com.brienwheeler.svc.users.impl.ForgottenPasswordService.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.brienwheeler.svc.users.impl.ForgottenPasswordService.java

Introduction

Here is the source code for com.brienwheeler.svc.users.impl.ForgottenPasswordService.java

Source

/*
 * The MIT License (MIT)
 *
 * Copyright (c) 2013 Brien L. Wheeler (brienwheeler@yahoo.com)
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package com.brienwheeler.svc.users.impl;

import java.util.HashMap;
import java.util.Map;

import com.brienwheeler.lib.monitor.work.MonitoredWork;
import org.joda.time.DateTime;
import org.joda.time.Period;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

import com.brienwheeler.lib.email.EmailAddress;
import com.brienwheeler.lib.security.HmacSha256;
import com.brienwheeler.lib.svc.GracefulShutdown;
import com.brienwheeler.lib.svc.impl.SpringStoppableServiceBase;
import com.brienwheeler.lib.util.EnvironmentUtils;
import com.brienwheeler.lib.util.OperationDisallowedException;
import com.brienwheeler.lib.util.ValidationUtils;
import com.brienwheeler.svc.email.IEmailService;
import com.brienwheeler.svc.users.ForgottenPasswordData;
import com.brienwheeler.svc.users.IForgottenPasswordService;
import com.brienwheeler.svc.users.IUserEmailAddressService;
import com.brienwheeler.svc.users.IUserService;
import com.brienwheeler.svc.users.domain.User;

public class ForgottenPasswordService extends SpringStoppableServiceBase implements IForgottenPasswordService {
    private IEmailService emailService;
    private IUserEmailAddressService userEmailAddressService;
    private IUserService userService;
    private Period expirationPeriod;
    private String defaultSubject = "";
    private String secretKey;
    private String templateName;

    @Required
    public void setEmailService(IEmailService emailService) {
        this.emailService = emailService;
    }

    @Required
    public void setUserEmailAddressService(IUserEmailAddressService userEmailAddressService) {
        this.userEmailAddressService = userEmailAddressService;
    }

    @Required
    public void setUserService(IUserService userService) {
        this.userService = userService;
    }

    @Required
    public void setExpirationPeriod(String expirationPeriod) {
        this.expirationPeriod = Period.parse(expirationPeriod);
    }

    public void setDefaultSubject(String defaultSubject) {
        ValidationUtils.assertNotNull(defaultSubject, "defaultSubject cannot be null");
        this.defaultSubject = defaultSubject;
    }

    @Required
    public void setSecretKey(String secretKey) {
        this.secretKey = secretKey;
    }

    @Required
    public void setTemplateName(String templateName) {
        this.templateName = templateName;
    }

    @Override
    @MonitoredWork
    @GracefulShutdown
    public boolean sendForgottenPasswordEmail(EmailAddress emailAddress) {
        ValidationUtils.assertNotNull(emailAddress, "emailAddress cannot be null");

        ForgottenPasswordData verificationData = doGetForgottenPasswordData(emailAddress);
        if (verificationData == null)
            return false;

        Map<String, Object> templateModel = new HashMap<String, Object>();
        templateModel.put("verificationData", verificationData);

        emailService.sendEmail(emailAddress, defaultSubject, templateName, templateModel);
        return true;
    }

    @Override
    @GracefulShutdown // don't care about monitoring
    public ForgottenPasswordData getForgottenPasswordData(EmailAddress emailAddress) {
        ValidationUtils.assertNotNull(emailAddress, "emailAddress cannot be null");

        if (EnvironmentUtils.isProduction())
            throw new OperationDisallowedException(
                    "getForgottenPasswordData() not allowed in production environments");

        return doGetForgottenPasswordData(emailAddress);
    }

    public boolean isCurrent(ForgottenPasswordData verificationData) {
        ValidationUtils.assertNotNull(verificationData, "verificationData cannot be null");

        return verificationData.getExpiration() > new DateTime().getMillis();
    }

    public boolean isValid(ForgottenPasswordData verificationData) {
        ValidationUtils.assertNotNull(verificationData, "verificationData cannot be null");

        if (!isCurrent(verificationData))
            return false;
        if ((verificationData.getEmailAddress() == null)
                || !StringUtils.hasText(verificationData.getEmailAddress().getAddress()))
            return false;
        return getSignature(verificationData.getEmailAddress(), verificationData.getExpiration())
                .equals(verificationData.getSignature());
    }

    @Override
    @MonitoredWork
    @GracefulShutdown
    @Transactional
    public boolean resetPassword(ForgottenPasswordData verificationData, String newHashedPassword) {
        ValidationUtils.assertNotNull(verificationData, "verificationData cannot be null");
        newHashedPassword = ValidationUtils.assertNotEmpty(newHashedPassword, "newHashedPassword cannot be empty");

        if (!isValid(verificationData))
            return false;

        User user = userEmailAddressService.findByEmailAddress(verificationData.getEmailAddress());
        if (user == null)
            return false; // hard to imagine how this would happen

        userService.setNewPassword(user, newHashedPassword);
        return true;
    }

    private ForgottenPasswordData doGetForgottenPasswordData(EmailAddress emailAddress) {
        User user = userEmailAddressService.findByEmailAddress(emailAddress);
        if (user == null)
            return null;
        long expiration = new DateTime().plus(expirationPeriod).getMillis();
        return new ForgottenPasswordData(emailAddress, expiration, getSignature(emailAddress, expiration));
    }

    private String getSignature(EmailAddress emailAddress, long expiration) {
        String signString = emailAddress.getAddress() + "\n" + expiration + "\n";
        return HmacSha256.base64HmacSha256(secretKey, signString);
    }
}