@Override
  protected Object doProcessRequest(ActionParam inParam)
      throws InvalidParameterException, NoSuchPersonException, ForbiddenException,
          InvalidSessionException, BadCredentialsException {

    final UserData theUser = getRequestedUser(inParam, null);

    // Check Session
    AbstractUserAction.doesSessionBelongToUser(theUser, inParam);

    final String old_password = inParam.getString("old_password", true);
    final String new_password = inParam.getString("new_password", true);
    if (old_password.equals(StringShop.EMPTY_STRING)) {
      throw new InvalidParameterException(
          APIErrorMessage.PASSWORD_CANNOT_BE_EMPTY, StringShop.EMPTY_STRING);
    }
    if (new_password.equals(StringShop.EMPTY_STRING)) {
      throw new InvalidParameterException(
          APIErrorMessage.PASSWORD_CANNOT_BE_EMPTY, StringShop.EMPTY_STRING);
    }

    if (!theUser.checkPasswordPlain(old_password)) {
      throw new BadCredentialsException(APIErrorMessage.INVALID_PASSWORD);
    }

    theUser.setPassword(new_password);

    return null;
  }
  @Override
  protected Object doProcessRequest(ActionParam inParam)
      throws InvalidParameterException, ForbiddenException, InvalidSessionException {

    final UserData theSessionUser = SessionManager.getUserFromSessionParam(inParam);
    final Boolean activate = inParam.getBoolean(ManageToken.ACTIVATE);

    // just returns the token value if it exists
    if (activate == null) {
      if (theSessionUser.hasToken()) {
        return String.valueOf(theSessionUser.getToken());
      }

    } else {
      if (!theSessionUser.hasToken() && activate) {
        return String.valueOf(theSessionUser.generateToken());
      }

      if (theSessionUser.hasToken() && !activate) {
        theSessionUser.clearToken();
      }
    }

    return null;
  }