Examples with UserPendingPasswordChange fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange used on opensource projects

Example 1 with UserPendingPasswordChange

use of fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange in project muikku by otavanopisto.

the class ForgotPasswordController method getUsername.

public String getUsername(String confirmationHash) {
    UserPendingPasswordChange userPendingPasswordChange = userPendingPasswordChangeDAO.findByConfirmationHash(confirmationHash);
    if (userPendingPasswordChange != null) {
        Long userEntityId = userPendingPasswordChange.getUserEntity();
        if (userEntityId == null) {
            logger.severe(String.format("UserPendingPasswordChange with hash %s did not contain userEnityId", confirmationHash));
            return null;
        }
        UserEntity userEntity = userEntityController.findUserEntityById(userEntityId);
        if (userEntity == null) {
            logger.severe(String.format("UserPendingPasswordChange with hash %s contained invalid userEnityId", confirmationHash));
            return null;
        }
        schoolDataBridgeSessionController.startSystemSession();
        try {
            User user = userSchoolDataController.findUser(userEntity.getDefaultSchoolDataSource(), userEntity.getDefaultIdentifier());
            if (user == null) {
                logger.severe(String.format("Failed to retrieve user for UserEntity %d", userEntity.getId()));
                return null;
            }
            SchoolDataIdentifier userIdentifier = new SchoolDataIdentifier(user.getIdentifier(), user.getSchoolDataSource());
            try {
                return userSchoolDataController.findUsername(user);
            } catch (Exception e) {
                logger.log(Level.SEVERE, String.format("Failed to fetch username for user %s", userIdentifier.toId()));
                return null;
            }
        } finally {
            schoolDataBridgeSessionController.endSystemSession();
        }
    }
    return null;
}

Example 2 with UserPendingPasswordChange

use of fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange in project muikku by otavanopisto.

the class ForgotPasswordRESTService method confirmResetPassword.

@Path("/confirm")
@GET
@RESTPermitUnimplemented
public Response confirmResetPassword(ConfirmResetPassword crp) {
    UserPendingPasswordChange passwordChange = userPendingPasswordChangeDAO.findByConfirmationHash(crp.getResetCode());
    UserEntity userEntity = userEntityController.findUserEntityById(passwordChange.getUserEntity());
    // TODO: tis a guesstimate of the datasource
    SchoolDataSource schoolDataSource = userEntity.getDefaultSchoolDataSource();
    try {
        userSchoolDataController.confirmResetPassword(schoolDataSource, crp.getResetCode(), crp.getNewPassword());
        return Response.noContent().build();
    } catch (SchoolDataBridgeUnauthorizedException e) {
        return Response.status(Status.FORBIDDEN).build();
    }
}

Example 3 with UserPendingPasswordChange

use of fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange in project muikku by otavanopisto.

the class AcceptanceTestsRESTService method deletePasswordChangeEntry.

@DELETE
@Path("/passwordchange/{EMAIL}")
@RESTPermit(handling = Handling.UNSECURED)
public Response deletePasswordChangeEntry(@PathParam("EMAIL") String email) {
    UserEntity userEntity = userEntityController.findUserEntityByEmailAddress(email);
    if (userEntity == null)
        return Response.status(Status.NOT_FOUND).build();
    UserPendingPasswordChange userPendingPasswordChange = userPendingPasswordChangeDAO.findByUserEntity(userEntity);
    userPendingPasswordChangeDAO.delete(userPendingPasswordChange);
    return Response.noContent().build();
}

Example 4 with UserPendingPasswordChange

use of fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange in project muikku by otavanopisto.

the class ForgotPasswordController method resetPassword.

public boolean resetPassword(String confirmationHash, String password) {
    UserPendingPasswordChange userPendingPasswordChange = userPendingPasswordChangeDAO.findByConfirmationHash(confirmationHash);
    if (userPendingPasswordChange != null) {
        UserEntity userEntity = userEntityController.findUserEntityById(userPendingPasswordChange.getUserEntity());
        if (userEntity == null) {
            logger.severe(String.format("UserPendingPasswordChange with hash %s contained invalid userEnityId", confirmationHash));
            return false;
        }
        try {
            userSchoolDataController.confirmResetPassword(userEntity.getDefaultSchoolDataSource(), confirmationHash, password);
        } catch (SchoolDataBridgeUnauthorizedException e) {
            logger.log(Level.SEVERE, "Failed to process password reset request", e);
            return false;
        }
        userPendingPasswordChangeDAO.delete(userPendingPasswordChange);
        return true;
    }
    return false;
}

Example 5 with UserPendingPasswordChange

use of fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange in project muikku by otavanopisto.

the class ForgotPasswordRESTService method resetPassword.

@Path("/reset")
@GET
@RESTPermitUnimplemented
public Response resetPassword(@QueryParam("email") String email) {
    UserEntity userEntity = userEntityController.findUserEntityByEmailAddress(email);
    if (userEntity == null)
        return Response.status(Status.NOT_FOUND).build();
    try {
        UserPendingPasswordChange passwordChange = userPendingPasswordChangeDAO.findByUserEntity(userEntity);
        schoolDataBridgeSessionController.startSystemSession();
        try {
            String confirmationHash = userSchoolDataController.requestPasswordResetByEmail(userEntity.getDefaultSchoolDataSource(), email);
            if (passwordChange != null)
                passwordChange = userPendingPasswordChangeDAO.updateHash(passwordChange, confirmationHash);
            else
                passwordChange = userPendingPasswordChangeDAO.create(userEntity, confirmationHash);
            // TODO Email could be added to the reset link for added security (email+hash rather than just hash)
            String resetLink = baseUrl + "/forgotpassword/reset?h=" + passwordChange.getConfirmationHash();
            String mailSubject = localeController.getText(sessionController.getLocale(), "plugin.forgotpassword.mailSubject");
            String mailContent = localeController.getText(sessionController.getLocale(), "plugin.forgotpassword.mailContent", new String[] { resetLink });
            // TODO System sender address needs to be configurable
            mailer.sendMail(systemSettingsController.getSystemEmailSenderAddress(), email, mailSubject, mailContent);
        } finally {
            schoolDataBridgeSessionController.endSystemSession();
        }
        return Response.noContent().build();
    } catch (SchoolDataBridgeUnauthorizedException e) {
        return Response.status(Status.FORBIDDEN).build();
    }
}