reference/src/main/java/org/apache/sling/cms/reference/forms/impl/actions/ResetPasswordAction.java - sling-org-apache-sling-app-cms - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sling.cms.reference.forms.impl.actions;

 import java.util.Calendar;
 import java.util.Collections;

 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.Value;

 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.sling.api.resource.Resource;
 import org.apache.sling.api.resource.ResourceResolver;
 import org.apache.sling.api.resource.ResourceResolverFactory;
 import org.apache.sling.cms.reference.forms.FormAction;
 import org.apache.sling.cms.reference.forms.FormActionResult;
 import org.apache.sling.cms.reference.forms.FormConstants;
 import org.apache.sling.cms.reference.forms.FormException;
 import org.apache.sling.cms.reference.forms.FormRequest;
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
 import org.osgi.service.component.annotations.Reference;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 @Component(service = { FormAction.class })
 public class ResetPasswordAction implements FormAction {

     public static final String RESOURCE_TYPE = "reference/components/forms/actions/resetpassword";
     private static final Logger log = LoggerFactory.getLogger(ResetPasswordAction.class);
     private ResourceResolverFactory factory;

     @Activate
     public ResetPasswordAction(@Reference ResourceResolverFactory factory) {
         this.factory = factory;
     }

     @Override
     public FormActionResult handleForm(Resource actionResource, FormRequest request) throws FormException {
         String email = request.getFormData().get(FormConstants.PN_EMAIL, String.class);
         String resetToken = request.getFormData().get(FormConstants.PN_RESETTOKEN, String.class);
         String password = request.getFormData().get("password", String.class);

         try (ResourceResolver adminResolver = factory.getServiceResourceResolver(
                 Collections.singletonMap(ResourceResolverFactory.SUBSERVICE, FormConstants.SERVICE_USER))) {

             JackrabbitSession session = (JackrabbitSession) adminResolver.adaptTo(Session.class);
             final UserManager userManager = session.getUserManager();

             User user = (User) userManager.getAuthorizable(email);

             if (user == null) {
                 return FormActionResult.failure("No user found for " + email);
             }

             String storedToken = getValue(user.getProperty(FormConstants.PN_RESETTOKEN), String.class);
             Calendar resetTimeout = getValue(user.getProperty(FormConstants.PN_RESETTIMEOUT), Calendar.class);
             if (storedToken == null || !storedToken.equals(resetToken)) {
                 return FormActionResult.failure("Failed to validate token");
             }
             if (Calendar.getInstance().after(resetTimeout)) {
                 return FormActionResult.failure("Timeout already passed");
             }
             user.changePassword(password);

             log.debug("Saving changes!");
             adminResolver.commit();

             return FormActionResult.success("Password reset successfully!");
         } catch (Exception e) {
             throw new FormException("Failed to complete password reset", e);
         }
     }

     private <E> E getValue(Value[] property, Class<E> clazz) throws IllegalStateException, RepositoryException {
         if (property != null && property.length > 0) {
             Value v = property[0];
             if (clazz.isAssignableFrom(String.class)) {
                 return clazz.cast(v.getString());
             }
             if (clazz.isAssignableFrom(Calendar.class)) {
                 return clazz.cast(v.getDate());
             }
         }
         return null;
     }

     @Override
     public boolean handles(Resource actionResource) {
         return RESOURCE_TYPE.equals(actionResource.getResourceType());
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sling.cms.reference.forms.impl.actions;

	import java.util.Calendar;
	import java.util.Collections;

	import javax.jcr.RepositoryException;
	import javax.jcr.Session;
	import javax.jcr.Value;

	import org.apache.jackrabbit.api.JackrabbitSession;
	import org.apache.jackrabbit.api.security.user.User;
	import org.apache.jackrabbit.api.security.user.UserManager;
	import org.apache.sling.api.resource.Resource;
	import org.apache.sling.api.resource.ResourceResolver;
	import org.apache.sling.api.resource.ResourceResolverFactory;
	import org.apache.sling.cms.reference.forms.FormAction;
	import org.apache.sling.cms.reference.forms.FormActionResult;
	import org.apache.sling.cms.reference.forms.FormConstants;
	import org.apache.sling.cms.reference.forms.FormException;
	import org.apache.sling.cms.reference.forms.FormRequest;
	import org.osgi.service.component.annotations.Activate;
	import org.osgi.service.component.annotations.Component;
	import org.osgi.service.component.annotations.Reference;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	@Component(service = { FormAction.class })
	public class ResetPasswordAction implements FormAction {

	public static final String RESOURCE_TYPE = "reference/components/forms/actions/resetpassword";
	private static final Logger log = LoggerFactory.getLogger(ResetPasswordAction.class);
	private ResourceResolverFactory factory;

	@Activate
	public ResetPasswordAction(@Reference ResourceResolverFactory factory) {
	this.factory = factory;
	}

	@Override
	public FormActionResult handleForm(Resource actionResource, FormRequest request) throws FormException {
	String email = request.getFormData().get(FormConstants.PN_EMAIL, String.class);
	String resetToken = request.getFormData().get(FormConstants.PN_RESETTOKEN, String.class);
	String password = request.getFormData().get("password", String.class);

	try (ResourceResolver adminResolver = factory.getServiceResourceResolver(
	Collections.singletonMap(ResourceResolverFactory.SUBSERVICE, FormConstants.SERVICE_USER))) {

	JackrabbitSession session = (JackrabbitSession) adminResolver.adaptTo(Session.class);
	final UserManager userManager = session.getUserManager();

	User user = (User) userManager.getAuthorizable(email);

	if (user == null) {
	return FormActionResult.failure("No user found for " + email);
	}

	String storedToken = getValue(user.getProperty(FormConstants.PN_RESETTOKEN), String.class);
	Calendar resetTimeout = getValue(user.getProperty(FormConstants.PN_RESETTIMEOUT), Calendar.class);
	if (storedToken == null \|\| !storedToken.equals(resetToken)) {
	return FormActionResult.failure("Failed to validate token");
	}
	if (Calendar.getInstance().after(resetTimeout)) {
	return FormActionResult.failure("Timeout already passed");
	}
	user.changePassword(password);

	log.debug("Saving changes!");
	adminResolver.commit();

	return FormActionResult.success("Password reset successfully!");
	} catch (Exception e) {
	throw new FormException("Failed to complete password reset", e);
	}
	}

	private <E> E getValue(Value[] property, Class<E> clazz) throws IllegalStateException, RepositoryException {
	if (property != null && property.length > 0) {
	Value v = property[0];
	if (clazz.isAssignableFrom(String.class)) {
	return clazz.cast(v.getString());
	}
	if (clazz.isAssignableFrom(Calendar.class)) {
	return clazz.cast(v.getDate());
	}
	}
	return null;
	}

	@Override
	public boolean handles(Resource actionResource) {
	return RESOURCE_TYPE.equals(actionResource.getResourceType());
	}

	}