Initiated by index.jsp, getStarted.jsp. This changes a users password. If the user gets it wrong 3 times in a row, they'll be locked out (This is handed by database) @param csrfToken @param currentPassword User's current password @param newPassword Submitted new password @param passwordConfirmation
(HttpServletRequest request, HttpServletResponse response)
| 49 | * @param passwordConfirmation Confirmation of the new password |
| 50 | */ |
| 51 | public void doPost (HttpServletRequest request, HttpServletResponse response) |
| 52 | throws ServletException, IOException |
| 53 | { |
| 54 | //Setting IpAddress To Log and taking header for original IP if forwarded from proxy |
| 55 | ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For")); |
| 56 | log.debug("*** servlets.ChangePassword ***"); |
| 57 | try |
| 58 | { |
| 59 | HttpSession ses = request.getSession(true); |
| 60 | if(Validate.validateSession(ses)) |
| 61 | { |
| 62 | ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString()); |
| 63 | log.debug("Current User: " + ses.getAttribute("userName").toString()); |
| 64 | Cookie tokenCookie = Validate.getToken(request.getCookies()); |
| 65 | Object tokenParmeter = request.getParameter("csrfToken"); |
| 66 | if(Validate.validateTokens(tokenCookie, tokenParmeter)) |
| 67 | { |
| 68 | log.debug("Getting Parameters"); |
| 69 | String userName = (String) ses.getAttribute("userName"); |
| 70 | String currentPassword = (String) request.getParameter("currentPassword"); |
| 71 | String newPassword = (String) request.getParameter("newPassword"); |
| 72 | String passwordConfirm = (String) request.getParameter("passwordConfirmation"); |
| 73 | String ApplicationRoot = getServletContext().getRealPath(""); |
| 74 | |
| 75 | boolean validData = false; |
| 76 | boolean passwordChange = false; |
| 77 | boolean validPassword = false; |
| 78 | validData = newPassword.equalsIgnoreCase(passwordConfirm) && !newPassword.isEmpty() && newPassword != null; |
| 79 | passwordChange = !currentPassword.equalsIgnoreCase(newPassword); |
| 80 | validPassword = newPassword.length() > 4 && newPassword.length() <= 512; |
| 81 | if(validData && passwordChange && validPassword) |
| 82 | { |
| 83 | log.debug("Validating Current Password"); |
| 84 | String user[] = Getter.authUser(ApplicationRoot, userName, currentPassword); |
| 85 | if(user != null) |
| 86 | { |
| 87 | log.debug("User Credentials were good! Password Change gets the go ahead"); |
| 88 | Setter.updatePassword(ApplicationRoot, userName, currentPassword, newPassword); |
| 89 | ses.setAttribute("ChangePassword", "false"); |
| 90 | } |
| 91 | else |
| 92 | { |
| 93 | log.error("Incorrect Password"); |
| 94 | ses.setAttribute("errorMessage", "Incorrect Password... Don't lock yourself out!"); |
| 95 | response.sendRedirect("index.jsp"); |
| 96 | } |
| 97 | } |
| 98 | else |
| 99 | { |
| 100 | if(validData && passwordChange) |
| 101 | { |
| 102 | try |
| 103 | { |
| 104 | //User Account is Locked |
| 105 | log.debug("The user account is locked. Logging the user out"); |
| 106 | Cookie cookieToken = Validate.getToken(request.getCookies()); |
| 107 | BigInteger temp = new BigInteger(cookieToken.getValue()); |
| 108 | response.sendRedirect("logout?csrfToken="+temp); |
nothing calls this directly
no test coverage detected