use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.
the class ForgottenOrChangePasswordController method displayChangePasswordView.
/**
*
* @param email
* @param token
* @param model
* @param request
* @return
*/
private String displayChangePasswordView(String id, String token, Model model, HttpServletRequest request) {
Long userId;
try {
userId = Long.valueOf(id);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
if (StringUtils.isBlank(token)) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
}
User currentUser = getCurrentUser();
User user;
// an admin
if (token.equalsIgnoreCase(TgolKeyStore.AUTHENTICATED_KEY)) {
if (currentUser == null || (!currentUser.getId().equals(userId) && !currentUser.getRole().getRoleName().equals(TgolKeyStore.ROLE_ADMIN_NAME_KEY)) || forbiddenUserList.contains(currentUser.getEmail1())) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
} else {
if (!currentUser.getId().equals(userId)) {
user = getUserDataService().read(userId);
} else {
user = currentUser;
}
}
// the request is submitted through an unauthentified user and the token
// has to be checked.
} else {
user = getUserDataService().read(userId);
try {
// if the token is invalid
if (!tokenManager.checkUserToken(user.getEmail1(), token)) {
model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
} else {
// if the token is valid but the request comes from the
// form submission with success
Object passwordModified = model.asMap().get(TgolKeyStore.PASSWORD_MODIFIED_KEY);
if (passwordModified instanceof Boolean && (Boolean) passwordModified) {
tokenManager.setTokenUsed(token);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
}
} catch (ArrayIndexOutOfBoundsException aioobe) {
model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
}
if (user == null) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
}
ChangePasswordCommand cpc = new ChangePasswordCommand();
model.addAttribute(TgolKeyStore.CHANGE_PASSWORD_COMMAND_KEY, cpc);
model.addAttribute(TgolKeyStore.USER_NAME_KEY, user.getEmail1());
request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, user.getId());
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.
the class ChangePasswordFormValidator method validate.
@Override
public void validate(Object target, Errors errors) {
ChangePasswordCommand changePasswordCommand = (ChangePasswordCommand) target;
checkPassword(changePasswordCommand, null, errors);
}
use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.
the class ChangePasswordFormValidator method validate.
public void validate(Object target, Errors errors, User currentUser) {
ChangePasswordCommand changePasswordCommand = (ChangePasswordCommand) target;
checkPassword(changePasswordCommand, currentUser, errors);
}
Aggregations