How can I generate temporary URL in play framework?

1k views Asked by At

I am using play framework and Java to build an web application. I have a reset password feature in my application. I do not want to generate temporary passwords and email them to the users. Instead, I want to generate temporary URL that is valid for x days and email it to the user where he/she an use it to reset his/her password. I am not sure how I can implement that in Play Framework, or even if it is possible in Play.

[Update] I want to know how to add the temporary URL to my application routes file. I am not even sure if this the right place add the temporary URL. How to generate the link, I believe I know how to implement that, but how to add it to my application, I am not sure if my question is clear enough, sorry about that

1

There are 1 answers

0
biesior On BEST ANSWER

Simple, add two fields stored in DB to your User model: String token and Date tokenValidityDate.

When user requests password change set new token to database which is perfectly unique ie. 123,6svv376d.foo.bar.loooong.hash where 123 is ID of user and rest after comma is random hash calculated with application secret. in tokenValidityDate field add the final date when token is valid let's say now + 1 hour.

then generate an absolute link i.e.:

http://domain.com/password-reset/123,6svv376d.foo.bar.loooong.hash to send in email.

Ater receiving such request you can:

  • if user with given token found and his/her tokenValidityDate isn't less the now -> display form for setting new pass and process as usually.
  • if user with given token found, but it's too late, redirect to common form with "Remind the password" + flash message: Your token expired, start again, also set token and tokenValidityDate for this user to null.
  • if user with given token is NOT found, redirect to common form with "Remind the password" without any message.