* This method verifies that the correct challenge question has been answered by the user and then
* sends the random generated password through email
*/
public ActionForward verifyChallengeQuestion(ActionMapping mapping, ActionForm lf, HttpServletRequest request, HttpServletResponse response) throws Exception {
ForgotPasswordForm fpf = (ForgotPasswordForm) lf;
String acckeyCrypted = fpf.getAccKey();
String acckey = acckeyCrypted;
try {
acckey = PublicEncryptionFactory.decryptString(acckeyCrypted);
} catch (Exception e) {
}
String referrer = null;
if (request.getAttribute("referrer") != null && !request.getAttribute("referrer").toString().equalsIgnoreCase("")) {
referrer = (String)request.getAttribute("referrer");
} else if (request.getParameter("referrer") != null && !request.getParameter("referrer").toString().equalsIgnoreCase("")) {
referrer = SecurityUtils.stripReferer(request, (String)request.getParameter("referrer"));
}
try {
User user = APILocator.getUserAPI().loadByUserByEmail(acckey, APILocator.getUserAPI().getSystemUser(), false);
Company company = PublicCompanyFactory.getDefaultCompany();
request.setAttribute("email", user.getEmailAddress());
String email = UtilMethods.isSet(request.getParameter("email"))?request.getParameter("email"):user.getEmailAddress();
UserProxy userProxy = com.dotmarketing.business.APILocator.getUserProxyAPI().getUserProxy(user,APILocator.getUserAPI().getSystemUser(), false);
String challengeQuestionAnswer = request.getParameter("challengeQuestionAnswer");
if (userProxy.getChallengeQuestionAnswer().equalsIgnoreCase(challengeQuestionAnswer)) {
String pass = PublicEncryptionFactory.getRandomPassword();
user.setPassword(PublicEncryptionFactory.digestString(pass));
APILocator.getUserAPI().save(user,APILocator.getUserAPI().getSystemUser(),false);
Host host = hostWebAPI.getCurrentHost(request);
try {
HashMap<String, Object> parameters = new HashMap<String, Object> ();
parameters.put("subject", "Your " + host.getHostname() + " Password");
parameters.put("password", pass);
parameters.put("emailTemplate", Config.getStringProperty("CHALLENGE_QUESTION_EMAIL_TEMPLATE"));
parameters.put("to", email);
parameters.put("from", company.getEmailAddress());
EmailFactory.sendParameterizedEmail(parameters, null, host, user);
ActionMessages msg = new ActionMessages();
msg.add(Globals.MESSAGE_KEY, new ActionMessage("message.challenge_question.answer_successful", email));
saveMessages(request.getSession(), msg);
if(UtilMethods.isSet(referrer)) {
return (new ActionForward(SecurityUtils.stripReferer(request, referrer + "?" + request.getQueryString())));
} else {
return mapping.findForward("passwordChangeConfirmationPage");
}
} catch (Exception e) {
ActionMessages msg = new ActionMessages();
msg.add(Globals.ERROR_KEY, new ActionMessage("error.send_email"));
request.setAttribute(Globals.ERROR_KEY, msg);
return mapping.findForward("challengeQuestionPage");
}
} else {
ActionMessages msg = new ActionMessages();
msg.add(Globals.ERROR_KEY, new ActionMessage("message.challenge_question.answer_failure"));
request.setAttribute(Globals.ERROR_KEY, msg);
fpf.setAccKey(PublicEncryptionFactory.encryptString(user.getUserId()));
fpf.setEmail(user.getEmailAddress());
return mapping.findForward("challengeQuestionPage");
}
} catch (Exception e) {
Logger.debug(this, "Failed - Redirecting to: loginPage");