-
Notifications
You must be signed in to change notification settings - Fork 41
Expand file tree
/
Copy pathChangePasswordHandler.java
More file actions
81 lines (68 loc) · 2.59 KB
/
ChangePasswordHandler.java
File metadata and controls
81 lines (68 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package com.occamlab.te.web;
import java.io.File;
import java.security.Principal;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import com.occamlab.te.config.Config;
import com.occamlab.te.realm.PasswordStorage;
import com.occamlab.te.realm.UserGenericPrincipal;
import com.occamlab.te.util.XMLUtils;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
/**
* Handles requests to change password.
*
*/
public class ChangePasswordHandler extends HttpServlet {
Config conf;
public void init() throws ServletException {
conf = new Config();
}
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException {
try {
String oldPass = request.getParameter("oldPass");
String username = request.getParameter("username");
String newPassword = request.getParameter("newPassword");
File userDir = new File(conf.getUsersDir(), username);
if (!userDir.exists()) {
String url = "changePassword.jsp?error=userNotExists&username=" + username;
response.sendRedirect(url);
}
else {
File xmlfile = new File(userDir, "user.xml");
Document doc = XMLUtils.parseDocument(xmlfile);
Element userDetails = (Element) (doc.getElementsByTagName("user").item(0));
NodeList oldPwdList = userDetails.getElementsByTagName("password");
String storedOldPassword = null;
if (oldPwdList.getLength() > 0) {
Element oldePwdElement = (Element) oldPwdList.item(0);
storedOldPassword = oldePwdElement.getTextContent();
}
Boolean isValid = PasswordStorage.verifyPassword(oldPass, storedOldPassword);
if (isValid) {
doc = XMLUtils.removeElement(doc, userDetails, "password");
Element pwdElement = doc.createElement("password");
pwdElement.setTextContent(PasswordStorage.createHash(newPassword));
userDetails.appendChild(pwdElement);
XMLUtils.transformDocument(doc, new File(userDir, "user.xml"));
Principal userPrincipal = UserGenericPrincipal.getInstance().removePrincipal(username);
if (userPrincipal == null) {
throw new RuntimeException("Failed update old credentials");
}
request.getSession().invalidate();
response.sendRedirect(request.getContextPath());
}
else {
String url = "changePassword.jsp?error=invalidOldPwd";
response.sendRedirect(url);
}
}
}
catch (Exception e) {
throw new ServletException(e);
}
}
}