Java tutorial
/* * Copyright 2010 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.springsource.greenhouse.reset; import javax.inject.Inject; import javax.validation.Valid; import org.springframework.model.FieldModel; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import com.springsource.greenhouse.account.SignInNotFoundException; import com.springsource.greenhouse.utils.Message; /** * UI Controller for resetting user passwords. * This Controller may be accessed by the general public and does not require signin. * However, it should be accessed over SSL since it accepts secure user credentials. * @author Keith Donald */ @Controller public class ResetPasswordController { private final ResetPasswordService service; @Inject public ResetPasswordController(ResetPasswordService service) { this.service = service; } /** * Render the reset password form to the person as HTML in their web browser. */ @RequestMapping(value = "/reset", method = RequestMethod.GET) public void resetPage(Model model) { model.addAttribute("username", new FieldModel<String>()); } /** * Process a request by a person to reset a member password. * Calls the {@link ResetPasswordService} to send a reset password mail. * The mail message will contain a request token that must be presented to continue the password reset operation. */ @RequestMapping(value = "/reset", method = RequestMethod.POST) public String sendResetMail(@RequestParam String signin, Model model, RedirectAttributes redirectAttrs) { try { service.sendResetMail(signin); redirectAttrs.addFlashAttribute(Message .info("An email has been sent to you. Follow its instructions to reset your password.")); return "redirect:/reset"; } catch (SignInNotFoundException e) { model.addAttribute("signin", FieldModel.error("not on file", signin)); return null; } } /** * Render a change password form to the user once the reset token is validated. */ @RequestMapping(value = "/reset", method = RequestMethod.GET, params = "token") public String changePasswordForm(@RequestParam String token, Model model) { if (!service.isValidResetToken(token)) { return "reset/invalidToken"; } model.addAttribute(new ChangePasswordForm()); return "reset/changePassword"; } /** * Process the change password submission and reset the user's password. */ @RequestMapping(value = "/reset", method = RequestMethod.POST, params = "token") public String changePassword(@RequestParam String token, @Valid ChangePasswordForm form, BindingResult formBinding, Model model, RedirectAttributes redirectAttrs) { if (formBinding.hasErrors()) { model.addAttribute("token", token); return "reset/changePassword"; } try { service.changePassword(token, form.getPassword()); redirectAttrs.addFlashAttribute("Your password has been reset"); return "redirect:/reset"; } catch (InvalidResetTokenException e) { redirectAttrs.addFlashAttribute( Message.error("Your reset password session has expired. Please try again.")); return "redirect:/reset"; } } }