JdbcRestPasswordService.java

/*
 * Copyright 2010 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.springsource.greenhouse.reset;

import javax.inject.Inject;

import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.crypto.keygen.KeyGenerators;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.springsource.greenhouse.account.Account;
import com.springsource.greenhouse.account.AccountRepository;
import com.springsource.greenhouse.account.SignInNotFoundException;

/**
 * ResetPasswordService implementation that stores reset password requests in a relational database using the JDBC API.
 * Delegates to {@link AccountRepository} to actually change a member's password.
 * Delegates to a {@link ResetPasswordMailer} to send out reset password emails.
 * Delegates to a {@link SecureRandomStringKeyGenerator} to generate unique reset password tokens.
 * @author Keith Donald
 */
@Service
public class JdbcRestPasswordService implements ResetPasswordService {

	private final JdbcTemplate jdbcTemplate;

	private final AccountRepository accountRepository;
	
	private final ResetPasswordMailer mailer;
	
	private final StringKeyGenerator tokenGenerator = KeyGenerators.string();
	
	@Inject
	public JdbcRestPasswordService(JdbcTemplate jdbcTemplate, AccountRepository accountRepository, ResetPasswordMailer mailer) {
		this.jdbcTemplate = jdbcTemplate;
		this.accountRepository = accountRepository;
		this.mailer = mailer;
	}

	@Transactional
	public void sendResetMail(String username) throws SignInNotFoundException {
		Account account = accountRepository.findBySignin(username);
		String token = tokenGenerator.generateKey();
 		jdbcTemplate.update("insert into ResetPassword (token, member) values (?, ?)", token, account.getId());
 		mailer.send(new ResetPasswordRequest(token, account));
	}

	public boolean isValidResetToken(String token) {
		return jdbcTemplate.queryForInt("select count(*) from ResetPassword where token = ?", token) == 1;
	}

	@Transactional
	public void changePassword(String token, String password) throws InvalidResetTokenException {
		Long accountId = findAccountIdByToken(token);
		accountRepository.changePassword(accountId, password);
		jdbcTemplate.update("delete from ResetPassword where token = ?", token);
	}

	// internal helpers
	
	private Long findAccountIdByToken(String token) throws InvalidResetTokenException {
		try {
			return jdbcTemplate.queryForLong("select member from ResetPassword where token = ?", token);       		
		} catch (EmptyResultDataAccessException e) {
			throw new InvalidResetTokenException(token);
		}
	}

}