001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.exception.NoSuchUserException;
018 import com.liferay.portal.exception.UserLockoutException;
019 import com.liferay.portal.exception.UserPasswordException;
020 import com.liferay.portal.kernel.security.auth.session.AuthenticatedSessionManagerUtil;
021 import com.liferay.portal.kernel.servlet.SessionErrors;
022 import com.liferay.portal.kernel.util.Constants;
023 import com.liferay.portal.kernel.util.ParamUtil;
024 import com.liferay.portal.kernel.util.Validator;
025 import com.liferay.portal.kernel.util.WebKeys;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.model.CompanyConstants;
028 import com.liferay.portal.model.Ticket;
029 import com.liferay.portal.model.TicketConstants;
030 import com.liferay.portal.model.User;
031 import com.liferay.portal.security.auth.AuthTokenUtil;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
034 import com.liferay.portal.service.CompanyLocalServiceUtil;
035 import com.liferay.portal.service.TicketLocalServiceUtil;
036 import com.liferay.portal.service.UserLocalServiceUtil;
037 import com.liferay.portal.theme.ThemeDisplay;
038 import com.liferay.portal.util.PortalUtil;
039 import com.liferay.portal.util.PropsValues;
040
041 import javax.servlet.http.HttpServletRequest;
042 import javax.servlet.http.HttpServletResponse;
043 import javax.servlet.http.HttpSession;
044
045 import org.apache.struts.action.Action;
046 import org.apache.struts.action.ActionForm;
047 import org.apache.struts.action.ActionForward;
048 import org.apache.struts.action.ActionMapping;
049
050
054 public class UpdatePasswordAction extends Action {
055
056 @Override
057 public ActionForward execute(
058 ActionMapping actionMapping, ActionForm actionForm,
059 HttpServletRequest request, HttpServletResponse response)
060 throws Exception {
061
062 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
063 WebKeys.THEME_DISPLAY);
064
065 Ticket ticket = getTicket(request);
066
067 request.setAttribute(WebKeys.TICKET, ticket);
068
069 String cmd = ParamUtil.getString(request, Constants.CMD);
070
071 if (Validator.isNull(cmd)) {
072 if (ticket != null) {
073 User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
074
075 try {
076 UserLocalServiceUtil.checkLockout(user);
077
078 UserLocalServiceUtil.updatePasswordReset(
079 user.getUserId(), true);
080 }
081 catch (UserLockoutException ule) {
082 SessionErrors.add(request, ule.getClass(), ule);
083 }
084 }
085
086 return actionMapping.findForward("portal.update_password");
087 }
088
089 try {
090 updatePassword(request, response, themeDisplay, ticket);
091
092 String redirect = ParamUtil.getString(request, WebKeys.REFERER);
093
094 if (Validator.isNotNull(redirect)) {
095 redirect = PortalUtil.escapeRedirect(redirect);
096 }
097
098 if (Validator.isNull(redirect)) {
099 redirect = themeDisplay.getPathMain();
100 }
101
102 response.sendRedirect(redirect);
103
104 return null;
105 }
106 catch (Exception e) {
107 if (e instanceof UserPasswordException) {
108 SessionErrors.add(request, e.getClass(), e);
109
110 return actionMapping.findForward("portal.update_password");
111 }
112 else if (e instanceof NoSuchUserException ||
113 e instanceof PrincipalException) {
114
115 SessionErrors.add(request, e.getClass());
116
117 return actionMapping.findForward("portal.error");
118 }
119
120 PortalUtil.sendError(e, request, response);
121
122 return null;
123 }
124 }
125
126 protected Ticket getTicket(HttpServletRequest request) {
127 String ticketKey = ParamUtil.getString(request, "ticketKey");
128
129 if (Validator.isNull(ticketKey)) {
130 return null;
131 }
132
133 try {
134 Ticket ticket = TicketLocalServiceUtil.fetchTicket(ticketKey);
135
136 if ((ticket == null) ||
137 (ticket.getType() != TicketConstants.TYPE_PASSWORD)) {
138
139 return null;
140 }
141
142 if (!ticket.isExpired()) {
143 return ticket;
144 }
145
146 TicketLocalServiceUtil.deleteTicket(ticket);
147 }
148 catch (Exception e) {
149 }
150
151 return null;
152 }
153
154 protected boolean isValidatePassword(HttpServletRequest request) {
155 HttpSession session = request.getSession();
156
157 Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
158 WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
159
160 if ((setupWizardPasswordUpdated != null) &&
161 setupWizardPasswordUpdated) {
162
163 return false;
164 }
165
166 return true;
167 }
168
169 protected void updatePassword(
170 HttpServletRequest request, HttpServletResponse response,
171 ThemeDisplay themeDisplay, Ticket ticket)
172 throws Exception {
173
174 AuthTokenUtil.checkCSRFToken(
175 request, UpdatePasswordAction.class.getName());
176
177 long userId = 0;
178
179 if (ticket != null) {
180 userId = ticket.getClassPK();
181 }
182 else {
183 userId = themeDisplay.getUserId();
184 }
185
186 String password1 = request.getParameter("password1");
187 String password2 = request.getParameter("password2");
188 boolean passwordReset = false;
189
190 boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
191
192 try {
193 boolean currentValidate = isValidatePassword(request);
194
195 PwdToolkitUtilThreadLocal.setValidate(currentValidate);
196
197 UserLocalServiceUtil.updatePassword(
198 userId, password1, password2, passwordReset);
199 }
200 finally {
201 PwdToolkitUtilThreadLocal.setValidate(previousValidate);
202 }
203
204 if (ticket != null) {
205 TicketLocalServiceUtil.deleteTicket(ticket);
206
207 User user = UserLocalServiceUtil.getUser(userId);
208
209 Company company = CompanyLocalServiceUtil.getCompanyById(
210 user.getCompanyId());
211
212 String login = null;
213
214 String authType = company.getAuthType();
215
216 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
217 login = user.getEmailAddress();
218 }
219 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
220 login = user.getScreenName();
221 }
222 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
223 login = String.valueOf(userId);
224 }
225
226 AuthenticatedSessionManagerUtil.login(
227 request, response, login, password1, false, null);
228
229 UserLocalServiceUtil.updatePasswordReset(userId, false);
230 }
231 else if (PropsValues.SESSION_STORE_PASSWORD) {
232 HttpSession session = request.getSession();
233
234 session.setAttribute(WebKeys.USER_PASSWORD, password1);
235 }
236 }
237
238 }