001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.AddressCityException;
018    import com.liferay.portal.AddressStreetException;
019    import com.liferay.portal.AddressZipException;
020    import com.liferay.portal.CompanyMaxUsersException;
021    import com.liferay.portal.ContactFirstNameException;
022    import com.liferay.portal.ContactFullNameException;
023    import com.liferay.portal.ContactLastNameException;
024    import com.liferay.portal.DuplicateOpenIdException;
025    import com.liferay.portal.EmailAddressException;
026    import com.liferay.portal.GroupFriendlyURLException;
027    import com.liferay.portal.NoSuchCountryException;
028    import com.liferay.portal.NoSuchLayoutException;
029    import com.liferay.portal.NoSuchListTypeException;
030    import com.liferay.portal.NoSuchOrganizationException;
031    import com.liferay.portal.NoSuchRegionException;
032    import com.liferay.portal.OrganizationParentException;
033    import com.liferay.portal.PhoneNumberException;
034    import com.liferay.portal.RequiredFieldException;
035    import com.liferay.portal.RequiredUserException;
036    import com.liferay.portal.ReservedUserEmailAddressException;
037    import com.liferay.portal.ReservedUserScreenNameException;
038    import com.liferay.portal.TermsOfUseException;
039    import com.liferay.portal.UserEmailAddressException;
040    import com.liferay.portal.UserIdException;
041    import com.liferay.portal.UserPasswordException;
042    import com.liferay.portal.UserScreenNameException;
043    import com.liferay.portal.UserSmsException;
044    import com.liferay.portal.WebsiteURLException;
045    import com.liferay.portal.kernel.captcha.CaptchaMaxChallengesException;
046    import com.liferay.portal.kernel.captcha.CaptchaTextException;
047    import com.liferay.portal.kernel.captcha.CaptchaUtil;
048    import com.liferay.portal.kernel.servlet.SessionErrors;
049    import com.liferay.portal.kernel.servlet.SessionMessages;
050    import com.liferay.portal.kernel.util.Constants;
051    import com.liferay.portal.kernel.util.GetterUtil;
052    import com.liferay.portal.kernel.util.ParamUtil;
053    import com.liferay.portal.kernel.util.Validator;
054    import com.liferay.portal.kernel.workflow.WorkflowConstants;
055    import com.liferay.portal.model.Company;
056    import com.liferay.portal.model.CompanyConstants;
057    import com.liferay.portal.model.Layout;
058    import com.liferay.portal.model.User;
059    import com.liferay.portal.security.auth.PrincipalException;
060    import com.liferay.portal.service.LayoutLocalServiceUtil;
061    import com.liferay.portal.service.ServiceContext;
062    import com.liferay.portal.service.ServiceContextFactory;
063    import com.liferay.portal.service.UserLocalServiceUtil;
064    import com.liferay.portal.service.UserServiceUtil;
065    import com.liferay.portal.struts.PortletAction;
066    import com.liferay.portal.theme.ThemeDisplay;
067    import com.liferay.portal.util.PortalUtil;
068    import com.liferay.portal.util.PropsValues;
069    import com.liferay.portal.util.WebKeys;
070    import com.liferay.portlet.login.util.LoginUtil;
071    import com.liferay.util.PwdGenerator;
072    
073    import javax.portlet.ActionRequest;
074    import javax.portlet.ActionResponse;
075    import javax.portlet.PortletConfig;
076    import javax.portlet.PortletURL;
077    import javax.portlet.RenderRequest;
078    import javax.portlet.RenderResponse;
079    
080    import javax.servlet.http.HttpServletRequest;
081    import javax.servlet.http.HttpServletResponse;
082    import javax.servlet.http.HttpSession;
083    
084    import org.apache.struts.action.ActionForm;
085    import org.apache.struts.action.ActionForward;
086    import org.apache.struts.action.ActionMapping;
087    
088    /**
089     * @author Brian Wing Shun Chan
090     * @author Amos Fong
091     * @author Daniel Sanz
092     * @author Sergio Gonz??lez
093     */
094    public class CreateAccountAction extends PortletAction {
095    
096            @Override
097            public void processAction(
098                            ActionMapping actionMapping, ActionForm actionForm,
099                            PortletConfig portletConfig, ActionRequest actionRequest,
100                            ActionResponse actionResponse)
101                    throws Exception {
102    
103                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
104                            WebKeys.THEME_DISPLAY);
105    
106                    Company company = themeDisplay.getCompany();
107    
108                    if (!company.isStrangers()) {
109                            throw new PrincipalException();
110                    }
111    
112                    String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
113    
114                    try {
115                            if (cmd.equals(Constants.ADD)) {
116                                    if (PropsValues.CAPTCHA_CHECK_PORTAL_CREATE_ACCOUNT) {
117                                            CaptchaUtil.check(actionRequest);
118                                    }
119    
120                                    addUser(actionRequest, actionResponse);
121                            }
122                            else if (cmd.equals(Constants.RESET)) {
123                                    resetUser(actionRequest, actionResponse);
124                            }
125                            else if (cmd.equals(Constants.UPDATE)) {
126                                    updateIncompleteUser(actionRequest, actionResponse);
127                            }
128                    }
129                    catch (Exception e) {
130                            if (e instanceof AddressCityException ||
131                                    e instanceof AddressStreetException ||
132                                    e instanceof AddressZipException ||
133                                    e instanceof CaptchaMaxChallengesException ||
134                                    e instanceof CaptchaTextException ||
135                                    e instanceof CompanyMaxUsersException ||
136                                    e instanceof ContactFirstNameException ||
137                                    e instanceof ContactFullNameException ||
138                                    e instanceof ContactLastNameException ||
139                                    e instanceof DuplicateOpenIdException ||
140                                    e instanceof EmailAddressException ||
141                                    e instanceof GroupFriendlyURLException ||
142                                    e instanceof NoSuchCountryException ||
143                                    e instanceof NoSuchListTypeException ||
144                                    e instanceof NoSuchOrganizationException ||
145                                    e instanceof NoSuchRegionException ||
146                                    e instanceof OrganizationParentException ||
147                                    e instanceof PhoneNumberException ||
148                                    e instanceof RequiredFieldException ||
149                                    e instanceof RequiredUserException ||
150                                    e instanceof ReservedUserEmailAddressException ||
151                                    e instanceof ReservedUserScreenNameException ||
152                                    e instanceof TermsOfUseException ||
153                                    e instanceof UserEmailAddressException ||
154                                    e instanceof UserIdException ||
155                                    e instanceof UserPasswordException ||
156                                    e instanceof UserScreenNameException ||
157                                    e instanceof UserSmsException ||
158                                    e instanceof WebsiteURLException) {
159    
160                                    SessionErrors.add(actionRequest, e.getClass(), e);
161                            }
162                            else if (e instanceof
163                                                    UserEmailAddressException.MustNotBeDuplicate ||
164                                             e instanceof UserScreenNameException.MustNotBeDuplicate) {
165    
166                                    String emailAddress = ParamUtil.getString(
167                                            actionRequest, "emailAddress");
168    
169                                    User user = UserLocalServiceUtil.fetchUserByEmailAddress(
170                                            themeDisplay.getCompanyId(), emailAddress);
171    
172                                    if ((user == null) ||
173                                            (user.getStatus() != WorkflowConstants.STATUS_INCOMPLETE)) {
174    
175                                            SessionErrors.add(actionRequest, e.getClass(), e);
176                                    }
177                                    else {
178                                            setForward(actionRequest, "portlet.login.update_account");
179                                    }
180                            }
181                            else {
182                                    throw e;
183                            }
184                    }
185    
186                    if (Validator.isNull(PropsValues.COMPANY_SECURITY_STRANGERS_URL)) {
187                            return;
188                    }
189    
190                    try {
191                            Layout layout = LayoutLocalServiceUtil.getFriendlyURLLayout(
192                                    themeDisplay.getScopeGroupId(), false,
193                                    PropsValues.COMPANY_SECURITY_STRANGERS_URL);
194    
195                            String redirect = PortalUtil.getLayoutURL(layout, themeDisplay);
196    
197                            sendRedirect(actionRequest, actionResponse, redirect);
198                    }
199                    catch (NoSuchLayoutException nsle) {
200                    }
201            }
202    
203            @Override
204            public ActionForward render(
205                            ActionMapping actionMapping, ActionForm actionForm,
206                            PortletConfig portletConfig, RenderRequest renderRequest,
207                            RenderResponse renderResponse)
208                    throws Exception {
209    
210                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
211                            WebKeys.THEME_DISPLAY);
212    
213                    Company company = themeDisplay.getCompany();
214    
215                    if (!company.isStrangers()) {
216                            return actionMapping.findForward("portlet.login.login");
217                    }
218    
219                    renderResponse.setTitle(themeDisplay.translate("create-account"));
220    
221                    return actionMapping.findForward(
222                            getForward(renderRequest, "portlet.login.create_account"));
223            }
224    
225            protected void addUser(
226                            ActionRequest actionRequest, ActionResponse actionResponse)
227                    throws Exception {
228    
229                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
230                            actionRequest);
231                    HttpSession session = request.getSession();
232    
233                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
234                            WebKeys.THEME_DISPLAY);
235    
236                    Company company = themeDisplay.getCompany();
237    
238                    boolean autoPassword = true;
239                    String password1 = null;
240                    String password2 = null;
241                    boolean autoScreenName = isAutoScreenName();
242                    String screenName = ParamUtil.getString(actionRequest, "screenName");
243                    String emailAddress = ParamUtil.getString(
244                            actionRequest, "emailAddress");
245                    long facebookId = ParamUtil.getLong(actionRequest, "facebookId");
246                    String openId = ParamUtil.getString(actionRequest, "openId");
247                    String firstName = ParamUtil.getString(actionRequest, "firstName");
248                    String middleName = ParamUtil.getString(actionRequest, "middleName");
249                    String lastName = ParamUtil.getString(actionRequest, "lastName");
250                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
251                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
252                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
253                    int birthdayMonth = ParamUtil.getInteger(
254                            actionRequest, "birthdayMonth");
255                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
256                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
257                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
258                    long[] groupIds = null;
259                    long[] organizationIds = null;
260                    long[] roleIds = null;
261                    long[] userGroupIds = null;
262                    boolean sendEmail = true;
263    
264                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
265                            User.class.getName(), actionRequest);
266    
267                    if (PropsValues.LOGIN_CREATE_ACCOUNT_ALLOW_CUSTOM_PASSWORD) {
268                            autoPassword = false;
269    
270                            password1 = ParamUtil.getString(actionRequest, "password1");
271                            password2 = ParamUtil.getString(actionRequest, "password2");
272                    }
273    
274                    boolean openIdPending = false;
275    
276                    Boolean openIdLoginPending = (Boolean)session.getAttribute(
277                            WebKeys.OPEN_ID_LOGIN_PENDING);
278    
279                    if ((openIdLoginPending != null) && openIdLoginPending.booleanValue() &&
280                            Validator.isNotNull(openId)) {
281    
282                            sendEmail = false;
283                            openIdPending = true;
284                    }
285    
286                    User user = UserServiceUtil.addUserWithWorkflow(
287                            company.getCompanyId(), autoPassword, password1, password2,
288                            autoScreenName, screenName, emailAddress, facebookId, openId,
289                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
290                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
291                            groupIds, organizationIds, roleIds, userGroupIds, sendEmail,
292                            serviceContext);
293    
294                    if (openIdPending) {
295                            session.setAttribute(
296                                    WebKeys.OPEN_ID_LOGIN, new Long(user.getUserId()));
297    
298                            session.removeAttribute(WebKeys.OPEN_ID_LOGIN_PENDING);
299                    }
300                    else {
301    
302                            // Session messages
303    
304                            if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
305                                    SessionMessages.add(
306                                            request, "userAdded", user.getEmailAddress());
307                                    SessionMessages.add(
308                                            request, "userAddedPassword",
309                                            user.getPasswordUnencrypted());
310                            }
311                            else {
312                                    SessionMessages.add(
313                                            request, "userPending", user.getEmailAddress());
314                            }
315                    }
316    
317                    // Send redirect
318    
319                    String login = null;
320    
321                    String authType = company.getAuthType();
322    
323                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
324                            login = String.valueOf(user.getUserId());
325                    }
326                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
327                            login = user.getScreenName();
328                    }
329                    else {
330                            login = user.getEmailAddress();
331                    }
332    
333                    sendRedirect(
334                            actionRequest, actionResponse, themeDisplay, login,
335                            user.getPasswordUnencrypted());
336            }
337    
338            protected boolean isAutoScreenName() {
339                    return _AUTO_SCREEN_NAME;
340            }
341    
342            @Override
343            protected boolean isCheckMethodOnProcessAction() {
344                    return _CHECK_METHOD_ON_PROCESS_ACTION;
345            }
346    
347            protected void resetUser(
348                            ActionRequest actionRequest, ActionResponse actionResponse)
349                    throws Exception {
350    
351                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
352                            WebKeys.THEME_DISPLAY);
353    
354                    String emailAddress = ParamUtil.getString(
355                            actionRequest, "emailAddress");
356    
357                    User anonymousUser = UserLocalServiceUtil.getUserByEmailAddress(
358                            themeDisplay.getCompanyId(), emailAddress);
359    
360                    if (anonymousUser.getStatus() != WorkflowConstants.STATUS_INCOMPLETE) {
361                            throw new PrincipalException();
362                    }
363    
364                    UserLocalServiceUtil.deleteUser(anonymousUser.getUserId());
365    
366                    addUser(actionRequest, actionResponse);
367            }
368    
369            protected void sendRedirect(
370                            ActionRequest actionRequest, ActionResponse actionResponse,
371                            ThemeDisplay themeDisplay, String login, String password)
372                    throws Exception {
373    
374                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
375                            actionRequest);
376    
377                    String redirect = PortalUtil.escapeRedirect(
378                            ParamUtil.getString(actionRequest, "redirect"));
379    
380                    if (Validator.isNotNull(redirect)) {
381                            HttpServletResponse response = PortalUtil.getHttpServletResponse(
382                                    actionResponse);
383    
384                            LoginUtil.login(request, response, login, password, false, null);
385                    }
386                    else {
387                            PortletURL loginURL = LoginUtil.getLoginURL(
388                                    request, themeDisplay.getPlid());
389    
390                            loginURL.setParameter("login", login);
391    
392                            redirect = loginURL.toString();
393                    }
394    
395                    actionResponse.sendRedirect(redirect);
396            }
397    
398            protected void updateIncompleteUser(
399                            ActionRequest actionRequest, ActionResponse actionResponse)
400                    throws Exception {
401    
402                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
403                            actionRequest);
404    
405                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
406                            WebKeys.THEME_DISPLAY);
407    
408                    boolean autoPassword = true;
409                    String password1 = null;
410                    String password2 = null;
411                    boolean autoScreenName = false;
412                    String screenName = ParamUtil.getString(actionRequest, "screenName");
413                    String emailAddress = ParamUtil.getString(
414                            actionRequest, "emailAddress");
415    
416                    HttpSession session = request.getSession();
417    
418                    long facebookId = GetterUtil.getLong(
419                            session.getAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID));
420    
421                    if (facebookId > 0) {
422                            password1 = PwdGenerator.getPassword();
423                            password2 = password1;
424                    }
425    
426                    String openId = ParamUtil.getString(actionRequest, "openId");
427                    String firstName = ParamUtil.getString(actionRequest, "firstName");
428                    String middleName = ParamUtil.getString(actionRequest, "middleName");
429                    String lastName = ParamUtil.getString(actionRequest, "lastName");
430                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
431                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
432                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
433                    int birthdayMonth = ParamUtil.getInteger(
434                            actionRequest, "birthdayMonth");
435                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
436                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
437                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
438                    boolean updateUserInformation = true;
439                    boolean sendEmail = true;
440    
441                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
442                            User.class.getName(), actionRequest);
443    
444                    User user = UserServiceUtil.updateIncompleteUser(
445                            themeDisplay.getCompanyId(), autoPassword, password1, password2,
446                            autoScreenName, screenName, emailAddress, facebookId, openId,
447                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
448                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
449                            sendEmail, updateUserInformation, serviceContext);
450    
451                    if (facebookId > 0) {
452                            UserLocalServiceUtil.updateLastLogin(
453                                    user.getUserId(), user.getLoginIP());
454    
455                            UserLocalServiceUtil.updatePasswordReset(user.getUserId(), false);
456    
457                            UserLocalServiceUtil.updateEmailAddressVerified(
458                                    user.getUserId(), true);
459    
460                            session.removeAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID);
461    
462                            Company company = themeDisplay.getCompany();
463    
464                            // Send redirect
465    
466                            String login = null;
467    
468                            String authType = company.getAuthType();
469    
470                            if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
471                                    login = String.valueOf(user.getUserId());
472                            }
473                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
474                                    login = user.getScreenName();
475                            }
476                            else {
477                                    login = user.getEmailAddress();
478                            }
479    
480                            sendRedirect(
481                                    actionRequest, actionResponse, themeDisplay, login, password1);
482    
483                            return;
484                    }
485    
486                    // Session messages
487    
488                    if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
489                            SessionMessages.add(request, "userAdded", user.getEmailAddress());
490                            SessionMessages.add(
491                                    request, "userAddedPassword", user.getPasswordUnencrypted());
492                    }
493                    else {
494                            SessionMessages.add(request, "userPending", user.getEmailAddress());
495                    }
496    
497                    // Send redirect
498    
499                    String login = null;
500    
501                    Company company = themeDisplay.getCompany();
502    
503                    String authType = company.getAuthType();
504    
505                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
506                            login = String.valueOf(user.getUserId());
507                    }
508                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
509                            login = user.getScreenName();
510                    }
511                    else {
512                            login = user.getEmailAddress();
513                    }
514    
515                    sendRedirect(
516                            actionRequest, actionResponse, themeDisplay, login,
517                            user.getPasswordUnencrypted());
518            }
519    
520            private static final boolean _AUTO_SCREEN_NAME = false;
521    
522            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
523    
524    }