Search in sources :

Example 6 with PasswordValidationResult

use of org.hisp.dhis.user.PasswordValidationResult in project dhis2-core by dhis2.

the class AccountController method restoreAccount.

@PostMapping("/restore")
@ResponseBody
public WebMessage restoreAccount(@RequestParam String token, @RequestParam String password) {
    String[] idAndRestoreToken = securityService.decodeEncodedTokens(token);
    String idToken = idAndRestoreToken[0];
    User user = userService.getUserByIdToken(idToken);
    if (user == null || idAndRestoreToken.length < 2) {
        return conflict("Account recovery failed");
    }
    String restoreToken = idAndRestoreToken[1];
    if (!systemSettingManager.accountRecoveryEnabled()) {
        return conflict("Account recovery is not enabled");
    }
    if (!ValidationUtils.passwordIsValid(password)) {
        return badRequest("Password is not specified or invalid");
    }
    if (password.trim().equals(user.getUsername())) {
        return badRequest("Password cannot be equal to username");
    }
    CredentialsInfo credentialsInfo = new CredentialsInfo(user.getUsername(), password, user.getEmail() != null ? user.getEmail() : "", false);
    PasswordValidationResult result = passwordValidationService.validate(credentialsInfo);
    if (!result.isValid()) {
        return badRequest(result.getErrorMessage());
    }
    boolean restoreSuccess = securityService.restore(user, restoreToken, password, RestoreType.RECOVER_PASSWORD);
    if (!restoreSuccess) {
        return badRequest("Account could not be restored");
    }
    log.info("Account restored for user: " + user.getUsername());
    return ok("Account restored");
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User) CredentialsInfo(org.hisp.dhis.user.CredentialsInfo) PasswordValidationResult(org.hisp.dhis.user.PasswordValidationResult) PostMapping(org.springframework.web.bind.annotation.PostMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 7 with PasswordValidationResult

use of org.hisp.dhis.user.PasswordValidationResult in project dhis2-core by dhis2.

the class MeController method updatePassword.

private void updatePassword(User currentUser, String password) throws WebMessageException {
    if (!StringUtils.isEmpty(password)) {
        CredentialsInfo credentialsInfo = new CredentialsInfo(currentUser.getUsername(), password, currentUser.getEmail(), false);
        PasswordValidationResult result = passwordValidationService.validate(credentialsInfo);
        if (result.isValid()) {
            userService.encodeAndSetPassword(currentUser, password);
        } else {
            throw new WebMessageException(conflict(result.getErrorMessage()));
        }
    }
}
Also used : WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) CredentialsInfo(org.hisp.dhis.user.CredentialsInfo) PasswordValidationResult(org.hisp.dhis.user.PasswordValidationResult)

Aggregations

CredentialsInfo (org.hisp.dhis.user.CredentialsInfo)7 PasswordValidationResult (org.hisp.dhis.user.PasswordValidationResult)7 User (org.hisp.dhis.user.User)3 PostMapping (org.springframework.web.bind.annotation.PostMapping)3 HashMap (java.util.HashMap)2 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)2 CurrentUser (org.hisp.dhis.user.CurrentUser)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 RootNode (org.hisp.dhis.node.types.RootNode)1 SimpleNode (org.hisp.dhis.node.types.SimpleNode)1 OrganisationUnit (org.hisp.dhis.organisationunit.OrganisationUnit)1 RecaptchaResponse (org.hisp.dhis.security.RecaptchaResponse)1 RestoreOptions (org.hisp.dhis.security.RestoreOptions)1 UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)1 UserCredentials (org.hisp.dhis.user.UserCredentials)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1