View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.modules.actions;
18  
19  
20  // java.util
21  import java.util.Date;
22  
23  import org.apache.jetspeed.om.security.JetspeedUser;
24  
25  // Jetspeed modules
26  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
27  import org.apache.jetspeed.services.logging.JetspeedLogger;
28  import org.apache.jetspeed.util.template.JetspeedLink;
29  import org.apache.jetspeed.util.template.JetspeedLinkFactory;
30  
31  // turbine.modules
32  import org.apache.turbine.modules.Action;
33  import org.apache.turbine.modules.ActionLoader;
34  
35  // resources
36  import org.apache.turbine.services.localization.Localization;
37  import org.apache.jetspeed.services.resources.JetspeedResources;
38  
39  // templates
40  import org.apache.turbine.services.template.TurbineTemplate;
41  
42  // turbine.util
43  import org.apache.turbine.util.RunData;
44  import org.apache.turbine.util.GenerateUniqueId;
45  import org.apache.turbine.util.StringUtils;
46  
47  // security
48  import org.apache.jetspeed.services.JetspeedSecurity;
49  import org.apache.jetspeed.services.security.JetspeedSecurityException;
50  
51  /***
52      This action validates the form input from the NewAccount Screen.
53      If it is valid, then it will check to make sure that the user account
54      does not already exist. If it does, then it will show the NewAccount
55      screen again. If it doesn't alread exist, then it will create the new
56      user and set the CONFIRM_VALUE to be the users session id. This part should
57      probably be re-done to get a better less hackable CONFIRM_VALUE, but this
58      should work for now. If everything goes well, this action will send the user
59      a confirmation email and then show the ConfirmRegistration screen.
60  
61      @author Jon S. Stevens <a href="mailto:jon@clearink.com">jon@clearink.com</a>
62      @author David S. Taylor <a href="mailto:david@bluesunrise.com">david@bluesunrise.com</a>
63      @author Tom Adams <a href="mailto:tom@PIsoftware.com">tom@PIsoftware.com</a>
64  
65  */
66  public class CreateNewUserAndConfirm extends Action
67  {
68      
69      /***
70       * Static initialization of the logger for this class
71       */    
72      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(CreateNewUserAndConfirm.class.getName());    
73      
74      public void doPerform( RunData data ) throws Exception
75      {
76          try
77          {
78  
79              String submit = "submit1";
80              String str = (String) data.getUser().getTemp ( submit, "asdfasdf" );
81              if ( str != null && str
82                  .equalsIgnoreCase( data.getParameters().getString(submit, "")) )
83              {
84                  data.getUser().removeTemp(submit);
85                  data.setScreenTemplate( TurbineTemplate.getDefaultScreen() );
86                  return;
87              }
88  
89              String pass1 = data.getParameters().getString("password", "");
90              String pass2 = data.getParameters().getString("password_confirm", "");
91  
92              // make sure the passwords are not empty
93              if ( (pass1.length() == 0 || pass2.length() == 0 )
94                  || ! pass1.equals ( pass2 ) )
95              {
96                  data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_PWNOTMATCH"));
97                  data.setScreenTemplate("NewAccount");
98                  return;
99              }
100 
101             String username = data.getParameters().getString("username", "");
102 
103             // convert case if configured
104             username = JetspeedSecurity.convertUserName(username);
105             pass1 = JetspeedSecurity.convertPassword(pass1);
106             pass2 = JetspeedSecurity.convertPassword(pass2);
107 
108             // make sure the username exists
109             if ( username.length() == 0 )
110             {
111                 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_NOUSERNAME"));
112                 data.setScreenTemplate("NewAccount");
113                 return;
114             }
115 
116             String email = data.getParameters().getString("email", "");
117             // make sure the email exists
118             if ( email.length() == 0 )
119             {
120                 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_NOEMAIL"));
121                 data.setScreenTemplate("NewAccount");
122                 return;
123             }
124 
125             String CHNAME = Localization.getString(data, "CREATENEWUSERANDCONFIRM_DUPLICATEMSG");
126 
127             boolean accountExists = true;
128             try
129             {
130                 JetspeedSecurity.getUser(username);
131             }
132             catch(JetspeedSecurityException e)
133             {
134                 accountExists = false;
135             }
136 
137             if (!accountExists)
138             {
139                 Date now = new Date();
140 
141                 JetspeedUser user = JetspeedSecurity.getUserInstance();
142 
143                 user.setUserName( username );
144                 user.setCreateDate(now);
145                 user.setLastLogin(new Date(0));
146                 user.setFirstName( data.getParameters().getString("firstname") );
147                 user.setLastName( data.getParameters().getString("lastname") );
148                 user.setEmail( data.getParameters().getString("email") );
149 
150                 createUser(user, data);
151 
152                 // create a unique confirmation string for the new user
153                 String confirmValue = GenerateUniqueId.getIdentifier();
154 
155                 // allow for disabling of email for configurations without a mail server
156                 boolean newUserNotification = JetspeedResources.getBoolean("newuser.notification.enable", false);
157                 boolean newUserApproval = JetspeedResources.getBoolean("newuser.approval.enable", false);
158                 boolean enableMail = JetspeedResources.getBoolean("newuser.confirm.enable", false);
159                 if (false == enableMail)
160                     confirmValue = JetspeedResources.CONFIRM_VALUE;
161 
162                 if (true == newUserApproval)
163                     confirmValue = JetspeedResources.CONFIRM_VALUE_PENDING;
164 
165                 user.setConfirmed( confirmValue );
166 
167                 // Store the user object.
168                 data.setUser(user);
169 
170                 user.setPassword(pass1);
171                 JetspeedSecurity.addUser(user);
172                 if (!enableMail && !newUserApproval)
173                 {
174                   user.setHasLoggedIn(new Boolean (true));
175                   user.setLastLogin(new Date(0));
176                 }
177                 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_CREATE"));
178                 if (enableMail || newUserNotification || newUserApproval)
179                 {
180                     data.setUser(JetspeedSecurity.getAnonymousUser());
181                     data.getParameters().add("username", username);
182                     data.getParameters().add("password", pass1);
183                     if ( ! newUserApproval )
184                     {
185                         ActionLoader.getInstance().exec(data, "SendConfirmationEmail");
186                         data.setScreenTemplate("ConfirmRegistration");
187                     }
188                     else
189                     {
190                         data.setScreenTemplate("NewUserAwaitingAcceptance");
191                     }
192                     // FIXME: Should notification be set when request is made, or when
193                     //        user is accepted?
194                     if ( newUserNotification )
195                     {
196                         ActionLoader.getInstance().exec(data, "SendNewUserNotificationEmail");
197                     }
198                 }
199                 else
200                 {
201                     bypassConfirmMail(data, username, pass1);
202                 }
203 
204             }
205             else // username exists. show the screen again.
206             {
207                 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_CHOOSENEWNAME"));
208                 data.setScreenTemplate("NewAccount");
209                 // set the username to be the CHNAME string so that it is
210                 // clear that this needs to be replaced
211                 data.getParameters().add("username", CHNAME);
212             }
213         }
214         catch (Exception e)
215         {
216           logger.error("CreateNewUserAndConfirm",e);
217           data.setMessage(e.toString());
218           data.setStackTrace(StringUtils.stackTrace(e), e);
219           data.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
220         }
221     }
222 
223     /***
224      * createUser creates a new user.
225      * Subclasses can override this method - adding additional user property settings as needed.
226      * The default implementation does nothing.
227      *
228      * @param user the new user that has been created
229      * @param data the current RunData instance
230      *
231      * @throws Exception passed up from JetspeedSecurity
232      */
233     protected void createUser(JetspeedUser user, RunData data) throws Exception
234     {
235     }
236 
237     /***
238      * bypassConfirmMail allows configurations to bypass sending the confirmation email
239      * The new user is logged on and then redirected to the home page
240      *
241      * @param data Turbine information.
242      * @param username The user's username.
243      * @param password The user's password.
244      */
245     private void bypassConfirmMail(RunData data, String username, String password)
246     {
247         JetspeedUser usr = null;
248         try
249         {
250           // Authenticate the user and get the object.
251           usr = JetspeedSecurity.login( username, password );
252 
253           // bring logged on user to homepage via redirect
254           JetspeedLink jslink = JetspeedLinkFactory.getInstance(data);
255           data.setRedirectURI(jslink.getHomePage().toString());
256           JetspeedLinkFactory.putInstance(jslink);
257         }
258         catch ( Exception e )
259         {
260             logger.error("Exception", e);
261             data.setMessage(e.toString());
262             data.setStackTrace(StringUtils.stackTrace(e), e);
263             data.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
264         }
265       }
266 
267 }