001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.UserLockoutException;
019 import com.liferay.portal.UserPasswordException;
020 import com.liferay.portal.kernel.servlet.SessionErrors;
021 import com.liferay.portal.kernel.util.Constants;
022 import com.liferay.portal.kernel.util.ParamUtil;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.Company;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.Ticket;
027 import com.liferay.portal.model.TicketConstants;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.security.auth.AuthTokenUtil;
030 import com.liferay.portal.security.auth.PrincipalException;
031 import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
032 import com.liferay.portal.service.CompanyLocalServiceUtil;
033 import com.liferay.portal.service.TicketLocalServiceUtil;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.struts.ActionConstants;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PortletKeys;
039 import com.liferay.portal.util.PropsValues;
040 import com.liferay.portal.util.WebKeys;
041 import com.liferay.portlet.PortletURLImpl;
042 import com.liferay.portlet.login.util.LoginUtil;
043
044 import javax.portlet.PortletRequest;
045 import javax.portlet.PortletURL;
046
047 import javax.servlet.http.HttpServletRequest;
048 import javax.servlet.http.HttpServletResponse;
049 import javax.servlet.http.HttpSession;
050
051 import org.apache.struts.action.Action;
052 import org.apache.struts.action.ActionForm;
053 import org.apache.struts.action.ActionForward;
054 import org.apache.struts.action.ActionMapping;
055
056
060 public class UpdatePasswordAction extends Action {
061
062 @Override
063 public ActionForward execute(
064 ActionMapping actionMapping, ActionForm actionForm,
065 HttpServletRequest request, HttpServletResponse response)
066 throws Exception {
067
068 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
069 WebKeys.THEME_DISPLAY);
070
071 Ticket ticket = getTicket(request);
072
073 if (!themeDisplay.isSignedIn() && (ticket == null)) {
074 return actionMapping.findForward(
075 ActionConstants.COMMON_REFERER_JSP);
076 }
077
078 String cmd = ParamUtil.getString(request, Constants.CMD);
079
080 if (Validator.isNull(cmd)) {
081 if (ticket != null) {
082 User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
083
084 try {
085 UserLocalServiceUtil.checkLockout(user);
086
087 UserLocalServiceUtil.updatePasswordReset(
088 user.getUserId(), true);
089 }
090 catch (UserLockoutException ule) {
091 SessionErrors.add(request, ule.getClass());
092 }
093 }
094
095 return actionMapping.findForward("portal.update_password");
096 }
097
098 try {
099 updatePassword(request, response, themeDisplay, ticket);
100
101 String redirect = ParamUtil.getString(request, WebKeys.REFERER);
102
103 if (Validator.isNull(redirect)) {
104 PortletURL portletURL = new PortletURLImpl(
105 request, PortletKeys.LOGIN, themeDisplay.getPlid(),
106 PortletRequest.RENDER_PHASE);
107
108 redirect = portletURL.toString();
109 }
110
111 response.sendRedirect(redirect);
112
113 return null;
114 }
115 catch (Exception e) {
116 if (e instanceof UserPasswordException) {
117 SessionErrors.add(request, e.getClass(), e);
118
119 return actionMapping.findForward("portal.update_password");
120 }
121 else if (e instanceof NoSuchUserException ||
122 e instanceof PrincipalException) {
123
124 SessionErrors.add(request, e.getClass());
125
126 return actionMapping.findForward("portal.error");
127 }
128 else {
129 PortalUtil.sendError(e, request, response);
130
131 return null;
132 }
133 }
134 }
135
136 protected Ticket getTicket(HttpServletRequest request) {
137 String ticketKey = ParamUtil.getString(request, "ticketKey");
138
139 if (Validator.isNull(ticketKey)) {
140 return null;
141 }
142
143 try {
144 Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
145
146 if (ticket.getType() != TicketConstants.TYPE_PASSWORD) {
147 return null;
148 }
149
150 if (!ticket.isExpired()) {
151 return ticket;
152 }
153 else {
154 TicketLocalServiceUtil.deleteTicket(ticket);
155 }
156 }
157 catch (Exception e) {
158 }
159
160 return null;
161 }
162
163 protected boolean isValidatePassword(HttpServletRequest request) {
164 HttpSession session = request.getSession();
165
166 Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
167 WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
168
169 if ((setupWizardPasswordUpdated != null) &&
170 setupWizardPasswordUpdated) {
171
172 return false;
173 }
174
175 return true;
176 }
177
178 protected void updatePassword(
179 HttpServletRequest request, HttpServletResponse response,
180 ThemeDisplay themeDisplay, Ticket ticket)
181 throws Exception {
182
183 AuthTokenUtil.check(request);
184
185 long userId = 0;
186
187 if (ticket != null) {
188 userId = ticket.getClassPK();
189 }
190 else {
191 userId = themeDisplay.getUserId();
192 }
193
194 String password1 = request.getParameter("password1");
195 String password2 = request.getParameter("password2");
196 boolean passwordReset = false;
197
198 boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
199
200 try {
201 boolean currentValidate = isValidatePassword(request);
202
203 PwdToolkitUtilThreadLocal.setValidate(currentValidate);
204
205 UserLocalServiceUtil.updatePassword(
206 userId, password1, password2, passwordReset);
207 }
208 finally {
209 PwdToolkitUtilThreadLocal.setValidate(previousValidate);
210 }
211
212 if (ticket != null) {
213 TicketLocalServiceUtil.deleteTicket(ticket);
214
215 User user = UserLocalServiceUtil.getUser(userId);
216
217 Company company = CompanyLocalServiceUtil.getCompanyById(
218 user.getCompanyId());
219
220 String login = null;
221
222 String authType = company.getAuthType();
223
224 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
225 login = user.getEmailAddress();
226 }
227 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
228 login = user.getScreenName();
229 }
230 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
231 login = String.valueOf(userId);
232 }
233
234 LoginUtil.login(request, response, login, password1, false, null);
235 }
236 else if (PropsValues.SESSION_STORE_PASSWORD) {
237 HttpSession session = request.getSession();
238
239 session.setAttribute(WebKeys.USER_PASSWORD, password1);
240 }
241 }
242
243 }