com.jalios.jcms.handler
Class ResetPasswordHandler

java.lang.Object
  extended by com.jalios.jcms.context.JcmsContext
      extended by com.jalios.jcms.context.JcmsJspContext
          extended by com.jalios.jcms.handler.JcmsFormHandler
              extended by com.jalios.jcms.handler.ResetPasswordHandler
All Implemented Interfaces:
JcmsConstants, JaliosConstants

public class ResetPasswordHandler
extends JcmsFormHandler

Handle lost password request from end user.

Also provides API to obtain valid password reset link for user : getPasswordResetUrl(HttpServletRequest, Member)

Since:
jcms-7.1

Field Summary
static String EXPIRATION_DURATION_PROP
          Property key that defines the password reset link validity duration.
 
Fields inherited from class com.jalios.jcms.handler.JcmsFormHandler
contextMap, editFieldSet, noRedirect, noSendRedirect, popupEdition, redirect, redirectOnClosePopup, REVISION, workspaceForced
 
Fields inherited from class com.jalios.jcms.context.JcmsJspContext
AJAX_REQUEST_ATTRIBUTES, BODY_HEADER, CSS_HEADER, cssboMap, cssfoMap, CUSTOM_HEADER, editIcon, HTTPEQUIV_HEADER, httpequivMap, HTTPNAME_HEADER, httpnameMap, initEditIcon, JAVASCRIPT_CODE_SET_ATTRIBUTE, JAVASCRIPT_SET_ATTRIBUTE, jsboSet, jsfoSet, out, pageContext, SHOW_EDIT_ICON, STYLE_HEADER
 
Fields inherited from class com.jalios.jcms.context.JcmsContext
browser, caddy, channel, inFO, initDone, initWorkspace, isAdmin, isAjaxRequest, isDBMember, isDebug, isLogged, loggedMember, request, response, userCountry, userLang, userLocale, workspace
 
Fields inherited from interface com.jalios.jcms.JcmsConstants
ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_DEEP_COPY, OP_DEEP_DELETE, OP_DELETE, OP_MERGE, OP_UPDATE, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML
 
Fields inherited from interface com.jalios.util.JaliosConstants
CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR
 
Constructor Summary
ResetPasswordHandler()
           
 
Method Summary
static String generatePasswordResetToken(Member member, long tokenDuration)
          Compute and generate a password reset token suitable for a password reset modification
 String getEmail()
          The email as entered by the user.
static long getExpirationDuration()
           
 Member getMember()
          Retrieve the member for which a password reset is performed.
static Member getMemberFromPasswordResetToken(String token)
          Validate a password reset token and retrieve the corresponding member.
 String getPasswordResetToken()
          Retrieve the internal security token used to validate the password reset.
static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request, Member mbr)
          Retrieve an absolute URL suitable for the specified member to change his password.
static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request, Member mbr, long tokenDuration)
          Retrieve an absolute URL suitable for the specified member to change his password.
 boolean isResetFormDisplayed()
          Check if the "reset password" form should be displayed.
 boolean isResetRequestFormDisplayed()
          Check if the "request reset password" form should be displayed.
 boolean performRequestReset()
          Perform the password reset request for the specified email
 boolean performReset()
          Perform the password reset request for the specified email
 boolean processAction()
          Method to be implemented to check/validate action to be performed and process them.
 void setEmail(String email)
          The the email for which a password reset request will be sent
 void setOpRequestReset(String value)
          Set this parameter to trigger a password request reset.
 void setOpReset(String value)
          Set this parameter to trigger a password reset.
 void setPassword1(String password)
          Set the new password to use
 void setPassword2(String password)
          Set the new password confirmation
 void setPasswordResetToken(String token)
          Set the internal security token validating the password reset.
 boolean validateRequestReset()
          Check all information required for a password reset request have been provided
 boolean validateReset()
          Check all information required for a password reset have been provided
 
Methods inherited from class com.jalios.jcms.handler.JcmsFormHandler
afterValidation, checkMissingField, getControllerContext, getEditFieldSet, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenFieldML, getMainLangValue, getMainLangValueArray, getMLMap, getMLMapArray, getRedirect, getRedirectOnClosePopup, getWorkspace, init, isFieldEdition, isFieldMissing, isPartialFieldEdition, isPopupEdition, isWorkspaceForced, processStatus, sendRedirect, sendRedirect, setEditField, setNoRedirect, setNoSendRedirect, setPopupEdition, setRedirect, setRedirectOnClosePopup, setWorkspace, setWs, updateUploadedField, updateUploadedFields, validate
 
Methods inherited from class com.jalios.jcms.context.JcmsJspContext
addBodyAttributes, addCSSHeader, addCSSHeader, addCSSHeader, addCSSHeader, addCustomHeader, addHttpEquivHeader, addHttpNameHeader, addJavaScript, addJavaScript, addJavaScript, addJavaScriptCode, addStyleHeader, addStyleHeader, checkAccess, checkAccess, checkCSRF, debugDisplayContext, disablePacker, forceEditIcon, forceUpdate, getAjaxRequestAttribute, getAjaxRequestId, getAllHeadersDiffMap, getAllHeadersMap, getBackOfficeCSSHeader, getBackOfficeJavaScriptSet, getBodyAttributes, getContentForm, getCSSHeaders, getCtxCategories, getCurrentCategory, getCustomHeaders, getDocType, getFinalCSSMap, getFinalJavaScriptSet, getFormElementCount, getFrontOfficeCSSHeader, getFrontOfficeJavaScriptSet, getHttpEquivHeaders, getHttpNameHeaders, getJavaScriptCodeSet, getJavaScriptSet, getJSONBridge, getPackVersion, getPageContext, getPageTitle, getPageZone, getPortal, getPortalCategory, getPortlet, getPublication, getStyleHeaders, getTemplateUsage, internalSetupEmptyHeader, isEditIcon, isEditIcon, isPrintView, registerDisplayContext, removeAjaxRequestAttribute, setAjaxRequestAttribute, setAjaxRequestId, setAllHeadersDiffMap, setDocType, setEditIcon, setFormElementCount, setPageContext, setPageTitle, setPageZone, setShowEditIcon, setTemplateUsage, showEditIcon, showEditIcon, workaroundBrowserBaseHrefBug
 
Methods inherited from class com.jalios.jcms.context.JcmsContext
addCookie, addMsg, addMsg, addMsgSession, addMsgSession, applySelector, forceWorkspaceUpdate, getBaseUrl, getBrowser, getCaddy, getContextPath, getErrorMsg, getErrorMsgList, getErrorMsgSession, getErrorMsgSessionList, getInfoMsg, getInfoMsgList, getInfoMsgSession, getInfoMsgSessionList, getLoggedMember, getMsgList, getMsgSessionList, getRequest, getResponse, getSession, getUploadedFile, getUploadedFileList, getUrlWithCommonUpdatedParams, getUserCountry, getUserLang, getUserLocale, getWarningMsg, getWarningMsgList, getWarningMsgSession, getWarningMsgSessionList, glp, isAdmin, isAjaxRequest, isDBMember, isDebug, isInFrontOffice, isLogged, isWebdavAccess, removeMessage, removeMessage, retrieveUploadedFile, select, sendForbidden, sendForbidden, sendRedirect, sendRedirect, sendRedirect, setErrorMsg, setErrorMsg, setErrorMsgSession, setErrorMsgSession, setInfoMsg, setInfoMsg, setInfoMsgSession, setInfoMsgSession, setLoggedMember, setRequest, setResponse, setWarningMsg, setWarningMsg, setWarningMsgSession, setWarningMsgSession, validateRegexp, validateSchedule
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

EXPIRATION_DURATION_PROP

public static final String EXPIRATION_DURATION_PROP
Property key that defines the password reset link validity duration. (See JCMS-3940)

Since:
jcms-7.1.4, jcms-8.0.3, jcms-9.0.0
See Also:
Constant Field Values
Constructor Detail

ResetPasswordHandler

public ResetPasswordHandler()
Method Detail

processAction

public boolean processAction()
                      throws IOException
Description copied from class: JcmsFormHandler
Method to be implemented to check/validate action to be performed and process them.

Default implementation is to return false. No need to call super method.

This method may NOT be invoked at all if security validation are not met.
You must ensure your handler and JSP can work properly without any code invoked in this method.

Overrides:
processAction in class JcmsFormHandler
Returns:
false if no redirection is needed, true otherwise
Throws:
IOException

validateRequestReset

public boolean validateRequestReset()
Check all information required for a password reset request have been provided

Returns:
true if password reset request operation can be performed, false otherwise

performRequestReset

public boolean performRequestReset()
                            throws IOException
Perform the password reset request for the specified email

Returns:
true if a redirect is needed, false otherwise
Throws:
IOException - on redirect error

getPasswordResetUrl

public static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request,
                                         Member mbr)
Retrieve an absolute URL suitable for the specified member to change his password.

The returned URL will be valid during the default duration defined by property "channel.reset-password-link.duration".

The specified member MUST be a member authorized to update his password, that is :

Parameters:
request - optionnal current request to retrieve base url (site's base url is used if null)
mbr - required member
Returns:
an absolute URL
Throws:
IllegalArgumentException - if member does not match any of the expected constraints

getPasswordResetUrl

public static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request,
                                         Member mbr,
                                         long tokenDuration)
Retrieve an absolute URL suitable for the specified member to change his password.

The specified member MUST be a member authorized to update his password, that is :

Parameters:
request - optionnal current request to retrieve base url (site's base url is used if null)
mbr - required member
tokenDuration - a duration in millisecond during which the URL is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
Default duration is defined by property "channel.reset-password-link.duration".
If this property does not represent a valid long, 24 hours will be used as fallback.
Returns:
an absolute URL
Throws:
IllegalArgumentException - if member does not match any of the expected constraints
Since:
jcms-7.1.1

validateReset

public boolean validateReset()
Check all information required for a password reset have been provided

Returns:
true if password reset operation can be performed, false otherwise

performReset

public boolean performReset()
                     throws IOException
Perform the password reset request for the specified email

Returns:
true if a redirect is needed, false otherwise
Throws:
IOException - on redirect error

generatePasswordResetToken

public static String generatePasswordResetToken(Member member,
                                                long tokenDuration)
Compute and generate a password reset token suitable for a password reset modification

Parameters:
member - the member for which token is generated, must not be null
tokenDuration - a duration in millisecond during which the token is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
Default duration is defined by property "channel.reset-password-link.duration".
If this property does not represent a valid long, 24 hours will be used as fallback.
Returns:
a digest suitable for use as parameter passwordResetToken
Throws:
IllegalArgumentException - if member is disabled, or does not have any password, or is not persisted

getMemberFromPasswordResetToken

public static Member getMemberFromPasswordResetToken(String token)
Validate a password reset token and retrieve the corresponding member.

Parameters:
token - the password reset token value as computed by generatePasswordResetToken(Member, long)
Returns:
the Member for which password token can be used, null if token is invalid or expired

setOpRequestReset

public void setOpRequestReset(String value)
Set this parameter to trigger a password request reset.

Fields which must be specified : email.

Parameters:
value - any value

setOpReset

public void setOpReset(String value)
Set this parameter to trigger a password reset.

Fields which must be specified : mbrId, password1, password2, passwordResetToken.

Parameters:
value - any value

isResetRequestFormDisplayed

public boolean isResetRequestFormDisplayed()
Check if the "request reset password" form should be displayed.

Returns:
true if the "request reset" form must be displayed, false otherwise

isResetFormDisplayed

public boolean isResetFormDisplayed()
Check if the "reset password" form should be displayed.

Returns:
true if the "reset" form must be displayed, false otherwise

setEmail

public void setEmail(String email)
The the email for which a password reset request will be sent

Parameters:
email - a valid email

getEmail

public String getEmail()
The email as entered by the user.

Returns:
the same value retrieved by the handler.

getMember

public Member getMember()
Retrieve the member for which a password reset is performed.

Returns:
a Member, or null if no member was specified

setPassword1

public void setPassword1(String password)
Set the new password to use

Parameters:
password - the clear text password to use for the member

setPassword2

public void setPassword2(String password)
Set the new password confirmation

Parameters:
password - the clear text password, which must match password1

setPasswordResetToken

public void setPasswordResetToken(String token)
Set the internal security token validating the password reset.

This parameter has several purpose : - storing the token in handler for access in form - reading member for which operation is performed - trigger the "reset" form and hide the "request reset" form.

Parameters:
token - a security token internally build by this handler and specified in the validation email

getPasswordResetToken

public String getPasswordResetToken()
Retrieve the internal security token used to validate the password reset.

Returns:
a security token as sent in the validation email

getExpirationDuration

public static long getExpirationDuration()
Returns:
the default validity duration of a Password reset request (in millisecond).

It is defined by property EXPIRATION_DURATION_PROP="channel.reset-password-link.duration".
If this property does not represent a valid long number, 24 Hours will be used as fallback.

Since:
jcms-7.1.4, jcms-8.0.3, jcms-9.0.0


Copyright © 2001-2010 Jalios SA. All Rights Reserved.