reset password fix

ca44afd2 · Jan Hrabal · b0a2102c · ca44afd2 · ca44afd2
Commit ca44afd2 authored Oct 09, 2019 by Jan Hrabal
Showing with 4 additions and 3 deletions

AppUserRepository.java ...va/com/jh/boot/security/repository/AppUserRepository.java +3 -3

AppUserAuthService.java ...java/com/jh/boot/security/service/AppUserAuthService.java +1 -0

No files found.
--- a/src/main/java/com/jh/boot/security/repository/AppUserRepository.java
+++ b/src/main/java/com/jh/boot/security/repository/AppUserRepository.java
@@ -66,13 +66,13 @@ public class AppUserRepository extends AbstractHibernateRepository {
 	}
 	public ResetPasswordToken findResetPasswordToken(String login, String token) {
-		if (!StringUtils.hasText(login) || StringUtils.hasText(token)) {
+		if (!StringUtils.hasText(login) || !StringUtils.hasText(token)) {
 			return null;
 		}
-		Query q = entityManager.createQuery("select au from ResetPasswordToken au where lower(au.login) = :login and au.token = :token and (au.used is null or au.used = :used)");
+		Query q = entityManager.createQuery("select au from ResetPasswordToken au where lower(au.login) = :login and lower(au.token) = :token and (au.used is null or au.used = :used)");
 		q.setParameter("login", login.trim().toLowerCase());
 		q.setParameter("token", token.trim().toLowerCase());
-		q.setParameter("used", Boolean.TRUE);
+		q.setParameter("used", Boolean.FALSE);
 		return singleResult(q);
 	}

--- a/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
+++ b/src/main/java/com/jh/boot/security/service/AppUserAuthService.java
@@ -125,6 +125,7 @@ public class AppUserAuthService implements AuthService {
 		user.setPasswordChanged(new Date());
 		user.setPasswordExpired(false);
+		rpt.setUsed(true);
 	}