issue with reading token while resetting password

[sai]

I am trying to build the forgot password for site application. I am using admin modules behind the scenes Ex: ForgotPasswordSecurityTokenDao, ForgotPasswordSecurityTokenImpl

I was able to generate token when the customer tries to reset their password and send it to email. When I came back to the page and place the token I received in my email and tried to change the password, I am getting 'invalid token error'

I tried to debug through and came to know that it is not able to find the token, it meet the below if criteria at below line resulted in saying 'invalid token'.

Please advise.

if (fpst == null) {
response.addErrorCode("invalidToken");
}

Code: Select all

               public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {       
        GenericResponse response = new GenericResponse();
        Customer user = null;
        if (username != null) {
            user = customerDao.readCustomerByUsername(username);
        }
        checkUser(user, response);
        checkPassword(password, confirmPassword, response);
        if (token == null || "".equals(token)) {
            response.addErrorCode("invalidToken");
        }
       
        ForgotPasswordSecurityToken fpst = null;
        if (! response.getHasErrors()) {
            token = token.toLowerCase();
            fpst = forgotPasswordSecurityTokenDao.readToken(passwordEncoder.encodePassword(token,null));
          if (fpst == null) {
                response.addErrorCode("invalidToken");
            } else if (fpst.isTokenUsedFlag()) {
                response.addErrorCode("tokenUsed");
            } else if (isTokenExpired(fpst)) {
                response.addErrorCode("tokenExpired");
            }
        }

[bpolster]

A few things to debug further.

1. Is the token being persisted? If not, you might not be in a proper transactional context. Should be solvable by adding @Transaction around your service method.

2. What value is being persisted? Can you verify that the value you are trying to persist matches the value that you are trying to retrieve. Double check that the passwordEncoder you are trying to use is the same in both the save and the read context.

- Brian

[sai]

Thank you Jeff for the advise. It is working now. As you said the data was not being persisted.

Just want to quickly check, since I am using the same table as what is being used by Admin. Do you foresee any issue where I might encounter any conflict between Admin customer id and Site customer id.

Thank you for continuous support. I appreciate it very much.

[bpolster]

You can safely use the ForgotPasswordSecurityToken for both admin and site usage.

- Brian

[sai]

Thank you Brian