private void changeUserPassword()

in redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java [998:1060]

• 52 lines of code
• 11 McCabe index (conditional complexity)

    private void changeUserPassword(final String userId, final PasswordChange passwordChange) throws RedbackServiceException
    {
        if ( StringUtils.isEmpty( passwordChange.getCurrentPassword() ) )
        {
            throw new RedbackServiceException( ErrorMessage.of( MessageKeys.ERR_PASSWORDCHANGE_CURRENT_EMPTY ), 400 );
        }
        if ( passwordChange.getUserId( ) == null || ( !passwordChange.getUserId( ).equals( userId ) ) )
        {
            throw new RedbackServiceException( ErrorMessage.of( MessageKeys.ERR_USER_ID_INVALID ), 403 );
        }

        if ( StringUtils.isEmpty( passwordChange.getNewPassword() ) )
        {
            throw new RedbackServiceException( ErrorMessage.of(MessageKeys.ERR_PASSWORDCHANGE_NEW_EMPTY), 400 );
        }
        if ( StringUtils.isEmpty( passwordChange.getNewPasswordConfirmation() ) )
        {
            throw new RedbackServiceException( ErrorMessage.of( MessageKeys.ERR_PASSWORDCHANGE_CONFIRMATION_EMPTY ),
                400 );
        }
        if ( !StringUtils.equals( passwordChange.getNewPassword(), passwordChange.getNewPasswordConfirmation() ) )
        {
            throw new RedbackServiceException(ErrorMessage.of( MessageKeys.ERR_PASSWORDCHANGE_BAD_CONFIRMATION ),
                403 );
        }

        try
        {
            org.apache.archiva.redback.users.User u = securitySystem.getUserManager().findUser( userId );

            String previousEncodedPassword = u.getEncodedPassword();

            // check oldPassword with the current one

            PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();

            if ( !encoder.isPasswordValid( previousEncodedPassword, passwordChange.getCurrentPassword() ) )
            {

                throw new RedbackServiceException( MessageKeys.ERR_AUTH_INVALID_CREDENTIALS,
                    401 );
            }

            u.setPassword( passwordChange.getNewPassword() );
            securitySystem.getUserManager().updateUser( u );
        }
        catch ( UserNotFoundException e )
        {
            throw new RedbackServiceException( ErrorMessage.of( MessageKeys.ERR_USER_NOT_FOUND ),
                400 );
        }
        catch ( UserManagerException e )
        {
            log.info( "UserManagerException: {}", e.getMessage() );
            throw new RedbackServiceException( ErrorMessage.of( MessageKeys.ERR_USERMANAGER_FAIL, e.getMessage() ) );
        }
        catch ( PasswordRuleViolationException e )
        {
            throw new RedbackServiceException( getPasswordViolationMessages( e ), 401 );
        }


    }