function changePassword(email, oldPassword, newPassword) { var user = getUse

1. function changePassword(email, oldPassword, newPassword) {
2. var user = getUser(email);
3. var oldPasswordDecrypted = decrypt(oldPassword)
4. var newPasswordDecrypted = decrypt(newPassword)
5. var existingPasswordDecrypted = decrypt(user.password)
6.  
7. if (user === null || existingPasswordDecrypted !== oldPasswordDecrypted) {
8. throw new EmailPasswordMissMatchException();
9. }
10. if (oldPasswordDecrypted === newPasswordDecrypted) {
11. throw new PasswordAlreadyInUseException();
12. }
13. if (user.isAdmin) {
14. changeAdminPassword(user, newPassword);
15. } else {
16. changeUserPassword(user, oldPassword, newPassword);
17. }
18.  
19. }
20.  
21. function changeUserPassword(user, newPassword) {
22. if (!user.isEnabled) {
23. throw new UnsupporedOperationException();
24. }
25. try {
26. user.password = newPassword;
27. save(user);
28. // clear the session when the user changes the password
29. // so that he/she has to log in again
30. clearSession(user);
31. } catch (e) {
32. throw new SomethingWentWrongException();
33. }
34. }
35.  
36. function changeAdminPassword(user, oldPassword, newPassword) {
37. var isError = false;
38. try {
39. user.password = newPassword;
40. save(user);
41. // clear the session when the user changes the password
42. // so that he/she has to log in again
43. clearSession(user);
44. } catch (e) {
45. isError = true;
46. throw new SomethingWentWrongException();
47. } finally {
48. if (!isError) {
49. sendPasswordChangeConfirmationEmails(user);
50. }
51. }
52. }
53.  
54. function sendPasswordChangeConfirmationEmails(user) {
55. var emails = user.getEmails();
56. var token = generatePasswordRevertToken(user.email, user.password);
57. for (i = 0; i < emails.length; i++) {
58. // Confirm with admin that he as in fact changed the password,
59. // if he has not, give him option to reset the password using token
60. sendConfirmationEmail(email[i], token);
61. }
62. }