/*
* Copyright 2013 Stormpath, Inc. and contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.stormpath.tooter.controller;
import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.resource.ResourceException;
import com.stormpath.tooter.model.User;
import com.stormpath.tooter.model.dao.CustomerDao;
import com.stormpath.tooter.model.sdk.StormpathService;
import com.stormpath.tooter.validator.ChangePasswordValidator;
import com.stormpath.tooter.validator.ResetPasswordValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.http.HttpSession;
/**
* @author Elder Crisostomo
*/
@Controller
@Transactional(propagation = Propagation.REQUIRES_NEW)
public class PasswordController {
ChangePasswordValidator changePasswordValidator;
ResetPasswordValidator resetPasswordValidator;
@Autowired
CustomerDao customerDao;
@Autowired
StormpathService stormpath;
public PasswordController() {
}
@Autowired
public PasswordController(ChangePasswordValidator changePasswordValidator, ResetPasswordValidator resetPasswordValidator) {
this.changePasswordValidator = changePasswordValidator;
this.resetPasswordValidator = resetPasswordValidator;
}
@RequestMapping(value = "/password/forgot", method = RequestMethod.GET)
public String initResetPassword(Model model) {
model.addAttribute("user", new User());
return "resetPassword";
}
@RequestMapping(value = "/password/forgot", method = RequestMethod.POST)
public String processResetPassword(User customer, BindingResult result) {
resetPasswordValidator.validate(customer, result);
if (result.hasErrors()) {
return "resetPassword";
} else {
try {
stormpath.getApplication().sendPasswordResetEmail(customer.getEmail());
} catch (ResourceException re) {
result.addError(new ObjectError("email", re.getCode() == 404 ? "The provided email for password reset does not exist." : re.getMessage()));
re.printStackTrace();
return "resetPassword";
}
//form success
return "resetPasswordMsg";
}
}
@RequestMapping(value = "/password/message", method = RequestMethod.GET)
public String initResetPasswordMsg(Model model) {
User cust = new User();
model.addAttribute("customer", cust);
return "resetPasswordMsg";
}
@RequestMapping(value = "/password/reset", method = RequestMethod.GET)
public String initChangePassword(User cust, Model model) {
if (!StringUtils.hasText(cust.getSptoken())) {
//invalid page access - no one should visit this page unless they're resetting their password and they have
//a valid sptoken:
return "redirect:/password/forgot";
}
model.addAttribute("customer", cust);
//show the form:
return "changePassword";
}
@RequestMapping(value = "/password/reset", method = RequestMethod.POST)
public String processChangePassword(@ModelAttribute("customer") User user, BindingResult result, HttpSession session) {
changePasswordValidator.validate(user, result);
if (result.hasErrors()) {
return "changePassword";
}
String sptoken = user.getSptoken();
if (!StringUtils.hasText(sptoken)) {
//invalid page access - should have an sptoken from the setup form.
return "redirect:/password/forgot";
}
try {
//New password was specified - verify the reset token and apply the new password:
Account account = stormpath.getApplication().verifyPasswordResetToken(sptoken);
//token is valid, set the password and sync to Stormpath:
account.setPassword(user.getPassword());
account.save();
//remove any stale value:
session.removeAttribute("stormpathAccount");
} catch (ResourceException re) {
result.addError(new ObjectError("password", re.getCode() == 404 ? "The provided password reset token is invalid." : re.getMessage()));
re.printStackTrace();
return "changePassword";
}
//form success
return "redirect:/login/message?loginMsg=passChanged";
}
}