package fi.otavanopisto.muikku.plugins.forgotpassword; import java.util.logging.Level; import java.util.logging.Logger; import javax.enterprise.context.Dependent; import javax.inject.Inject; import fi.otavanopisto.muikku.model.users.UserEntity; import fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChange; import fi.otavanopisto.muikku.plugins.user.UserPendingPasswordChangeDAO; import fi.otavanopisto.muikku.schooldata.SchoolDataBridgeSessionController; import fi.otavanopisto.muikku.schooldata.SchoolDataBridgeUnauthorizedException; import fi.otavanopisto.muikku.schooldata.SchoolDataIdentifier; import fi.otavanopisto.muikku.schooldata.UserSchoolDataController; import fi.otavanopisto.muikku.schooldata.entity.User; import fi.otavanopisto.muikku.users.UserEntityController; @Dependent public class ForgotPasswordController { @Inject private Logger logger; @Inject private UserSchoolDataController userSchoolDataController; @Inject private UserEntityController userEntityController; @Inject private UserPendingPasswordChangeDAO userPendingPasswordChangeDAO; @Inject private SchoolDataBridgeSessionController schoolDataBridgeSessionController; public boolean isValidPasswordChangeHash(String confirmationHash) { return userPendingPasswordChangeDAO.findByConfirmationHash(confirmationHash) != null; } public String getUsername(String confirmationHash) { UserPendingPasswordChange userPendingPasswordChange = userPendingPasswordChangeDAO.findByConfirmationHash(confirmationHash); if (userPendingPasswordChange != null) { Long userEntityId = userPendingPasswordChange.getUserEntity(); if (userEntityId == null) { logger.severe(String.format("UserPendingPasswordChange with hash %s did not contain userEnityId", confirmationHash)); return null; } UserEntity userEntity = userEntityController.findUserEntityById(userEntityId); if (userEntity == null) { logger.severe(String.format("UserPendingPasswordChange with hash %s contained invalid userEnityId", confirmationHash)); return null; } schoolDataBridgeSessionController.startSystemSession(); try { User user = userSchoolDataController.findUser(userEntity.getDefaultSchoolDataSource(), userEntity.getDefaultIdentifier()); if (user == null) { logger.severe(String.format("Failed to retrieve user for UserEntity %d", userEntity.getId())); return null; } SchoolDataIdentifier userIdentifier = new SchoolDataIdentifier(user.getIdentifier(), user.getSchoolDataSource()); try { return userSchoolDataController.findUsername(user); } catch (Exception e) { logger.log(Level.SEVERE, String.format("Failed to fetch username for user %s", userIdentifier.toId())); return null; } } finally { schoolDataBridgeSessionController.endSystemSession(); } } return null; } public boolean resetPassword(String confirmationHash, String password) { UserPendingPasswordChange userPendingPasswordChange = userPendingPasswordChangeDAO.findByConfirmationHash(confirmationHash); if (userPendingPasswordChange != null) { UserEntity userEntity = userEntityController.findUserEntityById(userPendingPasswordChange.getUserEntity()); if (userEntity == null) { logger.severe(String.format("UserPendingPasswordChange with hash %s contained invalid userEnityId", confirmationHash)); return false; } try { userSchoolDataController.confirmResetPassword(userEntity.getDefaultSchoolDataSource(), confirmationHash, password); } catch (SchoolDataBridgeUnauthorizedException e) { logger.log(Level.SEVERE, "Failed to process password reset request", e); return false; } userPendingPasswordChangeDAO.delete(userPendingPasswordChange); return true; } return false; } }