JCart: Admin Reset Password

Sharing is caring!

Once the Admin User clicked on Password Reset Link that we sent via Email, we will validate the Token and if is valid then we will show a form to enter New Password, otherwise shows an error.

@Controller
public class UserAuthController extends JCartAdminBaseController
{
	...
	@RequestMapping(value="/resetPwd", method=RequestMethod.GET)
	public String resetPwd(HttpServletRequest request, Model model, RedirectAttributes redirectAttributes)
	{
		String email = request.getParameter("email");
		String token = request.getParameter("token");
		
		boolean valid = securityService.verifyPasswordResetToken(email, token);
		if(valid){
			model.addAttribute("email", email);
			model.addAttribute("token", token);			
			return "public/resetPwd";	
		} else {
			redirectAttributes.addFlashAttribute("msg", getMessage(ERROR_INVALID_PASSWORD_RESET_REQUEST));
			return "redirect:/login";
		}		
	}
	....
}

Create reset password template jcart-admin/src/main/resources/templates/public/resetPwd.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" 
	  xmlns:th="http://www.thymeleaf.org"
      layout:decorator="layout/guestLayout">
  <head>
    <title>Reset Password</title>
  </head>
  <body>
  	<div layout:fragment="content">    
        <form action="resetPwd" th:action="@{/resetPwd}" method="post">
           <input type="hidden" name="email" th:value="${email}"/>
           <input type="hidden" name="token" th:value="${token}"/>           
          
           <input type="password" class="form-control" name="password" placeholder="New Password"/>            
           <input type="password" class="form-control" name="confPassword" placeholder="Confirm Password"/>           
           <button type="submit" class="btn btn-primary btn-block btn-flat" th:text="#{label.submit}">Submit</button>                      
        </form>                   
	</div>
  </body>
</html>

Implement resetPwd handler method as follows:

@Controller
public class UserAuthController extends JCartAdminBaseController
{
	....
	@RequestMapping(value="/resetPwd", method=RequestMethod.POST)
	public String handleResetPwd(HttpServletRequest request, RedirectAttributes redirectAttributes)
	{
		try
		{
			String email = request.getParameter("email");
			String token = request.getParameter("token");
			String password = request.getParameter("password");
			String confPassword = request.getParameter("confPassword");
			if(!password.equals(confPassword))
			{
				model.addAttribute("email", email);
				model.addAttribute("token", token);	
				model.addAttribute("msg", getMessage(ERROR_PASSWORD_CONF_PASSWORD_MISMATCH));
				return "public/resetPwd";
			}
			String encodedPwd = passwordEncoder.encode(password);
			securityService.updatePassword(email, token, encodedPwd);
			
			redirectAttributes.addFlashAttribute("msg", getMessage(INFO_PASSWORD_UPDATED_SUCCESS));
		} catch (JCartException e)
		{
			logger.error(e);
			redirectAttributes.addFlashAttribute("msg", getMessage(ERROR_INVALID_PASSWORD_RESET_REQUEST));
		}
		return "redirect:/login";
	}
	...
}

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.