From 5161a88c3f3a2fd420f8408b596fcd99d1ed4ca2 Mon Sep 17 00:00:00 2001
From: remillet <remillet@yahoo.com>
Date: Fri, 15 Dec 2017 16:40:55 -0800
Subject: [PATCH] DRYD-169: Password reset request now takes an XML payload
 rather than form data.

---
 .../services/account/AccountResource.java      |  8 ++++----
 .../authentication_identity_provider.xsd       | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java b/services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
index 8aaf5677e..38e678128 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/AccountResource.java
@@ -26,6 +26,7 @@ package org.collectionspace.services.account;
 import org.collectionspace.authentication.AuthN;
 import org.collectionspace.services.account.storage.AccountStorageClient;
 import org.collectionspace.services.account.storage.csidp.TokenStorageClient;
+import org.collectionspace.services.authentication.Passwordreset;
 import org.collectionspace.services.authentication.Token;
 import org.collectionspace.services.authorization.AccountPermission;
 import org.collectionspace.services.authorization.AccountRole;
@@ -234,10 +235,7 @@ public class AccountResource extends SecurityResourceBase {
      */
     @POST
     @Path(PROCESS_PASSWORD_RESET_PATH)
-    @Consumes("application/x-www-form-urlencoded")
-    synchronized public Response processPasswordReset(@Context UriInfo ui, 
-    		@FormParam("token") String tokenId,
-    		@FormParam("password") String base64EncodedPassword) throws UnsupportedEncodingException, DocumentNotFoundException {
+    synchronized public Response processPasswordReset(Passwordreset passwordreset, @Context UriInfo ui) throws UnsupportedEncodingException, DocumentNotFoundException {
     	Response response = null;
 
     	//
@@ -249,12 +247,14 @@ public class AccountResource extends SecurityResourceBase {
         //
         // Get the 'token' and 'password' params
         //
+        String tokenId = passwordreset.getToken();
         if (tokenId == null || tokenId.trim().isEmpty()) {
         	response = Response.status(Response.Status.BAD_REQUEST).entity(
         			"The query parameter 'token' is missing or contains no value.").type("text/plain").build();
         	return response;
         }
 
+        String base64EncodedPassword = passwordreset.getPassword();
         if (base64EncodedPassword == null || base64EncodedPassword.trim().isEmpty()) {
         	response = Response.status(Response.Status.BAD_REQUEST).entity(
         			"The query parameter 'password' is missing or contains no value.").type("text/plain").build();
diff --git a/services/authentication/jaxb/src/main/resources/authentication_identity_provider.xsd b/services/authentication/jaxb/src/main/resources/authentication_identity_provider.xsd
index d8e034719..3ead8c192 100644
--- a/services/authentication/jaxb/src/main/resources/authentication_identity_provider.xsd
+++ b/services/authentication/jaxb/src/main/resources/authentication_identity_provider.xsd
@@ -89,6 +89,24 @@
         </xs:complexType>
     </xs:element>
     
+    <!-- Non-persistent JaxB object for password reset POST requsts -->
+    <xs:element name="passwordreset">
+	    <xs:complexType>
+	        <xs:annotation>
+	            <xs:appinfo>
+	                <hj:ignored/>
+	            </xs:appinfo>
+	        </xs:annotation>
+	        <xs:sequence>
+	            <xs:annotation>
+	                <xs:documentation>The payload for a password reset request</xs:documentation>
+	            </xs:annotation>
+				<xs:element name="token" type="xs:string"/>
+				<xs:element name="password" type="xs:string"/>
+	        </xs:sequence>
+	    </xs:complexType>
+	</xs:element>
+    
     <xs:element name="token">
         <xs:complexType>
             <xs:annotation>
-- 
2.47.3