1 package org.codehaus.plexus.redback.struts2.action;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.redback.keys.KeyManager;
23 import org.apache.archiva.redback.users.UserManager;
24 import org.apache.archiva.redback.users.UserNotFoundException;
25 import org.apache.archiva.redback.keys.AuthenticationKey;
26 import org.apache.archiva.redback.keys.KeyManagerException;
27 import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
28 import org.codehaus.plexus.redback.system.SecuritySystem;
29 import org.apache.archiva.redback.users.User;
30 import org.codehaus.plexus.util.StringUtils;
31 import org.codehaus.redback.integration.interceptor.SecureActionBundle;
32 import org.codehaus.redback.integration.interceptor.SecureActionException;
33 import org.codehaus.redback.integration.mail.Mailer;
34 import org.springframework.context.annotation.Scope;
35 import org.springframework.stereotype.Controller;
37 import javax.inject.Inject;
38 import java.util.Arrays;
43 * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
46 @Controller( "redback-password-reset" )
48 public class PasswordResetAction
49 extends AbstractSecurityAction
50 implements CancellableAction
52 // ------------------------------------------------------------------
53 // Component Requirements
54 // ------------------------------------------------------------------
60 private Mailer mailer;
66 private SecuritySystem securitySystem;
68 private String username;
70 // ------------------------------------------------------------------
71 // Action Entry Points - (aka Names)
72 // ------------------------------------------------------------------
81 if ( StringUtils.isEmpty( username ) )
83 addFieldError( "username", getText( "username.cannot.be.empty" ) );
87 UserManager userManager = securitySystem.getUserManager();
88 KeyManager keyManager = securitySystem.getKeyManager();
89 UserSecurityPolicy policy = securitySystem.getPolicy();
93 User user = userManager.findUser( username );
95 AuthenticationKey authkey = keyManager.createKey( username, "Password Reset Request",
96 policy.getUserValidationSettings().getEmailValidationTimeout() );
98 mailer.sendPasswordResetEmail( Arrays.asList( user.getEmail() ), authkey, getBaseUrl() );
100 AuditEvent event = new AuditEvent( getText( "log.password.reset.request" ) );
101 event.setAffectedUser( username );
104 addActionMessage( getText( "password.reset.success" ) );
106 catch ( UserNotFoundException e )
108 // By default, the success and failure messages are the same.
109 // This is done to prevent a malicious user from attempting to ascertain the
110 // validity of usernames.
111 addActionMessage( getText( "password.reset.failure" ) );
113 log.info( "Password Reset on non-existant user [{}].", username );
115 catch ( KeyManagerException e )
117 addActionError( getText( "password.reset.email.generation.failure" ) );
118 log.info( "Unable to issue password reset.", e );
124 // ------------------------------------------------------------------
125 // Security Specification
126 // ------------------------------------------------------------------
128 public SecureActionBundle initSecureActionBundle()
129 throws SecureActionException
131 return SecureActionBundle.OPEN;
134 public String cancel()
139 // ------------------------------------------------------------------
140 // Parameter Accessor Methods
141 // ------------------------------------------------------------------
143 public String getUsername()
148 public void setUsername( String username )
150 this.username = username;