Search in sources :

Example 1 with ChangePasswordCommand

use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.

the class ForgottenOrChangePasswordController method displayChangePasswordView.

/**
     * 
     * @param email
     * @param token
     * @param model
     * @param request
     * @return 
     */
private String displayChangePasswordView(String id, String token, Model model, HttpServletRequest request) {
    Long userId;
    try {
        userId = Long.valueOf(id);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    if (StringUtils.isBlank(token)) {
        return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
    }
    User currentUser = getCurrentUser();
    User user;
    // an admin
    if (token.equalsIgnoreCase(TgolKeyStore.AUTHENTICATED_KEY)) {
        if (currentUser == null || (!currentUser.getId().equals(userId) && !currentUser.getRole().getRoleName().equals(TgolKeyStore.ROLE_ADMIN_NAME_KEY)) || forbiddenUserList.contains(currentUser.getEmail1())) {
            return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
        } else {
            if (!currentUser.getId().equals(userId)) {
                user = getUserDataService().read(userId);
            } else {
                user = currentUser;
            }
        }
    // the request is submitted through an unauthentified user and the token
    // has to be checked.
    } else {
        user = getUserDataService().read(userId);
        try {
            // if the token is invalid
            if (!tokenManager.checkUserToken(user.getEmail1(), token)) {
                model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
                return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
            } else {
                // if the token is valid but the request comes from the 
                // form submission with success
                Object passwordModified = model.asMap().get(TgolKeyStore.PASSWORD_MODIFIED_KEY);
                if (passwordModified instanceof Boolean && (Boolean) passwordModified) {
                    tokenManager.setTokenUsed(token);
                    return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
                }
            }
        } catch (ArrayIndexOutOfBoundsException aioobe) {
            model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
            return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
        }
    }
    if (user == null) {
        return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
    }
    ChangePasswordCommand cpc = new ChangePasswordCommand();
    model.addAttribute(TgolKeyStore.CHANGE_PASSWORD_COMMAND_KEY, cpc);
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, user.getEmail1());
    request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, user.getId());
    return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
Also used : ChangePasswordCommand(org.asqatasun.webapp.command.ChangePasswordCommand) User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)

Example 2 with ChangePasswordCommand

use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.

the class ChangePasswordFormValidator method validate.

@Override
public void validate(Object target, Errors errors) {
    ChangePasswordCommand changePasswordCommand = (ChangePasswordCommand) target;
    checkPassword(changePasswordCommand, null, errors);
}
Also used : ChangePasswordCommand(org.asqatasun.webapp.command.ChangePasswordCommand)

Example 3 with ChangePasswordCommand

use of org.asqatasun.webapp.command.ChangePasswordCommand in project Asqatasun by Asqatasun.

the class ChangePasswordFormValidator method validate.

public void validate(Object target, Errors errors, User currentUser) {
    ChangePasswordCommand changePasswordCommand = (ChangePasswordCommand) target;
    checkPassword(changePasswordCommand, currentUser, errors);
}
Also used : ChangePasswordCommand(org.asqatasun.webapp.command.ChangePasswordCommand)

Aggregations

ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)3 User (org.asqatasun.webapp.entity.user.User)1 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)1