com.jalios.jcms.handler
Class ResetPasswordHandler

java.lang.Object
  com.jalios.jcms.context.JcmsContext
      com.jalios.jcms.context.JcmsJspContext
          com.jalios.jcms.handler.JcmsFormHandler
              com.jalios.jcms.handler.ResetPasswordHandler

All Implemented Interfaces:

JcmsConstants, JaliosConstants

public class ResetPasswordHandler
extends JcmsFormHandler

Handle lost password request from end user.

Also provides API to obtain valid password reset link for user : getPasswordResetUrl(HttpServletRequest, Member)

Since:

jcms-7.1

Field Summary

static String

EXPIRATION_DURATION_PROP Property key that defines the password reset link validity duration.

Fields inherited from class com.jalios.jcms.handler.JcmsFormHandler

contextMap, editFieldSet, noRedirect, noSendRedirect, popupEdition, redirect, redirectOnClosePopup, REVISION, workspaceForced

Fields inherited from class com.jalios.jcms.context.JcmsJspContext

AJAX_REQUEST_ATTRIBUTES, BODY_HEADER, CSS_HEADER, cssboMap, cssfoMap, CUSTOM_HEADER, editIcon, HTTPEQUIV_HEADER, httpequivMap, HTTPNAME_HEADER, httpnameMap, initEditIcon, JAVASCRIPT_CODE_SET_ATTRIBUTE, JAVASCRIPT_SET_ATTRIBUTE, jsboSet, jsfoSet, out, pageContext, SHOW_EDIT_ICON, STYLE_HEADER

Fields inherited from class com.jalios.jcms.context.JcmsContext

browser, caddy, channel, inFO, initDone, initWorkspace, isAdmin, isAjaxRequest, isDBMember, isDebug, isLogged, loggedMember, request, response, userCountry, userLang, userLocale, workspace

Fields inherited from interface com.jalios.jcms.JcmsConstants

ADATE_SEARCH, ADMIN_NOTES_PROP, ADVANCED_TAB, ARCHIVES_DIR, ASCII_WIDTH, CATEGORY_TAB, CDATE_SEARCH, COMMON_ALARM, CONTENT_TAB, COOKIE_MAX_AGE, CTRL_TOPIC_INTERNAL, CTRL_TOPIC_REF, CTRL_TOPIC_VALUE, CTRL_TOPIC_WRITE, CUSTOM_PROP, DOCCHOOSER_HEIGHT, DOCCHOOSER_WIDTH, DOCS_DIR, EDATE_SEARCH, EMAIL_REGEXP, ERROR_MSG, FORBIDDEN_FILE_ACCESS, FORBIDDEN_REDIRECT, FORCE_REDIRECT, ICON_ARCHIVE, ICON_LOCK, ICON_LOCK_STRONG, ICON_WARN, ICON_WH_BOOK_CLOSED, ICON_WH_BOOK_OPEN, INFORMATION_MSG, JALIOS_JUNIT_PROP, JCMS_CADDY, JCMS_MSG_LIST, JSYNC_DOWNLOAD_DIR, JSYNC_SYNC_ALARM, LOG_FILE, LOG_TOPIC_SECURITY, LOGGER_PROP, LOGGER_XMLPROP, MBR_PHOTO_DIR, MDATE_SEARCH, MONITOR_XML, OP_CREATE, OP_DEEP_COPY, OP_DEEP_DELETE, OP_DELETE, OP_MERGE, OP_UPDATE, PDATE_SEARCH, PHOTO_DIR, PHOTO_ICON, PHOTO_ICON_HEIGHT, PHOTO_ICON_WIDTH, PHOTO_LARGE, PHOTO_LARGE_HEIGHT, PHOTO_LARGE_WIDTH, PHOTO_NORMAL, PHOTO_NORMAL_HEIGHT, PHOTO_NORMAL_WIDTH, PHOTO_SMALL, PHOTO_SMALL_HEIGHT, PHOTO_SMALL_WIDTH, PHOTO_TINY, PHOTO_TINY_HEIGHT, PHOTO_TINY_WIDTH, PREVIOUS_TAB, PRINT_VIEW, PRIVATE_FILE_ACCESS, PUBLIC_FILE_ACCESS, READ_RIGHT_TAB, SDATE_SEARCH, SEARCHENGINE_ALARM, SESSION_AUTHORIZED_FILENAMES_SET, STATS_REPORT_DIR, STATUS_PROP, STORE_XML, TEMPLATE_TAB, THUMBNAIL_LARGE_HEIGHT, THUMBNAIL_LARGE_WIDTH, THUMBNAIL_SMALL_HEIGHT, THUMBNAIL_SMALL_WIDTH, UDATE_SEARCH, UPDATE_RIGHT_TAB, UPLOAD_DIR, URL_REGEXP, WARNING_MSG, WEBAPP_PROP, WFEXPRESS_ALARM, WFREMINDER_ALARM, WORKFLOW_TAB, WORKFLOW_XML

Fields inherited from interface com.jalios.util.JaliosConstants

CRLF, MILLIS_IN_ONE_DAY, MILLIS_IN_ONE_HOUR, MILLIS_IN_ONE_MINUTE, MILLIS_IN_ONE_MONTH, MILLIS_IN_ONE_SECOND, MILLIS_IN_ONE_WEEK, MILLIS_IN_ONE_YEAR

Constructor Summary

ResetPasswordHandler()

Method Summary

static String	generatePasswordResetToken(Member member, long tokenDuration) Compute and generate a password reset token suitable for a password reset modification
String	getEmail() The email as entered by the user.
static long	getExpirationDuration()
Member	getMember() Retrieve the member for which a password reset is performed.
static Member	getMemberFromPasswordResetToken(String token) Validate a password reset token and retrieve the corresponding member.
String	getPasswordResetToken() Retrieve the internal security token used to validate the password reset.
static String	getPasswordResetUrl(javax.servlet.http.HttpServletRequest request, Member mbr) Retrieve an absolute URL suitable for the specified member to change his password.
static String	getPasswordResetUrl(javax.servlet.http.HttpServletRequest request, Member mbr, long tokenDuration) Retrieve an absolute URL suitable for the specified member to change his password.
boolean	isResetFormDisplayed() Check if the "reset password" form should be displayed.
boolean	isResetRequestFormDisplayed() Check if the "request reset password" form should be displayed.
boolean	performRequestReset() Perform the password reset request for the specified email
boolean	performReset() Perform the password reset request for the specified email
boolean	processAction() Method to be implemented to check/validate action to be performed and process them.
void	setEmail(String email) The the email for which a password reset request will be sent
void	setOpRequestReset(String value) Set this parameter to trigger a password request reset.
void	setOpReset(String value) Set this parameter to trigger a password reset.
void	setPassword1(String password) Set the new password to use
void	setPassword2(String password) Set the new password confirmation
void	setPasswordResetToken(String token) Set the internal security token validating the password reset.
boolean	validateRequestReset() Check all information required for a password reset request have been provided
boolean	validateReset() Check all information required for a password reset have been provided

Methods inherited from class com.jalios.jcms.handler.JcmsFormHandler

afterValidation, checkMissingField, getControllerContext, getEditFieldSet, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenField, getHiddenFieldML, getMainLangValue, getMainLangValueArray, getMLMap, getMLMapArray, getRedirect, getRedirectOnClosePopup, getWorkspace, init, isFieldEdition, isFieldMissing, isPartialFieldEdition, isPopupEdition, isWorkspaceForced, processStatus, sendRedirect, sendRedirect, setEditField, setNoRedirect, setNoSendRedirect, setPopupEdition, setRedirect, setRedirectOnClosePopup, setWorkspace, setWs, updateUploadedField, updateUploadedFields, validate

Methods inherited from class com.jalios.jcms.context.JcmsJspContext

addBodyAttributes, addCSSHeader, addCSSHeader, addCSSHeader, addCSSHeader, addCustomHeader, addHttpEquivHeader, addHttpNameHeader, addJavaScript, addJavaScript, addJavaScript, addJavaScriptCode, addStyleHeader, addStyleHeader, checkAccess, checkAccess, checkCSRF, debugDisplayContext, disablePacker, forceEditIcon, forceUpdate, getAjaxRequestAttribute, getAjaxRequestId, getAllHeadersDiffMap, getAllHeadersMap, getBackOfficeCSSHeader, getBackOfficeJavaScriptSet, getBodyAttributes, getContentForm, getCSSHeaders, getCtxCategories, getCurrentCategory, getCustomHeaders, getDocType, getFinalCSSMap, getFinalJavaScriptSet, getFormElementCount, getFrontOfficeCSSHeader, getFrontOfficeJavaScriptSet, getHttpEquivHeaders, getHttpNameHeaders, getJavaScriptCodeSet, getJavaScriptSet, getJSONBridge, getPackVersion, getPageContext, getPageTitle, getPageZone, getPortal, getPortalCategory, getPortlet, getPublication, getStyleHeaders, getTemplateUsage, internalSetupEmptyHeader, isEditIcon, isEditIcon, isPrintView, registerDisplayContext, removeAjaxRequestAttribute, setAjaxRequestAttribute, setAjaxRequestId, setAllHeadersDiffMap, setDocType, setEditIcon, setFormElementCount, setPageContext, setPageTitle, setPageZone, setShowEditIcon, setTemplateUsage, showEditIcon, showEditIcon, workaroundBrowserBaseHrefBug

Methods inherited from class com.jalios.jcms.context.JcmsContext

addCookie, addMsg, addMsg, addMsgSession, addMsgSession, applySelector, forceWorkspaceUpdate, getBaseUrl, getBrowser, getCaddy, getContextPath, getErrorMsg, getErrorMsgList, getErrorMsgSession, getErrorMsgSessionList, getInfoMsg, getInfoMsgList, getInfoMsgSession, getInfoMsgSessionList, getLoggedMember, getMsgList, getMsgSessionList, getRequest, getResponse, getSession, getUploadedFile, getUploadedFileList, getUrlWithCommonUpdatedParams, getUserCountry, getUserLang, getUserLocale, getWarningMsg, getWarningMsgList, getWarningMsgSession, getWarningMsgSessionList, glp, isAdmin, isAjaxRequest, isDBMember, isDebug, isInFrontOffice, isLogged, isWebdavAccess, removeMessage, removeMessage, retrieveUploadedFile, select, sendForbidden, sendForbidden, sendRedirect, sendRedirect, sendRedirect, setErrorMsg, setErrorMsg, setErrorMsgSession, setErrorMsgSession, setInfoMsg, setInfoMsg, setInfoMsgSession, setInfoMsgSession, setLoggedMember, setRequest, setResponse, setWarningMsg, setWarningMsg, setWarningMsgSession, setWarningMsgSession, validateRegexp, validateSchedule

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

EXPIRATION_DURATION_PROP

public static final String EXPIRATION_DURATION_PROP

Property key that defines the password reset link validity duration. (See JCMS-3940)

Since:

jcms-7.1.4, jcms-8.0.3, jcms-9.0.0

See Also:

Constant Field Values

Constructor Detail

ResetPasswordHandler

public ResetPasswordHandler()

Method Detail

processAction

public boolean processAction()
                      throws IOException

Description copied from class: JcmsFormHandler

Method to be implemented to check/validate action to be performed and process them.

Default implementation is to return false. No need to call super method.

This method may NOT be invoked at all if security validation are not met.
You must ensure your handler and JSP can work properly without any code invoked in this method.

Overrides:

processAction in class JcmsFormHandler

Returns:

false if no redirection is needed, true otherwise

Throws:

IOException

validateRequestReset

public boolean validateRequestReset()

Check all information required for a password reset request have been provided

Returns:

true if password reset request operation can be performed, false otherwise

performRequestReset

public boolean performRequestReset()
                            throws IOException

Perform the password reset request for the specified email

Returns:

true if a redirect is needed, false otherwise

Throws:

IOException - on redirect error

getPasswordResetUrl

public static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request,
                                         Member mbr)

Retrieve an absolute URL suitable for the specified member to change his password.

The returned URL will be valid during the default duration defined by property "channel.reset-password-link.duration".

The specified member MUST be a member authorized to update his password, that is :

• It must be enabled
• It must not be an LDAP account
• It must not be a Contact
• It must not have en empty password
• It must be persisted

Parameters:

request - optionnal current request to retrieve base url (site's base url is used if null)

mbr - required member

Returns:

an absolute URL

Throws:

IllegalArgumentException - if member does not match any of the expected constraints

getPasswordResetUrl

public static String getPasswordResetUrl(javax.servlet.http.HttpServletRequest request,
                                         Member mbr,
                                         long tokenDuration)

Retrieve an absolute URL suitable for the specified member to change his password.

The specified member MUST be a member authorized to update his password, that is :

• It must be enabled
• It must not be an LDAP account
• It must not be a Contact
• It must not have en empty password
• It must be persisted

Parameters:

request - optionnal current request to retrieve base url (site's base url is used if null)

mbr - required member

tokenDuration - a duration in millisecond during which the URL is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
Default duration is defined by property "channel.reset-password-link.duration".
If this property does not represent a valid long, 24 hours will be used as fallback.

Returns:

an absolute URL

Throws:

IllegalArgumentException - if member does not match any of the expected constraints

Since:

jcms-7.1.1

validateReset

public boolean validateReset()

Check all information required for a password reset have been provided

Returns:

true if password reset operation can be performed, false otherwise

performReset

public boolean performReset()
                     throws IOException

Perform the password reset request for the specified email

Returns:

true if a redirect is needed, false otherwise

Throws:

IOException - on redirect error

generatePasswordResetToken

public static String generatePasswordResetToken(Member member,
                                                long tokenDuration)

Compute and generate a password reset token suitable for a password reset modification

Parameters:

member - the member for which token is generated, must not be null

tokenDuration - a duration in millisecond during which the token is valid, after this duration the token won't be accepted. Specify 0 or a negative value to use the default duration.
Default duration is defined by property "channel.reset-password-link.duration".
If this property does not represent a valid long, 24 hours will be used as fallback.

Returns:

a digest suitable for use as parameter passwordResetToken

Throws:

IllegalArgumentException - if member is disabled, or does not have any password, or is not persisted

getMemberFromPasswordResetToken

public static Member getMemberFromPasswordResetToken(String token)

Validate a password reset token and retrieve the corresponding member.

Parameters:

token - the password reset token value as computed by generatePasswordResetToken(Member, long)

Returns:

the Member for which password token can be used, null if token is invalid or expired

setOpRequestReset

public void setOpRequestReset(String value)

Set this parameter to trigger a password request reset.

Fields which must be specified : email.

Parameters:

value - any value

setOpReset

public void setOpReset(String value)

Set this parameter to trigger a password reset.

Fields which must be specified : mbrId, password1, password2, passwordResetToken.

Parameters:

value - any value

isResetRequestFormDisplayed

public boolean isResetRequestFormDisplayed()

Check if the "request reset password" form should be displayed.

Returns:

true if the "request reset" form must be displayed, false otherwise

isResetFormDisplayed

public boolean isResetFormDisplayed()

Check if the "reset password" form should be displayed.

Returns:

true if the "reset" form must be displayed, false otherwise

setEmail

public void setEmail(String email)

The the email for which a password reset request will be sent

Parameters:

email - a valid email

getEmail

public String getEmail()

The email as entered by the user.

Returns:

the same value retrieved by the handler.

getMember

public Member getMember()

Retrieve the member for which a password reset is performed.

Returns:

a Member, or null if no member was specified

setPassword1

public void setPassword1(String password)

Set the new password to use

Parameters:

password - the clear text password to use for the member

setPassword2

public void setPassword2(String password)

Set the new password confirmation

Parameters:

password - the clear text password, which must match password1

setPasswordResetToken

public void setPasswordResetToken(String token)

Set the internal security token validating the password reset.

This parameter has several purpose : - storing the token in handler for access in form - reading member for which operation is performed - trigger the "reset" form and hide the "request reset" form.

Parameters:

token - a security token internally build by this handler and specified in the validation email

getPasswordResetToken

public String getPasswordResetToken()

Retrieve the internal security token used to validate the password reset.

Returns:

a security token as sent in the validation email

getExpirationDuration

public static long getExpirationDuration()

Returns:

the default validity duration of a Password reset request (in millisecond).

It is defined by property EXPIRATION_DURATION_PROP="channel.reset-password-link.duration".
If this property does not represent a valid long number, 24 Hours will be used as fallback.

Since:

jcms-7.1.4, jcms-8.0.3, jcms-9.0.0