1/*2 * Copyright 2000-2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.modules.actions;
181920// java.util21import java.util.Date;
2223import org.apache.jetspeed.om.security.JetspeedUser;
2425// Jetspeed modules26import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
27import org.apache.jetspeed.services.logging.JetspeedLogger;
28import org.apache.jetspeed.util.template.JetspeedLink;
29import org.apache.jetspeed.util.template.JetspeedLinkFactory;
3031// turbine.modules32import org.apache.turbine.modules.Action;
33import org.apache.turbine.modules.ActionLoader;
3435// resources36import org.apache.turbine.services.localization.Localization;
37import org.apache.jetspeed.services.resources.JetspeedResources;
3839// templates40import org.apache.turbine.services.template.TurbineTemplate;
4142// turbine.util43import org.apache.turbine.util.RunData;
44import org.apache.turbine.util.GenerateUniqueId;
45import org.apache.turbine.util.StringUtils;
4647// security48import org.apache.jetspeed.services.JetspeedSecurity;
49import org.apache.jetspeed.services.security.JetspeedSecurityException;
5051/***52 This action validates the form input from the NewAccount Screen.53 If it is valid, then it will check to make sure that the user account54 does not already exist. If it does, then it will show the NewAccount55 screen again. If it doesn't alread exist, then it will create the new56 user and set the CONFIRM_VALUE to be the users session id. This part should57 probably be re-done to get a better less hackable CONFIRM_VALUE, but this58 should work for now. If everything goes well, this action will send the user59 a confirmation email and then show the ConfirmRegistration screen.6061 @author Jon S. Stevens <a href="mailto:jon@clearink.com">jon@clearink.com</a>62 @author David S. Taylor <a href="mailto:david@bluesunrise.com">david@bluesunrise.com</a>63 @author Tom Adams <a href="mailto:tom@PIsoftware.com">tom@PIsoftware.com</a>6465*/66publicclassCreateNewUserAndConfirmextends Action
67 {
6869/***70 * Static initialization of the logger for this class71 */72privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(CreateNewUserAndConfirm.class.getName());
7374publicvoid doPerform( RunData data ) throws Exception
75 {
76try77 {
7879 String submit = "submit1";
80 String str = (String) data.getUser().getTemp ( submit, "asdfasdf" );
81if ( str != null && str
82 .equalsIgnoreCase( data.getParameters().getString(submit, "")) )
83 {
84 data.getUser().removeTemp(submit);
85 data.setScreenTemplate( TurbineTemplate.getDefaultScreen() );
86return;
87 }
8889 String pass1 = data.getParameters().getString("password", "");
90 String pass2 = data.getParameters().getString("password_confirm", "");
9192// make sure the passwords are not empty93if ( (pass1.length() == 0 || pass2.length() == 0 )
94 || ! pass1.equals ( pass2 ) )
95 {
96 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_PWNOTMATCH"));
97 data.setScreenTemplate("NewAccount");
98return;
99 }
100101 String username = data.getParameters().getString("username", "");
102103// convert case if configured104 username = JetspeedSecurity.convertUserName(username);
105 pass1 = JetspeedSecurity.convertPassword(pass1);
106 pass2 = JetspeedSecurity.convertPassword(pass2);
107108// make sure the username exists109if ( username.length() == 0 )
110 {
111 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_NOUSERNAME"));
112 data.setScreenTemplate("NewAccount");
113return;
114 }
115116 String email = data.getParameters().getString("email", "");
117// make sure the email exists118if ( email.length() == 0 )
119 {
120 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_NOEMAIL"));
121 data.setScreenTemplate("NewAccount");
122return;
123 }
124125 String CHNAME = Localization.getString(data, "CREATENEWUSERANDCONFIRM_DUPLICATEMSG");
126127boolean accountExists = true;
128try129 {
130 JetspeedSecurity.getUser(username);
131 }
132catch(JetspeedSecurityException e)
133 {
134 accountExists = false;
135 }
136137if (!accountExists)
138 {
139 Date now = new Date();
140141JetspeedUser user = JetspeedSecurity.getUserInstance();
142143 user.setUserName( username );
144 user.setCreateDate(now);
145 user.setLastLogin(new Date(0));
146 user.setFirstName( data.getParameters().getString("firstname") );
147 user.setLastName( data.getParameters().getString("lastname") );
148 user.setEmail( data.getParameters().getString("email") );
149150 createUser(user, data);
151152// create a unique confirmation string for the new user153 String confirmValue = GenerateUniqueId.getIdentifier();
154155// allow for disabling of email for configurations without a mail server156boolean newUserNotification = JetspeedResources.getBoolean("newuser.notification.enable", false);
157boolean newUserApproval = JetspeedResources.getBoolean("newuser.approval.enable", false);
158boolean enableMail = JetspeedResources.getBoolean("newuser.confirm.enable", false);
159if (false == enableMail)
160 confirmValue = JetspeedResources.CONFIRM_VALUE;
161162if (true == newUserApproval)
163 confirmValue = JetspeedResources.CONFIRM_VALUE_PENDING;
164165 user.setConfirmed( confirmValue );
166167// Store the user object.168 data.setUser(user);
169170 user.setPassword(pass1);
171 JetspeedSecurity.addUser(user);
172if (!enableMail && !newUserApproval)
173 {
174 user.setHasLoggedIn(new Boolean (true));
175 user.setLastLogin(new Date(0));
176 }
177 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_CREATE"));
178if (enableMail || newUserNotification || newUserApproval)
179 {
180 data.setUser(JetspeedSecurity.getAnonymousUser());
181 data.getParameters().add("username", username);
182 data.getParameters().add("password", pass1);
183if ( ! newUserApproval )
184 {
185 ActionLoader.getInstance().exec(data, "SendConfirmationEmail");
186 data.setScreenTemplate("ConfirmRegistration");
187 }
188else189 {
190 data.setScreenTemplate("NewUserAwaitingAcceptance");
191 }
192// FIXME: Should notification be set when request is made, or when193// user is accepted?194if ( newUserNotification )
195 {
196 ActionLoader.getInstance().exec(data, "SendNewUserNotificationEmail");
197 }
198 }
199else200 {
201 bypassConfirmMail(data, username, pass1);
202 }
203204 }
205else// username exists. show the screen again.206 {
207 data.setMessage(Localization.getString(data, "CREATENEWUSERANDCONFIRM_CHOOSENEWNAME"));
208 data.setScreenTemplate("NewAccount");
209// set the username to be the CHNAME string so that it is210// clear that this needs to be replaced211 data.getParameters().add("username", CHNAME);
212 }
213 }
214catch (Exception e)
215 {
216 logger.error("CreateNewUserAndConfirm",e);
217 data.setMessage(e.toString());
218 data.setStackTrace(StringUtils.stackTrace(e), e);
219 data.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
220 }
221 }
222223/***224 * createUser creates a new user.225 * Subclasses can override this method - adding additional user property settings as needed.226 * The default implementation does nothing.227 *228 * @param user the new user that has been created229 * @param data the current RunData instance230 *231 * @throws Exception passed up from JetspeedSecurity232 */233protectedvoid createUser(JetspeedUser user, RunData data) throws Exception
234 {
235 }
236237/***238 * bypassConfirmMail allows configurations to bypass sending the confirmation email239 * The new user is logged on and then redirected to the home page240 *241 * @param data Turbine information.242 * @param username The user's username.243 * @param password The user's password.244 */245privatevoid bypassConfirmMail(RunData data, String username, String password)
246 {
247JetspeedUser usr = null;
248try249 {
250// Authenticate the user and get the object.251 usr = JetspeedSecurity.login( username, password );
252253// bring logged on user to homepage via redirect254JetspeedLink jslink = JetspeedLinkFactory.getInstance(data);
255 data.setRedirectURI(jslink.getHomePage().toString());
256 JetspeedLinkFactory.putInstance(jslink);
257 }
258catch ( Exception e )
259 {
260 logger.error("Exception", e);
261 data.setMessage(e.toString());
262 data.setStackTrace(StringUtils.stackTrace(e), e);
263 data.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
264 }
265 }
266267 }