return "ForgetPassword";
} else{
ApplicationContext appContext = new ClassPathXmlApplicationContext("spring/config/BeanLocations.xml");
LoginAttemptBO loginAttemptBO = (LoginAttemptBO)appContext.getBean("loginAttemptBO");
CreateExternalAccountBO createExternalAccountBO = (CreateExternalAccountBO)appContext.getBean("createExternalAccountBO");
CreateInternalAccountBO createInternalAccountBO = (CreateInternalAccountBO)appContext.getBean("createInternalAccountBO");
String userType = loginAttemptBO.findRecoveryAccount(forgot_user.getUsername(),
forgot_user.getEmail(), forgot_user.getTelephone(),
forgot_user.getSecurityquestion(), forgot_user.getSecurityanswer());
String otp_pwd = this.generateOTP();
//find user from database and update password
if(userType == "INTERNAL"){
InternalAccount ia = loginAttemptBO.findAccountByNameInternal(forgot_user.getUsername());
if(ia != null)
{
try{
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(otp_pwd.getBytes("UTF-8"));
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < hash.length; i++) {
String hex = Integer.toHexString(0xff & hash[i]);
if(hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
this.sendPwdRecoveryEmail(ia.getEmail(), ia.getUsername(), otp_pwd);
ia.setPassword(hexString.toString());
//ia.setPassword(otp_pwd);
createInternalAccountBO.update(ia);
} catch(Exception ex){
throw new RuntimeException(ex);
}
}
else
{
//both are null --> there's no matching table
return "redirect:/j_spring_security_logout";
}
}
else if(userType == "EXTERNAL")
{
//external use case
ExternalAccount ea = loginAttemptBO.findAccountByNameExternal(forgot_user.getUsername());
if(ea != null)
{
try{
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(otp_pwd.getBytes("UTF-8"));
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < hash.length; i++) {
String hex = Integer.toHexString(0xff & hash[i]);
if(hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
this.sendPwdRecoveryEmail(ea.getEmail(), ea.getUsername(), otp_pwd);
ea.setPassword(hexString.toString());
//ea.setPassword(otp_pwd);
createExternalAccountBO.update(ea);
} catch(Exception ex){
throw new RuntimeException(ex);
}
}
else