71 |
71 |
RateLimiter emailResetToken_rateLimiter = RateLimiter.create(PERMITS_PER_SECOND);
|
72 |
72 |
RateLimiter resetPassword_rateLimiter = RateLimiter.create(PERMITS_PER_SECOND);
|
73 |
73 |
|
74 |
|
public static final String RESET_REQUEST_EMAIL_SUBJECT_TEMPLATE = "Your password reset request for ${userName}";
|
75 |
|
public static final String RESET_REQUEST_EMAIL_BODY_TEMPLATE = "You are receiving this email because a password reset was requested for your account at the ${dataBase}"
|
76 |
|
+ " data base. If this was not initiated by you, please ignore this message."
|
77 |
|
+ ".\n Please click ${linkUrl} to reset your password";
|
78 |
74 |
|
79 |
|
public static final String RESET_SUCCESS_EMAIL_SUBJECT_TEMPLATE = "Your password for ${userName} has been changed";
|
80 |
|
public static final String RESET_SUCCESS_EMAIL_BODY_TEMPLATE = "The password of your account at the ${dataBase} data base has just been changed."
|
81 |
|
+ "If this was not initiated by you, please contact the adminitrator as soon as possible.";
|
82 |
|
|
83 |
|
public static final String RESET_FAILED_EMAIL_SUBJECT_TEMPLATE = "Changing your password for ${userName} has failed";
|
84 |
|
public static final String RESET_FAILED_EMAIL_BODY_TEMPLATE = "The attempt to change the password of your account at the ${dataBase} data base has failed."
|
85 |
|
+ "If this was not initiated by you, please contact the adminitrator as soon as possible.";
|
86 |
75 |
|
87 |
76 |
/**
|
88 |
77 |
* Create a request token and send it to the user via email.
|
... | ... | |
129 |
118 |
String passwordRequestFormUrl = String.format(passwordRequestFormUrlTemplate, resetRequest.getToken());
|
130 |
119 |
Map<String, String> additionalValues = new HashMap<>();
|
131 |
120 |
additionalValues.put("linkUrl", passwordRequestFormUrl);
|
132 |
|
sendEmail(user.getEmailAddress(), user.getUsername(), RESET_REQUEST_EMAIL_SUBJECT_TEMPLATE, RESET_REQUEST_EMAIL_BODY_TEMPLATE,
|
133 |
|
additionalValues);
|
134 |
|
logger.info("A password reset request for " + user.getUsername() + " has been send to " + user.getEmailAddress());
|
|
121 |
sendEmail(user.getEmailAddress(), user.getUsername(),
|
|
122 |
PasswordResetTemplates.RESET_REQUEST_EMAIL_SUBJECT_TEMPLATE,
|
|
123 |
PasswordResetTemplates.RESET_REQUEST_EMAIL_BODY_TEMPLATE, additionalValues);
|
|
124 |
logger.info("A password reset request for " + user.getUsername() + " has been send to "
|
|
125 |
+ user.getEmailAddress());
|
135 |
126 |
} catch (UsernameNotFoundException e) {
|
136 |
127 |
logger.warn("Password reset request for unknown user, cause: " + e.getMessage());
|
137 |
128 |
} catch (MailException e) {
|
... | ... | |
234 |
225 |
if (resetRequest.isPresent()) {
|
235 |
226 |
try {
|
236 |
227 |
userService.changePasswordForUser(resetRequest.get().getUserName(), newPassword);
|
237 |
|
sendEmail(resetRequest.get().getUserEmail(), resetRequest.get().getUserName(), RESET_SUCCESS_EMAIL_SUBJECT_TEMPLATE, RESET_SUCCESS_EMAIL_BODY_TEMPLATE, null);
|
|
228 |
sendEmail(resetRequest.get().getUserEmail(), resetRequest.get().getUserName(),
|
|
229 |
PasswordResetTemplates.RESET_SUCCESS_EMAIL_SUBJECT_TEMPLATE,
|
|
230 |
PasswordResetTemplates.RESET_SUCCESS_EMAIL_BODY_TEMPLATE, null);
|
238 |
231 |
return new AsyncResult<Boolean>(true);
|
239 |
232 |
} catch (DataAccessException | UsernameNotFoundException e) {
|
240 |
233 |
logger.error("Failed to change password of User " + resetRequest.get().getUserName(), e);
|
241 |
|
sendEmail(resetRequest.get().getUserEmail(), resetRequest.get().getUserName(), RESET_FAILED_EMAIL_SUBJECT_TEMPLATE, RESET_FAILED_EMAIL_BODY_TEMPLATE, null);
|
|
234 |
sendEmail(resetRequest.get().getUserEmail(), resetRequest.get().getUserName(),
|
|
235 |
PasswordResetTemplates.RESET_FAILED_EMAIL_SUBJECT_TEMPLATE,
|
|
236 |
PasswordResetTemplates.RESET_FAILED_EMAIL_BODY_TEMPLATE, null);
|
242 |
237 |
}
|
243 |
238 |
} else {
|
244 |
239 |
throw new PasswordResetException("Invalid password reset token");
|
PasswordReset message templates in separate class