001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.login.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.RequiredReminderQueryException;
019    import com.liferay.portal.SendPasswordException;
020    import com.liferay.portal.UserActiveException;
021    import com.liferay.portal.UserEmailAddressException;
022    import com.liferay.portal.UserLockoutException;
023    import com.liferay.portal.UserReminderQueryException;
024    import com.liferay.portal.kernel.captcha.CaptchaException;
025    import com.liferay.portal.kernel.captcha.CaptchaTextException;
026    import com.liferay.portal.kernel.captcha.CaptchaUtil;
027    import com.liferay.portal.kernel.language.LanguageUtil;
028    import com.liferay.portal.kernel.servlet.SessionErrors;
029    import com.liferay.portal.kernel.util.ParamUtil;
030    import com.liferay.portal.kernel.util.Validator;
031    import com.liferay.portal.model.Company;
032    import com.liferay.portal.model.User;
033    import com.liferay.portal.security.auth.PrincipalException;
034    import com.liferay.portal.service.UserLocalServiceUtil;
035    import com.liferay.portal.struts.PortletAction;
036    import com.liferay.portal.theme.ThemeDisplay;
037    import com.liferay.portal.util.PortalUtil;
038    import com.liferay.portal.util.PropsValues;
039    import com.liferay.portal.util.WebKeys;
040    import com.liferay.portlet.login.util.LoginUtil;
041    
042    import javax.portlet.ActionRequest;
043    import javax.portlet.ActionResponse;
044    import javax.portlet.PortletConfig;
045    import javax.portlet.PortletPreferences;
046    import javax.portlet.PortletSession;
047    import javax.portlet.RenderRequest;
048    import javax.portlet.RenderResponse;
049    
050    import org.apache.struts.action.ActionForm;
051    import org.apache.struts.action.ActionForward;
052    import org.apache.struts.action.ActionMapping;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Tibor Kovacs
057     */
058    public class ForgotPasswordAction extends PortletAction {
059    
060            @Override
061            public void processAction(
062                            ActionMapping actionMapping, ActionForm actionForm,
063                            PortletConfig portletConfig, ActionRequest actionRequest,
064                            ActionResponse actionResponse)
065                    throws Exception {
066    
067                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068                            WebKeys.THEME_DISPLAY);
069    
070                    Company company = themeDisplay.getCompany();
071    
072                    if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
073                            throw new PrincipalException();
074                    }
075    
076                    try {
077                            if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
078                                    checkReminderQueries(actionRequest, actionResponse);
079                            }
080                            else {
081                                    checkCaptcha(actionRequest);
082    
083                                    sendPassword(actionRequest, actionResponse);
084                            }
085                    }
086                    catch (Exception e) {
087                            if (e instanceof CaptchaTextException ||
088                                    e instanceof NoSuchUserException ||
089                                    e instanceof RequiredReminderQueryException ||
090                                    e instanceof SendPasswordException ||
091                                    e instanceof UserActiveException ||
092                                    e instanceof UserEmailAddressException ||
093                                    e instanceof UserLockoutException ||
094                                    e instanceof UserReminderQueryException) {
095    
096                                    SessionErrors.add(actionRequest, e.getClass());
097                            }
098                            else {
099                                    PortalUtil.sendError(e, actionRequest, actionResponse);
100                            }
101                    }
102            }
103    
104            @Override
105            public ActionForward render(
106                            ActionMapping actionMapping, ActionForm actionForm,
107                            PortletConfig portletConfig, RenderRequest renderRequest,
108                            RenderResponse renderResponse)
109                    throws Exception {
110    
111                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
112                            WebKeys.THEME_DISPLAY);
113    
114                    Company company = themeDisplay.getCompany();
115    
116                    if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
117                            return actionMapping.findForward("portlet.login.login");
118                    }
119    
120                    renderResponse.setTitle(themeDisplay.translate("forgot-password"));
121    
122                    return actionMapping.findForward("portlet.login.forgot_password");
123            }
124    
125            protected void checkCaptcha(ActionRequest actionRequest)
126                    throws CaptchaException {
127    
128                    if (PropsValues.CAPTCHA_CHECK_PORTAL_SEND_PASSWORD) {
129                            CaptchaUtil.check(actionRequest);
130                    }
131            }
132    
133            protected void checkReminderQueries(
134                            ActionRequest actionRequest, ActionResponse actionResponse)
135                    throws Exception {
136    
137                    PortletSession portletSession = actionRequest.getPortletSession();
138    
139                    int step = ParamUtil.getInteger(actionRequest, "step");
140    
141                    if (step == 1) {
142                            checkCaptcha(actionRequest);
143    
144                            portletSession.removeAttribute(
145                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
146                            portletSession.removeAttribute(
147                                    WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
148                    }
149    
150                    User user = getUser(actionRequest);
151    
152                    portletSession.setAttribute(
153                            WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS,
154                            user.getEmailAddress());
155    
156                    actionRequest.setAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_USER, user);
157    
158                    if (step == 2) {
159                            Integer reminderAttempts = (Integer)portletSession.getAttribute(
160                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
161    
162                            if (reminderAttempts == null) {
163                                    reminderAttempts = 0;
164                            }
165                            else if (reminderAttempts > 2) {
166                                    checkCaptcha(actionRequest);
167                            }
168    
169                            reminderAttempts++;
170    
171                            portletSession.setAttribute(
172                                    WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS, reminderAttempts);
173    
174                            sendPassword(actionRequest, actionResponse);
175                    }
176            }
177    
178            protected User getUser(ActionRequest actionRequest) throws Exception {
179                    PortletSession portletSession = actionRequest.getPortletSession();
180    
181                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
182                            WebKeys.THEME_DISPLAY);
183    
184                    String sessionEmailAddress = (String)portletSession.getAttribute(
185                            WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
186    
187                    User user = null;
188    
189                    if (Validator.isNotNull(sessionEmailAddress)) {
190                            user = UserLocalServiceUtil.getUserByEmailAddress(
191                                    themeDisplay.getCompanyId(), sessionEmailAddress);
192                    }
193                    else {
194                            long userId = ParamUtil.getLong(actionRequest, "userId");
195                            String screenName = ParamUtil.getString(
196                                    actionRequest, "screenName");
197                            String emailAddress = ParamUtil.getString(
198                                    actionRequest, "emailAddress");
199    
200                            if (Validator.isNotNull(emailAddress)) {
201                                    user = UserLocalServiceUtil.getUserByEmailAddress(
202                                            themeDisplay.getCompanyId(), emailAddress);
203                            }
204                            else if (Validator.isNotNull(screenName)) {
205                                    user = UserLocalServiceUtil.getUserByScreenName(
206                                            themeDisplay.getCompanyId(), screenName);
207                            }
208                            else if (userId > 0) {
209                                    user = UserLocalServiceUtil.getUserById(userId);
210                            }
211                            else {
212                                    throw new NoSuchUserException();
213                            }
214                    }
215    
216                    if (!user.isActive()) {
217                            throw new UserActiveException();
218                    }
219    
220                    if (user.isLockout()) {
221                            throw new UserLockoutException.PasswordPolicyLockout(
222                                    user, user.getPasswordPolicy());
223                    }
224    
225                    return user;
226            }
227    
228            @Override
229            protected boolean isCheckMethodOnProcessAction() {
230                    return _CHECK_METHOD_ON_PROCESS_ACTION;
231            }
232    
233            protected void sendPassword(
234                            ActionRequest actionRequest, ActionResponse actionResponse)
235                    throws Exception {
236    
237                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
238                            WebKeys.THEME_DISPLAY);
239    
240                    Company company = themeDisplay.getCompany();
241    
242                    User user = getUser(actionRequest);
243    
244                    if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
245                            if (PropsValues.USERS_REMINDER_QUERIES_REQUIRED &&
246                                    !user.hasReminderQuery()) {
247    
248                                    throw new RequiredReminderQueryException(
249                                            "No reminder query or answer is defined for user " +
250                                                    user.getUserId());
251                            }
252    
253                            String answer = ParamUtil.getString(actionRequest, "answer");
254    
255                            if (!user.getReminderQueryAnswer().equals(answer)) {
256                                    throw new UserReminderQueryException();
257                            }
258                    }
259    
260                    PortletPreferences portletPreferences = actionRequest.getPreferences();
261    
262                    String languageId = LanguageUtil.getLanguageId(actionRequest);
263    
264                    String emailFromName = portletPreferences.getValue(
265                            "emailFromName", null);
266                    String emailFromAddress = portletPreferences.getValue(
267                            "emailFromAddress", null);
268                    String emailToAddress = user.getEmailAddress();
269    
270                    String emailParam = "emailPasswordSent";
271    
272                    if (company.isSendPasswordResetLink()) {
273                            emailParam = "emailPasswordReset";
274                    }
275    
276                    String subject = portletPreferences.getValue(
277                            emailParam + "Subject_" + languageId, null);
278                    String body = portletPreferences.getValue(
279                            emailParam + "Body_" + languageId, null);
280    
281                    LoginUtil.sendPassword(
282                            actionRequest, emailFromName, emailFromAddress, emailToAddress,
283                            subject, body);
284    
285                    sendRedirect(actionRequest, actionResponse);
286            }
287    
288            private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
289    
290    }