Search in sources :

Example 1 with OnPasswordChangedEvent

use of won.owner.web.events.OnPasswordChangedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method changePassword.

/**
 * Changes the user's password
 *
 * @param changePasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/changePassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity changePassword(@RequestBody ChangePasswordPojo changePasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /changePassword");
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    if (username == null) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_SIGNED_IN);
    }
    if (!username.equals(changePasswordPojo.getUsername())) {
        return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
    }
    try {
        passwordChangeValidator.validate(changePasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.changePassword(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword(), changePasswordPojo.getOldPassword());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with OnPasswordChangedEvent

use of won.owner.web.events.OnPasswordChangedEvent in project webofneeds by researchstudio-sat.

the class RestUserController method resetPassword.

/**
 * Resets the user's password using the recovery key.
 *
 * @param resetPasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/resetPassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity resetPassword(@RequestBody ResetPasswordPojo resetPasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /resetPassword");
    try {
        resetPasswordValidator.validate(resetPasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.useRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword(), resetPasswordPojo.getRecoveryKey());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

Transactional (org.springframework.transaction.annotation.Transactional)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 KeyStoreIOException (won.owner.model.KeyStoreIOException)2 User (won.owner.model.User)2 IncorrectPasswordException (won.owner.service.impl.IncorrectPasswordException)2 UserNotFoundException (won.owner.service.impl.UserNotFoundException)2 OnPasswordChangedEvent (won.owner.web.events.OnPasswordChangedEvent)2 OnRecoveryKeyGeneratedEvent (won.owner.web.events.OnRecoveryKeyGeneratedEvent)2