Password reset form is now protected with captcha.

Author: noobandy

pom.xml

@@ -255,8 +255,10 @@
 			<artifactId>velocity</artifactId>
 			<version>1.7</version>
 		</dependency>
-
-
+		<!-- Commons -->
+		<groupId>org.apache.commons</groupId>
+		<artifactId>commons-lang3</artifactId>
+		<version>3.3.2</version>
 		<!-- Test -->
 		<dependency>
 			<groupId>junit</groupId>

src/main/java/in/anandm/apps/template/domain/model/user/IFailedLoginRepository.java

@@ -5,12 +5,15 @@
 
 import java.util.List;
 
+import org.springframework.transaction.annotation.Transactional;
+
 /**
  * @author anandm
  *
  */
 public interface IFailedLoginRepository {
 
+	@Transactional
 	void saveFailedLogin(FailedLogin failedLogin);
 
 	List<FailedLogin> getFailedLoginofUserWithId(String userId);

src/main/java/in/anandm/apps/template/domain/model/user/IPasswordResetRequestRepository.java

@@ -3,15 +3,24 @@
  */
 package in.anandm.apps.template.domain.model.user;
 
+import java.util.List;
+
+import org.springframework.transaction.annotation.Transactional;
+
 
 /**
  * @author anandm
  *
  */
 public interface IPasswordResetRequestRepository {
 
+	@Transactional
 	void savePasswordResetRequest(PasswordResetRequest passwordResetRequest);
+
+	PasswordResetRequest getPasswordResetRequestById(Long id);
+
+	List<PasswordResetRequest> getAllPasswordRequestOfUser(String userId);
+	
 
-	PasswordResetRequest getPasswordResetRequestByKey(String resetKey);
 
 }

src/main/java/in/anandm/apps/template/domain/model/user/ISuccessfullLoginRepository.java

@@ -5,13 +5,16 @@
 
 import java.util.List;
 
+import org.springframework.transaction.annotation.Transactional;
+
 /**
  * @author anandm
  *
  */
 public interface ISuccessfullLoginRepository {
 
+	@Transactional
 	void saveSuccessfullLogin(SuccessfullLogin successfullLogin);
-	
+
 	List<SuccessfullLogin> getSuccessfullLoginofUserWithId(String userId);
 }

src/main/java/in/anandm/apps/template/domain/model/user/IUserRepository.java

@@ -7,13 +7,17 @@
 
 import java.util.Map;
 
+import org.springframework.transaction.annotation.Transactional;
+
 /**
  * @author anandm
  *
  */
 public interface IUserRepository {
 
+	@Transactional
 	void saveUser(User user);
+	
 	User getUserByUserId(String userId);
 	User getUserByVerificationKey(String verificationKey);
 	DataTable<User> getDataTable(Map<String, String> params);

src/main/java/in/anandm/apps/template/domain/model/user/IUserSessionRepository.java

@@ -5,12 +5,15 @@
 
 import java.util.List;
 
+import org.springframework.transaction.annotation.Transactional;
+
 /**
  * @author anandm
  *
  */
 public interface IUserSessionRepository {
 
+	@Transactional
 	void saveUserSession(UserSession userSession);
 
 	List<UserSession> getUserSessionofUserWithId(String userId);

src/main/java/in/anandm/apps/template/domain/model/user/PasswordResetRequest.java

@@ -3,13 +3,19 @@
  */
 package in.anandm.apps.template.domain.model.user;
 
+import in.anandm.apps.template.interfaces.web.helper.HashingUtility;
+
+import java.util.UUID;
+
 import javax.persistence.Embedded;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.ManyToOne;
 
+import org.apache.commons.lang.Validate;
+
 /**
  * @author anandm
  *
@@ -34,14 +40,48 @@ public class PasswordResetRequest {
 	 * @param hostAddress
 	 * @param user
 	 */
-	public PasswordResetRequest(String resetKey, Long initiatedOn,
-			HostAddress hostAddress, User user) {
+	public PasswordResetRequest(User user,HostAddress hostAddress) {
 		super();
-		this.resetKey = resetKey;
-		this.initiatedOn = initiatedOn;
 		this.hostAddress = hostAddress;
 		this.user = user;
 	}
+
+	public String initiateRequest(){
+		String newResetKey = UUID.randomUUID().toString();
+		String hashedKey = HashingUtility.sha512Hash(newResetKey);
+
+		resetKey = hashedKey;
+		initiatedOn = System.currentTimeMillis();
+
+		return newResetKey;
+
+	}
+
+	private boolean isExpired(){
+		return (expiredOn != null && expiredOn < System.currentTimeMillis());
+	}
+
+
+	public void resetPassword(String resetKey,String newPassword){
+		Validate.notEmpty(resetKey, "resetKey is empty");
+		Validate.notEmpty(newPassword, "newPassword is empty");
+
+		if(isExpired()){
+			throw new IllegalStateException("Request is expired");
+		}
+		String hashedResetKey = HashingUtility.sha512Hash(resetKey);
+		if(this.resetKey.equals(hashedResetKey)){
+			user.changePassword(newPassword);
+			expiredOn = System.currentTimeMillis();
+		}else{
+			throw new IllegalArgumentException("Invalid resetKey");
+		}
+
+
+
+	}
+
+
 	public String getResetKey() {
 		return resetKey;
 	}
@@ -59,17 +99,6 @@ public User getUser() {
 	}
 
 
-	public boolean isExpired(){
-		return (expiredOn != null && expiredOn < System.currentTimeMillis());
-	}
-
-	public void expire(){
-		this.expiredOn = System.currentTimeMillis();
-	}
-	public boolean verify(String resetKey){
-		return this.resetKey.equals(resetKey);
-	}
-
 	@Id
 	@GeneratedValue(strategy=GenerationType.AUTO)
 	private Long id;

src/main/java/in/anandm/apps/template/domain/model/user/User.java

@@ -49,6 +49,34 @@ public User(UserAccount userAccount, UserProfile userProfile) {
 	}
 
 
+	public boolean isUserAccountVerified(){
+		return userAccount.isVerified();
+	}
+
+	public String requestVerification(){
+		return userAccount.requestVerification();
+	}
+
+	public void verify(String verificationKey){
+		userAccount.verify(verificationKey);
+
+	}
+
+	public boolean isAdmin(){
+		return userAccount.getAdmin();
+	}
+
+	public void changePassword(String newPassword){
+		userAccount.changePassword(newPassword);	
+	}
+
+	public boolean isEnabled(){
+		return userAccount.getEnabled();
+	}
+
+	public boolean isExpired(){
+		return userAccount.isExpired();
+	}
 
 	public List<PasswordResetRequest> getPasswordResetRequests() {
 		return passwordResetRequests;

src/main/java/in/anandm/apps/template/domain/model/user/UserAccount.java

@@ -3,10 +3,15 @@
  */
 package in.anandm.apps.template.domain.model.user;
 
+import in.anandm.apps.template.interfaces.web.helper.HashingUtility;
+
 import java.io.Serializable;
+import java.util.UUID;
 
 import javax.persistence.Embeddable;
 
+import org.apache.commons.lang.Validate;
+
 /**
  * @author noobandy
  *
@@ -28,17 +33,81 @@ public class UserAccount implements Serializable {
 	private String verificationKey;
 	private Long verifiedOn;
 
-	public UserAccount(String userId,String password, Boolean admin,
-			Long expireOn,String verificationKey) {
+	public UserAccount(String userId,String password) {
 		super();
+		Validate.notEmpty(userId, "userId is empty");
+
+		Validate.notEmpty(password, "password is empty");
+
+
 		this.userId = userId;
-		this.password = password;
-		this.admin = admin;
-		this.expireOn = expireOn;
-		this.verificationKey = verificationKey;
+
+		Validate.notEmpty(password, "password is empty");
+		String saltedPassword = password + "{" + userId + "}";
+		String hashedPassword = HashingUtility.sha512Hash(saltedPassword);
+		this.password = hashedPassword;
+
+		this.admin = false;
+		this.expireOn = null;
 		this.enabled = false;
 	}
 
+
+	void makeAdmin(){
+		admin = true;
+	}
+
+	void makeNonAdmin(){
+		admin = false;
+	}
+	void enable(){
+		enabled = true;
+	}
+
+	void disable(){
+		enabled = false;
+	}
+
+	void changePassword(String newPassword){
+		Validate.notEmpty(newPassword, "password is empty");
+		String saltedPassword = newPassword + "{" + userId + "}";
+		String hashedPassword = HashingUtility.sha512Hash(saltedPassword);
+		password = hashedPassword;
+	}
+
+	String requestVerification(){
+		if(isVerified()){
+			throw new IllegalStateException("User Account is already verified");
+		}
+		String newVerificationKey = UUID.randomUUID().toString();
+		String hashedKey = HashingUtility.sha512Hash(newVerificationKey);
+		this.verificationKey = hashedKey;
+		return newVerificationKey;
+	}
+
+	boolean isVerified(){
+		return verifiedOn != null;
+	}
+
+	void verify(String verificationKey){
+		Validate.notEmpty(verificationKey, "verificationKey is empty");
+
+		if(isVerified()){
+			throw new IllegalStateException("User Account is already verified");
+		}
+
+		String hashedVerificationKey = HashingUtility.sha512Hash(verificationKey);
+
+		if(this.verificationKey.equals(hashedVerificationKey)){
+			enabled = true;
+			verifiedOn = System.currentTimeMillis();
+		}
+	}
+
+	boolean isExpired(){
+		return (expireOn != null && expireOn < System.currentTimeMillis());
+	}
+
 	public String getUserId() {
 		return userId;
 	}
@@ -67,25 +136,6 @@ public Long getVerifiedOn() {
 		return verifiedOn;
 	}
 
-	public void changePassword(String newPassword){
-		this.password = newPassword;
-	}
-
-	public boolean isExpired(){
-		return (expireOn != null && expireOn < System.currentTimeMillis());
-	}
-
-	public void verify(String verificationKey){
-		if(String.valueOf(this.verificationKey).equals(verificationKey)){
-			this.verifiedOn = System.currentTimeMillis();
-			this.enabled = Boolean.valueOf(true);
-		}
-	}
-
-	public boolean isVerified(){
-		return (verifiedOn != null);
-	}
-
 	UserAccount() {
 		super();
 	}