Package com.ericbouchut.learndev.auth
Class PasswordResetController
java.lang.Object
com.ericbouchut.learndev.auth.PasswordResetController
Web endpoints for the password-reset flow:
the "forgot password" request page and the "reset password" page that
consumes the emailed token. Both are anonymous pages under
/auth/.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionforgotPasswordForm(org.springframework.ui.Model model) Display the "forgot password" request form.requestReset(@Valid ForgotPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request) Processes a "forgot password" request.resetPassword(@Valid ResetPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request, org.springframework.ui.Model model) Consumes the token and sets the new password.resetPasswordForm(String token, org.springframework.ui.Model model) Display the "reset password" form when the emailed token is valid; otherwise render the invalid-link state (expired, used, or unknown).
-
Constructor Details
-
PasswordResetController
-
-
Method Details
-
forgotPasswordForm
@GetMapping("/auth/forgot-password") public String forgotPasswordForm(org.springframework.ui.Model model) Display the "forgot password" request form.- Parameters:
model- carries the empty form-backing bean- Returns:
- the name of the forgot-password template
-
requestReset
@PostMapping("/auth/forgot-password") public String requestReset(@Valid @ModelAttribute("form") @Valid ForgotPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request) Processes a "forgot password" request. The response never reveals whether the email exists (enumeration-safe): every valid submission redirects to the same neutral confirmation.- Returns:
- redirect to the confirmation state, or the re-rendered form on validation errors
-
resetPasswordForm
@GetMapping("/auth/reset-password") public String resetPasswordForm(@RequestParam(name="token",required=false) String token, org.springframework.ui.Model model) Display the "reset password" form when the emailed token is valid; otherwise render the invalid-link state (expired, used, or unknown).- Parameters:
token- the raw token from the emailed link- Returns:
- the name of the reset-password template
-
resetPassword
@PostMapping("/auth/reset-password") public String resetPassword(@Valid @ModelAttribute("form") @Valid ResetPasswordForm form, org.springframework.validation.BindingResult binding, jakarta.servlet.http.HttpServletRequest request, org.springframework.ui.Model model) Consumes the token and sets the new password. Success redirects to the login page with a confirmation; an unusable token renders the invalid-link state.
-