Broadleaf Commerce Discussion Forums


http://forum.broadleafcommerce.org/

issue with reading token while resetting password

http://forum.broadleafcommerce.org/viewtopic.php?f=11&t=503

Page 1 of 1

issue with reading token while resetting password

Posted: Sat Mar 10, 2012 8:39 pm
by sai
I am trying to build the forgot password for site application. I am using admin modules behind the scenes Ex: ForgotPasswordSecurityTokenDao, ForgotPasswordSecurityTokenImpl

I was able to generate token when the customer tries to reset their password and send it to email. When I came back to the page and place the token I received in my email and tried to change the password, I am getting 'invalid token error'

I tried to debug through and came to know that it is not able to find the token, it meet the below if criteria at below line resulted in saying 'invalid token'.

Please advise.

if (fpst == null) {
response.addErrorCode("invalidToken");
}

Code: Select all

               public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {       
        GenericResponse response = new GenericResponse();
        Customer user = null;
        if (username != null) {
            user = customerDao.readCustomerByUsername(username);
        }
        checkUser(user, response);
        checkPassword(password, confirmPassword, response);
        if (token == null || "".equals(token)) {
            response.addErrorCode("invalidToken");
        }
       
        ForgotPasswordSecurityToken fpst = null;
        if (! response.getHasErrors()) {
            token = token.toLowerCase();
            fpst = forgotPasswordSecurityTokenDao.readToken(passwordEncoder.encodePassword(token,null));
          if (fpst == null) {
                response.addErrorCode("invalidToken");
            } else if (fpst.isTokenUsedFlag()) {
                response.addErrorCode("tokenUsed");
            } else if (isTokenExpired(fpst)) {
                response.addErrorCode("tokenExpired");
            }
        }

Re: issue with reading token while resetting password

Posted: Mon Mar 12, 2012 1:20 pm
by bpolster
A few things to debug further.

1. Is the token being persisted? If not, you might not be in a proper transactional context. Should be solvable by adding @Transaction around your service method.

2. What value is being persisted? Can you verify that the value you are trying to persist matches the value that you are trying to retrieve. Double check that the passwordEncoder you are trying to use is the same in both the save and the read context.

- Brian

Re: issue with reading token while resetting password

Posted: Mon Mar 12, 2012 7:58 pm
by sai
Thank you Jeff for the advise. It is working now. As you said the data was not being persisted.

Just want to quickly check, since I am using the same table as what is being used by Admin. Do you foresee any issue where I might encounter any conflict between Admin customer id and Site customer id.

Thank you for continuous support. I appreciate it very much.

Re: issue with reading token while resetting password

Posted: Tue Mar 13, 2012 11:41 am
by bpolster
You can safely use the ForgotPasswordSecurityToken for both admin and site usage.

- Brian

Re: issue with reading token while resetting password

Posted: Tue Mar 13, 2012 5:53 pm
by sai
Thank you Brian
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/