com.stormpath.tooter.controller.PasswordController.java Source code

Java tutorial

Introduction

Here is the source code for com.stormpath.tooter.controller.PasswordController.java

Source

/*
 * Copyright 2013 Stormpath, Inc. and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.stormpath.tooter.controller;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.resource.ResourceException;
import com.stormpath.tooter.model.User;
import com.stormpath.tooter.model.dao.CustomerDao;
import com.stormpath.tooter.model.sdk.StormpathService;
import com.stormpath.tooter.validator.ChangePasswordValidator;
import com.stormpath.tooter.validator.ResetPasswordValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model;
import org.springframework.util.StringUtils;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import javax.servlet.http.HttpSession;

/**
 * @author Elder Crisostomo
 */
@Controller
@Transactional(propagation = Propagation.REQUIRES_NEW)
public class PasswordController {

    ChangePasswordValidator changePasswordValidator;

    ResetPasswordValidator resetPasswordValidator;

    @Autowired
    CustomerDao customerDao;

    @Autowired
    StormpathService stormpath;

    public PasswordController() {
    }

    @Autowired
    public PasswordController(ChangePasswordValidator changePasswordValidator,
            ResetPasswordValidator resetPasswordValidator) {
        this.changePasswordValidator = changePasswordValidator;
        this.resetPasswordValidator = resetPasswordValidator;
    }

    @RequestMapping(value = "/password/forgot", method = RequestMethod.GET)
    public String initResetPassword(Model model) {
        model.addAttribute("user", new User());
        return "resetPassword";
    }

    @RequestMapping(value = "/password/forgot", method = RequestMethod.POST)
    public String processResetPassword(User customer, BindingResult result) {

        resetPasswordValidator.validate(customer, result);

        if (result.hasErrors()) {
            return "resetPassword";
        } else {
            try {
                stormpath.getApplication().sendPasswordResetEmail(customer.getEmail());
            } catch (ResourceException re) {
                result.addError(new ObjectError("email",
                        re.getCode() == 404 ? "The provided email for password reset does not exist."
                                : re.getMessage()));
                re.printStackTrace();
                return "resetPassword";
            }

            //form success
            return "resetPasswordMsg";
        }
    }

    @RequestMapping(value = "/password/message", method = RequestMethod.GET)
    public String initResetPasswordMsg(Model model) {
        User cust = new User();
        model.addAttribute("customer", cust);
        return "resetPasswordMsg";
    }

    @RequestMapping(value = "/password/reset", method = RequestMethod.GET)
    public String initChangePassword(User cust, Model model) {

        if (!StringUtils.hasText(cust.getSptoken())) {
            //invalid page access - no one should visit this page unless they're resetting their password and they have
            //a valid sptoken:
            return "redirect:/password/forgot";
        }

        model.addAttribute("customer", cust);
        //show the form:
        return "changePassword";
    }

    @RequestMapping(value = "/password/reset", method = RequestMethod.POST)
    public String processChangePassword(@ModelAttribute("customer") User user, BindingResult result,
            HttpSession session) {

        changePasswordValidator.validate(user, result);

        if (result.hasErrors()) {
            return "changePassword";
        }

        String sptoken = user.getSptoken();

        if (!StringUtils.hasText(sptoken)) {
            //invalid page access - should have an sptoken from the setup form.
            return "redirect:/password/forgot";
        }

        try {
            //New password was specified - verify the reset token and apply the new password:
            Account account = stormpath.getApplication().verifyPasswordResetToken(sptoken);

            //token is valid, set the password and sync to Stormpath:
            account.setPassword(user.getPassword());
            account.save();

            //remove any stale value:
            session.removeAttribute("stormpathAccount");

        } catch (ResourceException re) {
            result.addError(new ObjectError("password",
                    re.getCode() == 404 ? "The provided password reset token is invalid." : re.getMessage()));
            re.printStackTrace();
            return "changePassword";
        }

        //form success
        return "redirect:/login/message?loginMsg=passChanged";
    }
}