001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.UserLockoutException;
019 import com.liferay.portal.UserPasswordException;
020 import com.liferay.portal.kernel.servlet.SessionErrors;
021 import com.liferay.portal.kernel.util.Constants;
022 import com.liferay.portal.kernel.util.ParamUtil;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.Company;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.Ticket;
027 import com.liferay.portal.model.TicketConstants;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.security.auth.AuthTokenUtil;
030 import com.liferay.portal.security.auth.PrincipalException;
031 import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
032 import com.liferay.portal.service.CompanyLocalServiceUtil;
033 import com.liferay.portal.service.TicketLocalServiceUtil;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.struts.ActionConstants;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PortletKeys;
039 import com.liferay.portal.util.PropsValues;
040 import com.liferay.portal.util.WebKeys;
041 import com.liferay.portlet.PortletURLImpl;
042 import com.liferay.portlet.login.util.LoginUtil;
043
044 import javax.portlet.PortletRequest;
045 import javax.portlet.PortletURL;
046
047 import javax.servlet.http.HttpServletRequest;
048 import javax.servlet.http.HttpServletResponse;
049 import javax.servlet.http.HttpSession;
050
051 import org.apache.struts.action.Action;
052 import org.apache.struts.action.ActionForm;
053 import org.apache.struts.action.ActionForward;
054 import org.apache.struts.action.ActionMapping;
055
056
060 public class UpdatePasswordAction extends Action {
061
062 @Override
063 public ActionForward execute(
064 ActionMapping mapping, ActionForm form, HttpServletRequest request,
065 HttpServletResponse response)
066 throws Exception {
067
068 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
069 WebKeys.THEME_DISPLAY);
070
071 Ticket ticket = getTicket(request);
072
073 if (!themeDisplay.isSignedIn() && (ticket == null)) {
074 return mapping.findForward(ActionConstants.COMMON_REFERER_JSP);
075 }
076
077 String cmd = ParamUtil.getString(request, Constants.CMD);
078
079 if (Validator.isNull(cmd)) {
080 if (ticket != null) {
081 User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
082
083 try {
084 UserLocalServiceUtil.checkLockout(user);
085
086 UserLocalServiceUtil.updatePasswordReset(
087 user.getUserId(), true);
088 }
089 catch (UserLockoutException ule) {
090 SessionErrors.add(request, ule.getClass());
091 }
092 }
093
094 return mapping.findForward("portal.update_password");
095 }
096
097 try {
098 updatePassword(request, response, themeDisplay, ticket);
099
100 String redirect = ParamUtil.getString(request, WebKeys.REFERER);
101
102 if (Validator.isNull(redirect)) {
103 PortletURL portletURL = new PortletURLImpl(
104 request, PortletKeys.LOGIN, themeDisplay.getPlid(),
105 PortletRequest.RENDER_PHASE);
106
107 redirect = portletURL.toString();
108 }
109
110 response.sendRedirect(redirect);
111
112 return null;
113 }
114 catch (Exception e) {
115 if (e instanceof UserPasswordException) {
116 SessionErrors.add(request, e.getClass(), e);
117
118 return mapping.findForward("portal.update_password");
119 }
120 else if (e instanceof NoSuchUserException ||
121 e instanceof PrincipalException) {
122
123 SessionErrors.add(request, e.getClass());
124
125 return mapping.findForward("portal.error");
126 }
127 else {
128 PortalUtil.sendError(e, request, response);
129
130 return null;
131 }
132 }
133 }
134
135 protected Ticket getTicket(HttpServletRequest request) {
136 String ticketKey = ParamUtil.getString(request, "ticketKey");
137
138 if (Validator.isNull(ticketKey)) {
139 return null;
140 }
141
142 try {
143 Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
144
145 if (ticket.getType() != TicketConstants.TYPE_PASSWORD) {
146 return null;
147 }
148
149 if (!ticket.isExpired()) {
150 return ticket;
151 }
152 else {
153 TicketLocalServiceUtil.deleteTicket(ticket);
154 }
155 }
156 catch (Exception e) {
157 }
158
159 return null;
160 }
161
162 protected boolean isValidatePassword(HttpServletRequest request) {
163 HttpSession session = request.getSession();
164
165 Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
166 WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
167
168 if ((setupWizardPasswordUpdated != null) &&
169 setupWizardPasswordUpdated) {
170
171 return false;
172 }
173
174 return true;
175 }
176
177 protected void updatePassword(
178 HttpServletRequest request, HttpServletResponse response,
179 ThemeDisplay themeDisplay, Ticket ticket)
180 throws Exception {
181
182 AuthTokenUtil.check(request);
183
184 long userId = 0;
185
186 if (ticket != null) {
187 userId = ticket.getClassPK();
188 }
189 else {
190 userId = themeDisplay.getUserId();
191 }
192
193 String password1 = request.getParameter("password1");
194 String password2 = request.getParameter("password2");
195 boolean passwordReset = false;
196
197 boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
198
199 try {
200 boolean currentValidate = isValidatePassword(request);
201
202 PwdToolkitUtilThreadLocal.setValidate(currentValidate);
203
204 UserLocalServiceUtil.updatePassword(
205 userId, password1, password2, passwordReset);
206 }
207 finally {
208 PwdToolkitUtilThreadLocal.setValidate(previousValidate);
209 }
210
211 if (ticket != null) {
212 TicketLocalServiceUtil.deleteTicket(ticket);
213
214 User user = UserLocalServiceUtil.getUser(userId);
215
216 Company company = CompanyLocalServiceUtil.getCompanyById(
217 user.getCompanyId());
218
219 String login = null;
220
221 String authType = company.getAuthType();
222
223 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
224 login = user.getEmailAddress();
225 }
226 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
227 login = user.getScreenName();
228 }
229 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
230 login = String.valueOf(userId);
231 }
232
233 LoginUtil.login(request, response, login, password1, false, null);
234 }
235 else if (PropsValues.SESSION_STORE_PASSWORD) {
236 HttpSession session = request.getSession();
237
238 session.setAttribute(WebKeys.USER_PASSWORD, password1);
239 }
240 }
241
242 }