Examples with CustomerForgotPasswordSecurityToken org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken used on opensource projects

Search in sources :

Example 1 with CustomerForgotPasswordSecurityToken

use of org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.

the class CustomerServiceImpl method sendForgotPasswordNotification.

@Override
@Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER)
public GenericResponse sendForgotPasswordNotification(String username, String resetPasswordUrl) {
    GenericResponse response = new GenericResponse();
    Customer customer = null;
    if (username != null) {
        customer = customerDao.readCustomerByUsername(username);
    }
    checkCustomer(customer, response);
    if (!response.getHasErrors()) {
        String token = PasswordUtils.generateSecurePassword(getPasswordTokenLength());
        token = token.toLowerCase();
        Object salt = getSalt(customer, token);
        String saltString = null;
        if (salt != null) {
            saltString = Hex.encodeHexString(salt.toString().getBytes());
        }
        CustomerForgotPasswordSecurityToken fpst = new CustomerForgotPasswordSecurityTokenImpl();
        fpst.setCustomerId(customer.getId());
        fpst.setToken(encodePass(token, saltString));
        fpst.setCreateDate(SystemTime.asDate());
        customerForgotPasswordSecurityTokenDao.saveToken(fpst);
        if (usingDeprecatedPasswordEncoder() && saltString != null) {
            token = token + '-' + saltString;
        }
        HashMap<String, Object> vars = new HashMap<String, Object>();
        vars.put("token", token);
        if (!StringUtils.isEmpty(resetPasswordUrl)) {
            if (resetPasswordUrl.contains("?")) {
                resetPasswordUrl = resetPasswordUrl + "&token=" + token;
            } else {
                resetPasswordUrl = resetPasswordUrl + "?token=" + token;
            }
        }
        vars.put("resetPasswordUrl", resetPasswordUrl);
        sendEmail(customer.getEmailAddress(), getForgotPasswordEmailInfo(), vars);
    }
    return response;
}
Also used : CustomerForgotPasswordSecurityToken(org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken) GenericResponse(org.broadleafcommerce.common.service.GenericResponse) Customer(org.broadleafcommerce.profile.core.domain.Customer) HashMap(java.util.HashMap) CustomerForgotPasswordSecurityTokenImpl(org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityTokenImpl) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with CustomerForgotPasswordSecurityToken

use of org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.

the class CustomerServiceImpl method checkPasswordResetToken.

protected CustomerForgotPasswordSecurityToken checkPasswordResetToken(String token, Customer customer, GenericResponse response) {
    if (StringUtils.isBlank(token)) {
        response.addErrorCode("invalidToken");
    }
    String rawToken = token;
    String salt = null;
    if (usingDeprecatedPasswordEncoder()) {
        String[] tokens = token.split("-");
        if (tokens.length > 2) {
            response.addErrorCode("invalidToken");
        } else {
            rawToken = tokens[0].toLowerCase();
            if (tokens.length == 2) {
                salt = tokens[1];
            }
        }
    }
    CustomerForgotPasswordSecurityToken fpst = null;
    if (!response.getHasErrors()) {
        if (customer == null) {
            if (!usingDeprecatedPasswordEncoder()) {
                // customer can only be null when supporting use of the legacy PasswordEncoder
                response.addErrorCode("invalidCustomer");
            } else {
                fpst = customerForgotPasswordSecurityTokenDao.readToken(passwordEncoder.encodePassword(rawToken, salt));
            }
        } else {
            List<CustomerForgotPasswordSecurityToken> fpstoks = customerForgotPasswordSecurityTokenDao.readUnusedTokensByCustomerId(customer.getId());
            for (CustomerForgotPasswordSecurityToken fpstok : fpstoks) {
                if (isPassValid(rawToken, fpstok.getToken(), salt)) {
                    fpst = fpstok;
                    break;
                }
            }
        }
        if (fpst == null) {
            response.addErrorCode("invalidToken");
        } else if (fpst.isTokenUsedFlag()) {
            response.addErrorCode("tokenUsed");
        } else if (isTokenExpired(fpst)) {
            response.addErrorCode("tokenExpired");
        }
    }
    return fpst;
}
Also used : CustomerForgotPasswordSecurityToken(org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken)

Example 3 with CustomerForgotPasswordSecurityToken

use of org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.

the class CustomerServiceImpl method invalidateAllTokensForCustomer.

protected void invalidateAllTokensForCustomer(Customer customer) {
    List<CustomerForgotPasswordSecurityToken> tokens = customerForgotPasswordSecurityTokenDao.readUnusedTokensByCustomerId(customer.getId());
    for (CustomerForgotPasswordSecurityToken token : tokens) {
        token.setTokenUsedFlag(true);
        customerForgotPasswordSecurityTokenDao.saveToken(token);
    }
}
Also used : CustomerForgotPasswordSecurityToken(org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken)

Example 4 with CustomerForgotPasswordSecurityToken

use of org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken in project BroadleafCommerce by BroadleafCommerce.

the class CustomerServiceImpl method resetPasswordUsingToken.

@Override
@Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER)
public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {
    GenericResponse response = new GenericResponse();
    Customer customer = null;
    if (username != null) {
        customer = customerDao.readCustomerByUsername(username);
    }
    checkCustomer(customer, response);
    checkPassword(password, confirmPassword, response);
    CustomerForgotPasswordSecurityToken fpst = checkPasswordResetToken(token, customer, response);
    if (!response.getHasErrors()) {
        if (!customer.getId().equals(fpst.getCustomerId())) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Password reset attempt tried with mismatched customer and token " + customer.getId() + ", " + StringUtil.sanitize(token));
            }
            response.addErrorCode("invalidToken");
        }
    }
    if (!response.getHasErrors()) {
        customer.setUnencodedPassword(password);
        customer.setPasswordChangeRequired(false);
        saveCustomer(customer);
        invalidateAllTokensForCustomer(customer);
    }
    return response;
}
Also used : CustomerForgotPasswordSecurityToken(org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken) GenericResponse(org.broadleafcommerce.common.service.GenericResponse) Customer(org.broadleafcommerce.profile.core.domain.Customer) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

CustomerForgotPasswordSecurityToken (org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityToken)4 GenericResponse (org.broadleafcommerce.common.service.GenericResponse)2 Customer (org.broadleafcommerce.profile.core.domain.Customer)2 Transactional (org.springframework.transaction.annotation.Transactional)2 HashMap (java.util.HashMap)1 CustomerForgotPasswordSecurityTokenImpl (org.broadleafcommerce.profile.core.domain.CustomerForgotPasswordSecurityTokenImpl)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial