DBChangeForgotPasswordImpl.java

package com.andreiolar.abms.server;

import java.sql.Connection;
import java.sql.PreparedStatement;

import com.andreiolar.abms.client.rpc.DBChangeForgotPassword;
import com.andreiolar.abms.security.BCrypt;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;

public class DBChangeForgotPasswordImpl extends RemoteServiceServlet implements DBChangeForgotPassword {

	private static final long serialVersionUID = 9208827813638944891L;

	@Override
	public Boolean resetPassword(String email, String password) throws Exception {
		Connection conn = null;
		PreparedStatement stmt = null;

		boolean isUserPasswordUpdated = false;

		try {
			conn = MyConnection.getConnection();

			try {
				String q = "UPDATE users SET password=? WHERE username=(SELECT username FROM user_info WHERE email=?)";
				stmt = conn.prepareStatement(q);
				String hashedPassword = BCrypt.hashpw(password, BCrypt.gensalt());

				stmt.setString(1, hashedPassword);
				stmt.setString(2, email);

				int executed = stmt.executeUpdate();
				if (executed > 0) {
					isUserPasswordUpdated = true;
				}

			} catch (Exception ex) {
				throw new RuntimeException("Something went wrong: " + ex.getMessage(), ex);
			} finally {
				stmt.close();
			}

			if (isUserPasswordUpdated) {
				try {
					String q = "DELETE FROM password_recovery WHERE email=?";
					stmt = conn.prepareStatement(q);
					stmt.setString(1, email);

					stmt.executeUpdate();
				} catch (Exception e) {
					throw new RuntimeException("Something went wrong: " + e.getMessage(), e);
				} finally {
					stmt.close();
				}
			}
		} catch (Exception ex) {
			throw new RuntimeException("Something went wrong: " + ex.getMessage(), ex);
		} finally {
			conn.close();
		}

		if (!isUserPasswordUpdated) {
			throw new Exception("Failed to reset password. Please try again.");
		}

		return true;
	}

}