in plugin-ui/plugin/grails-app/controllers/grails/plugin/springsecurity/ui/RegisterController.groovy [139:171]
def forgotPassword(ForgotPasswordCommand forgotPasswordCommand) {
if (!request.post) {
ForgotPasswordCommand fpc = new ForgotPasswordCommand()
return [forgotPasswordCommand: fpc]
}
withForm {
if (forgotPasswordCommand.hasErrors()) {
return [forgotPasswordCommand: forgotPasswordCommand]
}
def user = findUserByUsername(forgotPasswordCommand.username)
if (!user) {
forgotPasswordCommand.errors.rejectValue 'username', 'spring.security.ui.forgotPassword.user.notFound'
return [forgotPasswordCommand: forgotPasswordCommand]
}
if (forgotPasswordExtraValidation && forgotPasswordExtraValidation.size() > 0 && forgotPasswordExtraValidationDomainClassName ) {
redirect uri: generateLink('securityQuestions', [username: forgotPasswordCommand.username])
} else {
if (requireForgotPassEmailValidation) {
processForgotPasswordEmail(forgotPasswordCommand, user)
} else {
redirect uri: processForgotPasswordEmail(forgotPasswordCommand, user)
}
}
}.invalidToken {
flash.message = "Invalid Form Submission"
redirect(controller: "login", action: "auth")
}
}