001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.AddressCityException;
018    import com.liferay.portal.AddressStreetException;
019    import com.liferay.portal.AddressZipException;
020    import com.liferay.portal.CompanyMaxUsersException;
021    import com.liferay.portal.ContactBirthdayException;
022    import com.liferay.portal.ContactNameException;
023    import com.liferay.portal.DuplicateOpenIdException;
024    import com.liferay.portal.EmailAddressException;
025    import com.liferay.portal.GroupFriendlyURLException;
026    import com.liferay.portal.NoSuchCountryException;
027    import com.liferay.portal.NoSuchLayoutException;
028    import com.liferay.portal.NoSuchListTypeException;
029    import com.liferay.portal.NoSuchOrganizationException;
030    import com.liferay.portal.NoSuchRegionException;
031    import com.liferay.portal.OrganizationParentException;
032    import com.liferay.portal.PhoneNumberException;
033    import com.liferay.portal.RequiredFieldException;
034    import com.liferay.portal.RequiredUserException;
035    import com.liferay.portal.TermsOfUseException;
036    import com.liferay.portal.UserEmailAddressException;
037    import com.liferay.portal.UserIdException;
038    import com.liferay.portal.UserPasswordException;
039    import com.liferay.portal.UserScreenNameException;
040    import com.liferay.portal.UserSmsException;
041    import com.liferay.portal.WebsiteURLException;
042    import com.liferay.portal.kernel.captcha.CaptchaConfigurationException;
043    import com.liferay.portal.kernel.captcha.CaptchaMaxChallengesException;
044    import com.liferay.portal.kernel.captcha.CaptchaTextException;
045    import com.liferay.portal.kernel.captcha.CaptchaUtil;
046    import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand;
047    import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;
048    import com.liferay.portal.kernel.servlet.SessionErrors;
049    import com.liferay.portal.kernel.servlet.SessionMessages;
050    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
051    import com.liferay.portal.kernel.util.Constants;
052    import com.liferay.portal.kernel.util.GetterUtil;
053    import com.liferay.portal.kernel.util.LocaleUtil;
054    import com.liferay.portal.kernel.util.ParamUtil;
055    import com.liferay.portal.kernel.util.PropsKeys;
056    import com.liferay.portal.kernel.util.PwdGenerator;
057    import com.liferay.portal.kernel.util.Validator;
058    import com.liferay.portal.kernel.workflow.WorkflowConstants;
059    import com.liferay.portal.model.Company;
060    import com.liferay.portal.model.CompanyConstants;
061    import com.liferay.portal.model.Layout;
062    import com.liferay.portal.model.User;
063    import com.liferay.portal.security.auth.PrincipalException;
064    import com.liferay.portal.service.LayoutLocalServiceUtil;
065    import com.liferay.portal.service.ServiceContext;
066    import com.liferay.portal.service.ServiceContextFactory;
067    import com.liferay.portal.service.UserLocalServiceUtil;
068    import com.liferay.portal.service.UserServiceUtil;
069    import com.liferay.portal.theme.ThemeDisplay;
070    import com.liferay.portal.util.PortalUtil;
071    import com.liferay.portal.util.PortletKeys;
072    import com.liferay.portal.util.PropsValues;
073    import com.liferay.portal.util.WebKeys;
074    import com.liferay.portlet.login.util.LoginUtil;
075    
076    import javax.portlet.ActionRequest;
077    import javax.portlet.ActionResponse;
078    import javax.portlet.PortletURL;
079    
080    import javax.servlet.http.HttpServletRequest;
081    import javax.servlet.http.HttpServletResponse;
082    import javax.servlet.http.HttpSession;
083    
084    /**
085     * @author Brian Wing Shun Chan
086     * @author Amos Fong
087     * @author Daniel Sanz
088     * @author Sergio Gonz??lez
089     * @author Peter Fellwock
090     */
091    @OSGiBeanProperties(
092            property = {
093                    "javax.portlet.name=" + PortletKeys.FAST_LOGIN,
094                    "javax.portlet.name=" + PortletKeys.LOGIN,
095                    "mvc.command.name=/login/create_account"
096            }
097    )
098    public class CreateAccountMVCActionCommand extends BaseMVCActionCommand {
099    
100            protected void addUser(
101                            ActionRequest actionRequest, ActionResponse actionResponse)
102                    throws Exception {
103    
104                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
105                            actionRequest);
106                    HttpSession session = request.getSession();
107    
108                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
109                            WebKeys.THEME_DISPLAY);
110    
111                    Company company = themeDisplay.getCompany();
112    
113                    boolean autoPassword = true;
114                    String password1 = null;
115                    String password2 = null;
116                    boolean autoScreenName = isAutoScreenName();
117                    String screenName = ParamUtil.getString(actionRequest, "screenName");
118                    String emailAddress = ParamUtil.getString(
119                            actionRequest, "emailAddress");
120                    long facebookId = ParamUtil.getLong(actionRequest, "facebookId");
121                    String openId = ParamUtil.getString(actionRequest, "openId");
122                    String languageId = ParamUtil.getString(actionRequest, "languageId");
123                    String firstName = ParamUtil.getString(actionRequest, "firstName");
124                    String middleName = ParamUtil.getString(actionRequest, "middleName");
125                    String lastName = ParamUtil.getString(actionRequest, "lastName");
126                    long prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
127                    long suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
128                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
129                    int birthdayMonth = ParamUtil.getInteger(
130                            actionRequest, "birthdayMonth");
131                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
132                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
133                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
134                    long[] groupIds = null;
135                    long[] organizationIds = null;
136                    long[] roleIds = null;
137                    long[] userGroupIds = null;
138                    boolean sendEmail = true;
139    
140                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
141                            User.class.getName(), actionRequest);
142    
143                    if (PropsValues.LOGIN_CREATE_ACCOUNT_ALLOW_CUSTOM_PASSWORD) {
144                            autoPassword = false;
145    
146                            password1 = ParamUtil.getString(actionRequest, "password1");
147                            password2 = ParamUtil.getString(actionRequest, "password2");
148                    }
149    
150                    boolean openIdPending = false;
151    
152                    Boolean openIdLoginPending = (Boolean)session.getAttribute(
153                            WebKeys.OPEN_ID_LOGIN_PENDING);
154    
155                    if ((openIdLoginPending != null) && openIdLoginPending.booleanValue() &&
156                            Validator.isNotNull(openId)) {
157    
158                            sendEmail = false;
159                            openIdPending = true;
160                    }
161    
162                    User user = UserServiceUtil.addUserWithWorkflow(
163                            company.getCompanyId(), autoPassword, password1, password2,
164                            autoScreenName, screenName, emailAddress, facebookId, openId,
165                            LocaleUtil.fromLanguageId(languageId), firstName, middleName,
166                            lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
167                            birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
168                            userGroupIds, sendEmail, serviceContext);
169    
170                    if (openIdPending) {
171                            session.setAttribute(
172                                    WebKeys.OPEN_ID_LOGIN, Long.valueOf(user.getUserId()));
173    
174                            session.removeAttribute(WebKeys.OPEN_ID_LOGIN_PENDING);
175                    }
176                    else {
177    
178                            // Session messages
179    
180                            if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
181                                    SessionMessages.add(
182                                            request, "userAdded", user.getEmailAddress());
183                                    SessionMessages.add(
184                                            request, "userAddedPassword",
185                                            user.getPasswordUnencrypted());
186                            }
187                            else {
188                                    SessionMessages.add(
189                                            request, "userPending", user.getEmailAddress());
190                            }
191                    }
192    
193                    // Send redirect
194    
195                    String login = null;
196    
197                    String authType = company.getAuthType();
198    
199                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
200                            login = String.valueOf(user.getUserId());
201                    }
202                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
203                            login = user.getScreenName();
204                    }
205                    else {
206                            login = user.getEmailAddress();
207                    }
208    
209                    sendRedirect(
210                            actionRequest, actionResponse, themeDisplay, login,
211                            user.getPasswordUnencrypted());
212            }
213    
214            @Override
215            protected void doProcessAction(
216                            ActionRequest actionRequest, ActionResponse actionResponse)
217                    throws Exception {
218    
219                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
220                            WebKeys.THEME_DISPLAY);
221    
222                    Company company = themeDisplay.getCompany();
223    
224                    if (!company.isStrangers()) {
225                            throw new PrincipalException.MustBeEnabled(
226                                    company.getCompanyId(), PropsKeys.COMPANY_SECURITY_STRANGERS);
227                    }
228    
229                    String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
230    
231                    try {
232                            if (cmd.equals(Constants.ADD)) {
233                                    if (PropsValues.CAPTCHA_CHECK_PORTAL_CREATE_ACCOUNT) {
234                                            CaptchaUtil.check(actionRequest);
235                                    }
236    
237                                    addUser(actionRequest, actionResponse);
238                            }
239                            else if (cmd.equals(Constants.RESET)) {
240                                    resetUser(actionRequest, actionResponse);
241                            }
242                            else if (cmd.equals(Constants.UPDATE)) {
243                                    updateIncompleteUser(actionRequest, actionResponse);
244                            }
245                    }
246                    catch (Exception e) {
247                            if (e instanceof AddressCityException ||
248                                    e instanceof AddressStreetException ||
249                                    e instanceof AddressZipException ||
250                                    e instanceof CaptchaConfigurationException ||
251                                    e instanceof CaptchaMaxChallengesException ||
252                                    e instanceof CaptchaTextException ||
253                                    e instanceof CompanyMaxUsersException ||
254                                    e instanceof ContactBirthdayException ||
255                                    e instanceof ContactNameException ||
256                                    e instanceof DuplicateOpenIdException ||
257                                    e instanceof EmailAddressException ||
258                                    e instanceof GroupFriendlyURLException ||
259                                    e instanceof NoSuchCountryException ||
260                                    e instanceof NoSuchListTypeException ||
261                                    e instanceof NoSuchOrganizationException ||
262                                    e instanceof NoSuchRegionException ||
263                                    e instanceof OrganizationParentException ||
264                                    e instanceof PhoneNumberException ||
265                                    e instanceof RequiredFieldException ||
266                                    e instanceof RequiredUserException ||
267                                    e instanceof TermsOfUseException ||
268                                    e instanceof UserEmailAddressException ||
269                                    e instanceof UserIdException ||
270                                    e instanceof UserPasswordException ||
271                                    e instanceof UserScreenNameException ||
272                                    e instanceof UserSmsException ||
273                                    e instanceof WebsiteURLException) {
274    
275                                    SessionErrors.add(actionRequest, e.getClass(), e);
276                            }
277                            else if (e instanceof
278                                                    UserEmailAddressException.MustNotBeDuplicate ||
279                                             e instanceof UserScreenNameException.MustNotBeDuplicate) {
280    
281                                    String emailAddress = ParamUtil.getString(
282                                            actionRequest, "emailAddress");
283    
284                                    User user = UserLocalServiceUtil.fetchUserByEmailAddress(
285                                            themeDisplay.getCompanyId(), emailAddress);
286    
287                                    if ((user == null) ||
288                                            (user.getStatus() != WorkflowConstants.STATUS_INCOMPLETE)) {
289    
290                                            SessionErrors.add(actionRequest, e.getClass(), e);
291                                    }
292                                    else {
293                                            actionResponse.setRenderParameter(
294                                                    "mvcPath", "/html/portlet/login/update_account.jsp");
295                                    }
296                            }
297                            else {
298                                    throw e;
299                            }
300                    }
301    
302                    if (Validator.isNull(PropsValues.COMPANY_SECURITY_STRANGERS_URL)) {
303                            return;
304                    }
305    
306                    try {
307                            Layout layout = LayoutLocalServiceUtil.getFriendlyURLLayout(
308                                    themeDisplay.getScopeGroupId(), false,
309                                    PropsValues.COMPANY_SECURITY_STRANGERS_URL);
310    
311                            String redirect = PortalUtil.getLayoutURL(layout, themeDisplay);
312    
313                            sendRedirect(actionRequest, actionResponse, redirect);
314                    }
315                    catch (NoSuchLayoutException nsle) {
316                    }
317            }
318    
319            protected boolean isAutoScreenName() {
320                    return _AUTO_SCREEN_NAME;
321            }
322    
323            protected void resetUser(
324                            ActionRequest actionRequest, ActionResponse actionResponse)
325                    throws Exception {
326    
327                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
328                            WebKeys.THEME_DISPLAY);
329    
330                    String emailAddress = ParamUtil.getString(
331                            actionRequest, "emailAddress");
332    
333                    User anonymousUser = UserLocalServiceUtil.getUserByEmailAddress(
334                            themeDisplay.getCompanyId(), emailAddress);
335    
336                    if (anonymousUser.getStatus() != WorkflowConstants.STATUS_INCOMPLETE) {
337                            throw new PrincipalException.MustBeAuthenticated(
338                                    anonymousUser.getUuid());
339                    }
340    
341                    UserLocalServiceUtil.deleteUser(anonymousUser.getUserId());
342    
343                    addUser(actionRequest, actionResponse);
344            }
345    
346            protected void sendRedirect(
347                            ActionRequest actionRequest, ActionResponse actionResponse,
348                            ThemeDisplay themeDisplay, String login, String password)
349                    throws Exception {
350    
351                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
352                            actionRequest);
353    
354                    String redirect = PortalUtil.escapeRedirect(
355                            ParamUtil.getString(actionRequest, "redirect"));
356    
357                    if (Validator.isNotNull(redirect)) {
358                            HttpServletResponse response = PortalUtil.getHttpServletResponse(
359                                    actionResponse);
360    
361                            AuthenticatedSessionManagerUtil.login(
362                                    request, response, login, password, false, null);
363                    }
364                    else {
365                            PortletURL loginURL = LoginUtil.getLoginURL(
366                                    request, themeDisplay.getPlid());
367    
368                            loginURL.setParameter("login", login);
369    
370                            redirect = loginURL.toString();
371                    }
372    
373                    actionResponse.sendRedirect(redirect);
374            }
375    
376            protected void updateIncompleteUser(
377                            ActionRequest actionRequest, ActionResponse actionResponse)
378                    throws Exception {
379    
380                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
381                            actionRequest);
382    
383                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
384                            WebKeys.THEME_DISPLAY);
385    
386                    boolean autoPassword = true;
387                    String password1 = null;
388                    String password2 = null;
389                    boolean autoScreenName = false;
390                    String screenName = ParamUtil.getString(actionRequest, "screenName");
391                    String emailAddress = ParamUtil.getString(
392                            actionRequest, "emailAddress");
393    
394                    HttpSession session = request.getSession();
395    
396                    long facebookId = GetterUtil.getLong(
397                            session.getAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID));
398    
399                    if (facebookId > 0) {
400                            password1 = PwdGenerator.getPassword();
401                            password2 = password1;
402                    }
403    
404                    String openId = ParamUtil.getString(actionRequest, "openId");
405                    String firstName = ParamUtil.getString(actionRequest, "firstName");
406                    String middleName = ParamUtil.getString(actionRequest, "middleName");
407                    String lastName = ParamUtil.getString(actionRequest, "lastName");
408                    long prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
409                    long suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
410                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
411                    int birthdayMonth = ParamUtil.getInteger(
412                            actionRequest, "birthdayMonth");
413                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
414                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
415                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
416                    boolean updateUserInformation = true;
417                    boolean sendEmail = true;
418    
419                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
420                            User.class.getName(), actionRequest);
421    
422                    User user = UserServiceUtil.updateIncompleteUser(
423                            themeDisplay.getCompanyId(), autoPassword, password1, password2,
424                            autoScreenName, screenName, emailAddress, facebookId, openId,
425                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
426                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
427                            sendEmail, updateUserInformation, serviceContext);
428    
429                    if (facebookId > 0) {
430                            UserLocalServiceUtil.updateLastLogin(
431                                    user.getUserId(), user.getLoginIP());
432    
433                            UserLocalServiceUtil.updatePasswordReset(user.getUserId(), false);
434    
435                            UserLocalServiceUtil.updateEmailAddressVerified(
436                                    user.getUserId(), true);
437    
438                            session.removeAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID);
439    
440                            Company company = themeDisplay.getCompany();
441    
442                            // Send redirect
443    
444                            String login = null;
445    
446                            String authType = company.getAuthType();
447    
448                            if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
449                                    login = String.valueOf(user.getUserId());
450                            }
451                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
452                                    login = user.getScreenName();
453                            }
454                            else {
455                                    login = user.getEmailAddress();
456                            }
457    
458                            sendRedirect(
459                                    actionRequest, actionResponse, themeDisplay, login, password1);
460    
461                            return;
462                    }
463    
464                    // Session messages
465    
466                    if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
467                            SessionMessages.add(request, "userAdded", user.getEmailAddress());
468                            SessionMessages.add(
469                                    request, "userAddedPassword", user.getPasswordUnencrypted());
470                    }
471                    else {
472                            SessionMessages.add(request, "userPending", user.getEmailAddress());
473                    }
474    
475                    // Send redirect
476    
477                    String login = null;
478    
479                    Company company = themeDisplay.getCompany();
480    
481                    String authType = company.getAuthType();
482    
483                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
484                            login = String.valueOf(user.getUserId());
485                    }
486                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
487                            login = user.getScreenName();
488                    }
489                    else {
490                            login = user.getEmailAddress();
491                    }
492    
493                    sendRedirect(
494                            actionRequest, actionResponse, themeDisplay, login,
495                            user.getPasswordUnencrypted());
496            }
497    
498            private static final boolean _AUTO_SCREEN_NAME = false;
499    
500    }