package controllers; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.util.List; import org.apache.commons.lang3.StringUtils; import models.User; import play.Logger; import play.data.DynamicForm; import play.libs.Json; import play.mvc.BodyParser; import play.mvc.Result; import play.mvc.Security; import uk.bl.api.PasswordHash; import views.html.passwords.edit; import views.html.infomessage; import com.fasterxml.jackson.databind.JsonNode; /** * Manage passwords. */ @Security.Authenticated(SecuredController.class) public class PasswordController extends AbstractController { /** * Add new user entry. * @param user * @return */ @BodyParser.Of(BodyParser.Json.class) public static Result filterByJson(String name) { JsonNode jsonData = null; if (name != null) { List<User> users = User.filterByName(name); jsonData = Json.toJson(users); } return ok(jsonData); } /** * Display the user edit panel for this URL. */ public static Result edit() { Logger.debug("edit"); User user = User.findByEmail(request().username()); return ok(edit.render(user)); } /** * This method prepares Collection form for sending info message * about errors * @return edit page with form and info message */ public static Result info() { return ok( edit.render(User.findByEmail(request().username())) ); } /** * This method saves changed password in the same object. The "version" field in the User object * contains the timestamp of the change. * @return */ public static Result save() { Result res = null; Logger.debug("saving"); DynamicForm request = DynamicForm.form().bindFromRequest(); String oldPassword = request.get("oldpassword"); String password = request.get("password"); String passwordValidation = request.get("password_validation"); Long id = Long.valueOf(request.get("id")); Logger.debug(oldPassword + " " + password + " " + passwordValidation); User user = User.findById(id); if (user != null) { if (StringUtils.isEmpty(password)) { Logger.debug("The password field is empty."); flash("message", "The password field is empty."); return info(); } if (StringUtils.isEmpty(passwordValidation)) { Logger.debug("The password validation field is empty."); flash("message", "The password validation field is empty."); return info(); } if (!password.equals(passwordValidation)) { Logger.debug("The value of the password field does not match to the value of the password validation field."); flash("message", "The value of the password field does not match to the value of the password validation field."); return info(); } /** * Change password */ if (StringUtils.isNotBlank(password) || StringUtils.isNotBlank(passwordValidation) || StringUtils.isNotBlank(oldPassword)) { try { String userDbPassword = user.password; boolean isValidOldPassword = PasswordHash.validatePassword(oldPassword, userDbPassword); if (!isValidOldPassword) { Logger.debug("The old password is not correct."); flash("message", "The old password is not correct."); return info(); } else { user.password = PasswordHash.createHash(password); } } catch (NoSuchAlgorithmException e) { Logger.debug("change password - no algorithm error: " + e); } catch (InvalidKeySpecException e) { Logger.debug("change password - key specification error: " + e); } } Logger.debug("update user: " + user.toString()); user.save(); } res = ok(infomessage.render("You have successfully updated your password.")); return res; } }