Skip to content
Snippets Groups Projects
Normal view Permalink
ChangePasswordAction.java 2.61 KiB
Newer Older
  • Learn to ignore specific revisions
    • HMoss's avatar
    Initial Commit
    HMoss committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 
    package edu.ncsu.csc.itrust.action;

import edu.ncsu.csc.itrust.dao.DAOFactory;
import edu.ncsu.csc.itrust.dao.mysql.AuthDAO;
import edu.ncsu.csc.itrust.exception.DBException;
import edu.ncsu.csc.itrust.exception.FormValidationException;
import edu.ncsu.csc.itrust.exception.ITrustException;


/**
 * Manages resetting the password Used by resetPassword.jsp
 * 
 * 
 */
public class ChangePasswordAction {

	private AuthDAO authDAO;

	/**
	 * Set up defaults
	 * @param factory The DAOFactory used to create the DAOs used in this action.
	 */
	public ChangePasswordAction(DAOFactory factory) {
		this.authDAO = factory.getAuthDAO();
	}

	/**
	 * Changes the password for the given mid
	 * 
	 * @param mid of the user to have their password reset
	 * @param oldPass their old password
	 * @param newPass their desired password
	 * @param confirmPass their desired password again
	 * @return status message
	 * @throws FormValidationException
	 * @throws DBException
	 * @throws ITrustException
	 */
	public String changePassword(long mid, String oldPass, String newPass, String confirmPass) throws FormValidationException, DBException,
	ITrustException {
		String containsLetter = "[a-zA-Z0-9]*[a-zA-Z]+[a-zA-Z0-9]*";
		String containsNumber = "[a-zA-Z0-9]*[0-9]+[a-zA-Z0-9]*";
		String fiveAlphanumeric = "[a-zA-Z0-9]{5,20}";
		
		//Make sure old password is valid
		if(!authDAO.authenticatePassword(mid, oldPass)) {
			return "Invalid password change submission.";
		}
		
		//Make sure new passwords match
		if (!newPass.equals(confirmPass)) {
			return "Invalid password change submission.";
		}	
			
		//Validate password. Must contain a letter, contain a number, and be a string of 5-20 alphanumeric characters
		if(newPass.matches(containsLetter) && newPass.matches(containsNumber) && newPass.matches(fiveAlphanumeric)){
			//Change the password
			authDAO.resetPassword(mid, newPass);
			return "Password Changed.";
		} else {
			return "Invalid password change submission.";
		} 
	}
	
	/**
	 * Generate a new more secure hashed and randomly salted password based on the users 
	 * new desired password passed in as a String.
	 * @param newpas String, desired new plain text password
	 * @return 
	 
	private String genPassword(String newpas){
		String pas = "";
		SecureRandom rand = new SecureRandom();
		
		//TODO change the capacity in the byte array to match that of the original password
		byte newbie[] = new byte[32];
		sr.
	    return pas;
	}
	*/
	//TODO: note, increasing password security will mean changing also how passwords are stored and retrieved to also include the salts for that hash
	
	//generate a new salt for each time a user account is made 
}