Package com.jalios.jcms.handler

Class ResetPasswordHandler

    • Field Detail

      • EXPIRATION_DURATION_PROP

        public static final java.lang.String EXPIRATION_DURATION_PROP
        Property key that defines the password reset link validity duration. (See JCMS-3940)
        Since:
        jcms-7.1.4, jcms-8.0.3, jcms-9.0.0
        See Also:
        Constant Field Values

    • Constructor Detail

      • ResetPasswordHandler

        public ResetPasswordHandler()

    • Method Detail

      • processAction

        public boolean processAction()
                      throws java.io.IOException
        Description copied from class: JcmsFormHandler
        Method to be implemented to check/validate action to be performed and process them.

        Default implementation is to return false. No need to call super method.

        This method may NOT be invoked at all if security validation are not met.

        You must ensure your handler and JSP can work properly without any code invoked in this method.

        Overrides:
        processAction in class JcmsFormHandler
        Returns:
        false if no redirection is needed, true otherwise
        Throws:
        java.io.IOException - IO Exception

      • validateRequestReset

        public boolean validateRequestReset()
        Check all information required for a password reset request have been provided
        Returns:
        true if password reset request operation can be performed, false otherwise

      • performRequestReset

        public boolean performRequestReset()
                            throws java.io.IOException
        Perform the password reset request for the specified email
        Returns:
        true if a redirect is needed, false otherwise
        Throws:
        java.io.IOException - on redirect error

      • getPasswordResetUrl

        public static java.lang.String getPasswordResetUrl​(javax.servlet.http.HttpServletRequest request,
                                                   Member mbr)
        Retrieve an absolute URL suitable for the specified member to change his password.

        The returned URL will be valid during the default duration defined by property "channel.reset-password-link.duration".

        The specified member MUST be a member authorized to update his password, that is :

        • It must be enabled
        • It must not be an LDAP account
        • It must not be a Contact
        • It must not have en empty password
        • It must be persisted
        Parameters:
        request - optional current request to retrieve base url (site's base url is used if null)
        mbr - required member
        Returns:
        an absolute URL
        Throws:
        java.lang.IllegalArgumentException - if member does not match any of the expected constraints

      • getPasswordResetUrl

        public static java.lang.String getPasswordResetUrl​(javax.servlet.http.HttpServletRequest request,
                                                   Member mbr,
                                                   long tokenDuration)
        Retrieve an absolute URL suitable for the specified member to change his password.

        The specified member MUST be a member authorized to update his password, that is :

        • It must be enabled
        • It must not be an LDAP account
        • It must not be a Contact
        • It must not have en empty password
        • It must be persisted
        Parameters:
        request - optional current request to retrieve base url (site's base url is used if null)
        mbr - required member
        tokenDuration - a duration in millisecond during which the URL is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
        Default duration is defined by property "channel.reset-password-link.duration".
        If this property does not represent a valid long, 24 hours will be used as fallback.
        Returns:
        an absolute URL
        Throws:
        java.lang.IllegalArgumentException - if member does not match any of the expected constraints
        Since:
        jcms-7.1.1

      • getPasswordResetUrl

        public static java.lang.String getPasswordResetUrl​(javax.servlet.http.HttpServletRequest request,
                                                   Member mbr,
                                                   long tokenDuration,
                                                   boolean selfRequest)
        Retrieve an absolute URL suitable for the specified member to change his password.

        The specified member MUST be a member authorized to update his password, that is :

        • It must be enabled
        • It must not be an LDAP account
        • It must not be a Contact
        • It must not have en empty password
        • It must be persisted
        Parameters:
        request - optional current request to retrieve base url (site's base url is used if null)
        mbr - required member
        tokenDuration - a duration in millisecond during which the URL is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
        Default duration is defined by property "channel.reset-password-link.duration".
        If this property does not represent a valid long, 24 hours will be used as fallback.
        selfRequest - true if reset is requested by user himself, false when reset is requested by admin
        Returns:
        an absolute URL
        Throws:
        java.lang.IllegalArgumentException - if member does not match any of the expected constraints
        Since:
        jcms-10.0.4 / JCMS-7614

      • validateReset

        public boolean validateReset()
        Check all information required for a password reset have been provided
        Returns:
        true if password reset operation can be performed, false otherwise

      • performReset

        public boolean performReset()
                     throws java.io.IOException
        Perform the password reset request for the specified email
        Returns:
        true if a redirect is needed, false otherwise
        Throws:
        java.io.IOException - on redirect error

      • generatePasswordResetToken

        public static java.lang.String generatePasswordResetToken​(Member member,
                                                          long tokenDuration)
        Compute and generate a password reset token suitable for a password reset modification
        Parameters:
        member - the member for which token is generated, must not be null
        tokenDuration - a duration in millisecond during which the token is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
        Default duration is defined by property "channel.reset-password-link.duration".
        If this property does not represent a valid long, 24 hours will be used as fallback.
        Returns:
        a digest suitable for use as parameter passwordResetToken
        Throws:
        java.lang.IllegalArgumentException - if member is disabled, or does not have any password, or is not persisted

      • getMemberFromPasswordResetToken

        public static Member getMemberFromPasswordResetToken​(java.lang.String token)
        Validate a password reset token and retrieve the corresponding member.
        Parameters:
        token - the password reset token value as computed by generatePasswordResetToken(Member, long)
        Returns:
        the Member for which password token can be used, null if token is invalid or expired

      • setOpRequestReset

        public void setOpRequestReset​(java.lang.String value)
        Set this parameter to trigger a password request reset.

        Fields which must be specified : email.

        Parameters:
        value - any value

      • setOpReset

        public void setOpReset​(java.lang.String value)
        Set this parameter to trigger a password reset.

        Fields which must be specified : mbrId, password1, password2, passwordResetToken.

        Parameters:
        value - any value

      • isResetRequestFormDisplayed

        public boolean isResetRequestFormDisplayed()
        Check if the "request reset password" form should be displayed.
        Returns:
        true if the "request reset" form must be displayed, false otherwise

      • isResetFormDisplayed

        public boolean isResetFormDisplayed()
        Check if the "reset password" form should be displayed.
        Returns:
        true if the "reset" form must be displayed, false otherwise

      • setEmail

        public void setEmail​(java.lang.String email)
        The the email for which a password reset request will be sent
        Parameters:
        email - a valid email

      • getEmail

        public java.lang.String getEmail()
        The email as entered by the user.
        Returns:
        the same value retrieved by the handler.

      • getMember

        public Member getMember()
        Retrieve the member for which a password reset is performed.
        Returns:
        a Member, or null if no member was specified

      • setPassword1

        public void setPassword1​(java.lang.String password)
        Set the new password to use
        Parameters:
        password - the clear text password to use for the member

      • setPassword2

        public void setPassword2​(java.lang.String password)
        Set the new password confirmation
        Parameters:
        password - the clear text password, which must match password1

      • setPasswordResetToken

        public void setPasswordResetToken​(java.lang.String token)
        Set the internal security token validating the password reset.

        This parameter has several purpose : - storing the token in handler for access in form - reading member for which operation is performed - trigger the "reset" form and hide the "request reset" form.

        Parameters:
        token - a security token internally build by this handler and specified in the validation email

      • setSelfResetRequest

        public void setSelfResetRequest​(boolean isSelfResetRequest)
        Set a purely informative field for the reset process in progress.

        • set to true, to indicate password reset was requested by the user himself
        • set to false (the default), to indicate reset was initially sent by an administrator
        It is not meant to change the reset behavior, but only the I18N properties being displayed to the end user
        Parameters:
        isSelfResetRequest - true if reset is requested by user himself, false when reset is requested by admin
        Since:
        jcms-10.0.4 / JCMS-7614

      • isSelfResetRequest

        public boolean isSelfResetRequest()
        Check the origin of this password reset request
        Returns:
        true if reset is requested by user himself, false when reset is requested by admin
        Since:
        jcms-10.0.4 / JCMS-7614

      • getPasswordResetToken

        public java.lang.String getPasswordResetToken()
        Retrieve the internal security token used to validate the password reset.
        Returns:
        a security token as sent in the validation email

      • getExpirationDuration

        public static long getExpirationDuration()
        Returns:
        the default validity duration of a Password reset request (in millisecond).

        It is defined by property EXPIRATION_DURATION_PROP="channel.reset-password-link.duration".
        If this property does not represent a valid long number, 24 Hours will be used as fallback.

        Since:
        jcms-7.1.4, jcms-8.0.3, jcms-9.0.0