1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.modules.actions;
18
19
20
21 import java.util.Hashtable;
22 import javax.servlet.http.Cookie;
23
24
25 import org.apache.jetspeed.services.resources.JetspeedResources;
26 import org.apache.jetspeed.services.JetspeedSecurity;
27 import org.apache.jetspeed.services.security.JetspeedSecurityException;
28 import org.apache.jetspeed.services.rundata.JetspeedRunData;
29
30
31 import org.apache.turbine.modules.Action;
32 import org.apache.turbine.modules.ActionLoader;
33 import org.apache.turbine.services.localization.Localization;
34 import org.apache.turbine.util.RunData;
35 import org.apache.turbine.util.GenerateUniqueId;
36
37 /***
38 *
39 * Updates an Account in the User and save the User object to backing store.
40 * You must have been logged in in order
41 * to update the account.
42 */
43 public class UpdateAccount extends Action
44 {
45 public void doPerform( RunData rundata ) throws Exception
46 {
47 JetspeedRunData data = (JetspeedRunData)rundata;
48
49
50 if ( ! data.getUser().hasLoggedIn() )
51 {
52 data.setScreenTemplate( JetspeedResources.getString( "services.JspService.screen.error.NotLoggedIn", "Error" ) );
53 return;
54 }
55
56 String cancelBtn = data.getParameters().getString( "CancelBtn" , "" );
57 String username = data.getParameters().getString( "username" , "" );
58 String oldPassword = JetspeedSecurity.convertPassword(data.getParameters().getString( "old_password" , "" ));
59 String password = JetspeedSecurity.convertPassword(data.getParameters().getString( "password" , "" ));
60 String password2 = JetspeedSecurity.convertPassword(data.getParameters().getString( "password_confirm" , "" ));
61 String firstname = data.getParameters().getString( "firstname", "" );
62 String lastname = data.getParameters().getString( "lastname" , "" );
63 String email = data.getParameters().getString( "email" , "" );
64 boolean userRequestsRememberMe = data.getParameters().getBoolean( "rememberme" , false );
65
66
67
68 Hashtable screenData = new Hashtable();
69 screenData.put( "username", username );
70 screenData.put( "firstname", firstname );
71 screenData.put( "lastname", lastname );
72 screenData.put( "email", email );
73 data.getRequest().setAttribute( "ScreenDataEditAccount", screenData );
74
75
76
77
78
79
80 if ( cancelBtn.equalsIgnoreCase( "Cancel" ) )
81 {
82 return;
83 }
84
85
86
87
88 boolean changepass = false;
89 if ( password.trim().length() > 0 && password2.trim().length() > 0 )
90 {
91 changepass = true;
92 }
93
94 if ( changepass == true && ! password.equals( password2 ) )
95 {
96 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_PWNOTMATCH"));
97 backToEditAccount( data, screenData );
98 return;
99 }
100
101 if ( changepass == true && password.equals( oldPassword ) )
102 {
103
104 changepass = false;
105 }
106
107
108
109
110 if ( firstname.length() == 0 )
111 {
112 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOFIRSTNAME"));
113 backToEditAccount( data, screenData );
114 return;
115 }
116
117
118
119
120 if ( lastname.length() == 0 )
121 {
122 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOLASTNAME"));
123 backToEditAccount( data, screenData );
124 return;
125 }
126
127
128
129
130 if ( JetspeedResources.getBoolean("automatic.logon.enable", false) )
131 {
132 if ( ! userRequestsRememberMe )
133 {
134 if ( data.getRequest().getCookies() != null &&
135 data.getCookies().getString("username") != null &&
136 data.getCookies().getString("logincookie") != null )
137 {
138
139 Cookie userName = new Cookie("username","");
140 Cookie loginCookie = new Cookie("logincookie","");
141
142 String comment = JetspeedResources.getString("automatic.logon.cookie.comment","");
143 String domain = JetspeedResources.getString("automatic.logon.cookie.domain");
144 String path = JetspeedResources.getString("automatic.logon.cookie.path","/");
145
146 if (domain == null)
147 {
148 String server = data.getServerName();
149 domain = "." + server;
150 }
151
152 userName.setMaxAge(0);
153 userName.setComment(comment);
154 userName.setDomain(domain);
155 userName.setPath(path);
156
157 loginCookie.setMaxAge(0);
158 loginCookie.setComment(comment);
159 loginCookie.setDomain(domain);
160 loginCookie.setPath(path);
161
162 data.getResponse().addCookie(userName);
163 data.getResponse().addCookie(loginCookie);
164
165 data.getCookies().remove("username");
166 data.getCookies().remove("logincookie");
167 }
168 }
169 else
170 {
171 if ( data.getRequest().getCookies() == null ||
172 !data.getCookies().getString("username","").equals(data.getUser().getUserName()) ||
173 !data.getCookies().getString("logincookie","").equals(data.getUser().getPerm("logincookie")) )
174 {
175 String loginCookieValue = (String)data.getUser().getPerm("logincookie");
176 if (loginCookieValue == null || loginCookieValue.length() == 0)
177 {
178 loginCookieValue = ""+Math.random();
179 data.getUser().setPerm("logincookie",loginCookieValue);
180 JetspeedSecurity.saveUser( data.getJetspeedUser() );
181 }
182
183 Cookie userName = new Cookie("username",data.getUser().getUserName());
184 Cookie loginCookie = new Cookie("logincookie",loginCookieValue);
185
186 int maxage = JetspeedResources.getInt("automatic.logon.cookie.maxage",-1);
187 String comment = JetspeedResources.getString("automatic.logon.cookie.comment","");
188 String domain = JetspeedResources.getString("automatic.logon.cookie.domain");
189 String path = JetspeedResources.getString("automatic.logon.cookie.path","/");
190
191 if (domain == null)
192 {
193 String server = data.getServerName();
194 domain = "." + server;
195 }
196
197 userName.setMaxAge(maxage);
198 userName.setComment(comment);
199 userName.setDomain(domain);
200 userName.setPath(path);
201
202 loginCookie.setMaxAge(maxage);
203 loginCookie.setComment(comment);
204 loginCookie.setDomain(domain);
205 loginCookie.setPath(path);
206
207 data.getResponse().addCookie(userName);
208 data.getResponse().addCookie(loginCookie);
209
210 data.getCookies().add("username",data.getUser().getUserName());
211 data.getCookies().add("logincookie",loginCookieValue);
212 }
213 }
214 }
215
216
217
218
219 if ( email.length() == 0 )
220 {
221 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOEMAIL"));
222 backToEditAccount( data, screenData );
223 return;
224 }
225
226 boolean enableMail = JetspeedResources.getBoolean("newuser.confirm.enable", false);
227
228 String currentEmail = (String) data.getUser().getEmail();
229 if ( enableMail && ( currentEmail == null || ! currentEmail.equalsIgnoreCase(email) ) )
230 {
231
232 data.getUser().setEmail( email );
233 data.getUser().setConfirmed( GenerateUniqueId.getIdentifier() );
234 JetspeedSecurity.saveUser( data.getJetspeedUser() );
235 ActionLoader.getInstance().exec(data, "SendConfirmationEmail");
236
237 data.getParameters().add("username", data.getUser().getUserName() );
238 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NEWEMAILCONFIRM"));
239 data.setScreenTemplate("ConfirmRegistration");
240 }
241 else
242 {
243 JetspeedSecurity.saveUser( data.getJetspeedUser() );
244 }
245
246
247 data.getUser().setFirstName( firstname );
248 data.getUser().setLastName( lastname );
249 data.getUser().setEmail( email );
250 if ( changepass )
251 {
252 try
253 {
254 JetspeedSecurity.changePassword(data.getJetspeedUser(),oldPassword, password);
255 } catch (JetspeedSecurityException e)
256 {
257 data.setMessage(e.getMessage());
258 backToEditAccount( data, screenData );
259 return;
260 }
261 }
262
263
264 updateUser(data);
265
266 JetspeedSecurity.saveUser( data.getJetspeedUser() );
267 data.setMessage (Localization.getString(rundata, "UPDATEACCOUNT_DONE"));
268
269 }
270
271 /***
272 * updateUser updates the user object.
273 * Subclasses can extend this class and override this method - adding additional custom settings as needed.
274 * Note the default implementation does nothing - so no need to call the super version.
275 *
276 * @param data Turbine request/session information.
277 */
278 protected void updateUser(RunData data)
279 {
280
281 }
282
283 private void backToEditAccount( RunData rundata, Hashtable screenData )
284 {
285 rundata.getRequest().setAttribute( "ScreenDataEditAccount",
286 screenData );
287 rundata.setScreenTemplate("EditAccount");
288 }
289
290 }