001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.UserLockoutException;
019    import com.liferay.portal.UserPasswordException;
020    import com.liferay.portal.kernel.servlet.SessionErrors;
021    import com.liferay.portal.kernel.util.Constants;
022    import com.liferay.portal.kernel.util.ParamUtil;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.model.Company;
025    import com.liferay.portal.model.CompanyConstants;
026    import com.liferay.portal.model.Ticket;
027    import com.liferay.portal.model.TicketConstants;
028    import com.liferay.portal.model.User;
029    import com.liferay.portal.security.auth.AuthTokenUtil;
030    import com.liferay.portal.security.auth.PrincipalException;
031    import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
032    import com.liferay.portal.service.CompanyLocalServiceUtil;
033    import com.liferay.portal.service.TicketLocalServiceUtil;
034    import com.liferay.portal.service.UserLocalServiceUtil;
035    import com.liferay.portal.struts.ActionConstants;
036    import com.liferay.portal.theme.ThemeDisplay;
037    import com.liferay.portal.util.PortalUtil;
038    import com.liferay.portal.util.PortletKeys;
039    import com.liferay.portal.util.PropsValues;
040    import com.liferay.portal.util.WebKeys;
041    import com.liferay.portlet.PortletURLImpl;
042    import com.liferay.portlet.login.util.LoginUtil;
043    
044    import javax.portlet.PortletRequest;
045    import javax.portlet.PortletURL;
046    
047    import javax.servlet.http.HttpServletRequest;
048    import javax.servlet.http.HttpServletResponse;
049    import javax.servlet.http.HttpSession;
050    
051    import org.apache.struts.action.Action;
052    import org.apache.struts.action.ActionForm;
053    import org.apache.struts.action.ActionForward;
054    import org.apache.struts.action.ActionMapping;
055    
056    /**
057     * @author Brian Wing Shun Chan
058     * @author Mika Koivisto
059     */
060    public class UpdatePasswordAction extends Action {
061    
062            @Override
063            public ActionForward execute(
064                            ActionMapping actionMapping, ActionForm actionForm,
065                            HttpServletRequest request, HttpServletResponse response)
066                    throws Exception {
067    
068                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
069                            WebKeys.THEME_DISPLAY);
070    
071                    Ticket ticket = getTicket(request);
072    
073                    if (!themeDisplay.isSignedIn() && (ticket == null)) {
074                            return actionMapping.findForward(
075                                    ActionConstants.COMMON_REFERER_JSP);
076                    }
077    
078                    String cmd = ParamUtil.getString(request, Constants.CMD);
079    
080                    if (Validator.isNull(cmd)) {
081                            if (ticket != null) {
082                                    User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
083    
084                                    try {
085                                            UserLocalServiceUtil.checkLockout(user);
086    
087                                            UserLocalServiceUtil.updatePasswordReset(
088                                                    user.getUserId(), true);
089                                    }
090                                    catch (UserLockoutException ule) {
091                                            SessionErrors.add(request, ule.getClass());
092                                    }
093                            }
094    
095                            return actionMapping.findForward("portal.update_password");
096                    }
097    
098                    try {
099                            updatePassword(request, response, themeDisplay, ticket);
100    
101                            String redirect = ParamUtil.getString(request, WebKeys.REFERER);
102    
103                            if (Validator.isNull(redirect)) {
104                                    PortletURL portletURL = new PortletURLImpl(
105                                            request, PortletKeys.LOGIN, themeDisplay.getPlid(),
106                                            PortletRequest.RENDER_PHASE);
107    
108                                    redirect = portletURL.toString();
109                            }
110    
111                            response.sendRedirect(redirect);
112    
113                            return null;
114                    }
115                    catch (Exception e) {
116                            if (e instanceof UserPasswordException) {
117                                    SessionErrors.add(request, e.getClass(), e);
118    
119                                    return actionMapping.findForward("portal.update_password");
120                            }
121                            else if (e instanceof NoSuchUserException ||
122                                             e instanceof PrincipalException) {
123    
124                                    SessionErrors.add(request, e.getClass());
125    
126                                    return actionMapping.findForward("portal.error");
127                            }
128                            else {
129                                    PortalUtil.sendError(e, request, response);
130    
131                                    return null;
132                            }
133                    }
134            }
135    
136            protected Ticket getTicket(HttpServletRequest request) {
137                    String ticketKey = ParamUtil.getString(request, "ticketKey");
138    
139                    if (Validator.isNull(ticketKey)) {
140                            return null;
141                    }
142    
143                    try {
144                            Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
145    
146                            if (ticket.getType() != TicketConstants.TYPE_PASSWORD) {
147                                    return null;
148                            }
149    
150                            if (!ticket.isExpired()) {
151                                    return ticket;
152                            }
153                            else {
154                                    TicketLocalServiceUtil.deleteTicket(ticket);
155                            }
156                    }
157                    catch (Exception e) {
158                    }
159    
160                    return null;
161            }
162    
163            protected boolean isValidatePassword(HttpServletRequest request) {
164                    HttpSession session = request.getSession();
165    
166                    Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
167                            WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
168    
169                    if ((setupWizardPasswordUpdated != null) &&
170                            setupWizardPasswordUpdated) {
171    
172                            return false;
173                    }
174    
175                    return true;
176            }
177    
178            protected void updatePassword(
179                            HttpServletRequest request, HttpServletResponse response,
180                            ThemeDisplay themeDisplay, Ticket ticket)
181                    throws Exception {
182    
183                    AuthTokenUtil.check(request);
184    
185                    long userId = 0;
186    
187                    if (ticket != null) {
188                            userId = ticket.getClassPK();
189                    }
190                    else {
191                            userId = themeDisplay.getUserId();
192                    }
193    
194                    String password1 = request.getParameter("password1");
195                    String password2 = request.getParameter("password2");
196                    boolean passwordReset = false;
197    
198                    boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
199    
200                    try {
201                            boolean currentValidate = isValidatePassword(request);
202    
203                            PwdToolkitUtilThreadLocal.setValidate(currentValidate);
204    
205                            UserLocalServiceUtil.updatePassword(
206                                    userId, password1, password2, passwordReset);
207                    }
208                    finally {
209                            PwdToolkitUtilThreadLocal.setValidate(previousValidate);
210                    }
211    
212                    if (ticket != null) {
213                            TicketLocalServiceUtil.deleteTicket(ticket);
214    
215                            User user = UserLocalServiceUtil.getUser(userId);
216    
217                            Company company = CompanyLocalServiceUtil.getCompanyById(
218                                    user.getCompanyId());
219    
220                            String login = null;
221    
222                            String authType = company.getAuthType();
223    
224                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
225                                    login = user.getEmailAddress();
226                            }
227                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
228                                    login = user.getScreenName();
229                            }
230                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
231                                    login = String.valueOf(userId);
232                            }
233    
234                            LoginUtil.login(request, response, login, password1, false, null);
235    
236                            UserLocalServiceUtil.updatePasswordReset(userId, false);
237                    }
238                    else if (PropsValues.SESSION_STORE_PASSWORD) {
239                            HttpSession session = request.getSession();
240    
241                            session.setAttribute(WebKeys.USER_PASSWORD, password1);
242                    }
243            }
244    
245    }