View Javadoc

1   /*
2    * Copyright 2000-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.modules.actions.portlets.security;
18  
19  // java util
20  import java.io.StringWriter;
21  import java.util.Date;
22  import java.util.Locale;
23  import java.util.Properties;
24  
25  import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
26  import org.apache.jetspeed.om.security.JetspeedUser;
27  import org.apache.jetspeed.portal.portlets.VelocityPortlet;
28  import org.apache.jetspeed.services.JetspeedSecurity;
29  import org.apache.jetspeed.services.TemplateLocator;
30  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
31  import org.apache.jetspeed.services.logging.JetspeedLogger;
32  import org.apache.jetspeed.services.resources.JetspeedResources;
33  import org.apache.jetspeed.services.security.NotUniqueUserException;
34  import org.apache.turbine.services.resources.TurbineResources;
35  import org.apache.turbine.services.velocity.TurbineVelocity;
36  import org.apache.turbine.util.DynamicURI;
37  import org.apache.turbine.util.RunData;
38  import org.apache.turbine.util.StringUtils;
39  import org.apache.turbine.util.mail.SimpleEmail;
40  import org.apache.velocity.context.Context;
41  
42  /***
43   * This action sets up the template context for editing users in the Turbine database.
44   *
45   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
46   * @author <a href="mailto:kimptoc_mail@yahoo.com">Chris Kimpton</a>
47   * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
48   * @version $Id: UserUpdateAction.java,v 1.17 2004/03/31 04:49:10 morciuch Exp $
49   */
50  public class UserUpdateAction extends SecureVelocityPortletAction
51  {
52      private static final String TEMP_USER = "tempUser";
53      
54      /***
55       * Static initialization of the logger for this class
56       */    
57      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(UserUpdateAction.class.getName());     
58      
59      /***
60       * Build the maximized state content for this portlet. (Same as normal state).
61       *
62       * @param portlet The velocity-based portlet that is being built.
63       * @param context The velocity context for this request.
64       * @param rundata The turbine rundata context for this request.
65       */
66      protected void buildMaximizedContext( VelocityPortlet portlet,
67                                            Context context,
68                                            RunData rundata )
69      {
70          buildNormalContext( portlet, context, rundata);
71      }
72  
73      /***
74       * Build the configure state content for this portlet.
75       * TODO: we could configure this portlet with configurable skins, etc..
76       *
77       * @param portlet The velocity-based portlet that is being built.
78       * @param context The velocity context for this request.
79       * @param rundata The turbine rundata context for this request.
80       */
81      protected void buildConfigureContext( VelocityPortlet portlet,
82                                            Context context,
83                                            RunData rundata )
84      {
85  
86          buildNormalContext( portlet, context, rundata);
87          setTemplate(rundata, "user-form.vm");
88      }
89  
90      /***
91       * Build the normal state content for this portlet.
92       *
93       * @param portlet The velocity-based portlet that is being built.
94       * @param context The velocity context for this request.
95       * @param rundata The turbine rundata context for this request.
96       */
97      protected void buildNormalContext( VelocityPortlet portlet,
98                                         Context context,
99                                         RunData rundata )
100     {
101         try
102         {
103             JetspeedUser user = null;
104             /*
105              * Grab the mode for the user form.
106              */
107             String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
108 
109             if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
110                                  mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
111             {
112                 // get the primary key and put the object in the context
113                 String username = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
114                 user = JetspeedSecurity.getUser(username);
115                 context.put(SecurityConstants.CONTEXT_USER, user);
116             }
117 
118             //
119             // if there was an error, display the message
120             //
121             String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
122             if (msgid != null)
123             {
124                 int id = Integer.parseInt(msgid);
125                 if (id < SecurityConstants.MESSAGES.length)
126                     context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
127 
128                 // get the bad entered data and put it back for convenient update
129                 JetspeedUser tempUser = (JetspeedUser)rundata.getUser().getTemp(TEMP_USER);
130                 if (tempUser != null)
131                     context.put(SecurityConstants.CONTEXT_USER, tempUser);
132 
133             }
134 
135             context.put(SecurityConstants.PARAM_MODE, mode);
136 
137         }
138         catch (Exception e)
139         {
140             logger.error("Error in Jetspeed User Security", e);
141             rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
142             rundata.setStackTrace(StringUtils.stackTrace(e), e);
143             rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
144         }
145     }
146 
147     /***
148      * Database Insert Action for Users. Performs inserts into security database.
149      *
150      * @param rundata The turbine rundata context for this request.
151      * @param context The velocity context for this request.
152      */
153     public void doInsert(RunData rundata, Context context)
154         throws Exception
155     {
156         JetspeedUser user = null;
157         try
158         {
159             //
160             // validate that its not an 'blank' rolename -- not allowed
161             //
162             String name = rundata.getParameters().getString("username");
163             if (name == null || name.trim().length() == 0)
164             {
165                 DynamicURI duri = new DynamicURI (rundata);
166                 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
167                 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
168                 rundata.setRedirectURI(duri.toString());
169                 // save values that user just entered so they don't have to re-enter
170                 if (user != null)
171                    rundata.getUser().setTemp(TEMP_USER, user);
172                 return;
173             }
174 
175 
176             //
177             // create a new user
178             //
179             user = JetspeedSecurity.getUserInstance();
180             rundata.getParameters().setProperties(user);
181 
182             String password = rundata.getParameters().getString("password");
183             if (password == null)
184                 password = "";
185 
186             user.setUserName(JetspeedSecurity.convertUserName(user.getUserName()));
187 
188             Date now = new Date();
189             user.setCreateDate(now);
190             user.setLastLogin(now);
191             user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
192 
193             String disabled = rundata.getParameters().getString("disabled");
194             user.setDisabled( disabled != null );
195 
196             //
197             // add the user
198             ///
199             user.setPassword(password);
200             JetspeedSecurity.addUser(user);
201         }
202         catch (NotUniqueUserException e)
203         {
204             // log the error msg
205             logger.error("Exception", e);
206 
207             //
208             // dup key found - display error message - bring back to same screen
209             //
210             DynamicURI duri = new DynamicURI (rundata);
211             duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
212             duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
213             rundata.setRedirectURI(duri.toString());
214             // save values that user just entered so they don't have to re-enter
215             if (user != null)
216                rundata.getUser().setTemp(TEMP_USER, user);
217         }
218 
219     }
220 
221     /***
222      * Database Update Action for Users. Performs accepting of new users into security database.
223      *
224      * @param rundata The turbine rundata context for this request.
225      * @param context The velocity context for this request.
226      */
227     public void doAccept(RunData rundata, Context context)
228     throws Exception
229     {
230         JetspeedUser user = null;
231         try
232         {
233             //
234             // get the user object from the selected entry in the browser
235             //
236             user = (JetspeedUser)JetspeedSecurity.getUser(
237                                            rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
238 
239             user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
240 
241             //
242             // update the user in the database
243             //
244             JetspeedSecurity.saveUser(user);
245 
246 
247             //
248             // tell the user that they can now use jetspeed
249             //
250 
251             DynamicURI url = new DynamicURI(rundata);
252 
253             //build body via template
254             StringWriter email_body = new StringWriter();
255             SimpleEmail se = new SimpleEmail();
256             Context emailContext = TurbineVelocity.getContext();
257             emailContext.put( "data", rundata );
258             emailContext.put( "user", user );
259             emailContext.put( "config",new JetspeedResources());
260             emailContext.put( "urltojetspeed",url);
261             emailContext.put( "email",se);
262 
263             //determine the language to be used for the notification email
264             String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
265             String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
266             Locale locale = new Locale(language,country);
267 
268             String templateFile = JetspeedResources.getString("newuser.approval.accept.template");
269             String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
270             TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
271 
272             se.setMsg( email_body.toString() );
273 
274             Properties props = System.getProperties();
275             String mailServerMachine = JetspeedResources.getString( "mail.server" );
276             props.put ( "mail.host", mailServerMachine );
277             props.put("mail.smtp.host", mailServerMachine);
278 
279             se.send();
280 
281 
282         } catch (Exception e)
283         {
284             // log the error msg
285             logger.error("Exception", e);
286 
287             //
288             // error on update - display error message
289             //
290             DynamicURI duri = new DynamicURI (rundata);
291             duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
292             duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
293             if (user != null)
294                 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
295             duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
296             rundata.setRedirectURI(duri.toString());
297             // save values that user just entered so they don't have to re-enter
298             if (user != null)
299                 rundata.getUser().setTemp(TEMP_USER, user);
300         }
301      }
302 
303     /***
304      * Database Update Action for Users. Performs accepting of new users into security database.
305      *
306      * @param rundata The turbine rundata context for this request.
307      * @param context The velocity context for this request.
308      */
309      public void doReject(RunData rundata, Context context)
310     throws Exception
311     {
312         JetspeedUser user = null;
313         try
314         {
315             //
316             // get the user object from the selected entry in the browser
317             //
318             user = (JetspeedUser)JetspeedSecurity.getUser(
319                                            rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
320 
321             user.setConfirmed(JetspeedResources.CONFIRM_VALUE_REJECTED);
322 
323             //
324             // update the user in the database
325             //
326             JetspeedSecurity.saveUser(user);
327 
328 
329 
330             //
331             // tell the user that they can now use jetspeed
332             //
333 
334             DynamicURI url = new DynamicURI(rundata);
335 
336             //build body via template
337             StringWriter email_body = new StringWriter();
338             SimpleEmail se = new SimpleEmail();
339             Context emailContext = TurbineVelocity.getContext();
340             emailContext.put( "data", rundata );
341             emailContext.put( "user", user );
342             emailContext.put( "config",new JetspeedResources());
343             emailContext.put( "urltojetspeed",url);
344             emailContext.put( "email",se);
345 
346             //determine the language to be used for the notification email
347             String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
348             String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
349             Locale locale = new Locale(language,country);
350 
351             String templateFile = JetspeedResources.getString("newuser.approval.reject.template");
352             String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
353             TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
354 
355             se.setMsg( email_body.toString() );
356 
357             Properties props = System.getProperties();
358             String mailServerMachine = JetspeedResources.getString( "mail.server" );
359             props.put ( "mail.host", mailServerMachine );
360             props.put("mail.smtp.host", mailServerMachine);
361 
362             se.send();
363 
364         } catch (Exception e)
365         {
366             // log the error msg
367               logger.error("Exception", e);
368 
369             //
370             // error on update - display error message
371             //
372             DynamicURI duri = new DynamicURI (rundata);
373             duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
374             duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
375             if (user != null)
376                 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
377             duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
378             rundata.setRedirectURI(duri.toString());
379             // save values that user just entered so they don't have to re-enter
380             if (user != null)
381                 rundata.getUser().setTemp(TEMP_USER, user);
382         }
383      }
384 
385     /***
386      * Database Update Action for Users. Performs updates into security database.
387      *
388      * @param rundata The turbine rundata context for this request.
389      * @param context The velocity context for this request.
390      */
391     public void doUpdate(RunData rundata, Context context)
392         throws Exception
393     {
394         JetspeedUser user = null;
395         try
396         {
397             //
398             // get the user object from the selected entry in the browser
399             //
400             user = (JetspeedUser)JetspeedSecurity.getUser(
401                             rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
402 
403             String name = rundata.getParameters().getString("username");
404             if (name == null || name.trim().length() == 0)
405             {
406                 DynamicURI duri = new DynamicURI (rundata);
407                 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
408                 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
409                 if (user != null)
410                     duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
411                 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
412                 rundata.setRedirectURI(duri.toString());
413                 // save values that user just entered so they don't have to re-enter
414                 if (user != null)
415                    rundata.getUser().setTemp(TEMP_USER, user);
416                 return;
417             }
418 
419             //
420             // pull the values off the form and into the user object
421             //
422             boolean oldDisabled = user.getDisabled();
423             rundata.getParameters().setProperties(user);
424             user.setLastAccessDate();
425 
426             JetspeedSecurity.forcePassword(user,rundata.getParameters().getString("password"));
427 
428             String strDisabled = rundata.getParameters().getString("disabled");
429             boolean disabled = (strDisabled != null);
430             user.setDisabled(disabled);
431 
432             if  (!disabled && oldDisabled && JetspeedSecurity.isDisableAccountCheckEnabled())
433             {
434                 JetspeedSecurity.resetDisableAccountCheck(name);
435             }
436 
437             //
438             // update the user in the database
439             //
440             JetspeedSecurity.saveUser(user);
441 
442             JetspeedUser currentUser = (JetspeedUser)rundata.getUser();
443             if (currentUser.getUserName().equals(user.getUserName()))
444             {
445                 // same user as admin -- need to update in memory
446                 currentUser.setPassword(user.getPassword()); // Contains Encrypted password
447                 currentUser.setFirstName(user.getFirstName());
448                 currentUser.setLastName(user.getLastName());
449                 currentUser.setEmail(user.getEmail());
450             }
451 
452         }
453         catch (Exception e)
454         {
455            // log the error msg
456             logger.error("Exception", e);
457 
458             //
459             // error on update - display error message
460             //
461             DynamicURI duri = new DynamicURI (rundata);
462             duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
463             duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
464             if (user != null)
465                 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
466             duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
467             rundata.setRedirectURI(duri.toString());
468             // save values that user just entered so they don't have to re-enter
469             if (user != null)
470                rundata.getUser().setTemp(TEMP_USER, user);
471         }
472 
473     }
474 
475     /***
476      * Database Delete Action for Users. Performs deletes into security database.
477      *
478      * @param rundata The turbine rundata context for this request.
479      * @param context The velocity context for this request.
480      */
481     public void doDelete(RunData rundata, Context context)
482         throws Exception
483     {
484         JetspeedUser user = null;
485         try
486         {
487             //
488             // get the user object from the selected entry in the browser
489             //
490             user = (JetspeedUser)JetspeedSecurity.getUser(
491                        rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
492 
493             if (rundata.getUser().getUserName().equals(user.getUserName()))
494             {
495                 DynamicURI duri = new DynamicURI (rundata);
496                 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
497                 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_CANT_DELETE_CURRENT);
498                 if (user != null)
499                     duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
500                 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
501                 rundata.setRedirectURI(duri.toString());
502                 // save values that user just entered so they don't have to re-enter
503                 if (user != null)
504                    rundata.getUser().setTemp(TEMP_USER, user);
505                 return;
506             }
507 
508             //
509             // remove the user
510             //
511             JetspeedSecurity.removeUser(user.getUserName());
512 
513         }
514         catch (Exception e)
515         {
516            // log the error msg
517             logger.error("Exception", e);
518 
519             //
520             // error on delete - display error message
521             //
522             DynamicURI duri = new DynamicURI (rundata);
523             duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
524             duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
525             if (user != null)
526                 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
527             duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
528             rundata.setRedirectURI(duri.toString());
529 
530             // save values that user just entered so they don't have to re-enter
531            if (user != null)
532                rundata.getUser().setTemp(TEMP_USER, user);
533 
534         }
535     }
536 
537 }