Пример #1
0
  public String resetPassword() {
    if (checkResetPasswdErrors()) {
      return INPUT;
    }
    try {
      User usr = this.userService.getUserById(user.getId());
      // can't find user, means the reset password link has been expired
      if (usr == null) {
        addActionError("reset.password.user.account.information.invalid");
        return INPUT;
      }
      // reset password hash code is null, means the reset password link has been expired
      if (usr.getResetPasswdHashCode() == null) {
        // The reset password link has been expired
        addActionError(getText("reset.password.user.account.information.expired"));
        return INPUT;
      }

      if (usr.getResetPasswdHashCode() != null
          && (!usr.getResetPasswdHashCode().equals(user.getResetPasswdHashCode()))) {
        addActionError(getText("reset.password.user.account.information.expired"));
        return INPUT;
      }
      //
      usr.setPassword(MD5.hash(user.getPassword()));
      usr.setResetPasswdHashCode(null);
      this.userService.updateUser(usr);
      // sign a persistent User
      user = usr;
      // find any previous blocked ip, if find, just remove it.
      String ipAddress = request.getRemoteAddr();
      this.blockIPService.deleteBlockIPByIp(ipAddress);
      // set action finished messsage
      addActionMessage(
          getText(
              "reset.password.new.password.reset.success.msg",
              new String[] {user.getDisplayName()}));
      // set page title and navigation label
      setNavBarAndTitleForResetPwd();
    } catch (Exception e) {
      logger.error(e.getMessage());
      addActionError(getText("reset.password.new.password.reset.failed"));
      return ERROR;
    }
    return SUCCESS;
  }
Пример #2
0
  public String forgotPassword() {

    try {
      // security code error. just return immediately, not go further.
      if (isSecurityCodeError(securityCode)) {
        addFieldError("securityCode", getText("security.code.invalid"));
        return INPUT;
      }

      User foundUser =
          this.userService.getUserByNameEmail(
              user.getFirstName(), user.getLastName(), user.getEmail());
      // can find the user in the database
      if (foundUser == null) {
        addActionError(getText("forgot.password.user.name.or.email.invalid"));
        return INPUT;
      }

      // user account is inactive
      if (!foundUser.isActivated()) {
        addActionError(getText("forgot.password.user.account.inactive"));
        return INPUT;
      }
      if (foundUser.getPassword().equals("ldap")) {
        addActionError(getText("forgot.password.cannot.reset.ldap.account"));
        return INPUT;
      }

      String displayName = foundUser.getDisplayName();
      String userFullName = user.getFirstName() + " " + user.getLastName();

      // user first name and last name is not the same first name and last name as the registered
      if (!StringUtils.equals(userFullName, displayName)) {
        addActionError(getText("forgot.password.user.name.or.email.invalid"));
        return INPUT;
      }

      String resetPasswdCode = generateSecurityHash(foundUser.getEmail());
      foundUser.setResetPasswdHashCode(resetPasswdCode);

      this.userService.updateUser(foundUser);

      // construct a reset password url for email
      String resetPwdUrl =
          constructResetPwdUrl(
              foundUser.getId(), foundUser.getUidHashCode(), foundUser.getResetPasswdHashCode());
      // site name
      String serverQName = getServerQName();
      // start to send an email to user
      sendResetPasswdEmailToUser(serverQName, foundUser.getEmail(), resetPwdUrl);
      // set action finished messsage
      addActionMessage(
          getText(
              "forgot.password.request.for.reset.password.finished.msg",
              new String[] {displayName}));
      // set the page title and nav label
      setNavBarAndTitleForForgotPwd();
    } catch (Exception e) {
      logger.error(e.getMessage());
      addActionError(getText("forgot.password.request.for.reset.password.failed"));
      return ERROR;
    }
    return SUCCESS;
  }