@Override public void resetPassword(String resetKey, String password) throws NoSuchPasswordResetKeyException, PasswordDoesNotMeetRequirementsException { Preconditions.checkNotNull(resetKey); Preconditions.checkNotNull(password); User user = this.userStore.get().findUserByPasswordResetRequest(resetKey); if (user == null) { throw new NoSuchPasswordResetKeyException(); } AccountsSettings settings = getSettings(); if (password.length() < settings.getPasswordRequirements().getMinimalLength()) { throw new PasswordDoesNotMeetRequirementsException("Provided password does not meet requirements"); } this.userStore.get().updatePassword(user, passwordManager.hashPassword(password)); this.userStore.get().deletePasswordResetRequest(resetKey); }
@Override public void changePassword(User user, String currentPassword, String newPassword) throws WrongPasswordException, PasswordDoesNotMeetRequirementsException { Preconditions.checkNotNull(user); Preconditions.checkNotNull(user.getId()); User stored = this.userStore.get().findById(user.getId()); if (!this.passwordManager.verifyPassword(currentPassword, stored.getPassword())) { throw new WrongPasswordException("Refusing to change password : given current password is incorrect"); } if (!passwordStrengthChecker.checkLength(newPassword)) { throw new PasswordDoesNotMeetRequirementsException( "Provided password does not meet requirements : length too short"); } if (!passwordStrengthChecker.checkEntropy(newPassword)) { throw new PasswordDoesNotMeetRequirementsException( "Provided password does not meet requirements : not enough bits of entropy"); } this.userStore.get().updatePassword(user, passwordManager.hashPassword(newPassword)); }