001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.AddressCityException;
018    import com.liferay.portal.AddressStreetException;
019    import com.liferay.portal.AddressZipException;
020    import com.liferay.portal.CompanyMaxUsersException;
021    import com.liferay.portal.ContactFirstNameException;
022    import com.liferay.portal.ContactFullNameException;
023    import com.liferay.portal.ContactLastNameException;
024    import com.liferay.portal.DuplicateOpenIdException;
025    import com.liferay.portal.DuplicateUserEmailAddressException;
026    import com.liferay.portal.DuplicateUserScreenNameException;
027    import com.liferay.portal.EmailAddressException;
028    import com.liferay.portal.GroupFriendlyURLException;
029    import com.liferay.portal.NoSuchCountryException;
030    import com.liferay.portal.NoSuchLayoutException;
031    import com.liferay.portal.NoSuchListTypeException;
032    import com.liferay.portal.NoSuchOrganizationException;
033    import com.liferay.portal.NoSuchRegionException;
034    import com.liferay.portal.NoSuchUserException;
035    import com.liferay.portal.OrganizationParentException;
036    import com.liferay.portal.PhoneNumberException;
037    import com.liferay.portal.RequiredFieldException;
038    import com.liferay.portal.RequiredUserException;
039    import com.liferay.portal.ReservedUserEmailAddressException;
040    import com.liferay.portal.ReservedUserScreenNameException;
041    import com.liferay.portal.TermsOfUseException;
042    import com.liferay.portal.UserEmailAddressException;
043    import com.liferay.portal.UserIdException;
044    import com.liferay.portal.UserPasswordException;
045    import com.liferay.portal.UserScreenNameException;
046    import com.liferay.portal.UserSmsException;
047    import com.liferay.portal.WebsiteURLException;
048    import com.liferay.portal.kernel.captcha.CaptchaMaxChallengesException;
049    import com.liferay.portal.kernel.captcha.CaptchaTextException;
050    import com.liferay.portal.kernel.captcha.CaptchaUtil;
051    import com.liferay.portal.kernel.servlet.SessionErrors;
052    import com.liferay.portal.kernel.servlet.SessionMessages;
053    import com.liferay.portal.kernel.util.Constants;
054    import com.liferay.portal.kernel.util.GetterUtil;
055    import com.liferay.portal.kernel.util.ParamUtil;
056    import com.liferay.portal.kernel.util.Validator;
057    import com.liferay.portal.kernel.workflow.WorkflowConstants;
058    import com.liferay.portal.model.Company;
059    import com.liferay.portal.model.CompanyConstants;
060    import com.liferay.portal.model.Layout;
061    import com.liferay.portal.model.User;
062    import com.liferay.portal.security.auth.PrincipalException;
063    import com.liferay.portal.service.LayoutLocalServiceUtil;
064    import com.liferay.portal.service.ServiceContext;
065    import com.liferay.portal.service.ServiceContextFactory;
066    import com.liferay.portal.service.UserLocalServiceUtil;
067    import com.liferay.portal.service.UserServiceUtil;
068    import com.liferay.portal.struts.PortletAction;
069    import com.liferay.portal.theme.ThemeDisplay;
070    import com.liferay.portal.util.PortalUtil;
071    import com.liferay.portal.util.PropsValues;
072    import com.liferay.portal.util.WebKeys;
073    import com.liferay.portlet.login.util.LoginUtil;
074    import com.liferay.util.PwdGenerator;
075    
076    import javax.portlet.ActionRequest;
077    import javax.portlet.ActionResponse;
078    import javax.portlet.PortletConfig;
079    import javax.portlet.PortletURL;
080    import javax.portlet.RenderRequest;
081    import javax.portlet.RenderResponse;
082    
083    import javax.servlet.http.HttpServletRequest;
084    import javax.servlet.http.HttpServletResponse;
085    import javax.servlet.http.HttpSession;
086    
087    import org.apache.struts.action.ActionForm;
088    import org.apache.struts.action.ActionForward;
089    import org.apache.struts.action.ActionMapping;
090    
091    /**
092     * @author Brian Wing Shun Chan
093     * @author Amos Fong
094     * @author Daniel Sanz
095     * @author Sergio González
096     */
097    public class CreateAccountAction extends PortletAction {
098    
099            @Override
100            public void processAction(
101                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
102                            ActionRequest actionRequest, ActionResponse actionResponse)
103                    throws Exception {
104    
105                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
106                            WebKeys.THEME_DISPLAY);
107    
108                    Company company = themeDisplay.getCompany();
109    
110                    if (!company.isStrangers()) {
111                            throw new PrincipalException();
112                    }
113    
114                    String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
115    
116                    try {
117                            if (cmd.equals(Constants.ADD)) {
118                                    if (PropsValues.CAPTCHA_CHECK_PORTAL_CREATE_ACCOUNT) {
119                                            CaptchaUtil.check(actionRequest);
120                                    }
121    
122                                    addUser(actionRequest, actionResponse);
123                            }
124                            else if (cmd.equals(Constants.RESET)) {
125                                    resetUser(actionRequest, actionResponse);
126                            }
127                            else if (cmd.equals(Constants.UPDATE)) {
128                                    updateIncompleteUser(actionRequest, actionResponse);
129                            }
130                    }
131                    catch (Exception e) {
132                            if (e instanceof DuplicateUserEmailAddressException ||
133                                    e instanceof DuplicateUserScreenNameException) {
134    
135                                    String emailAddress = ParamUtil.getString(
136                                            actionRequest, "emailAddress");
137    
138                                    try {
139                                            User user = UserLocalServiceUtil.getUserByEmailAddress(
140                                                    themeDisplay.getCompanyId(), emailAddress);
141    
142                                            if (user.getStatus() !=
143                                                            WorkflowConstants.STATUS_INCOMPLETE) {
144    
145                                                    SessionErrors.add(actionRequest, e.getClass(), e);
146                                            }
147                                            else {
148                                                    setForward(
149                                                            actionRequest, "portlet.login.update_account");
150                                            }
151                                    }
152                                    catch (NoSuchUserException nsue) {
153                                            SessionErrors.add(actionRequest, e.getClass(), e);
154                                    }
155                            }
156                            else if (e instanceof AddressCityException ||
157                                             e instanceof AddressStreetException ||
158                                             e instanceof AddressZipException ||
159                                             e instanceof CaptchaMaxChallengesException ||
160                                             e instanceof CaptchaTextException ||
161                                             e instanceof CompanyMaxUsersException ||
162                                             e instanceof ContactFirstNameException ||
163                                             e instanceof ContactFullNameException ||
164                                             e instanceof ContactLastNameException ||
165                                             e instanceof DuplicateOpenIdException ||
166                                             e instanceof EmailAddressException ||
167                                             e instanceof GroupFriendlyURLException ||
168                                             e instanceof NoSuchCountryException ||
169                                             e instanceof NoSuchListTypeException ||
170                                             e instanceof NoSuchOrganizationException ||
171                                             e instanceof NoSuchRegionException ||
172                                             e instanceof OrganizationParentException ||
173                                             e instanceof PhoneNumberException ||
174                                             e instanceof RequiredFieldException ||
175                                             e instanceof RequiredUserException ||
176                                             e instanceof ReservedUserEmailAddressException ||
177                                             e instanceof ReservedUserScreenNameException ||
178                                             e instanceof TermsOfUseException ||
179                                             e instanceof UserEmailAddressException ||
180                                             e instanceof UserIdException ||
181                                             e instanceof UserPasswordException ||
182                                             e instanceof UserScreenNameException ||
183                                             e instanceof UserSmsException ||
184                                             e instanceof WebsiteURLException) {
185    
186                                    SessionErrors.add(actionRequest, e.getClass(), e);
187                            }
188                            else {
189                                    throw e;
190                            }
191                    }
192    
193                    if (Validator.isNull(PropsValues.COMPANY_SECURITY_STRANGERS_URL)) {
194                            return;
195                    }
196    
197                    try {
198                            Layout layout = LayoutLocalServiceUtil.getFriendlyURLLayout(
199                                    themeDisplay.getScopeGroupId(), false,
200                                    PropsValues.COMPANY_SECURITY_STRANGERS_URL);
201    
202                            String redirect = PortalUtil.getLayoutURL(layout, themeDisplay);
203    
204                            sendRedirect(actionRequest, actionResponse, redirect);
205                    }
206                    catch (NoSuchLayoutException nsle) {
207                    }
208            }
209    
210            @Override
211            public ActionForward render(
212                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
213                            RenderRequest renderRequest, RenderResponse renderResponse)
214                    throws Exception {
215    
216                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
217                            WebKeys.THEME_DISPLAY);
218    
219                    Company company = themeDisplay.getCompany();
220    
221                    if (!company.isStrangers()) {
222                            return mapping.findForward("portlet.login.login");
223                    }
224    
225                    renderResponse.setTitle(themeDisplay.translate("create-account"));
226    
227                    return mapping.findForward(
228                            getForward(renderRequest, "portlet.login.create_account"));
229            }
230    
231            protected void addUser(
232                            ActionRequest actionRequest, ActionResponse actionResponse)
233                    throws Exception {
234    
235                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
236                            actionRequest);
237                    HttpSession session = request.getSession();
238    
239                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
240                            WebKeys.THEME_DISPLAY);
241    
242                    Company company = themeDisplay.getCompany();
243    
244                    boolean autoPassword = true;
245                    String password1 = null;
246                    String password2 = null;
247                    boolean autoScreenName = isAutoScreenName();
248                    String screenName = ParamUtil.getString(actionRequest, "screenName");
249                    String emailAddress = ParamUtil.getString(
250                            actionRequest, "emailAddress");
251                    long facebookId = ParamUtil.getLong(actionRequest, "facebookId");
252                    String openId = ParamUtil.getString(actionRequest, "openId");
253                    String firstName = ParamUtil.getString(actionRequest, "firstName");
254                    String middleName = ParamUtil.getString(actionRequest, "middleName");
255                    String lastName = ParamUtil.getString(actionRequest, "lastName");
256                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
257                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
258                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
259                    int birthdayMonth = ParamUtil.getInteger(
260                            actionRequest, "birthdayMonth");
261                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
262                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
263                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
264                    long[] groupIds = null;
265                    long[] organizationIds = null;
266                    long[] roleIds = null;
267                    long[] userGroupIds = null;
268                    boolean sendEmail = true;
269    
270                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
271                            User.class.getName(), actionRequest);
272    
273                    if (PropsValues.LOGIN_CREATE_ACCOUNT_ALLOW_CUSTOM_PASSWORD) {
274                            autoPassword = false;
275    
276                            password1 = ParamUtil.getString(actionRequest, "password1");
277                            password2 = ParamUtil.getString(actionRequest, "password2");
278                    }
279    
280                    boolean openIdPending = false;
281    
282                    Boolean openIdLoginPending = (Boolean)session.getAttribute(
283                            WebKeys.OPEN_ID_LOGIN_PENDING);
284    
285                    if ((openIdLoginPending != null) && openIdLoginPending.booleanValue() &&
286                            Validator.isNotNull(openId)) {
287    
288                            sendEmail = false;
289                            openIdPending = true;
290                    }
291    
292                    User user = UserServiceUtil.addUserWithWorkflow(
293                            company.getCompanyId(), autoPassword, password1, password2,
294                            autoScreenName, screenName, emailAddress, facebookId, openId,
295                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
296                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
297                            groupIds, organizationIds, roleIds, userGroupIds, sendEmail,
298                            serviceContext);
299    
300                    if (openIdPending) {
301                            session.setAttribute(
302                                    WebKeys.OPEN_ID_LOGIN, new Long(user.getUserId()));
303    
304                            session.removeAttribute(WebKeys.OPEN_ID_LOGIN_PENDING);
305                    }
306                    else {
307    
308                            // Session messages
309    
310                            if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
311                                    SessionMessages.add(
312                                            request, "userAdded", user.getEmailAddress());
313                                    SessionMessages.add(
314                                            request, "userAddedPassword",
315                                            user.getPasswordUnencrypted());
316                            }
317                            else {
318                                    SessionMessages.add(
319                                            request, "userPending", user.getEmailAddress());
320                            }
321                    }
322    
323                    // Send redirect
324    
325                    String login = null;
326    
327                    String authType = company.getAuthType();
328    
329                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
330                            login = String.valueOf(user.getUserId());
331                    }
332                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
333                            login = user.getScreenName();
334                    }
335                    else {
336                            login = user.getEmailAddress();
337                    }
338    
339                    sendRedirect(
340                            actionRequest, actionResponse, themeDisplay, login,
341                            user.getPasswordUnencrypted());
342            }
343    
344            protected boolean isAutoScreenName() {
345                    return _AUTO_SCREEN_NAME;
346            }
347    
348            @Override
349            protected boolean isCheckMethodOnProcessAction() {
350                    return _CHECK_METHOD_ON_PROCESS_ACTION;
351            }
352    
353            protected void resetUser(
354                            ActionRequest actionRequest, ActionResponse actionResponse)
355                    throws Exception {
356    
357                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
358                            WebKeys.THEME_DISPLAY);
359    
360                    String emailAddress = ParamUtil.getString(
361                            actionRequest, "emailAddress");
362    
363                    User anonymousUser = UserLocalServiceUtil.getUserByEmailAddress(
364                            themeDisplay.getCompanyId(), emailAddress);
365    
366                    if (anonymousUser.getStatus() != WorkflowConstants.STATUS_INCOMPLETE) {
367                            throw new PrincipalException();
368                    }
369    
370                    UserLocalServiceUtil.deleteUser(anonymousUser.getUserId());
371    
372                    addUser(actionRequest, actionResponse);
373            }
374    
375            protected void sendRedirect(
376                            ActionRequest actionRequest, ActionResponse actionResponse,
377                            ThemeDisplay themeDisplay, String login, String password)
378                    throws Exception {
379    
380                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
381                            actionRequest);
382    
383                    String redirect = PortalUtil.escapeRedirect(
384                            ParamUtil.getString(actionRequest, "redirect"));
385    
386                    if (Validator.isNotNull(redirect)) {
387                            HttpServletResponse response = PortalUtil.getHttpServletResponse(
388                                    actionResponse);
389    
390                            LoginUtil.login(request, response, login, password, false, null);
391                    }
392                    else {
393                            PortletURL loginURL = LoginUtil.getLoginURL(
394                                    request, themeDisplay.getPlid());
395    
396                            loginURL.setParameter("login", login);
397    
398                            redirect = loginURL.toString();
399                    }
400    
401                    actionResponse.sendRedirect(redirect);
402            }
403    
404            protected void updateIncompleteUser(
405                            ActionRequest actionRequest, ActionResponse actionResponse)
406                    throws Exception {
407    
408                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
409                            actionRequest);
410    
411                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
412                            WebKeys.THEME_DISPLAY);
413    
414                    boolean autoPassword = true;
415                    String password1 = null;
416                    String password2 = null;
417                    boolean autoScreenName = false;
418                    String screenName = ParamUtil.getString(actionRequest, "screenName");
419                    String emailAddress = ParamUtil.getString(
420                            actionRequest, "emailAddress");
421    
422                    HttpSession session = request.getSession();
423    
424                    long facebookId = GetterUtil.getLong(
425                            session.getAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID));
426    
427                    if (facebookId > 0) {
428                            password1 = PwdGenerator.getPassword();
429                            password2 = password1;
430                    }
431    
432                    String openId = ParamUtil.getString(actionRequest, "openId");
433                    String firstName = ParamUtil.getString(actionRequest, "firstName");
434                    String middleName = ParamUtil.getString(actionRequest, "middleName");
435                    String lastName = ParamUtil.getString(actionRequest, "lastName");
436                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
437                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
438                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
439                    int birthdayMonth = ParamUtil.getInteger(
440                            actionRequest, "birthdayMonth");
441                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
442                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
443                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
444                    boolean updateUserInformation = true;
445                    boolean sendEmail = true;
446    
447                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
448                            User.class.getName(), actionRequest);
449    
450                    User user = UserServiceUtil.updateIncompleteUser(
451                            themeDisplay.getCompanyId(), autoPassword, password1, password2,
452                            autoScreenName, screenName, emailAddress, facebookId, openId,
453                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
454                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
455                            sendEmail, updateUserInformation, serviceContext);
456    
457                    if (facebookId > 0) {
458                            UserLocalServiceUtil.updateLastLogin(
459                                    user.getUserId(), user.getLoginIP());
460    
461                            UserLocalServiceUtil.updatePasswordReset(user.getUserId(), false);
462    
463                            UserLocalServiceUtil.updateEmailAddressVerified(
464                                    user.getUserId(), true);
465    
466                            session.removeAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID);
467    
468                            Company company = themeDisplay.getCompany();
469    
470                            // Send redirect
471    
472                            String login = null;
473    
474                            String authType = company.getAuthType();
475    
476                            if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
477                                    login = String.valueOf(user.getUserId());
478                            }
479                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
480                                    login = user.getScreenName();
481                            }
482                            else {
483                                    login = user.getEmailAddress();
484                            }
485    
486                            sendRedirect(
487                                    actionRequest, actionResponse, themeDisplay, login, password1);
488    
489                            return;
490                    }
491    
492                    // Session messages
493    
494                    if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
495                            SessionMessages.add(request, "userAdded", user.getEmailAddress());
496                            SessionMessages.add(
497                                    request, "userAddedPassword", user.getPasswordUnencrypted());
498                    }
499                    else {
500                            SessionMessages.add(request, "userPending", user.getEmailAddress());
501                    }
502    
503                    // Send redirect
504    
505                    String login = null;
506    
507                    Company company = themeDisplay.getCompany();
508    
509                    String authType = company.getAuthType();
510    
511                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
512                            login = String.valueOf(user.getUserId());
513                    }
514                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
515                            login = user.getScreenName();
516                    }
517                    else {
518                            login = user.getEmailAddress();
519                    }
520    
521                    sendRedirect(
522                            actionRequest, actionResponse, themeDisplay, login,
523                            user.getPasswordUnencrypted());
524            }
525    
526            private static final boolean _AUTO_SCREEN_NAME = false;
527    
528            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
529    
530    }