View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.modules.actions;
18  
19  
20  // Java
21  import java.util.Hashtable;
22  import javax.servlet.http.Cookie;
23  
24  // Jetspeed
25  import org.apache.jetspeed.services.resources.JetspeedResources;
26  import org.apache.jetspeed.services.JetspeedSecurity;
27  import org.apache.jetspeed.services.security.JetspeedSecurityException;
28  import org.apache.jetspeed.services.rundata.JetspeedRunData;
29  
30  // Turbine
31  import org.apache.turbine.modules.Action;
32  import org.apache.turbine.modules.ActionLoader;
33  import org.apache.turbine.services.localization.Localization;
34  import org.apache.turbine.util.RunData;
35  import org.apache.turbine.util.GenerateUniqueId;
36  
37  /***
38   *
39   *   Updates an Account in the User and save the User object to backing store.
40   *   You must have been logged in in order
41   *   to update the account.
42   */
43  public class UpdateAccount extends Action
44  {
45      public void doPerform( RunData rundata ) throws Exception
46      {
47          JetspeedRunData data = (JetspeedRunData)rundata;
48  
49          // check to make sure the user has logged in before accessing this screen
50          if ( ! data.getUser().hasLoggedIn() )
51          {
52              data.setScreenTemplate( JetspeedResources.getString( "services.JspService.screen.error.NotLoggedIn", "Error" ) );
53              return;
54          }
55  
56          String cancelBtn = data.getParameters().getString( "CancelBtn" , "" );
57          String username  = data.getParameters().getString( "username" , "" );
58          String oldPassword  = JetspeedSecurity.convertPassword(data.getParameters().getString( "old_password" , "" ));
59          String password  = JetspeedSecurity.convertPassword(data.getParameters().getString( "password" , "" ));
60          String password2 = JetspeedSecurity.convertPassword(data.getParameters().getString( "password_confirm" , "" ));
61          String firstname = data.getParameters().getString( "firstname", "" );
62          String lastname  = data.getParameters().getString( "lastname" , "" );
63          String email     = data.getParameters().getString( "email" , "" );
64          boolean userRequestsRememberMe = data.getParameters().getBoolean( "rememberme" , false );
65  
66          // Save user input in case there is an error and 
67          // we have to go back to the EditAccount screen
68          Hashtable screenData = new Hashtable();
69          screenData.put( "username",  username );
70          screenData.put( "firstname", firstname );
71          screenData.put( "lastname",  lastname );
72          screenData.put( "email",     email );
73          data.getRequest().setAttribute( "ScreenDataEditAccount", screenData );
74  
75          // CANCEL BUTTON
76          //
77          // check to see if the Cancel button was pressed.
78          // if so, return to the screen we were previously on
79          // defined by nextscreen in the EditAccount screen
80          if ( cancelBtn.equalsIgnoreCase( "Cancel" ) )
81          {
82              return;
83          }
84  
85          // PASSWORD
86          //
87          // if the fields are empty, then don't do anything to the passwords
88          boolean changepass = false;
89          if ( password.trim().length() > 0 && password2.trim().length() > 0 )
90          {
91              changepass = true;
92          }
93          
94          if ( changepass == true && ! password.equals( password2 ) )
95          {
96              data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_PWNOTMATCH"));
97              backToEditAccount( data, screenData );
98              return;
99          }
100         
101         if ( changepass == true && password.equals( oldPassword ) )
102         {
103             // old password = new passwod, so do not change.
104             changepass = false;
105         }
106 
107             // FIRSTNAME
108         //
109         // make sure the firstname exists
110         if ( firstname.length() == 0 )
111         {
112             data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOFIRSTNAME"));
113             backToEditAccount( data, screenData );
114             return;
115         }
116 
117         // LASTNAME
118         //
119         // make sure the lastname exists
120         if ( lastname.length() == 0 )
121         {
122             data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOLASTNAME"));
123             backToEditAccount( data, screenData );
124             return;
125         }
126 
127         // AUTOMATIC LOGIN
128         //
129         // if automatic login is enabled, then handle the remember me checkbox
130         if ( JetspeedResources.getBoolean("automatic.logon.enable", false) )
131         {
132           if ( ! userRequestsRememberMe ) 
133           {
134             if ( data.getRequest().getCookies() != null &&
135                  data.getCookies().getString("username") != null &&
136                  data.getCookies().getString("logincookie") != null )
137             {
138               // remove cookies by re-adding them with zero MaxAge, which deletes them
139               Cookie userName = new Cookie("username","");
140               Cookie loginCookie = new Cookie("logincookie","");
141 
142               String comment = JetspeedResources.getString("automatic.logon.cookie.comment","");
143               String domain = JetspeedResources.getString("automatic.logon.cookie.domain");
144               String path = JetspeedResources.getString("automatic.logon.cookie.path","/");
145 
146               if (domain == null)
147               {
148                 String server = data.getServerName();
149                 domain = "." + server;
150               }
151 
152               userName.setMaxAge(0);
153               userName.setComment(comment);
154               userName.setDomain(domain);
155               userName.setPath(path);
156 
157               loginCookie.setMaxAge(0);
158               loginCookie.setComment(comment);
159               loginCookie.setDomain(domain);
160               loginCookie.setPath(path);
161 
162               data.getResponse().addCookie(userName);
163               data.getResponse().addCookie(loginCookie);
164 
165               data.getCookies().remove("username");
166               data.getCookies().remove("logincookie");
167             }
168           } 
169           else 
170           {
171             if ( data.getRequest().getCookies() == null ||
172                  !data.getCookies().getString("username","").equals(data.getUser().getUserName()) ||
173                  !data.getCookies().getString("logincookie","").equals(data.getUser().getPerm("logincookie")) )
174             {
175               String loginCookieValue = (String)data.getUser().getPerm("logincookie");
176               if (loginCookieValue == null || loginCookieValue.length() == 0)
177               {
178                 loginCookieValue = ""+Math.random();
179                 data.getUser().setPerm("logincookie",loginCookieValue);
180                 JetspeedSecurity.saveUser( data.getJetspeedUser() );
181               }
182 
183               Cookie userName = new Cookie("username",data.getUser().getUserName());
184               Cookie loginCookie = new Cookie("logincookie",loginCookieValue);
185 
186               int maxage = JetspeedResources.getInt("automatic.logon.cookie.maxage",-1);
187               String comment = JetspeedResources.getString("automatic.logon.cookie.comment","");
188               String domain = JetspeedResources.getString("automatic.logon.cookie.domain");
189               String path = JetspeedResources.getString("automatic.logon.cookie.path","/");
190 
191               if (domain == null)
192               {
193                 String server = data.getServerName();
194                 domain = "." + server;
195               }
196 
197               userName.setMaxAge(maxage);
198               userName.setComment(comment);
199               userName.setDomain(domain);
200               userName.setPath(path);
201 
202               loginCookie.setMaxAge(maxage);
203               loginCookie.setComment(comment);
204               loginCookie.setDomain(domain);
205               loginCookie.setPath(path);
206 
207               data.getResponse().addCookie(userName);
208               data.getResponse().addCookie(loginCookie);
209 
210               data.getCookies().add("username",data.getUser().getUserName());
211               data.getCookies().add("logincookie",loginCookieValue);
212             }
213           }
214         }
215 
216         // EMAIL
217         //
218         // make sure the email exists
219         if ( email.length() == 0 )
220         {
221             data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NOEMAIL"));
222             backToEditAccount( data, screenData );
223             return;
224         }
225 
226         boolean enableMail = JetspeedResources.getBoolean("newuser.confirm.enable", false);
227 
228         String currentEmail = (String) data.getUser().getEmail();
229         if ( enableMail && ( currentEmail == null || ! currentEmail.equalsIgnoreCase(email) ) )
230             {
231                 //Send confirmation email if different than current
232                 data.getUser().setEmail( email );
233                 data.getUser().setConfirmed( GenerateUniqueId.getIdentifier() );
234                 JetspeedSecurity.saveUser( data.getJetspeedUser() );
235                 ActionLoader.getInstance().exec(data, "SendConfirmationEmail");
236                 // add in the username to the parameters because ConfirmRegistration needs it
237                 data.getParameters().add("username", data.getUser().getUserName() );
238                 data.setMessage(Localization.getString(rundata, "UPDATEACCOUNT_NEWEMAILCONFIRM"));
239                 data.setScreenTemplate("ConfirmRegistration");
240             }
241         else
242             {       
243                 JetspeedSecurity.saveUser( data.getJetspeedUser() );
244             }
245             
246         // update currently logged in information that might have changed
247         data.getUser().setFirstName( firstname );
248         data.getUser().setLastName( lastname );
249         data.getUser().setEmail( email );
250         if ( changepass )
251         {
252             try
253             {
254               JetspeedSecurity.changePassword(data.getJetspeedUser(),oldPassword, password);
255             } catch (JetspeedSecurityException e)
256             {
257                 data.setMessage(e.getMessage());
258                 backToEditAccount( data, screenData );
259                 return;
260             }
261         }
262 
263         //allow sub-classes to update additional information
264         updateUser(data);
265 
266         JetspeedSecurity.saveUser( data.getJetspeedUser() );
267         data.setMessage (Localization.getString(rundata, "UPDATEACCOUNT_DONE"));
268         
269     }
270 
271     /***
272      * updateUser updates the user object.
273      * Subclasses can extend this class and override this method - adding additional custom settings as needed.
274      * Note the default implementation does nothing - so no need to call the super version.
275      *
276      * @param data Turbine request/session information.
277      */
278     protected void updateUser(RunData data)
279     {
280         //default version does nothing
281     }
282 
283     private void backToEditAccount( RunData rundata, Hashtable screenData )
284     {   
285         rundata.getRequest().setAttribute( "ScreenDataEditAccount",
286                                            screenData );
287         rundata.setScreenTemplate("EditAccount");
288     }
289 
290 }