@RequestMapping(
value = "/password-reset",
method = RequestMethod.POST,
consumes = "application/json; charset=utf-8",
produces = "application/json; charset=utf-8")
public @ResponseBody PasswordResetStatusDto passwordResetPost(
@Valid @RequestBody(required = true) PasswordResetRequestDto user) {
PasswordResetStatusDto status = new PasswordResetStatusDto();
UserAccount userAccount = userService.findByEmail(user.getEmail());
if (userAccount == null) {
status.setError(true);
return status;
}
PasswordResetRequest request =
passwordResetRequestService.findByUserAccountId(userAccount.getId());
if (request != null
&& request.getCreated() >= System.currentTimeMillis() - PasswordResetRequest.TIME_TO_LIVE) {
return status;
}
if (request != null
&& request.getCreated() < System.currentTimeMillis() - PasswordResetRequest.TIME_TO_LIVE) {
passwordResetRequestService.delete(request);
}
request = new PasswordResetRequest();
request.setUserAccountId(userAccount.getId());
request.setUuid(UUID.randomUUID().toString());
request.setCreated(System.currentTimeMillis());
passwordResetRequestService.save(request);
try {
MailNew emailPasswordReset = mailBuilder.emailPasswordReset(request, userAccount, session);
mailService.sendMail(emailPasswordReset);
} catch (Exception e) {
log.error("Unable to send confirmation email", e);
}
return status;
}
@RequestMapping(
value = "/password-reset/{uuid}",
method = RequestMethod.POST,
consumes = "application/json; charset=utf-8",
produces = "application/json; charset=utf-8")
public @ResponseBody PasswordResetStatusDto passwordResetFormPost(
@PathVariable("uuid") String uuid,
@Valid @RequestBody(required = true) PasswordResetRequestFormDto form,
ModelMap model) {
PasswordResetStatusDto status = new PasswordResetStatusDto();
PasswordResetRequest passwordResetRequest = passwordResetRequestService.findByUuid(uuid);
if (passwordResetRequest == null
|| passwordResetRequest.getCreated()
< System.currentTimeMillis() - PasswordResetRequest.TIME_TO_LIVE) {
status.setError(true);
return status;
}
UserAccount userAccount = userService.findById(passwordResetRequest.getUserAccountId());
if (userAccount == null) {
status.setError(true);
return status;
}
if (!form.getPassword().equals(form.getPassword2())) {
status.setError(true);
return status;
}
userAccount.setPasswordHash(PasswordUtils.generatePasswordHash(form.getPassword()));
userAccount.setActive(true);
userService.update(userAccount);
passwordResetRequestService.delete(passwordResetRequest);
status.setError(false);
return status;
}