@Test
public void testGenerateRecoveryToken() {
final User user = userManager.getUserByUsername("token-test");
final String token = passwordTokenManager.generateRecoveryToken(user);
assertNotNull(token);
assertTrue(passwordTokenManager.isRecoveryTokenValid(user, token));
}
/** {@inheritDoc} */
@Override
public User updatePassword(
final String username,
final String currentPassword,
final String recoveryToken,
final String newPassword,
final String applicationUrl)
throws UserExistsException {
User user = getUserByUsername(username);
if (isRecoveryTokenValid(user, recoveryToken)) {
log.debug("Updating password from recovery token for user: "******"Password Updated");
return user;
} else if (StringUtils.isNotBlank(currentPassword)) {
if (passwordEncoder.matches(currentPassword, user.getPassword())) {
log.debug("Updating password (providing current password) for user:" + username);
user.setPassword(newPassword);
user = saveUser(user);
return user;
}
}
// or throw exception
return null;
}
@Test
public void testConsumeRecoveryToken() throws Exception {
final User user = userManager.getUserByUsername("token-test");
final Integer version = user.getVersion();
final String token = passwordTokenManager.generateRecoveryToken(user);
assertNotNull(token);
assertTrue(passwordTokenManager.isRecoveryTokenValid(user, token));
// start SMTP Server
Wiser wiser = startWiser(smtpPort);
User updated = userManager.updatePassword(user.getUsername(), null, token, "user", "");
wiser.stop();
assertTrue(wiser.getMessages().size() == 1);
assertTrue(updated.getVersion() > version);
assertFalse(passwordTokenManager.isRecoveryTokenValid(updated, token));
}
@Override
public boolean isRecoveryTokenValid(final User user, final String token) {
return passwordTokenManager.isRecoveryTokenValid(user, token);
}
@Override
public String generateRecoveryToken(final User user) {
return passwordTokenManager.generateRecoveryToken(user);
}