1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.modules.actions.portlets.security;
18
19
20 import java.io.StringWriter;
21 import java.util.Date;
22 import java.util.Locale;
23 import java.util.Properties;
24
25 import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
26 import org.apache.jetspeed.om.security.JetspeedUser;
27 import org.apache.jetspeed.portal.portlets.VelocityPortlet;
28 import org.apache.jetspeed.services.JetspeedSecurity;
29 import org.apache.jetspeed.services.TemplateLocator;
30 import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
31 import org.apache.jetspeed.services.logging.JetspeedLogger;
32 import org.apache.jetspeed.services.resources.JetspeedResources;
33 import org.apache.jetspeed.services.security.NotUniqueUserException;
34 import org.apache.turbine.services.resources.TurbineResources;
35 import org.apache.turbine.services.velocity.TurbineVelocity;
36 import org.apache.turbine.util.DynamicURI;
37 import org.apache.turbine.util.RunData;
38 import org.apache.turbine.util.StringUtils;
39 import org.apache.turbine.util.mail.SimpleEmail;
40 import org.apache.velocity.context.Context;
41
42 /***
43 * This action sets up the template context for editing users in the Turbine database.
44 *
45 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
46 * @author <a href="mailto:kimptoc_mail@yahoo.com">Chris Kimpton</a>
47 * @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
48 * @version $Id: UserUpdateAction.java,v 1.17 2004/03/31 04:49:10 morciuch Exp $
49 */
50 public class UserUpdateAction extends SecureVelocityPortletAction
51 {
52 private static final String TEMP_USER = "tempUser";
53
54 /***
55 * Static initialization of the logger for this class
56 */
57 private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(UserUpdateAction.class.getName());
58
59 /***
60 * Build the maximized state content for this portlet. (Same as normal state).
61 *
62 * @param portlet The velocity-based portlet that is being built.
63 * @param context The velocity context for this request.
64 * @param rundata The turbine rundata context for this request.
65 */
66 protected void buildMaximizedContext( VelocityPortlet portlet,
67 Context context,
68 RunData rundata )
69 {
70 buildNormalContext( portlet, context, rundata);
71 }
72
73 /***
74 * Build the configure state content for this portlet.
75 * TODO: we could configure this portlet with configurable skins, etc..
76 *
77 * @param portlet The velocity-based portlet that is being built.
78 * @param context The velocity context for this request.
79 * @param rundata The turbine rundata context for this request.
80 */
81 protected void buildConfigureContext( VelocityPortlet portlet,
82 Context context,
83 RunData rundata )
84 {
85
86 buildNormalContext( portlet, context, rundata);
87 setTemplate(rundata, "user-form.vm");
88 }
89
90 /***
91 * Build the normal state content for this portlet.
92 *
93 * @param portlet The velocity-based portlet that is being built.
94 * @param context The velocity context for this request.
95 * @param rundata The turbine rundata context for this request.
96 */
97 protected void buildNormalContext( VelocityPortlet portlet,
98 Context context,
99 RunData rundata )
100 {
101 try
102 {
103 JetspeedUser user = null;
104
105
106
107 String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
108
109 if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
110 mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
111 {
112
113 String username = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
114 user = JetspeedSecurity.getUser(username);
115 context.put(SecurityConstants.CONTEXT_USER, user);
116 }
117
118
119
120
121 String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
122 if (msgid != null)
123 {
124 int id = Integer.parseInt(msgid);
125 if (id < SecurityConstants.MESSAGES.length)
126 context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
127
128
129 JetspeedUser tempUser = (JetspeedUser)rundata.getUser().getTemp(TEMP_USER);
130 if (tempUser != null)
131 context.put(SecurityConstants.CONTEXT_USER, tempUser);
132
133 }
134
135 context.put(SecurityConstants.PARAM_MODE, mode);
136
137 }
138 catch (Exception e)
139 {
140 logger.error("Error in Jetspeed User Security", e);
141 rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
142 rundata.setStackTrace(StringUtils.stackTrace(e), e);
143 rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
144 }
145 }
146
147 /***
148 * Database Insert Action for Users. Performs inserts into security database.
149 *
150 * @param rundata The turbine rundata context for this request.
151 * @param context The velocity context for this request.
152 */
153 public void doInsert(RunData rundata, Context context)
154 throws Exception
155 {
156 JetspeedUser user = null;
157 try
158 {
159
160
161
162 String name = rundata.getParameters().getString("username");
163 if (name == null || name.trim().length() == 0)
164 {
165 DynamicURI duri = new DynamicURI (rundata);
166 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
167 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
168 rundata.setRedirectURI(duri.toString());
169
170 if (user != null)
171 rundata.getUser().setTemp(TEMP_USER, user);
172 return;
173 }
174
175
176
177
178
179 user = JetspeedSecurity.getUserInstance();
180 rundata.getParameters().setProperties(user);
181
182 String password = rundata.getParameters().getString("password");
183 if (password == null)
184 password = "";
185
186 user.setUserName(JetspeedSecurity.convertUserName(user.getUserName()));
187
188 Date now = new Date();
189 user.setCreateDate(now);
190 user.setLastLogin(now);
191 user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
192
193 String disabled = rundata.getParameters().getString("disabled");
194 user.setDisabled( disabled != null );
195
196
197
198
199 user.setPassword(password);
200 JetspeedSecurity.addUser(user);
201 }
202 catch (NotUniqueUserException e)
203 {
204
205 logger.error("Exception", e);
206
207
208
209
210 DynamicURI duri = new DynamicURI (rundata);
211 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
212 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
213 rundata.setRedirectURI(duri.toString());
214
215 if (user != null)
216 rundata.getUser().setTemp(TEMP_USER, user);
217 }
218
219 }
220
221 /***
222 * Database Update Action for Users. Performs accepting of new users into security database.
223 *
224 * @param rundata The turbine rundata context for this request.
225 * @param context The velocity context for this request.
226 */
227 public void doAccept(RunData rundata, Context context)
228 throws Exception
229 {
230 JetspeedUser user = null;
231 try
232 {
233
234
235
236 user = (JetspeedUser)JetspeedSecurity.getUser(
237 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
238
239 user.setConfirmed(JetspeedResources.CONFIRM_VALUE);
240
241
242
243
244 JetspeedSecurity.saveUser(user);
245
246
247
248
249
250
251 DynamicURI url = new DynamicURI(rundata);
252
253
254 StringWriter email_body = new StringWriter();
255 SimpleEmail se = new SimpleEmail();
256 Context emailContext = TurbineVelocity.getContext();
257 emailContext.put( "data", rundata );
258 emailContext.put( "user", user );
259 emailContext.put( "config",new JetspeedResources());
260 emailContext.put( "urltojetspeed",url);
261 emailContext.put( "email",se);
262
263
264 String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
265 String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
266 Locale locale = new Locale(language,country);
267
268 String templateFile = JetspeedResources.getString("newuser.approval.accept.template");
269 String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
270 TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
271
272 se.setMsg( email_body.toString() );
273
274 Properties props = System.getProperties();
275 String mailServerMachine = JetspeedResources.getString( "mail.server" );
276 props.put ( "mail.host", mailServerMachine );
277 props.put("mail.smtp.host", mailServerMachine);
278
279 se.send();
280
281
282 } catch (Exception e)
283 {
284
285 logger.error("Exception", e);
286
287
288
289
290 DynamicURI duri = new DynamicURI (rundata);
291 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
292 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
293 if (user != null)
294 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
295 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
296 rundata.setRedirectURI(duri.toString());
297
298 if (user != null)
299 rundata.getUser().setTemp(TEMP_USER, user);
300 }
301 }
302
303 /***
304 * Database Update Action for Users. Performs accepting of new users into security database.
305 *
306 * @param rundata The turbine rundata context for this request.
307 * @param context The velocity context for this request.
308 */
309 public void doReject(RunData rundata, Context context)
310 throws Exception
311 {
312 JetspeedUser user = null;
313 try
314 {
315
316
317
318 user = (JetspeedUser)JetspeedSecurity.getUser(
319 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
320
321 user.setConfirmed(JetspeedResources.CONFIRM_VALUE_REJECTED);
322
323
324
325
326 JetspeedSecurity.saveUser(user);
327
328
329
330
331
332
333
334 DynamicURI url = new DynamicURI(rundata);
335
336
337 StringWriter email_body = new StringWriter();
338 SimpleEmail se = new SimpleEmail();
339 Context emailContext = TurbineVelocity.getContext();
340 emailContext.put( "data", rundata );
341 emailContext.put( "user", user );
342 emailContext.put( "config",new JetspeedResources());
343 emailContext.put( "urltojetspeed",url);
344 emailContext.put( "email",se);
345
346
347 String language = (String)user.getPerm("language",TurbineResources.getString("locale.default.language", "en"));
348 String country = (String)user.getPerm("country",TurbineResources.getString("locale.default.country", "US"));
349 Locale locale = new Locale(language,country);
350
351 String templateFile = JetspeedResources.getString("newuser.approval.reject.template");
352 String templatePath = TemplateLocator.locateEmailTemplate(rundata, templateFile, locale );
353 TurbineVelocity.handleRequest(emailContext, templatePath, email_body);
354
355 se.setMsg( email_body.toString() );
356
357 Properties props = System.getProperties();
358 String mailServerMachine = JetspeedResources.getString( "mail.server" );
359 props.put ( "mail.host", mailServerMachine );
360 props.put("mail.smtp.host", mailServerMachine);
361
362 se.send();
363
364 } catch (Exception e)
365 {
366
367 logger.error("Exception", e);
368
369
370
371
372 DynamicURI duri = new DynamicURI (rundata);
373 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
374 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
375 if (user != null)
376 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
377 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
378 rundata.setRedirectURI(duri.toString());
379
380 if (user != null)
381 rundata.getUser().setTemp(TEMP_USER, user);
382 }
383 }
384
385 /***
386 * Database Update Action for Users. Performs updates into security database.
387 *
388 * @param rundata The turbine rundata context for this request.
389 * @param context The velocity context for this request.
390 */
391 public void doUpdate(RunData rundata, Context context)
392 throws Exception
393 {
394 JetspeedUser user = null;
395 try
396 {
397
398
399
400 user = (JetspeedUser)JetspeedSecurity.getUser(
401 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
402
403 String name = rundata.getParameters().getString("username");
404 if (name == null || name.trim().length() == 0)
405 {
406 DynamicURI duri = new DynamicURI (rundata);
407 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
408 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
409 if (user != null)
410 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
411 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
412 rundata.setRedirectURI(duri.toString());
413
414 if (user != null)
415 rundata.getUser().setTemp(TEMP_USER, user);
416 return;
417 }
418
419
420
421
422 boolean oldDisabled = user.getDisabled();
423 rundata.getParameters().setProperties(user);
424 user.setLastAccessDate();
425
426 JetspeedSecurity.forcePassword(user,rundata.getParameters().getString("password"));
427
428 String strDisabled = rundata.getParameters().getString("disabled");
429 boolean disabled = (strDisabled != null);
430 user.setDisabled(disabled);
431
432 if (!disabled && oldDisabled && JetspeedSecurity.isDisableAccountCheckEnabled())
433 {
434 JetspeedSecurity.resetDisableAccountCheck(name);
435 }
436
437
438
439
440 JetspeedSecurity.saveUser(user);
441
442 JetspeedUser currentUser = (JetspeedUser)rundata.getUser();
443 if (currentUser.getUserName().equals(user.getUserName()))
444 {
445
446 currentUser.setPassword(user.getPassword());
447 currentUser.setFirstName(user.getFirstName());
448 currentUser.setLastName(user.getLastName());
449 currentUser.setEmail(user.getEmail());
450 }
451
452 }
453 catch (Exception e)
454 {
455
456 logger.error("Exception", e);
457
458
459
460
461 DynamicURI duri = new DynamicURI (rundata);
462 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
463 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
464 if (user != null)
465 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
466 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
467 rundata.setRedirectURI(duri.toString());
468
469 if (user != null)
470 rundata.getUser().setTemp(TEMP_USER, user);
471 }
472
473 }
474
475 /***
476 * Database Delete Action for Users. Performs deletes into security database.
477 *
478 * @param rundata The turbine rundata context for this request.
479 * @param context The velocity context for this request.
480 */
481 public void doDelete(RunData rundata, Context context)
482 throws Exception
483 {
484 JetspeedUser user = null;
485 try
486 {
487
488
489
490 user = (JetspeedUser)JetspeedSecurity.getUser(
491 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
492
493 if (rundata.getUser().getUserName().equals(user.getUserName()))
494 {
495 DynamicURI duri = new DynamicURI (rundata);
496 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
497 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_CANT_DELETE_CURRENT);
498 if (user != null)
499 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
500 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
501 rundata.setRedirectURI(duri.toString());
502
503 if (user != null)
504 rundata.getUser().setTemp(TEMP_USER, user);
505 return;
506 }
507
508
509
510
511 JetspeedSecurity.removeUser(user.getUserName());
512
513 }
514 catch (Exception e)
515 {
516
517 logger.error("Exception", e);
518
519
520
521
522 DynamicURI duri = new DynamicURI (rundata);
523 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_USER_UPDATE);
524 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
525 if (user != null)
526 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
527 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
528 rundata.setRedirectURI(duri.toString());
529
530
531 if (user != null)
532 rundata.getUser().setTemp(TEMP_USER, user);
533
534 }
535 }
536
537 }