Example 6 with PasswordValidationResult
use of org.hisp.dhis.user.PasswordValidationResult in project dhis2-core by dhis2.
the class AccountController method restoreAccount.
@PostMapping("/restore")
@ResponseBody
public WebMessage restoreAccount(@RequestParam String token, @RequestParam String password) {
String[] idAndRestoreToken = securityService.decodeEncodedTokens(token);
String idToken = idAndRestoreToken[0];
User user = userService.getUserByIdToken(idToken);
if (user == null || idAndRestoreToken.length < 2) {
return conflict("Account recovery failed");
}
String restoreToken = idAndRestoreToken[1];
if (!systemSettingManager.accountRecoveryEnabled()) {
return conflict("Account recovery is not enabled");
}
if (!ValidationUtils.passwordIsValid(password)) {
return badRequest("Password is not specified or invalid");
}
if (password.trim().equals(user.getUsername())) {
return badRequest("Password cannot be equal to username");
}
CredentialsInfo credentialsInfo = new CredentialsInfo(user.getUsername(), password, user.getEmail() != null ? user.getEmail() : "", false);
PasswordValidationResult result = passwordValidationService.validate(credentialsInfo);
if (!result.isValid()) {
return badRequest(result.getErrorMessage());
}
boolean restoreSuccess = securityService.restore(user, restoreToken, password, RestoreType.RECOVER_PASSWORD);
if (!restoreSuccess) {
return badRequest("Account could not be restored");
}
log.info("Account restored for user: " + user.getUsername());
return ok("Account restored");
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
CredentialsInfo(org.hisp.dhis.user.CredentialsInfo)
PasswordValidationResult(org.hisp.dhis.user.PasswordValidationResult)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 7 with PasswordValidationResult
use of org.hisp.dhis.user.PasswordValidationResult in project dhis2-core by dhis2.
the class MeController method updatePassword.
private void updatePassword(User currentUser, String password) throws WebMessageException {
if (!StringUtils.isEmpty(password)) {
CredentialsInfo credentialsInfo = new CredentialsInfo(currentUser.getUsername(), password, currentUser.getEmail(), false);
PasswordValidationResult result = passwordValidationService.validate(credentialsInfo);
if (result.isValid()) {
userService.encodeAndSetPassword(currentUser, password);
} else {
throw new WebMessageException(conflict(result.getErrorMessage()));
}
}
}
Also used :
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
CredentialsInfo(org.hisp.dhis.user.CredentialsInfo)
PasswordValidationResult(org.hisp.dhis.user.PasswordValidationResult)
Aggregations
CredentialsInfo (org.hisp.dhis.user.CredentialsInfo)7
PasswordValidationResult (org.hisp.dhis.user.PasswordValidationResult)7
User (org.hisp.dhis.user.User)3
PostMapping (org.springframework.web.bind.annotation.PostMapping)3
HashMap (java.util.HashMap)2
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)2
CurrentUser (org.hisp.dhis.user.CurrentUser)2
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2
RootNode (org.hisp.dhis.node.types.RootNode)1
SimpleNode (org.hisp.dhis.node.types.SimpleNode)1
OrganisationUnit (org.hisp.dhis.organisationunit.OrganisationUnit)1
RecaptchaResponse (org.hisp.dhis.security.RecaptchaResponse)1
RestoreOptions (org.hisp.dhis.security.RestoreOptions)1
UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)1
UserCredentials (org.hisp.dhis.user.UserCredentials)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
