RecoverPasswordPage.java example

Explorer

justaddwater-master
- src
  - main
    - java
      - com
        example
        justaddwater
        cdi
        LoggerFactory.java
        components
        LoginForm.java
        LoginFormHandlerPage.java
        PhoneNumberTextField.java
        PhoneNumberValidator.java
        facebook
        FacebookOAuthPage.java
        model
        AuthenticationType.java
        DAO.java
        OneTimeLogin.java
        User.java
        util
        ServerUtils.java
        web
        app
        AboutPage.java
        AccountPage.java
        ChangePasswordPage.java
        ContactPage.java
        DefaultFocusBehavior.java
        ElasticEmail.java
        Error404Page.java
        Error500Page.java
        ForgotPasswordPage.java
        Header.java
        HomePage.java
        LoginPage.java
        LoginUtil.java
        MySession.java
        RecoverPasswordPage.java
        RequiresAuthentication.java
        SignupPage.java
        WicketApplication.java
      - net
        ftlines
        blog
        cdidemo
        cdi
        ApplicationLifecycleNotifier.java
        ApplicationStartedEvent.java
        ConversationStore.java
        Conversational.java
        ConversationalInterceptor.java
        Transactional.java
        TransactionalInterceptor.java
        jpa
        EntityManagerFactoryCreatedEvent.java
        EntityManagerProducer.java
        EntityMangerFactoryProducer.java
        web
        ConversationModel.java
        EntityModel.java
        EntityProvider.java
        UserAction.java
  - test
    - java
      - net
        ftlines
        blog
        cdidemo
        web
        app
        Start.java

/*
 *  Copyright 2012 George Armhold
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *  under the License.
 */
package com.example.justaddwater.web.app;

import com.example.justaddwater.model.DAO;
import com.example.justaddwater.model.OneTimeLogin;
import com.example.justaddwater.model.User;
import net.ftlines.blog.cdidemo.web.UserAction;
import org.apache.wicket.RestartResponseAtInterceptPageException;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.form.Form;
import org.apache.wicket.markup.html.form.PasswordTextField;
import org.apache.wicket.markup.html.form.validation.EqualPasswordInputValidator;
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.model.Model;
import org.apache.wicket.protocol.https.RequireHttps;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.validation.validator.StringValidator;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.LoggerFactory;

import javax.inject.Inject;
import javax.persistence.EntityManager;

/**
 * page where users are sent to recover their passwords via a one-time login token
 */
@RequireHttps
public class RecoverPasswordPage extends WebPage
{
    private static final long serialVersionUID = 1L;

    private static final org.slf4j.Logger log = LoggerFactory.getLogger(RecoverPasswordPage.class);

    private WebMarkupContainer successMessage;
    private PasswordTextField passwordField;
    private WebMarkupContainer enclosure;

    @Inject
    DAO dao;
    
    @Inject
    EntityManager em;

    @Inject
    MySession session;
    
    @Inject
    UserAction action;
    
    public RecoverPasswordPage(final PageParameters parameters)
    {
        super(parameters);
        add(new Header("header"));

        String token = parameters.get("token").toString();
        OneTimeLogin otl = dao.findOneTimeLoginByToken(token);
        if (otl == null)
        {
            error("login token invalid");
            throw new RestartResponseAtInterceptPageException(ForgotPasswordPage.class);
        }
        else if (otl.isExpired())
        {
            error("login token expired");
            throw new RestartResponseAtInterceptPageException(ForgotPasswordPage.class);
        }
        else
        {
            loginViaOneTimePassword(otl);
        }

        enclosure = new WebMarkupContainer("enclosure");
        enclosure.setOutputMarkupId(true);

        Form form = new Form("form")
        {
            @Override
            protected void onSubmit()
            {
                User user = session.getLoggedInUser();
                changePassword(user, passwordField.getModelObject());
                enclosure.setVisible(false);
                successMessage.setVisible(true);
            }
        };

        FeedbackPanel feedback = new FeedbackPanel("feedback");
        feedback.setOutputMarkupId(true);
        form.add(feedback);

        passwordField = new PasswordTextField("password", new Model<String>());
        passwordField.setRequired(true);
        passwordField.add(StringValidator.lengthBetween(6, 32));

        PasswordTextField confirmPasswordField = new PasswordTextField("confirmPassword", new Model<String>());
        confirmPasswordField.setRequired(true);

        form.add(passwordField);
        form.add(confirmPasswordField);
        form.add(new EqualPasswordInputValidator(passwordField, confirmPasswordField));

        successMessage = new WebMarkupContainer("successMessage");
        successMessage.setOutputMarkupId(true);
        successMessage.setVisible(false);
        add(successMessage);

        enclosure.add(form);
        add(enclosure);
    }



    /**
     * log user in and revoke the one-time-login token
     */
    private void loginViaOneTimePassword(OneTimeLogin otl)
    {
        User user = otl.getUser();
        log.info("loginViaOneTimePassword for user: " + user.getEmail());

        session.setUsername(user.getEmail());
        em.remove(otl);
        action.apply();
    }

    private void changePassword(User user, String newPassword)
     {
        log.info("change password for user: " + user.getEmail());

        String hashed = BCrypt.hashpw(newPassword, BCrypt.gensalt());
        user.setPassword(hashed);
        action.apply();
    }

}