Grails Acegi plugin lost password

Question

Grails Acegi plugin lost password

I am looking for an implementation of a password search procedure using the Acegi plugin for Grails ... Google does not give me ...

+3

spring-security grails

Thody Oct 31 '09 at 15:52

source share

3 answers

Stefan armbruster · Answer 1 · 2009-10-31T17:33:34+0000

IMHO this is not currently part of the Acegi plugin. I added the loginPassword action for LoginController:

    def forgotPassword = {
    if (params.username) {
        User user = User.findByUsername(params.username)
        if (user) {
            def password = randomService.generateRandomString(8)
            user.passwd = authenticateService.encodePassword(password)
            if (!user.save(flush:true)) {
                user.errors.each {
                    log.error "err $it"
                }
                flash.message = message(code: "LoginController.msg.forgot.error")
            } else {
                sendMail {
                    to user.username
                    subject message(code:"LoginController.mail.forgot.subject" )
                    body(view:"forgotPasswordEmail", model: [person:user, password:password])
                }
                flash.message = message(code:"LoginController.msg.forgot", args:[user.username] )
            }
        } else {
            flash.message = message(code:"LoginController.msg.forgot.unknown", args:[params.username])
        }
    }
}

The code above uses the Grails mail plugin.

Ted Naleid · Answer 2 · 2009-10-31T17:35:50+0000

Google fails because it is not there. It is not possible to cancel a hashed password (without breaking brute force and rainbow tables), and if that were the case, it would mean that your system was not secure.

, , reset , . , ( Grails).

Dónal · Answer 3 · 2010-01-31T17:56:31+0000

Acegi , email-confirmation, .

:

reset, .

, reset, , , . , EmailConfirmationService, .

def sendConfirmation(String emailAddress, String theSubject, Map model = null, 
String userToken = null)

:

emailAddress = address of user changing password
theSubject = subject of e-mail sent
model = any data passed to GSP that creates e-mail body
userToken = hashed user password

( , ), onConfirmation.

Bootstrap.groovy :

def emailConfirmationService

def init = { servletContext -> 

  emailConfirmationService.onConfirmation = { email, hashedPassword ->

    User user = User.findByEmail(email)
    user.passwd = hashedPassword
    if (!user.save()) {
        // Handle this error, somehow....
    }

    // Then return a map which will redirect the user to the login screen  (for example)
    [controller:'userProfile', action:'login'] 
  } 
}

, , reset .

Grails Acegi plugin lost password

More articles: