UserAccountResetPasswordController.java

package org.xmx0632.deliciousfruit.api.v1;

import javax.validation.Validator;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.xmx0632.deliciousfruit.api.v1.helper.PasswordHelper;
import org.xmx0632.deliciousfruit.entity.UserAccount;
import org.xmx0632.deliciousfruit.service.ResetPasswordService;
import org.xmx0632.deliciousfruit.service.UserAccountService;

/**
 * 重置用户密码
 * 
 * @author xmx0632
 */
@Controller
@RequestMapping(value = "/resetPwd")
public class UserAccountResetPasswordController {

	private static Logger log = LoggerFactory
			.getLogger(UserAccountResetPasswordController.class);

	@Autowired
	private UserAccountService userAccountService;

	@Autowired
	private ResetPasswordService resetPasswordService;

	@Autowired
	private Validator validator;

	@RequestMapping(value = "/init", method = RequestMethod.GET)
	public String resetPwd(@RequestParam String username,
			@RequestParam String email, @RequestParam Long ts,
			@RequestParam String enkey, Model model) {
		// 验证参数是否合法
		boolean isValidRequest = resetPasswordService.isValidRequest(username,
				email, ts, enkey);
		log.debug("username:{}, email:{}, ts:{}, enkey:{}, isValidRequest?{}",
				username, email, ts, enkey, isValidRequest);
		if (!isValidRequest) {
			log.info(
					"invalid reset password request detected. username:{}, email:{}, ts:{}, enkey:{}, isValidRequest?{}",
					username, email, ts, enkey, isValidRequest);
			return "error/403";
		}
		// 显示新密码框
		UserAccount userAccount = userAccountService.findByUsername(username);
		log.debug("userAccount:{}", userAccount);
		model.addAttribute("userAccount", userAccount);
		return "account/resetPwd";
	}

	@RequestMapping(value = "/reset", method = RequestMethod.POST)
	@ResponseBody
	public String reset(@RequestParam String username, @RequestParam Long id,
			@RequestParam String plainPassword, Model model) {
		UserAccount ua = userAccountService.getUserAccount(id);
		if (ua != null && ua.getUsername().equals(username)) {
			if (StringUtils.isNotBlank(plainPassword)) {
				log.debug("username:{} reset password success", username);
				String encodedPassword = PasswordHelper.md5(plainPassword);
				ua.setPassword(encodedPassword);
				userAccountService.saveUserAccount(ua);
				return "密码重置成功.";
			} else {
				return "密码不能为空";
			}
		} else {
			return "bad request";
		}

	}
}