@Consumes(MediaType.APPLICATION_JSON)
public Response completePasswordResetProcess(@PathParam("key") String key,
@PathParam("userId") String userId,
JSONObject json) {
User user;
try {
user = applicationManager.getUserService().getUserById(new ObjectId(userId));
} catch (UserNotFoundException e) {
return error(e.getMessage(), Response.status(Response.Status.NOT_FOUND));
}
// verify the secret key matches
if (!(user.getSecretKey().equals(key))) {
logger.debug("Password change confirmation failure: userId and secret key pair does NOT match.");
return error("Password Change Confirmation Failed", Response.status(Response.Status.BAD_REQUEST));
}
String password = getJSON(json, "password");
// validate password
if (!SecurityUtil.isValidPassword(password)) {
return error(ErrorMessages.INVALID_PASSWORD_ERROR, Response.status(Response.Status.BAD_REQUEST));
}
// we want to make this a one time thing, blow away the secret key
user.setSecretKey(null);
// update the password in the db
user.setPassword(password);
applicationManager.getUserService().updateUser(user);
// send the password back to the client.
return Response
.status(Response.Status.CREATED)