D-Net

package eu.dnetlib.openaire.usermanagement;

import com.unboundid.ldap.sdk.LDAPException;

import eu.dnetlib.openaire.user.utils.EmailSender;

import eu.dnetlib.openaire.user.utils.LDAPActions;

import eu.dnetlib.openaire.user.utils.VerificationActions;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.web.context.support.SpringBeanAutowiringSupport;

import javax.mail.MessagingException;

import javax.servlet.RequestDispatcher;

import javax.servlet.ServletConfig;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import java.sql.Timestamp;

import java.util.Date;

import java.util.UUID;

/**

 * Created by kiatrop on 28/9/2017.

 */

public class ForgotPasswordServlet extends HttpServlet {

    public void init(ServletConfig config) throws ServletException {

        super.init(config);

        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,

                config.getServletContext());

    }

    @Autowired

    private LDAPActions ldapActions;

    @Autowired

    private VerificationActions verificationActions;

    @Autowired

    private EmailSender emailSender;

    private Logger logger = Logger.getLogger(ForgotPasswordServlet.class);

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {

        String formEmail = request.getParameter("email");

        if (formEmail == null) {

            request.getSession().setAttribute("message", "Error reading email.");

            response.sendRedirect("./forgotPassword.jsp");

        }

        try {

            String username = ldapActions.getUsername(formEmail);

            if (username == null || username.isEmpty()) {

                request.getSession().setAttribute("message", "User does not exist.");

                response.sendRedirect("./forgotPassword.jsp");

            } else {

                UUID verificationCode = UUID.randomUUID();

                Date creationDate = new Date();

                Timestamp timestamp = new Timestamp(creationDate.getTime());

                if (!verificationActions.verificationEntryExists(username)) {

                    verificationActions.addVerificationEntry(username, verificationCode.toString(), timestamp);

                } else {

                    verificationActions.updateVerificationEntry(username, verificationCode.toString(), timestamp);

                }

                String verificationCodeMsg = "Hello,\n" +

                        "\n" +

                        "A request has been made to reset your OpenAIRE account password. To reset your\n" +

                        "password, you will need to submit this verification code in order to verify that the\n" +

                        "request was legitimate.\n" +

                        "\n" +

                        "The verification code is " + verificationCode.toString() + "\n Thank you";

                String verificationCodeSubject = "Your OpenAIRE password reset request";

                emailSender.sendEmail(formEmail, verificationCodeSubject, verificationCodeMsg);

                response.setContentType("text/html");

                response.sendRedirect("./verify.jsp");

            }

        } catch (LDAPException ldape) {

            logger.error("LDAP error", ldape);

            response.sendRedirect("./error.jsp");

        } catch (MessagingException e) {

            request.getSession().setAttribute("message", "Error sending email.");

            response.sendRedirect("./forgotPassword.jsp");

        }

    }

}