Example 11 with GenericResponse
use of org.broadleafcommerce.common.service.GenericResponse in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceImpl method resetPasswordUsingToken.
@Override
@Transactional("blTransactionManager")
public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {
GenericResponse response = new GenericResponse();
AdminUser user = null;
if (username != null) {
user = adminUserDao.readAdminUserByUserName(username);
}
checkUser(user, response);
checkPassword(password, confirmPassword, response);
if (StringUtils.isBlank(token)) {
response.addErrorCode("invalidToken");
}
ForgotPasswordSecurityToken fpst = null;
if (!response.getHasErrors()) {
token = token.toLowerCase();
List<ForgotPasswordSecurityToken> fpstoks = forgotPasswordSecurityTokenDao.readUnusedTokensByAdminUserId(user.getId());
for (ForgotPasswordSecurityToken fpstok : fpstoks) {
if (isPasswordValid(fpstok.getToken(), token, null)) {
fpst = fpstok;
break;
}
}
if (fpst == null) {
response.addErrorCode("invalidToken");
} else if (fpst.isTokenUsedFlag()) {
response.addErrorCode("tokenUsed");
} else if (isTokenExpired(fpst)) {
response.addErrorCode("tokenExpired");
}
}
if (!response.getHasErrors()) {
if (!user.getId().equals(fpst.getAdminUserId())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Password reset attempt tried with mismatched user and token " + user.getId() + ", " + StringUtil.sanitize(token));
}
response.addErrorCode("invalidToken");
}
}
if (!response.getHasErrors()) {
user.setUnencodedPassword(password);
saveAdminUser(user);
invalidateAllTokensForAdminUser(user);
}
return response;
}
Also used :
ForgotPasswordSecurityToken(org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)
GenericResponse(org.broadleafcommerce.common.service.GenericResponse)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 12 with GenericResponse
use of org.broadleafcommerce.common.service.GenericResponse in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceImpl method changePassword.
@Override
@Transactional("blTransactionManager")
public GenericResponse changePassword(String username, String oldPassword, String password, String confirmPassword) {
GenericResponse response = new GenericResponse();
AdminUser user = null;
if (username != null) {
user = adminUserDao.readAdminUserByUserName(username);
}
checkUser(user, response);
checkPassword(password, confirmPassword, response);
if (!response.getHasErrors()) {
checkExistingPassword(oldPassword, user, response);
}
if (!response.getHasErrors()) {
user.setUnencodedPassword(password);
saveAdminUser(user);
}
return response;
}
Also used :
GenericResponse(org.broadleafcommerce.common.service.GenericResponse)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
Transactional(org.springframework.transaction.annotation.Transactional)
Aggregations
GenericResponse (org.broadleafcommerce.common.service.GenericResponse)12
Transactional (org.springframework.transaction.annotation.Transactional)7
HashMap (java.util.HashMap)4
AdminUser (org.broadleafcommerce.openadmin.server.security.domain.AdminUser)4
Customer (org.broadleafcommerce.profile.core.domain.Customer)3
ArrayList (java.util.ArrayList)2
ForgotPasswordSecurityToken (org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)2
CustomerForgotPasswordSecurityToken (org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken)2
ServletWebRequest (org.springframework.web.context.request.ServletWebRequest)2
ForgotPasswordSecurityTokenImpl (org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityTokenImpl)1
CustomerForgotPasswordSecurityTokenImpl (org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityTokenImpl)1
