@Override
@Transactional(TransactionUtils.DEFAULT_TRANSACTION_MANAGER)
public GenericResponse resetPasswordUsingToken(String username, String token, String password, String confirmPassword) {
GenericResponse response = new GenericResponse();
Customer customer = null;
if (username != null) {
customer = customerDao.readCustomerByUsername(username);
}
checkCustomer(customer, response);
checkPassword(password, confirmPassword, response);
CustomerForgotPasswordSecurityToken fpst = checkPasswordResetToken(token, customer, response);
if (!response.getHasErrors()) {
if (!customer.getId().equals(fpst.getCustomerId())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Password reset attempt tried with mismatched customer and token " + customer.getId() + ", " + StringUtil.sanitize(token));
}
response.addErrorCode("invalidToken");
}
}
if (!response.getHasErrors()) {
customer.setUnencodedPassword(password);
customer.setPasswordChangeRequired(false);
saveCustomer(customer);
invalidateAllTokensForCustomer(customer);
}
return response;
}