ForgotPasswordPage.java

/*
 *  Copyright 2012 George Armhold
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *  under the License.
 */
package com.example.justaddwater.web.app;

import com.example.justaddwater.model.AuthenticationType;
import com.example.justaddwater.model.DAO;
import com.example.justaddwater.model.OneTimeLogin;
import com.example.justaddwater.model.User;
import com.example.justaddwater.util.ServerUtils;
import net.ftlines.blog.cdidemo.web.UserAction;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.markup.html.form.AjaxButton;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.model.Model;
import org.apache.wicket.request.Url;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.validation.validator.EmailAddressValidator;
import org.slf4j.LoggerFactory;

import javax.inject.Inject;
import javax.persistence.EntityManager;
import java.util.Date;
import java.util.UUID;

/**
 * For users who have forgotten their password- create and persist
 * a token for a one-time-login; email the user a link so that they can
 * then log in with the token, and change their password.
 *
 * @author George Armhold armhold@gmail.com
 */
public class ForgotPasswordPage extends WebPage
{
    private static final long serialVersionUID = 1L;

    private static final org.slf4j.Logger log = LoggerFactory.getLogger(ForgotPasswordPage.class);

    private RequiredTextField<String> emailField;
    private WebMarkupContainer successMessage;
    private WebMarkupContainer resetDiv;
    private Form form;
    private Model<String> resetEmailModel = new Model<String>();

    @Inject
    DAO dao;

    @Inject
    EntityManager em;

    @Inject
    UserAction action;

    public ForgotPasswordPage(PageParameters parameters)
    {
        super(parameters);
        add(new Header("header"));

        form = new Form("form");
        form.setOutputMarkupId(true);

        FeedbackPanel feedback = new FeedbackPanel("feedback");
        feedback.setOutputMarkupId(true);
        form.add(feedback);

        emailField = new RequiredTextField<String>("email", new Model<String>());
        emailField.add(EmailAddressValidator.getInstance());

        form.add(emailField);

        AjaxButton submit = new AjaxButton("submit")
        {
            @Override
            protected void onSubmit(AjaxRequestTarget target, Form<?> form)
            {
                String email = emailField.getModelObject();

                User user = dao.findUserByEmail(email);
                if (user == null)
                {
                    error("no such account: " + email);
                }
                else if (user.getAuthenticationType() == AuthenticationType.facebook)
                {
                    error("can't reset password on Facebook account");
                }
                else
                {
                    createOneTimePassword(user);
                    action.apply();
                }

                target.add(resetDiv);
            }

            @Override
            protected void onError(AjaxRequestTarget target, Form<?> form)
            {
                target.add(resetDiv);
            }
        };

        form.add(submit);

        successMessage = new WebMarkupContainer("successMessage");
        Label resetEmail = new Label("resetEmail", resetEmailModel);
        successMessage.add(resetEmail);
        successMessage.setOutputMarkupId(true);
        successMessage.setVisible(false);

        resetDiv = new WebMarkupContainer("resetDiv");
        resetDiv.setOutputMarkupId(true);
        resetDiv.add(form);
        resetDiv.add(successMessage);
        add(resetDiv);
    }

    /**
     * create and persist a token for a one-time-login, and email them a link
     * so they can access their account
     */
    private void createOneTimePassword(User user)
    {
        log.info("createOneTimePassword: " + user.getEmail());

        String token = UUID.randomUUID().toString();

        OneTimeLogin otl = new OneTimeLogin();
        otl.setUser(user);
        otl.setCreationDate(new Date());
        otl.setToken(token);
        em.persist(otl);

        String from = "noreply@example.com";
        String toAddress = user.getEmail();
        String subject = "Log in to Your App";
        String body = ServerUtils.readAsString(getClass().getResourceAsStream("reset-password-template.html"));
        String bcc = null;

        PageParameters params = new PageParameters();
        params.add("token", token);

        String resetURL = RequestCycle.get().getUrlRenderer().renderFullUrl(Url.parse(urlFor(RecoverPasswordPage.class, params).toString()));
        body = body.replace("RESET_URL", resetURL);

        ElasticEmail.sendEmail(from, from, subject, body, toAddress, bcc);

        form.setVisible(false);
        resetEmailModel.setObject(user.getEmail());
        successMessage.setVisible(true);
    }

}