001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.UserLockoutException;
019    import com.liferay.portal.UserPasswordException;
020    import com.liferay.portal.kernel.servlet.SessionErrors;
021    import com.liferay.portal.kernel.util.Constants;
022    import com.liferay.portal.kernel.util.ParamUtil;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.model.Company;
025    import com.liferay.portal.model.CompanyConstants;
026    import com.liferay.portal.model.Ticket;
027    import com.liferay.portal.model.TicketConstants;
028    import com.liferay.portal.model.User;
029    import com.liferay.portal.security.auth.AuthTokenUtil;
030    import com.liferay.portal.security.auth.PrincipalException;
031    import com.liferay.portal.security.pwd.PwdToolkitUtilThreadLocal;
032    import com.liferay.portal.service.CompanyLocalServiceUtil;
033    import com.liferay.portal.service.TicketLocalServiceUtil;
034    import com.liferay.portal.service.UserLocalServiceUtil;
035    import com.liferay.portal.struts.ActionConstants;
036    import com.liferay.portal.theme.ThemeDisplay;
037    import com.liferay.portal.util.PortalUtil;
038    import com.liferay.portal.util.PropsValues;
039    import com.liferay.portal.util.WebKeys;
040    import com.liferay.portlet.login.util.LoginUtil;
041    
042    import javax.servlet.http.HttpServletRequest;
043    import javax.servlet.http.HttpServletResponse;
044    import javax.servlet.http.HttpSession;
045    
046    import org.apache.struts.action.Action;
047    import org.apache.struts.action.ActionForm;
048    import org.apache.struts.action.ActionForward;
049    import org.apache.struts.action.ActionMapping;
050    
051    /**
052     * @author Brian Wing Shun Chan
053     * @author Mika Koivisto
054     */
055    public class UpdatePasswordAction extends Action {
056    
057            @Override
058            public ActionForward execute(
059                            ActionMapping actionMapping, ActionForm actionForm,
060                            HttpServletRequest request, HttpServletResponse response)
061                    throws Exception {
062    
063                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
064                            WebKeys.THEME_DISPLAY);
065    
066                    Ticket ticket = getTicket(request);
067    
068                    if (!themeDisplay.isSignedIn() && (ticket == null)) {
069                            return actionMapping.findForward(
070                                    ActionConstants.COMMON_REFERER_JSP);
071                    }
072    
073                    String cmd = ParamUtil.getString(request, Constants.CMD);
074    
075                    if (Validator.isNull(cmd)) {
076                            if (ticket != null) {
077                                    User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
078    
079                                    try {
080                                            UserLocalServiceUtil.checkLockout(user);
081    
082                                            UserLocalServiceUtil.updatePasswordReset(
083                                                    user.getUserId(), true);
084                                    }
085                                    catch (UserLockoutException ule) {
086                                            SessionErrors.add(request, ule.getClass());
087                                    }
088                            }
089    
090                            return actionMapping.findForward("portal.update_password");
091                    }
092    
093                    try {
094                            updatePassword(request, response, themeDisplay, ticket);
095    
096                            String redirect = ParamUtil.getString(request, WebKeys.REFERER);
097    
098                            if (Validator.isNotNull(redirect)) {
099                                    redirect = PortalUtil.escapeRedirect(redirect);
100                            }
101    
102                            if (Validator.isNull(redirect)) {
103                                    redirect = themeDisplay.getPathMain();
104                            }
105    
106                            response.sendRedirect(redirect);
107    
108                            return null;
109                    }
110                    catch (Exception e) {
111                            if (e instanceof UserPasswordException) {
112                                    SessionErrors.add(request, e.getClass(), e);
113    
114                                    return actionMapping.findForward("portal.update_password");
115                            }
116                            else if (e instanceof NoSuchUserException ||
117                                             e instanceof PrincipalException) {
118    
119                                    SessionErrors.add(request, e.getClass());
120    
121                                    return actionMapping.findForward("portal.error");
122                            }
123    
124                            PortalUtil.sendError(e, request, response);
125    
126                            return null;
127                    }
128            }
129    
130            protected Ticket getTicket(HttpServletRequest request) {
131                    String ticketKey = ParamUtil.getString(request, "ticketKey");
132    
133                    if (Validator.isNull(ticketKey)) {
134                            return null;
135                    }
136    
137                    try {
138                            Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
139    
140                            if (ticket.getType() != TicketConstants.TYPE_PASSWORD) {
141                                    return null;
142                            }
143    
144                            if (!ticket.isExpired()) {
145                                    return ticket;
146                            }
147    
148                            TicketLocalServiceUtil.deleteTicket(ticket);
149                    }
150                    catch (Exception e) {
151                    }
152    
153                    return null;
154            }
155    
156            protected boolean isValidatePassword(HttpServletRequest request) {
157                    HttpSession session = request.getSession();
158    
159                    Boolean setupWizardPasswordUpdated = (Boolean)session.getAttribute(
160                            WebKeys.SETUP_WIZARD_PASSWORD_UPDATED);
161    
162                    if ((setupWizardPasswordUpdated != null) &&
163                            setupWizardPasswordUpdated) {
164    
165                            return false;
166                    }
167    
168                    return true;
169            }
170    
171            protected void updatePassword(
172                            HttpServletRequest request, HttpServletResponse response,
173                            ThemeDisplay themeDisplay, Ticket ticket)
174                    throws Exception {
175    
176                    AuthTokenUtil.checkCSRFToken(
177                            request, UpdatePasswordAction.class.getName());
178    
179                    long userId = 0;
180    
181                    if (ticket != null) {
182                            userId = ticket.getClassPK();
183                    }
184                    else {
185                            userId = themeDisplay.getUserId();
186                    }
187    
188                    String password1 = request.getParameter("password1");
189                    String password2 = request.getParameter("password2");
190                    boolean passwordReset = false;
191    
192                    boolean previousValidate = PwdToolkitUtilThreadLocal.isValidate();
193    
194                    try {
195                            boolean currentValidate = isValidatePassword(request);
196    
197                            PwdToolkitUtilThreadLocal.setValidate(currentValidate);
198    
199                            UserLocalServiceUtil.updatePassword(
200                                    userId, password1, password2, passwordReset);
201                    }
202                    finally {
203                            PwdToolkitUtilThreadLocal.setValidate(previousValidate);
204                    }
205    
206                    if (ticket != null) {
207                            TicketLocalServiceUtil.deleteTicket(ticket);
208    
209                            User user = UserLocalServiceUtil.getUser(userId);
210    
211                            Company company = CompanyLocalServiceUtil.getCompanyById(
212                                    user.getCompanyId());
213    
214                            String login = null;
215    
216                            String authType = company.getAuthType();
217    
218                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
219                                    login = user.getEmailAddress();
220                            }
221                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
222                                    login = user.getScreenName();
223                            }
224                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
225                                    login = String.valueOf(userId);
226                            }
227    
228                            LoginUtil.login(request, response, login, password1, false, null);
229    
230                            UserLocalServiceUtil.updatePasswordReset(userId, false);
231                    }
232                    else if (PropsValues.SESSION_STORE_PASSWORD) {
233                            HttpSession session = request.getSession();
234    
235                            session.setAttribute(WebKeys.USER_PASSWORD, password1);
236                    }
237            }
238    
239    }