Example 1 with ForgotPasswordSecurityToken
use of org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceImpl method sendResetPasswordNotification.
@Override
@Transactional("blTransactionManager")
public GenericResponse sendResetPasswordNotification(String username) {
GenericResponse response = new GenericResponse();
AdminUser user = null;
if (username != null) {
user = adminUserDao.readAdminUserByUserName(username);
}
checkUser(user, response);
if (!response.getHasErrors()) {
String token = PasswordUtils.generateSecurePassword(TEMP_PASSWORD_LENGTH);
token = token.toLowerCase();
ForgotPasswordSecurityToken fpst = new ForgotPasswordSecurityTokenImpl();
fpst.setAdminUserId(user.getId());
fpst.setToken(encodePassword(token, null));
fpst.setCreateDate(SystemTime.asDate());
forgotPasswordSecurityTokenDao.saveToken(fpst);
HashMap<String, Object> vars = new HashMap<String, Object>();
vars.put("token", token);
String resetPasswordUrl = getResetPasswordURL();
if (!StringUtils.isEmpty(resetPasswordUrl)) {
if (resetPasswordUrl.contains("?")) {
resetPasswordUrl = resetPasswordUrl + "&token=" + token;
} else {
resetPasswordUrl = resetPasswordUrl + "?token=" + token;
}
}
vars.put("resetPasswordUrl", resetPasswordUrl);
emailService.sendTemplateEmail(user.getEmail(), getResetPasswordEmailInfo(), vars);
}
return response;
}
Also used :
ForgotPasswordSecurityToken(org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)
GenericResponse(org.broadleafcommerce.common.service.GenericResponse)
ForgotPasswordSecurityTokenImpl(org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityTokenImpl)
HashMap(java.util.HashMap)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 2 with ForgotPasswordSecurityToken
use of org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceImpl method resetPasswordUsingToken.
@Override
@Transactional("blTransactionManager")
public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {
GenericResponse response = new GenericResponse();
AdminUser user = null;
if (username != null) {
user = adminUserDao.readAdminUserByUserName(username);
}
checkUser(user, response);
checkPassword(password, confirmPassword, response);
if (StringUtils.isBlank(token)) {
response.addErrorCode("invalidToken");
}
ForgotPasswordSecurityToken fpst = null;
if (!response.getHasErrors()) {
token = token.toLowerCase();
List<ForgotPasswordSecurityToken> fpstoks = forgotPasswordSecurityTokenDao.readUnusedTokensByAdminUserId(user.getId());
for (ForgotPasswordSecurityToken fpstok : fpstoks) {
if (isPasswordValid(fpstok.getToken(), token, null)) {
fpst = fpstok;
break;
}
}
if (fpst == null) {
response.addErrorCode("invalidToken");
} else if (fpst.isTokenUsedFlag()) {
response.addErrorCode("tokenUsed");
} else if (isTokenExpired(fpst)) {
response.addErrorCode("tokenExpired");
}
}
if (!response.getHasErrors()) {
if (!user.getId().equals(fpst.getAdminUserId())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Password reset attempt tried with mismatched user and token " + user.getId() + ", " + StringUtil.sanitize(token));
}
response.addErrorCode("invalidToken");
}
}
if (!response.getHasErrors()) {
user.setUnencodedPassword(password);
saveAdminUser(user);
invalidateAllTokensForAdminUser(user);
}
return response;
}
Also used :
ForgotPasswordSecurityToken(org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)
GenericResponse(org.broadleafcommerce.common.service.GenericResponse)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 3 with ForgotPasswordSecurityToken
use of org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.
the class AdminSecurityServiceImpl method invalidateAllTokensForAdminUser.
protected void invalidateAllTokensForAdminUser(AdminUser user) {
List<ForgotPasswordSecurityToken> tokens = forgotPasswordSecurityTokenDao.readUnusedTokensByAdminUserId(user.getId());
for (ForgotPasswordSecurityToken token : tokens) {
token.setTokenUsedFlag(true);
forgotPasswordSecurityTokenDao.saveToken(token);
}
}
Also used :
ForgotPasswordSecurityToken(org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)
Aggregations
ForgotPasswordSecurityToken (org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityToken)3
GenericResponse (org.broadleafcommerce.common.service.GenericResponse)2
AdminUser (org.broadleafcommerce.openadmin.server.security.domain.AdminUser)2
Transactional (org.springframework.transaction.annotation.Transactional)2
HashMap (java.util.HashMap)1
ForgotPasswordSecurityTokenImpl (org.broadleafcommerce.openadmin.server.security.domain.ForgotPasswordSecurityTokenImpl)1
