001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.RequiredReminderQueryException;
019    import com.liferay.portal.SendPasswordException;
020    import com.liferay.portal.UserActiveException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserReminderQueryException;
023    import com.liferay.portal.kernel.captcha.CaptchaException;
024    import com.liferay.portal.kernel.captcha.CaptchaTextException;
025    import com.liferay.portal.kernel.captcha.CaptchaUtil;
026    import com.liferay.portal.kernel.language.LanguageUtil;
027    import com.liferay.portal.kernel.servlet.SessionErrors;
028    import com.liferay.portal.kernel.util.ParamUtil;
029    import com.liferay.portal.kernel.util.Validator;
030    import com.liferay.portal.model.Company;
031    import com.liferay.portal.model.User;
032    import com.liferay.portal.security.auth.PrincipalException;
033    import com.liferay.portal.service.UserLocalServiceUtil;
034    import com.liferay.portal.struts.PortletAction;
035    import com.liferay.portal.theme.ThemeDisplay;
036    import com.liferay.portal.util.PortalUtil;
037    import com.liferay.portal.util.PropsValues;
038    import com.liferay.portal.util.WebKeys;
039    import com.liferay.portlet.login.util.LoginUtil;
040    
041    import javax.portlet.ActionRequest;
042    import javax.portlet.ActionResponse;
043    import javax.portlet.PortletConfig;
044    import javax.portlet.PortletPreferences;
045    import javax.portlet.PortletSession;
046    import javax.portlet.RenderRequest;
047    import javax.portlet.RenderResponse;
048    
049    import org.apache.struts.action.ActionForm;
050    import org.apache.struts.action.ActionForward;
051    import org.apache.struts.action.ActionMapping;
052    
053    /**
054     * @author Brian Wing Shun Chan
055     * @author Tibor Kovacs
056     */
057    public class ForgotPasswordAction extends PortletAction {
058    
059            @Override
060            public void processAction(
061                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
062                            ActionRequest actionRequest, ActionResponse actionResponse)
063                    throws Exception {
064    
065                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
066                            WebKeys.THEME_DISPLAY);
067    
068                    Company company = themeDisplay.getCompany();
069    
070                    if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
071                            throw new PrincipalException();
072                    }
073    
074                    try {
075                            if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
076                                    checkReminderQueries(actionRequest, actionResponse);
077                            }
078                            else {
079                                    checkCaptcha(actionRequest);
080    
081                                    sendPassword(actionRequest, actionResponse);
082                            }
083                    }
084                    catch (Exception e) {
085                            if (e instanceof CaptchaTextException ||
086                                    e instanceof NoSuchUserException ||
087                                    e instanceof RequiredReminderQueryException ||
088                                    e instanceof SendPasswordException ||
089                                    e instanceof UserActiveException ||
090                                    e instanceof UserEmailAddressException ||
091                                    e instanceof UserReminderQueryException) {
092    
093                                    SessionErrors.add(actionRequest, e.getClass());
094                            }
095                            else {
096                                    PortalUtil.sendError(e, actionRequest, actionResponse);
097                            }
098                    }
099            }
100    
101            @Override
102            public ActionForward render(
103                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
104                            RenderRequest renderRequest, RenderResponse renderResponse)
105                    throws Exception {
106    
107                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
108                            WebKeys.THEME_DISPLAY);
109    
110                    Company company = themeDisplay.getCompany();
111    
112                    if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
113                            return mapping.findForward("portlet.login.login");
114                    }
115    
116                    renderResponse.setTitle(themeDisplay.translate("forgot-password"));
117    
118                    return mapping.findForward("portlet.login.forgot_password");
119            }
120    
121            protected void checkCaptcha(ActionRequest actionRequest)
122                    throws CaptchaException {
123    
124                    if (PropsValues.CAPTCHA_CHECK_PORTAL_SEND_PASSWORD) {
125                            CaptchaUtil.check(actionRequest);
126                    }
127            }
128    
129            protected void checkReminderQueries(
130                            ActionRequest actionRequest, ActionResponse actionResponse)
131                    throws Exception {
132    
133                    PortletSession portletSession = actionRequest.getPortletSession();
134    
135                    int step = ParamUtil.getInteger(actionRequest, "step");
136    
137                    if (step == 1) {
138                            checkCaptcha(actionRequest);
139    
140                            portletSession.removeAttribute(
141                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
142                            portletSession.removeAttribute(
143                                    WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
144                    }
145    
146                    User user = getUser(actionRequest);
147    
148                    portletSession.setAttribute(
149                            WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS,
150                            user.getEmailAddress());
151    
152                    actionRequest.setAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_USER, user);
153    
154                    if (step == 2) {
155                            Integer reminderAttempts = (Integer)portletSession.getAttribute(
156                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
157    
158                            if (reminderAttempts == null) {
159                                    reminderAttempts = 0;
160                            }
161                            else if (reminderAttempts > 2) {
162                                    checkCaptcha(actionRequest);
163                            }
164    
165                            reminderAttempts++;
166    
167                            portletSession.setAttribute(
168                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS, reminderAttempts);
169    
170                            sendPassword(actionRequest, actionResponse);
171                    }
172            }
173    
174            protected User getUser(ActionRequest actionRequest) throws Exception {
175                    PortletSession portletSession = actionRequest.getPortletSession();
176    
177                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
178                            WebKeys.THEME_DISPLAY);
179    
180                    String sessionEmailAddress = (String)portletSession.getAttribute(
181                            WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
182    
183                    User user = null;
184    
185                    if (Validator.isNotNull(sessionEmailAddress)) {
186                            user = UserLocalServiceUtil.getUserByEmailAddress(
187                                    themeDisplay.getCompanyId(), sessionEmailAddress);
188                    }
189                    else {
190                            long userId = ParamUtil.getLong(actionRequest, "userId");
191                            String screenName = ParamUtil.getString(
192                                    actionRequest, "screenName");
193                            String emailAddress = ParamUtil.getString(
194                                    actionRequest, "emailAddress");
195    
196                            if (Validator.isNotNull(emailAddress)) {
197                                    user = UserLocalServiceUtil.getUserByEmailAddress(
198                                            themeDisplay.getCompanyId(), emailAddress);
199                            }
200                            else if (Validator.isNotNull(screenName)) {
201                                    user = UserLocalServiceUtil.getUserByScreenName(
202                                            themeDisplay.getCompanyId(), screenName);
203                            }
204                            else if (userId > 0) {
205                                    user = UserLocalServiceUtil.getUserById(userId);
206                            }
207                            else {
208                                    throw new NoSuchUserException();
209                            }
210                    }
211    
212                    if (!user.isActive()) {
213                            throw new UserActiveException();
214                    }
215    
216                    return user;
217            }
218    
219            @Override
220            protected boolean isCheckMethodOnProcessAction() {
221                    return _CHECK_METHOD_ON_PROCESS_ACTION;
222            }
223    
224            protected void sendPassword(
225                            ActionRequest actionRequest, ActionResponse actionResponse)
226                    throws Exception {
227    
228                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
229                            WebKeys.THEME_DISPLAY);
230    
231                    Company company = themeDisplay.getCompany();
232    
233                    User user = getUser(actionRequest);
234    
235                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
236                            if (PropsValues.USERS_REMINDER_QUERIES_REQUIRED &&
237                                    !user.hasReminderQuery()) {
238    
239                                    throw new RequiredReminderQueryException(
240                                            "No reminder query or answer is defined for user " +
241                                                    user.getUserId());
242                            }
243    
244                            String answer = ParamUtil.getString(actionRequest, "answer");
245    
246                            if (!user.getReminderQueryAnswer().equals(answer)) {
247                                    throw new UserReminderQueryException();
248                            }
249                    }
250    
251                    PortletPreferences preferences = actionRequest.getPreferences();
252    
253                    String languageId = LanguageUtil.getLanguageId(actionRequest);
254    
255                    String emailFromName = preferences.getValue("emailFromName", null);
256                    String emailFromAddress = preferences.getValue(
257                            "emailFromAddress", null);
258                    String emailToAddress = user.getEmailAddress();
259    
260                    String emailParam = "emailPasswordSent";
261    
262                    if (company.isSendPasswordResetLink()) {
263                            emailParam = "emailPasswordReset";
264                    }
265    
266                    String subject = preferences.getValue(
267                            emailParam + "Subject_" + languageId, null);
268                    String body = preferences.getValue(
269                            emailParam + "Body_" + languageId, null);
270    
271                    LoginUtil.sendPassword(
272                            actionRequest, emailFromName, emailFromAddress, emailToAddress,
273                            subject, body);
274    
275                    sendRedirect(actionRequest, actionResponse);
276            }
277    
278            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
279    
280    }