001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.UserLockoutException;
019 import com.liferay.portal.UserPasswordException;
020 import com.liferay.portal.kernel.servlet.SessionErrors;
021 import com.liferay.portal.kernel.util.Constants;
022 import com.liferay.portal.kernel.util.ParamUtil;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.Company;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.Ticket;
027 import com.liferay.portal.model.TicketConstants;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.security.auth.AuthTokenUtil;
030 import com.liferay.portal.security.auth.PrincipalException;
031 import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
032 import com.liferay.portal.service.CompanyLocalServiceUtil;
033 import com.liferay.portal.service.TicketLocalServiceUtil;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.struts.ActionConstants;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PropsValues;
039 import com.liferay.portal.util.WebKeys;
040 import com.liferay.portlet.login.util.LoginUtil;
041
042 import javax.servlet.http.HttpServletRequest;
043 import javax.servlet.http.HttpServletResponse;
044 import javax.servlet.http.HttpSession;
045
046 import org.apache.struts.action.Action;
047 import org.apache.struts.action.ActionForm;
048 import org.apache.struts.action.ActionForward;
049 import org.apache.struts.action.ActionMapping;
050
051
055 public class UpdatePasswordAction extends Action {
056
057 @Override
058 public ActionForward execute(
059 ActionMapping actionMapping, ActionForm actionForm,
060 HttpServletRequest request, HttpServletResponse response)
061 throws Exception {
062
063 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
064 WebKeys.THEME_DISPLAY);
065
066 Ticket ticket = getTicket(request);
067
068 if (!themeDisplay.isSignedIn() && (ticket == null)) {
069 return actionMapping.findForward(
070 ActionConstants.COMMON_REFERER_JSP);
071 }
072
073 String cmd = ParamUtil.getString(request, Constants.CMD);
074
075 if (Validator.isNull(cmd)) {
076 if (ticket != null) {
077 User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
078
079 try {
080 UserLocalServiceUtil.checkLockout(user);
081
082 UserLocalServiceUtil.updatePasswordReset(
083 user.getUserId(), true);
084 }
085 catch (UserLockoutException ule) {
086 SessionErrors.add(request, ule.getClass());
087 }
088 }
089
090 return actionMapping.findForward("portal.update_password");
091 }
092
093 try {
094 updatePassword(request, response, themeDisplay, ticket);
095
096 String redirect = ParamUtil.getString(request, WebKeys.REFERER);
097
098 if (Validator.isNotNull(redirect)) {
099 redirect = PortalUtil.escapeRedirect(redirect);
100 }
101
102 if (Validator.isNull(redirect)) {
103 redirect = themeDisplay.getPathMain();
104 }
105
106 response.sendRedirect(redirect);
107
108 return null;
109 }
110 catch (Exception e) {
111 if (e instanceof UserPasswordException) {
112 SessionErrors.add(request, e.getClass(), e);
113
114 return actionMapping.findForward("portal.update_password");
115 }
116 else if (e instanceof NoSuchUserException ||
117 e instanceof PrincipalException) {
118
119 SessionErrors.add(request, e.getClass());
120
121 return actionMapping.findForward("portal.error");
122 }
123
124 PortalUtil.sendError(e, request, response);
125
126 return null;
127 }
128 }
129
130 protected Ticket getTicket(HttpServletRequest request) {
131 String ticketKey = ParamUtil.getString(request, "ticketKey");
132
133 if (Validator.isNull(ticketKey)) {
134 return null;
135 }
136
137 try {
138 Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
139
140 if (ticket.getType() != TicketConstants.TYPE_PASSWORD) {
141 return null;
142 }
143
144 if (!ticket.isExpired()) {
145 return ticket;
146 }
147
148 TicketLocalServiceUtil.deleteTicket(ticket);
149 }
150 catch (Exception e) {
151 }
152
153 return null;
154 }
155
156 protected boolean isValidatePassword(HttpServletRequest request) {
157 HttpSession session = request.getSession();
158
159 Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
160 WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
161
162 if ((setupWizardPasswordUpdated != null) &&
163 setupWizardPasswordUpdated) {
164
165 return false;
166 }
167
168 return true;
169 }
170
171 protected void updatePassword(
172 HttpServletRequest request, HttpServletResponse response,
173 ThemeDisplay themeDisplay, Ticket ticket)
174 throws Exception {
175
176 AuthTokenUtil.checkCSRFToken(
177 request, UpdatePasswordAction.class.getName());
178
179 long userId = 0;
180
181 if (ticket != null) {
182 userId = ticket.getClassPK();
183 }
184 else {
185 userId = themeDisplay.getUserId();
186 }
187
188 String password1 = request.getParameter("password1");
189 String password2 = request.getParameter("password2");
190 boolean passwordReset = false;
191
192 boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
193
194 try {
195 boolean currentValidate = isValidatePassword(request);
196
197 PwdToolkitUtilThreadLocal.setValidate(currentValidate);
198
199 UserLocalServiceUtil.updatePassword(
200 userId, password1, password2, passwordReset);
201 }
202 finally {
203 PwdToolkitUtilThreadLocal.setValidate(previousValidate);
204 }
205
206 if (ticket != null) {
207 TicketLocalServiceUtil.deleteTicket(ticket);
208
209 User user = UserLocalServiceUtil.getUser(userId);
210
211 Company company = CompanyLocalServiceUtil.getCompanyById(
212 user.getCompanyId());
213
214 String login = null;
215
216 String authType = company.getAuthType();
217
218 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
219 login = user.getEmailAddress();
220 }
221 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
222 login = user.getScreenName();
223 }
224 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
225 login = String.valueOf(userId);
226 }
227
228 LoginUtil.login(request, response, login, password1, false, null);
229
230 UserLocalServiceUtil.updatePasswordReset(userId, false);
231 }
232 else if (PropsValues.SESSION_STORE_PASSWORD) {
233 HttpSession session = request.getSession();
234
235 session.setAttribute(WebKeys.USER_PASSWORD, password1);
236 }
237 }
238
239 }