package org.activityinfo.server.login;
/*
* #%L
* ActivityInfo Server
* %%
* Copyright (C) 2009 - 2013 UNICEF
* %%
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program. If not, see
* <http://www.gnu.org/licenses/gpl-3.0.html>.
* #L%
*/
import com.google.inject.Inject;
import com.sun.jersey.api.view.Viewable;
import org.activityinfo.server.database.hibernate.dao.Transactional;
import org.activityinfo.server.database.hibernate.dao.UserDAO;
import org.activityinfo.server.database.hibernate.entity.User;
import org.activityinfo.server.login.exception.IncompleteFormException;
import org.activityinfo.server.login.model.ChangePasswordPageModel;
import org.activityinfo.server.login.model.InvalidInvitePageModel;
import org.activityinfo.server.util.logging.LogException;
import javax.inject.Provider;
import javax.persistence.NoResultException;
import javax.servlet.ServletException;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.io.IOException;
@Path(ChangePasswordController.ENDPOINT)
public class ChangePasswordController {
public static final String ENDPOINT = "/changePassword";
private final Provider<UserDAO> userDAO;
private final AuthTokenProvider authTokenProvider;
@Inject
public ChangePasswordController(Provider<UserDAO> userDAO, AuthTokenProvider authTokenProvider) {
super();
this.userDAO = userDAO;
this.authTokenProvider = authTokenProvider;
}
@GET @Produces(MediaType.TEXT_HTML)
public Viewable getPage(@Context UriInfo uri) throws Exception {
try {
User user = userDAO.get().findUserByChangePasswordKey(uri.getRequestUri().getQuery());
return new ChangePasswordPageModel(user).asViewable();
} catch (NoResultException e) {
return new InvalidInvitePageModel().asViewable();
}
}
@POST @LogException(emailAlert = true)
public Response changePassword(@Context UriInfo uri,
@FormParam("key") String key,
@FormParam("password") String password) throws IOException, ServletException {
User user = null;
try {
user = userDAO.get().findUserByChangePasswordKey(key);
} catch (NoResultException e) {
return Response.ok().entity(new InvalidInvitePageModel().asViewable()).type(MediaType.TEXT_HTML).build();
}
changePassword(user, password);
return Response.seeOther(uri.getAbsolutePathBuilder().replacePath("/").build())
.cookie(authTokenProvider.createNewAuthCookies(user))
.build();
}
@Transactional
protected void changePassword(User user, String newPassword) throws IncompleteFormException {
user.changePassword(newPassword);
user.clearChangePasswordKey();
}
}