Fix password reset with null pointer exception

Squashed commit of the following: commit 4d64677 Author: Alex Eng <aeng@redhat.com> Date: Tue Feb 24 10:38:19 2015 +1000 Fix password reset with null pointer exception
zanata · Feb 24, 2015 · 3b0d55a · 3b0d55a
1 parent 8deed90
commit 3b0d55a
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 24 deletions.
diff --git a/zanata-war/src/main/java/org/zanata/action/PasswordResetRequestAction.java b/zanata-war/src/main/java/org/zanata/action/PasswordResetRequestAction.java
@@ -71,20 +71,32 @@ public class PasswordResetRequestAction implements Serializable {
 
     public String requestReset() {
         if(getAccount() == null) {
-            FacesMessages.instance().add(msgs.get("jsf.account.notFound"));
-            return null;
-        } else if(isAccountWaitingForActivation()) {
+            return getAccountNoFoundMessage();
+        }
+
+        HAccountResetPasswordKey key =
+            userAccountServiceImpl.requestPasswordReset(getAccount());
+
+        if(key == null) {
+            return getAccountNoFoundMessage();
+        }
+
+        if(isAccountWaitingForActivation()) {
             FacesMessages.instance().add(msgs.get("jsf.account.notActivated"));
             return null;
         }
-        String message =
-                emailServiceImpl.sendPasswordResetEmail(
-                    getAccount().getPerson(),
-                    account.getAccountActivationKey().getKeyHash());
+
+        String message = emailServiceImpl.sendPasswordResetEmail(
+            getAccount().getPerson(), key.getKeyHash());
         FacesMessages.instance().add(message);
         return "home";
     }
 
+    private String getAccountNoFoundMessage() {
+        FacesMessages.instance().add(msgs.get("jsf.account.notFound"));
+        return null;
+    }
+
     @End
     public String sendActivationEmail(String username, String email) {
         HAccount account = accountDAO.getByUsernameAndEmail(username, email);
@@ -112,10 +124,7 @@ public boolean isAccountWaitingForActivation() {
         if (account == null) {
             return false;
         }
-        if (account.getAccountActivationKey() == null) {
-            return false;
-        }
-        return true;
+        return account.getAccountActivationKey() != null;
     }
 
     public HAccount getAccount() {

diff --git a/zanata-war/src/main/java/org/zanata/dao/AccountResetPasswordKeyDAO.java b/zanata-war/src/main/java/org/zanata/dao/AccountResetPasswordKeyDAO.java
@@ -41,4 +41,11 @@ public AccountResetPasswordKeyDAO(Session session) {
         super(HAccountResetPasswordKey.class, session);
     }
 
+    public HAccountResetPasswordKey findByAccount(Long accountId) {
+        return (HAccountResetPasswordKey) getSession()
+            .createQuery(
+                "from HAccountResetPasswordKey key where key.account.id = :accountId")
+            .setLong("accountId", accountId)
+            .setComment("AccountResetPasswordKeyDAO.findByAccount").uniqueResult();
+    }
 }
diff --git a/zanata-war/src/main/java/org/zanata/service/impl/UserAccountServiceImpl.java b/zanata-war/src/main/java/org/zanata/service/impl/UserAccountServiceImpl.java
@@ -29,12 +29,12 @@
 
 import org.hibernate.Query;
 import org.hibernate.Session;
-import org.hibernate.criterion.Restrictions;
 import org.jboss.seam.ScopeType;
 import org.jboss.seam.annotations.In;
 import org.jboss.seam.annotations.Name;
 import org.jboss.seam.annotations.Scope;
 import org.zanata.dao.AccountDAO;
+import org.zanata.dao.AccountResetPasswordKeyDAO;
 import org.zanata.dao.RoleAssignmentRuleDAO;
 import org.zanata.model.HAccount;
 import org.zanata.model.HAccountResetPasswordKey;
@@ -57,25 +57,25 @@ public class UserAccountServiceImpl implements UserAccountService {
     @In
     private AccountDAO accountDAO;
 
+    @In
+    private AccountResetPasswordKeyDAO accountResetPasswordKeyDAO;
+
     @In
     private RoleAssignmentRuleDAO roleAssignmentRuleDAO;
 
     @Override
     public void clearPasswordResetRequests(HAccount account) {
-        // TODO This should be done in a DAO
         HAccountResetPasswordKey key =
-                (HAccountResetPasswordKey) session
-                        .createCriteria(HAccountResetPasswordKey.class)
-                        .add(Restrictions.eq("account", account))
-                        .uniqueResult();
-        if (key != null) {
-            session.delete(key);
-            session.flush();
+                accountResetPasswordKeyDAO.findByAccount(account.getId());
+        if(key != null) {
+            accountResetPasswordKeyDAO.makeTransient(key);
+            accountResetPasswordKeyDAO.flush();
         }
     }
 
     @Override
-    public HAccountResetPasswordKey requestPasswordReset(@Nonnull HAccount account) {
+    public HAccountResetPasswordKey requestPasswordReset(
+            @Nonnull HAccount account) {
         if (account.getPerson() == null) {
             return null;
         }
@@ -85,9 +85,11 @@ public HAccountResetPasswordKey requestPasswordReset(@Nonnull HAccount account)
         HAccountResetPasswordKey key = new HAccountResetPasswordKey();
         key.setAccount(account);
         key.setKeyHash(HashUtil.generateHash(account.getUsername()
-                + account.getPasswordHash() + account.getPerson().getEmail()
-                + account.getPerson().getName() + System.currentTimeMillis()));
-        session.persist(key);
+            + account.getPasswordHash() + account.getPerson().getEmail()
+            + account.getPerson().getName() + System.currentTimeMillis()));
+
+        account.setAccountResetPasswordKey(key);
+        accountResetPasswordKeyDAO.makePersistent(key);
 
         log.info("Sent password reset key to {} ({})", account.getPerson()
                 .getName(), account.getUsername());