/**
* Interface: POST /yes-api/rest/auth/resetpassword
*
* <p>
*
* <p>Reset password interface that allows to request password to be reset and reset it. Password
* reset is a two step process. First step is to provide valid email of registered customer and
* generate authToken. Second step is to use authToken in order to confirm password reset.
*
* <p>
*
* <p>
*
* <h3>Headers for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>Accept</td><td>application/json or application/xml</td></tr>
* <tr><td>yc</td><td>token uuid (optional)</td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Parameters for operation</h3>
*
* <p>
*
* <table border="1">
* <tr><td>email</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an email
* with authToken.
* </td></tr>
* <tr><td>authToken</td><td>
* E-mail of a registered customer. Supplying this parameter will trigger an
* email with new password.
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Output</h3>
*
* <p>
*
* <p>Output that does not have error code indicates successful processing.
*
* <p>
*
* <table border="1">
* <tr><td>JSON example</td><td>
* <pre><code>
* {
* "success" : false,
* "greeting" : null,
* "token" : null,
* "error" : null
* }
* </code></pre>
* </td></tr>
* <tr><td>XML example</td><td>
* <pre><code>
* <authentication-result>
* <greeting/>
* <success>false</success>
* <token/>
* </authentication-result>
* </code></pre>
* </td></tr>
* </table>
*
* <p>
*
* <p>
*
* <h3>Error codes</h3>
*
* <p>
*
* <table border="1">
* <tr><td>INVALID_PARAMETERS</td><td>if either "email" or "authToken" was not sent</td></tr>
* <tr><td>INVALID_TOKEN</td><td>Supplied authToken is not valid or expired</td></tr>
* <tr><td>INVALID_EMAIL</td><td>Supplied email does not belong to a registered customer</td></tr>
* </table>
*
* @param request request
* @param response response
* @return authentication result
*/
@RequestMapping(
value = "/resetpassword",
method = RequestMethod.POST,
produces = {MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE})
public @ResponseBody AuthenticationResultRO resetPassword(
@RequestParam(value = "email", required = false) final String email,
@RequestParam(value = "authToken", required = false) final String authToken,
final HttpServletRequest request,
final HttpServletResponse response) {
cartMixin.persistShoppingCart(request, response);
if (StringUtils.isNotBlank(authToken)) {
if (executePasswordResetCommand(authToken)) {
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_TOKEN");
} else if (StringUtils.isNotBlank(email)) {
final Shop shop = cartMixin.getCurrentShop();
final Customer customer = customerServiceFacade.getCustomerByEmail(email);
if (customer == null) {
return new AuthenticationResultRO("INVALID_EMAIL");
}
customerServiceFacade.resetPassword(shop, customer);
return new AuthenticationResultRO();
}
return new AuthenticationResultRO("INVALID_PARAMETERS");
}
