = User.findById(userId); if (user.emailValidated) { // E-Mail has been validated already flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.verify_email.error.already_validated")); } else if ((user.email != null) && !user.email.trim().isEmpty()) { flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.verify_email.message.instructions_sent", user.email)); EmailAuthProvider.getProvider().sendVerifyEmailMailingAfterSignup(user, ctx()); } else { flash( ControllerUtil.FLASH_INFO_KEY, Messages.get("playauthenticate.verify_email.error.set_email_first", user.email)); } return redirect(routes.Application.profile()); }