Class PasswordResetController

java.lang.Object
com.ericbouchut.learndev.auth.PasswordResetController

@Controller public class PasswordResetController extends Object
Web endpoints for the password-reset flow: the "forgot password" request page and the "reset password" page that consumes the emailed token. Both are anonymous pages under /auth/.
  • Constructor Details

  • Method Details

    • forgotPasswordForm

      @GetMapping("/auth/forgot-password") public String forgotPasswordForm(org.springframework.ui.Model model)
      Display the "forgot password" request form.
      Parameters:
      model - carries the empty form-backing bean
      Returns:
      the name of the forgot-password template
    • requestReset

      @PostMapping("/auth/forgot-password") public String requestReset(@Valid @ModelAttribute("form") @Valid ForgotPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request)
      Processes a "forgot password" request. The response never reveals whether the email exists (enumeration-safe): every valid submission redirects to the same neutral confirmation.
      Returns:
      redirect to the confirmation state, or the re-rendered form on validation errors
    • resetPasswordForm

      @GetMapping("/auth/reset-password") public String resetPasswordForm(@RequestParam(name="token",required=false) String token, org.springframework.ui.Model model)
      Display the "reset password" form when the emailed token is valid; otherwise render the invalid-link state (expired, used, or unknown).
      Parameters:
      token - the raw token from the emailed link
      Returns:
      the name of the reset-password template
    • resetPassword

      @PostMapping("/auth/reset-password") public String resetPassword(@Valid @ModelAttribute("form") @Valid ResetPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request, org.springframework.ui.Model model)
      Consumes the token and sets the new password. Success redirects to the login page with a confirmation; an unusable token renders the invalid-link state.