<echo message="*** WARNING! 'ant create_db -Drecreate_db=true'."/>
<echo message="*** WARNING!"/>
<echo message="*** WARNING! Optionally, you can set an environment variable named recreate_db=true as well."/>
- <fail message="*** ERROR - Ant property 'recreate_db' was not set to 'true'. See warning messages above."/>
</target>
<target name="create_db-unix" if="osfamily-unix">
public static final String SERVICE_COMMON_PART_NAME = SERVICE_NAME + PART_LABEL_SEPARATOR + PART_COMMON_LABEL;
public final static String IMMUTABLE = "immutable";
public final static String EMAIL_QUERY_PARAM = "email";
+ public static final String PASSWORD_RESET_TOKEN_QP = "token";
+ public static final String PASSWORD_RESET_PASSWORD_QP = "password";
public AccountClient() throws Exception {
super();
import org.collectionspace.services.common.storage.jpa.JpaStorageUtils;
import org.collectionspace.services.config.tenant.EmailConfig;
import org.collectionspace.services.config.tenant.TenantBindingType;
+
import org.jboss.resteasy.util.HttpResponseCodes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
+import javax.xml.bind.DatatypeConverter;
/** AccountResource provides RESTful interface to the account service */
*
* @param ui
* @return
+ * @throws UnsupportedEncodingException
+ * @throws DocumentNotFoundException
+ * @throws IOException
*/
@POST
@Path(PROCESS_PASSWORD_RESET_PATH)
- public Response processPasswordReset(@Context UriInfo ui) {
+ synchronized public Response processPasswordReset(@Context UriInfo ui) throws UnsupportedEncodingException, DocumentNotFoundException {
Response response = null;
//
//
// Get the 'token' and 'password' params
//
- String tokenId = queryParams.getFirst("token");
+ String tokenId = queryParams.getFirst(AccountClient.PASSWORD_RESET_TOKEN_QP);
if (tokenId == null || tokenId.trim().isEmpty()) {
response = Response.status(Response.Status.BAD_REQUEST).entity(
"The query parameter 'token' is missing or contains no value.").type("text/plain").build();
return response;
}
- String password = queryParams.getFirst("password");
- if (password == null || password.trim().isEmpty()) {
+ String base64EncodedPassword = queryParams.getFirst(AccountClient.PASSWORD_RESET_PASSWORD_QP);
+ if (base64EncodedPassword == null || base64EncodedPassword.trim().isEmpty()) {
response = Response.status(Response.Status.BAD_REQUEST).entity(
"The query parameter 'password' is missing or contains no value.").type("text/plain").build();
return response;
}
+ String password = new String(DatatypeConverter.parseBase64Binary(base64EncodedPassword), StandardCharsets.UTF_8);
//
// Retrieve the token from the DB
Token token;
try {
token = TokenStorageClient.get(tokenId);
+ if (token != null && token.isEnabled() == false) {
+ throw new DocumentNotFoundException();
+ }
} catch (DocumentNotFoundException e1) {
String errMsg = String.format("The token '%s' is not valid or does not exist.",
tokenId);
accountUpdate.setUserId(targetAccount.getUserId());
accountUpdate.setPassword(password.getBytes());
updateAccount(ui, targetAccount.getCsid(), accountUpdate);
+ TokenStorageClient.update(tokenId, false); // disable the token so it can't be used again.
String msg = String.format("Successfully reset password using token ID='%s'.",
token.getId());
response = Response.status(Response.Status.OK).entity(msg).type("text/plain").build();
import org.collectionspace.services.authentication.Token;
import org.collectionspace.services.common.document.BadRequestException;
+import org.collectionspace.services.common.document.DocumentException;
import org.collectionspace.services.common.document.DocumentNotFoundException;
import org.collectionspace.services.common.document.JaxbUtils;
import org.collectionspace.services.common.security.SecurityUtils;
try {
EntityManager em = emf.createEntityManager();
- em.getTransaction().begin();
- tokenFound = em.find(Token.class, id);
- em.getTransaction().commit();
- if (tokenFound == null) {
- String msg = "Could not find token with ID=" + id;
- logger.error(msg);
- throw new DocumentNotFoundException(msg);
- }
+ tokenFound = get(em, id);
} finally {
if (emf != null) {
JpaStorageUtils.releaseEntityManagerFactory(emf);
*/
static public void update(String id, boolean enabledFlag) throws DocumentNotFoundException {
EntityManagerFactory emf = JpaStorageUtils.getEntityManagerFactory();
- Token tokenFound = null;
+ EntityManager em = null;
+ Token tokenFound = null;
try {
- EntityManager em = emf.createEntityManager();
- tokenFound = get(id);
- if (id != null) {
+ em = emf.createEntityManager();
+ tokenFound = get(em, id);
+ if (tokenFound != null) {
+ em.getTransaction().begin();
tokenFound.setEnabled(enabledFlag);
tokenFound.setUpdatedAtItem(new Date());
if (logger.isDebugEnabled()) {
logger.debug("Updated token=" + JaxbUtils.toString(tokenFound, Token.class));
}
- em.persist(tokenFound);
+ em.getTransaction().commit();
+ } else {
+ String msg = String.format("Could not find token with id='%s'", id);
+ throw new DocumentNotFoundException(msg);
}
} finally {
+ if (em != null && em.isOpen()) {
+ em.close();
+ }
if (emf != null) {
JpaStorageUtils.releaseEntityManagerFactory(emf);
}
}
}
- /**
+ public static Token get(EntityManager em, String id) throws DocumentNotFoundException {
+ Token tokenFound = null;
+
+ em.getTransaction().begin();
+ tokenFound = em.find(Token.class, id);
+ em.getTransaction().commit();
+ if (tokenFound == null) {
+ String msg = "Could not find token with ID=" + id;
+ logger.error(msg);
+ throw new DocumentNotFoundException(msg);
+ }
+
+ return tokenFound;
+ }
+
+ /**
* Deletes the token with given id
* @param id
* @throws Exception if user for given userId not found
*/
public class DocumentNotFoundException extends DocumentException {
- final public static int HTTP_CODE = 404;
+ /**
+ *
+ */
+ private static final long serialVersionUID = -5407333605837770866L;
+ final public static int HTTP_CODE = 404;
/**
* Creates a new instance of <code>DocumentNotFoundException</code> without detail message.
projects / tmp / jakarta-migration.git / commitdiff