package ca.intelliware.ihtsdo.mlds.web.rest;
import java.util.Map;
import javax.annotation.Resource;
import javax.annotation.security.PermitAll;
import javax.transaction.Transactional;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import ca.intelliware.ihtsdo.mlds.domain.User;
import ca.intelliware.ihtsdo.mlds.repository.UserRepository;
import ca.intelliware.ihtsdo.mlds.service.PasswordResetService;
import ca.intelliware.ihtsdo.mlds.service.mail.MailService;
import ca.intelliware.ihtsdo.mlds.service.mail.PasswordResetEmailSender;
import com.codahale.metrics.annotation.Timed;
import com.google.common.base.Strings;
@RestController
public class PasswordResetResource {
@Resource
MailService mailService;
@Resource UserRepository userRepository;
@Resource PasswordResetService passwordResetService;
@Resource PasswordResetEmailSender passwordResetEmailSender;
@RequestMapping(value=Routes.PASSWORD_RESET,
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@PermitAll
@Timed
@Transactional
public ResponseEntity<String> requestPasswordReset(@RequestBody Map<String,Object> params) {
String emailAddress = (String) params.get("email");
if (Strings.isNullOrEmpty(emailAddress)) {
return new ResponseEntity<>("no email provided", HttpStatus.BAD_REQUEST);
}
final User user = userRepository.getUserByEmailIgnoreCase(emailAddress);
if (user == null) {
return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
}
final String tokenKey = passwordResetService.createTokenForUser(user);
// Activate the user. If the activation email is lost, reset password is the obvious thing to try.
// Let's let them in. Otherwise, they're lost forever.
user.setActivated(true);
passwordResetEmailSender.sendPasswordResetEmail(user, tokenKey);
return new ResponseEntity<>("OK", HttpStatus.OK);
}
@RequestMapping(value=Routes.PASSWORD_RESET_ITEM,
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
@PermitAll
@Timed
public ResponseEntity<String> resetPassword(@PathVariable String token, @RequestBody Map<String,Object>params) {
String newPassword = (String) params.get("password");
if (Strings.isNullOrEmpty(newPassword)) {
return new ResponseEntity<>("no password provided", HttpStatus.BAD_REQUEST);
}
try {
passwordResetService.resetPassword(token, newPassword);
} catch (IllegalArgumentException e) {
return new ResponseEntity<>("Password reset token not found in our records", HttpStatus.NOT_FOUND);
}
return new ResponseEntity<>("OK", HttpStatus.OK);
}
}