private Bindings getBindings(Execution execution, JCRSessionWrapper session)
      throws RepositoryException {
    EnvironmentImpl environment = EnvironmentImpl.getCurrent();
    final Map<String, Object> vars = ((ExecutionImpl) execution).getVariables();
    Locale locale = (Locale) vars.get("locale");
    final Bindings bindings = new MyBindings(environment);
    ResourceBundle resourceBundle =
        JahiaResourceBundle.lookupBundle(
            "org.jahia.services.workflow."
                + ((ExecutionImpl) execution).getProcessDefinition().getKey(),
            locale);
    bindings.put("bundle", resourceBundle);
    JahiaUser jahiaUser =
        ServicesRegistry.getInstance()
            .getJahiaUserManagerService()
            .lookupUserByKey((String) vars.get("user"));
    bindings.put("user", jahiaUser);
    bindings.put("date", new DateTool());
    bindings.put("submissionDate", Calendar.getInstance());
    bindings.put("locale", locale);
    bindings.put("workspace", vars.get("workspace"));

    List<JCRNodeWrapper> nodes = new LinkedList<JCRNodeWrapper>();
    @SuppressWarnings("unchecked")
    List<String> stringList = (List<String>) vars.get("nodeIds");
    for (String s : stringList) {
      JCRNodeWrapper nodeByUUID = session.getNodeByUUID(s);
      if (!nodeByUUID.isNodeType("jnt:translation")) {
        nodes.add(nodeByUUID);
      }
    }
    bindings.put("nodes", nodes);
    return bindings;
  }
  @Override
  public ActionResult doExecute(
      HttpServletRequest req,
      RenderContext renderContext,
      Resource resource,
      JCRSessionWrapper session,
      Map<String, List<String>> parameters,
      URLResolver urlResolver)
      throws Exception {
    String authKey = getParameter(parameters, "authKey");
    RecoverPassword.PasswordToken passwordRecoveryToken =
        (RecoverPassword.PasswordToken) req.getSession().getAttribute("passwordRecoveryToken");
    if (StringUtils.isEmpty(authKey)
        || passwordRecoveryToken == null
        || !passwordRecoveryToken.getAuthkey().equals(authKey)
        || !passwordRecoveryToken.getUserpath().equals(resource.getNode().getPath())) {
      return ActionResult.BAD_REQUEST;
    }
    HttpSession httpSession = req.getSession();
    httpSession.removeAttribute("passwordRecoveryToken");
    httpSession.removeAttribute("passwordRecoveryAsked");

    String passwd = req.getParameter("password").trim();
    JSONObject json = new JSONObject();

    if (!resource.getNode().hasPermission("jcr:write_default")
        || !resource.getNode().isNodeType("jnt:user")) {
      return new ActionResult(HttpServletResponse.SC_FORBIDDEN, null, null);
    }

    if ("".equals(passwd)) {
      String userMessage =
          JahiaResourceBundle.getJahiaInternalResource(
              "org.jahia.admin.userMessage.specifyPassword.label", renderContext.getUILocale());
      json.put("errorMessage", userMessage);
    } else {
      String passwdConfirm = req.getParameter("passwordconfirm").trim();
      if (!passwdConfirm.equals(passwd)) {
        String userMessage =
            JahiaResourceBundle.getJahiaInternalResource(
                "org.jahia.admin.userMessage.passwdNotMatch.label", renderContext.getUILocale());
        json.put("errorMessage", userMessage);
      } else {
        JahiaPasswordPolicyService pwdPolicyService =
            ServicesRegistry.getInstance().getJahiaPasswordPolicyService();
        JahiaUser user =
            ServicesRegistry.getInstance()
                .getJahiaUserManagerService()
                .lookupUser(resource.getNode().getName());

        PolicyEnforcementResult evalResult =
            pwdPolicyService.enforcePolicyOnPasswordChange(user, passwd, true);
        if (!evalResult.isSuccess()) {
          EngineMessages policyMsgs = evalResult.getEngineMessages();
          String res = "";
          for (EngineMessage message : policyMsgs.getMessages()) {
            res +=
                (message.isResource()
                        ? MessageFormat.format(
                            JahiaResourceBundle.getJahiaInternalResource(
                                message.getKey(), renderContext.getUILocale()),
                            message.getValues())
                        : message.getKey())
                    + "\n";
          }
          json.put("errorMessage", res);
        } else {
          // change password
          user.setPassword(passwd);
          json.put(
              "errorMessage",
              JahiaResourceBundle.getJahiaInternalResource(
                  "org.jahia.admin.userMessage.passwordChanged.label",
                  renderContext.getUILocale()));

          httpSession.setAttribute(ProcessingContext.SESSION_USER, user);

          json.put("result", "success");
        }
      }
    }

    return new ActionResult(HttpServletResponse.SC_OK, null, json);
  }