001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.AddressCityException;
018    import com.liferay.portal.AddressStreetException;
019    import com.liferay.portal.AddressZipException;
020    import com.liferay.portal.CompanyMaxUsersException;
021    import com.liferay.portal.ContactBirthdayException;
022    import com.liferay.portal.ContactFirstNameException;
023    import com.liferay.portal.ContactFullNameException;
024    import com.liferay.portal.ContactLastNameException;
025    import com.liferay.portal.DuplicateOpenIdException;
026    import com.liferay.portal.EmailAddressException;
027    import com.liferay.portal.GroupFriendlyURLException;
028    import com.liferay.portal.NoSuchCountryException;
029    import com.liferay.portal.NoSuchLayoutException;
030    import com.liferay.portal.NoSuchListTypeException;
031    import com.liferay.portal.NoSuchOrganizationException;
032    import com.liferay.portal.NoSuchRegionException;
033    import com.liferay.portal.OrganizationParentException;
034    import com.liferay.portal.PhoneNumberException;
035    import com.liferay.portal.RequiredFieldException;
036    import com.liferay.portal.RequiredUserException;
037    import com.liferay.portal.ReservedUserEmailAddressException;
038    import com.liferay.portal.ReservedUserScreenNameException;
039    import com.liferay.portal.TermsOfUseException;
040    import com.liferay.portal.UserEmailAddressException;
041    import com.liferay.portal.UserIdException;
042    import com.liferay.portal.UserPasswordException;
043    import com.liferay.portal.UserScreenNameException;
044    import com.liferay.portal.UserSmsException;
045    import com.liferay.portal.WebsiteURLException;
046    import com.liferay.portal.kernel.captcha.CaptchaMaxChallengesException;
047    import com.liferay.portal.kernel.captcha.CaptchaTextException;
048    import com.liferay.portal.kernel.captcha.CaptchaUtil;
049    import com.liferay.portal.kernel.servlet.SessionErrors;
050    import com.liferay.portal.kernel.servlet.SessionMessages;
051    import com.liferay.portal.kernel.util.Constants;
052    import com.liferay.portal.kernel.util.GetterUtil;
053    import com.liferay.portal.kernel.util.ParamUtil;
054    import com.liferay.portal.kernel.util.PwdGenerator;
055    import com.liferay.portal.kernel.util.Validator;
056    import com.liferay.portal.kernel.workflow.WorkflowConstants;
057    import com.liferay.portal.model.Company;
058    import com.liferay.portal.model.CompanyConstants;
059    import com.liferay.portal.model.Layout;
060    import com.liferay.portal.model.User;
061    import com.liferay.portal.security.auth.PrincipalException;
062    import com.liferay.portal.service.LayoutLocalServiceUtil;
063    import com.liferay.portal.service.ServiceContext;
064    import com.liferay.portal.service.ServiceContextFactory;
065    import com.liferay.portal.service.UserLocalServiceUtil;
066    import com.liferay.portal.service.UserServiceUtil;
067    import com.liferay.portal.struts.PortletAction;
068    import com.liferay.portal.theme.ThemeDisplay;
069    import com.liferay.portal.util.PortalUtil;
070    import com.liferay.portal.util.PropsValues;
071    import com.liferay.portal.util.WebKeys;
072    import com.liferay.portlet.login.util.LoginUtil;
073    
074    import javax.portlet.ActionRequest;
075    import javax.portlet.ActionResponse;
076    import javax.portlet.PortletConfig;
077    import javax.portlet.PortletURL;
078    import javax.portlet.RenderRequest;
079    import javax.portlet.RenderResponse;
080    
081    import javax.servlet.http.HttpServletRequest;
082    import javax.servlet.http.HttpServletResponse;
083    import javax.servlet.http.HttpSession;
084    
085    import org.apache.struts.action.ActionForm;
086    import org.apache.struts.action.ActionForward;
087    import org.apache.struts.action.ActionMapping;
088    
089    /**
090     * @author Brian Wing Shun Chan
091     * @author Amos Fong
092     * @author Daniel Sanz
093     * @author Sergio Gonz??lez
094     */
095    public class CreateAccountAction extends PortletAction {
096    
097            @Override
098            public void processAction(
099                            ActionMapping actionMapping, ActionForm actionForm,
100                            PortletConfig portletConfig, ActionRequest actionRequest,
101                            ActionResponse actionResponse)
102                    throws Exception {
103    
104                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
105                            WebKeys.THEME_DISPLAY);
106    
107                    Company company = themeDisplay.getCompany();
108    
109                    if (!company.isStrangers()) {
110                            throw new PrincipalException();
111                    }
112    
113                    String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
114    
115                    try {
116                            if (cmd.equals(Constants.ADD)) {
117                                    if (PropsValues.CAPTCHA_CHECK_PORTAL_CREATE_ACCOUNT) {
118                                            CaptchaUtil.check(actionRequest);
119                                    }
120    
121                                    addUser(actionRequest, actionResponse);
122                            }
123                            else if (cmd.equals(Constants.RESET)) {
124                                    resetUser(actionRequest, actionResponse);
125                            }
126                            else if (cmd.equals(Constants.UPDATE)) {
127                                    updateIncompleteUser(actionRequest, actionResponse);
128                            }
129                    }
130                    catch (Exception e) {
131                            if (e instanceof AddressCityException ||
132                                    e instanceof AddressStreetException ||
133                                    e instanceof AddressZipException ||
134                                    e instanceof CaptchaMaxChallengesException ||
135                                    e instanceof CaptchaTextException ||
136                                    e instanceof CompanyMaxUsersException ||
137                                    e instanceof ContactBirthdayException ||
138                                    e instanceof ContactFirstNameException ||
139                                    e instanceof ContactFullNameException ||
140                                    e instanceof ContactLastNameException ||
141                                    e instanceof DuplicateOpenIdException ||
142                                    e instanceof EmailAddressException ||
143                                    e instanceof GroupFriendlyURLException ||
144                                    e instanceof NoSuchCountryException ||
145                                    e instanceof NoSuchListTypeException ||
146                                    e instanceof NoSuchOrganizationException ||
147                                    e instanceof NoSuchRegionException ||
148                                    e instanceof OrganizationParentException ||
149                                    e instanceof PhoneNumberException ||
150                                    e instanceof RequiredFieldException ||
151                                    e instanceof RequiredUserException ||
152                                    e instanceof ReservedUserEmailAddressException ||
153                                    e instanceof ReservedUserScreenNameException ||
154                                    e instanceof TermsOfUseException ||
155                                    e instanceof UserEmailAddressException ||
156                                    e instanceof UserIdException ||
157                                    e instanceof UserPasswordException ||
158                                    e instanceof UserScreenNameException ||
159                                    e instanceof UserSmsException ||
160                                    e instanceof WebsiteURLException) {
161    
162                                    SessionErrors.add(actionRequest, e.getClass(), e);
163                            }
164                            else if (e instanceof
165                                                    UserEmailAddressException.MustNotBeDuplicate ||
166                                             e instanceof UserScreenNameException.MustNotBeDuplicate) {
167    
168                                    String emailAddress = ParamUtil.getString(
169                                            actionRequest, "emailAddress");
170    
171                                    User user = UserLocalServiceUtil.fetchUserByEmailAddress(
172                                            themeDisplay.getCompanyId(), emailAddress);
173    
174                                    if ((user == null) ||
175                                            (user.getStatus() != WorkflowConstants.STATUS_INCOMPLETE)) {
176    
177                                            SessionErrors.add(actionRequest, e.getClass(), e);
178                                    }
179                                    else {
180                                            setForward(actionRequest, "portlet.login.update_account");
181                                    }
182                            }
183                            else {
184                                    throw e;
185                            }
186                    }
187    
188                    if (Validator.isNull(PropsValues.COMPANY_SECURITY_STRANGERS_URL)) {
189                            return;
190                    }
191    
192                    try {
193                            Layout layout = LayoutLocalServiceUtil.getFriendlyURLLayout(
194                                    themeDisplay.getScopeGroupId(), false,
195                                    PropsValues.COMPANY_SECURITY_STRANGERS_URL);
196    
197                            String redirect = PortalUtil.getLayoutURL(layout, themeDisplay);
198    
199                            sendRedirect(actionRequest, actionResponse, redirect);
200                    }
201                    catch (NoSuchLayoutException nsle) {
202                    }
203            }
204    
205            @Override
206            public ActionForward render(
207                            ActionMapping actionMapping, ActionForm actionForm,
208                            PortletConfig portletConfig, RenderRequest renderRequest,
209                            RenderResponse renderResponse)
210                    throws Exception {
211    
212                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
213                            WebKeys.THEME_DISPLAY);
214    
215                    Company company = themeDisplay.getCompany();
216    
217                    if (!company.isStrangers()) {
218                            return actionMapping.findForward("portlet.login.login");
219                    }
220    
221                    renderResponse.setTitle(themeDisplay.translate("create-account"));
222    
223                    return actionMapping.findForward(
224                            getForward(renderRequest, "portlet.login.create_account"));
225            }
226    
227            protected void addUser(
228                            ActionRequest actionRequest, ActionResponse actionResponse)
229                    throws Exception {
230    
231                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
232                            actionRequest);
233                    HttpSession session = request.getSession();
234    
235                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
236                            WebKeys.THEME_DISPLAY);
237    
238                    Company company = themeDisplay.getCompany();
239    
240                    boolean autoPassword = true;
241                    String password1 = null;
242                    String password2 = null;
243                    boolean autoScreenName = isAutoScreenName();
244                    String screenName = ParamUtil.getString(actionRequest, "screenName");
245                    String emailAddress = ParamUtil.getString(
246                            actionRequest, "emailAddress");
247                    long facebookId = ParamUtil.getLong(actionRequest, "facebookId");
248                    String openId = ParamUtil.getString(actionRequest, "openId");
249                    String firstName = ParamUtil.getString(actionRequest, "firstName");
250                    String middleName = ParamUtil.getString(actionRequest, "middleName");
251                    String lastName = ParamUtil.getString(actionRequest, "lastName");
252                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
253                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
254                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
255                    int birthdayMonth = ParamUtil.getInteger(
256                            actionRequest, "birthdayMonth");
257                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
258                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
259                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
260                    long[] groupIds = null;
261                    long[] organizationIds = null;
262                    long[] roleIds = null;
263                    long[] userGroupIds = null;
264                    boolean sendEmail = true;
265    
266                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
267                            User.class.getName(), actionRequest);
268    
269                    if (PropsValues.LOGIN_CREATE_ACCOUNT_ALLOW_CUSTOM_PASSWORD) {
270                            autoPassword = false;
271    
272                            password1 = ParamUtil.getString(actionRequest, "password1");
273                            password2 = ParamUtil.getString(actionRequest, "password2");
274                    }
275    
276                    boolean openIdPending = false;
277    
278                    Boolean openIdLoginPending = (Boolean)session.getAttribute(
279                            WebKeys.OPEN_ID_LOGIN_PENDING);
280    
281                    if ((openIdLoginPending != null) && openIdLoginPending.booleanValue() &&
282                            Validator.isNotNull(openId)) {
283    
284                            sendEmail = false;
285                            openIdPending = true;
286                    }
287    
288                    User user = UserServiceUtil.addUserWithWorkflow(
289                            company.getCompanyId(), autoPassword, password1, password2,
290                            autoScreenName, screenName, emailAddress, facebookId, openId,
291                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
292                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
293                            groupIds, organizationIds, roleIds, userGroupIds, sendEmail,
294                            serviceContext);
295    
296                    if (openIdPending) {
297                            session.setAttribute(
298                                    WebKeys.OPEN_ID_LOGIN, new Long(user.getUserId()));
299    
300                            session.removeAttribute(WebKeys.OPEN_ID_LOGIN_PENDING);
301                    }
302                    else {
303    
304                            // Session messages
305    
306                            if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
307                                    SessionMessages.add(
308                                            request, "userAdded", user.getEmailAddress());
309                                    SessionMessages.add(
310                                            request, "userAddedPassword",
311                                            user.getPasswordUnencrypted());
312                            }
313                            else {
314                                    SessionMessages.add(
315                                            request, "userPending", user.getEmailAddress());
316                            }
317                    }
318    
319                    // Send redirect
320    
321                    String login = null;
322    
323                    String authType = company.getAuthType();
324    
325                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
326                            login = String.valueOf(user.getUserId());
327                    }
328                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
329                            login = user.getScreenName();
330                    }
331                    else {
332                            login = user.getEmailAddress();
333                    }
334    
335                    sendRedirect(
336                            actionRequest, actionResponse, themeDisplay, login,
337                            user.getPasswordUnencrypted());
338            }
339    
340            protected boolean isAutoScreenName() {
341                    return _AUTO_SCREEN_NAME;
342            }
343    
344            @Override
345            protected boolean isCheckMethodOnProcessAction() {
346                    return _CHECK_METHOD_ON_PROCESS_ACTION;
347            }
348    
349            protected void resetUser(
350                            ActionRequest actionRequest, ActionResponse actionResponse)
351                    throws Exception {
352    
353                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
354                            WebKeys.THEME_DISPLAY);
355    
356                    String emailAddress = ParamUtil.getString(
357                            actionRequest, "emailAddress");
358    
359                    User anonymousUser = UserLocalServiceUtil.getUserByEmailAddress(
360                            themeDisplay.getCompanyId(), emailAddress);
361    
362                    if (anonymousUser.getStatus() != WorkflowConstants.STATUS_INCOMPLETE) {
363                            throw new PrincipalException();
364                    }
365    
366                    UserLocalServiceUtil.deleteUser(anonymousUser.getUserId());
367    
368                    addUser(actionRequest, actionResponse);
369            }
370    
371            protected void sendRedirect(
372                            ActionRequest actionRequest, ActionResponse actionResponse,
373                            ThemeDisplay themeDisplay, String login, String password)
374                    throws Exception {
375    
376                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
377                            actionRequest);
378    
379                    String redirect = PortalUtil.escapeRedirect(
380                            ParamUtil.getString(actionRequest, "redirect"));
381    
382                    if (Validator.isNotNull(redirect)) {
383                            HttpServletResponse response = PortalUtil.getHttpServletResponse(
384                                    actionResponse);
385    
386                            LoginUtil.login(request, response, login, password, false, null);
387                    }
388                    else {
389                            PortletURL loginURL = LoginUtil.getLoginURL(
390                                    request, themeDisplay.getPlid());
391    
392                            loginURL.setParameter("login", login);
393    
394                            redirect = loginURL.toString();
395                    }
396    
397                    actionResponse.sendRedirect(redirect);
398            }
399    
400            protected void updateIncompleteUser(
401                            ActionRequest actionRequest, ActionResponse actionResponse)
402                    throws Exception {
403    
404                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
405                            actionRequest);
406    
407                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
408                            WebKeys.THEME_DISPLAY);
409    
410                    boolean autoPassword = true;
411                    String password1 = null;
412                    String password2 = null;
413                    boolean autoScreenName = false;
414                    String screenName = ParamUtil.getString(actionRequest, "screenName");
415                    String emailAddress = ParamUtil.getString(
416                            actionRequest, "emailAddress");
417    
418                    HttpSession session = request.getSession();
419    
420                    long facebookId = GetterUtil.getLong(
421                            session.getAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID));
422    
423                    if (facebookId > 0) {
424                            password1 = PwdGenerator.getPassword();
425                            password2 = password1;
426                    }
427    
428                    String openId = ParamUtil.getString(actionRequest, "openId");
429                    String firstName = ParamUtil.getString(actionRequest, "firstName");
430                    String middleName = ParamUtil.getString(actionRequest, "middleName");
431                    String lastName = ParamUtil.getString(actionRequest, "lastName");
432                    int prefixId = ParamUtil.getInteger(actionRequest, "prefixId");
433                    int suffixId = ParamUtil.getInteger(actionRequest, "suffixId");
434                    boolean male = ParamUtil.getBoolean(actionRequest, "male", true);
435                    int birthdayMonth = ParamUtil.getInteger(
436                            actionRequest, "birthdayMonth");
437                    int birthdayDay = ParamUtil.getInteger(actionRequest, "birthdayDay");
438                    int birthdayYear = ParamUtil.getInteger(actionRequest, "birthdayYear");
439                    String jobTitle = ParamUtil.getString(actionRequest, "jobTitle");
440                    boolean updateUserInformation = true;
441                    boolean sendEmail = true;
442    
443                    ServiceContext serviceContext = ServiceContextFactory.getInstance(
444                            User.class.getName(), actionRequest);
445    
446                    User user = UserServiceUtil.updateIncompleteUser(
447                            themeDisplay.getCompanyId(), autoPassword, password1, password2,
448                            autoScreenName, screenName, emailAddress, facebookId, openId,
449                            themeDisplay.getLocale(), firstName, middleName, lastName, prefixId,
450                            suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle,
451                            sendEmail, updateUserInformation, serviceContext);
452    
453                    if (facebookId > 0) {
454                            UserLocalServiceUtil.updateLastLogin(
455                                    user.getUserId(), user.getLoginIP());
456    
457                            UserLocalServiceUtil.updatePasswordReset(user.getUserId(), false);
458    
459                            UserLocalServiceUtil.updateEmailAddressVerified(
460                                    user.getUserId(), true);
461    
462                            session.removeAttribute(WebKeys.FACEBOOK_INCOMPLETE_USER_ID);
463    
464                            Company company = themeDisplay.getCompany();
465    
466                            // Send redirect
467    
468                            String login = null;
469    
470                            String authType = company.getAuthType();
471    
472                            if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
473                                    login = String.valueOf(user.getUserId());
474                            }
475                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
476                                    login = user.getScreenName();
477                            }
478                            else {
479                                    login = user.getEmailAddress();
480                            }
481    
482                            sendRedirect(
483                                    actionRequest, actionResponse, themeDisplay, login, password1);
484    
485                            return;
486                    }
487    
488                    // Session messages
489    
490                    if (user.getStatus() == WorkflowConstants.STATUS_APPROVED) {
491                            SessionMessages.add(request, "userAdded", user.getEmailAddress());
492                            SessionMessages.add(
493                                    request, "userAddedPassword", user.getPasswordUnencrypted());
494                    }
495                    else {
496                            SessionMessages.add(request, "userPending", user.getEmailAddress());
497                    }
498    
499                    // Send redirect
500    
501                    String login = null;
502    
503                    Company company = themeDisplay.getCompany();
504    
505                    String authType = company.getAuthType();
506    
507                    if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
508                            login = String.valueOf(user.getUserId());
509                    }
510                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
511                            login = user.getScreenName();
512                    }
513                    else {
514                            login = user.getEmailAddress();
515                    }
516    
517                    sendRedirect(
518                            actionRequest, actionResponse, themeDisplay, login,
519                            user.getPasswordUnencrypted());
520            }
521    
522            private static final boolean _AUTO_SCREEN_NAME = false;
523    
524            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
525    
526    }