001
014
015 package com.liferay.portlet.login.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.RequiredReminderQueryException;
019 import com.liferay.portal.SendPasswordException;
020 import com.liferay.portal.UserActiveException;
021 import com.liferay.portal.UserEmailAddressException;
022 import com.liferay.portal.UserLockoutException;
023 import com.liferay.portal.UserReminderQueryException;
024 import com.liferay.portal.kernel.captcha.CaptchaException;
025 import com.liferay.portal.kernel.captcha.CaptchaTextException;
026 import com.liferay.portal.kernel.captcha.CaptchaUtil;
027 import com.liferay.portal.kernel.language.LanguageUtil;
028 import com.liferay.portal.kernel.servlet.SessionErrors;
029 import com.liferay.portal.kernel.util.ParamUtil;
030 import com.liferay.portal.kernel.util.Validator;
031 import com.liferay.portal.model.Company;
032 import com.liferay.portal.model.User;
033 import com.liferay.portal.security.auth.PrincipalException;
034 import com.liferay.portal.service.UserLocalServiceUtil;
035 import com.liferay.portal.struts.PortletAction;
036 import com.liferay.portal.theme.ThemeDisplay;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PropsValues;
039 import com.liferay.portal.util.WebKeys;
040 import com.liferay.portlet.login.util.LoginUtil;
041
042 import javax.portlet.ActionRequest;
043 import javax.portlet.ActionResponse;
044 import javax.portlet.PortletConfig;
045 import javax.portlet.PortletPreferences;
046 import javax.portlet.PortletSession;
047 import javax.portlet.RenderRequest;
048 import javax.portlet.RenderResponse;
049
050 import org.apache.struts.action.ActionForm;
051 import org.apache.struts.action.ActionForward;
052 import org.apache.struts.action.ActionMapping;
053
054
058 public class ForgotPasswordAction extends PortletAction {
059
060 @Override
061 public void processAction(
062 ActionMapping actionMapping, ActionForm actionForm,
063 PortletConfig portletConfig, ActionRequest actionRequest,
064 ActionResponse actionResponse)
065 throws Exception {
066
067 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
068 WebKeys.THEME_DISPLAY);
069
070 Company company = themeDisplay.getCompany();
071
072 if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
073 throw new PrincipalException();
074 }
075
076 try {
077 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
078 checkReminderQueries(actionRequest, actionResponse);
079 }
080 else {
081 checkCaptcha(actionRequest);
082
083 sendPassword(actionRequest, actionResponse);
084 }
085 }
086 catch (Exception e) {
087 if (e instanceof CaptchaTextException ||
088 e instanceof NoSuchUserException ||
089 e instanceof RequiredReminderQueryException ||
090 e instanceof SendPasswordException ||
091 e instanceof UserActiveException ||
092 e instanceof UserEmailAddressException ||
093 e instanceof UserLockoutException ||
094 e instanceof UserReminderQueryException) {
095
096 SessionErrors.add(actionRequest, e.getClass());
097 }
098 else {
099 PortalUtil.sendError(e, actionRequest, actionResponse);
100 }
101 }
102 }
103
104 @Override
105 public ActionForward render(
106 ActionMapping actionMapping, ActionForm actionForm,
107 PortletConfig portletConfig, RenderRequest renderRequest,
108 RenderResponse renderResponse)
109 throws Exception {
110
111 ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
112 WebKeys.THEME_DISPLAY);
113
114 Company company = themeDisplay.getCompany();
115
116 if (!company.isSendPassword() && !company.isSendPasswordResetLink()) {
117 return actionMapping.findForward("portlet.login.login");
118 }
119
120 renderResponse.setTitle(themeDisplay.translate("forgot-password"));
121
122 return actionMapping.findForward("portlet.login.forgot_password");
123 }
124
125 protected void checkCaptcha(ActionRequest actionRequest)
126 throws CaptchaException {
127
128 if (PropsValues.CAPTCHA_CHECK_PORTAL_SEND_PASSWORD) {
129 CaptchaUtil.check(actionRequest);
130 }
131 }
132
133 protected void checkReminderQueries(
134 ActionRequest actionRequest, ActionResponse actionResponse)
135 throws Exception {
136
137 PortletSession portletSession = actionRequest.getPortletSession();
138
139 int step = ParamUtil.getInteger(actionRequest, "step");
140
141 if (step == 1) {
142 checkCaptcha(actionRequest);
143
144 portletSession.removeAttribute(
145 WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
146 portletSession.removeAttribute(
147 WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
148 }
149
150 User user = getUser(actionRequest);
151
152 portletSession.setAttribute(
153 WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS,
154 user.getEmailAddress());
155
156 actionRequest.setAttribute(WebKeys.FORGOT_PASSWORD_REMINDER_USER, user);
157
158 if (step == 2) {
159 Integer reminderAttempts = (Integer)portletSession.getAttribute(
160 WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS);
161
162 if (reminderAttempts == null) {
163 reminderAttempts = 0;
164 }
165 else if (reminderAttempts > 2) {
166 checkCaptcha(actionRequest);
167 }
168
169 reminderAttempts++;
170
171 portletSession.setAttribute(
172 WebKeys.FORGOT_PASSWORD_REMINDER_ATTEMPTS, reminderAttempts);
173
174 sendPassword(actionRequest, actionResponse);
175 }
176 }
177
178 protected User getUser(ActionRequest actionRequest) throws Exception {
179 PortletSession portletSession = actionRequest.getPortletSession();
180
181 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
182 WebKeys.THEME_DISPLAY);
183
184 String sessionEmailAddress = (String)portletSession.getAttribute(
185 WebKeys.FORGOT_PASSWORD_REMINDER_USER_EMAIL_ADDRESS);
186
187 User user = null;
188
189 if (Validator.isNotNull(sessionEmailAddress)) {
190 user = UserLocalServiceUtil.getUserByEmailAddress(
191 themeDisplay.getCompanyId(), sessionEmailAddress);
192 }
193 else {
194 long userId = ParamUtil.getLong(actionRequest, "userId");
195 String screenName = ParamUtil.getString(
196 actionRequest, "screenName");
197 String emailAddress = ParamUtil.getString(
198 actionRequest, "emailAddress");
199
200 if (Validator.isNotNull(emailAddress)) {
201 user = UserLocalServiceUtil.getUserByEmailAddress(
202 themeDisplay.getCompanyId(), emailAddress);
203 }
204 else if (Validator.isNotNull(screenName)) {
205 user = UserLocalServiceUtil.getUserByScreenName(
206 themeDisplay.getCompanyId(), screenName);
207 }
208 else if (userId > 0) {
209 user = UserLocalServiceUtil.getUserById(userId);
210 }
211 else {
212 throw new NoSuchUserException();
213 }
214 }
215
216 if (!user.isActive()) {
217 throw new UserActiveException();
218 }
219
220 if (user.isLockout()) {
221 throw new UserLockoutException.PasswordPolicyLockout(
222 user, user.getPasswordPolicy());
223 }
224
225 return user;
226 }
227
228 @Override
229 protected boolean isCheckMethodOnProcessAction() {
230 return _CHECK_METHOD_ON_PROCESS_ACTION;
231 }
232
233 protected void sendPassword(
234 ActionRequest actionRequest, ActionResponse actionResponse)
235 throws Exception {
236
237 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
238 WebKeys.THEME_DISPLAY);
239
240 Company company = themeDisplay.getCompany();
241
242 User user = getUser(actionRequest);
243
244 if (PropsValues.USERS_REMINDER_QUERIES_ENABLED) {
245 if (PropsValues.USERS_REMINDER_QUERIES_REQUIRED &&
246 !user.hasReminderQuery()) {
247
248 throw new RequiredReminderQueryException(
249 "No reminder query or answer is defined for user " +
250 user.getUserId());
251 }
252
253 String answer = ParamUtil.getString(actionRequest, "answer");
254
255 if (!user.getReminderQueryAnswer().equals(answer)) {
256 throw new UserReminderQueryException();
257 }
258 }
259
260 PortletPreferences portletPreferences = actionRequest.getPreferences();
261
262 String languageId = LanguageUtil.getLanguageId(actionRequest);
263
264 String emailFromName = portletPreferences.getValue(
265 "emailFromName", null);
266 String emailFromAddress = portletPreferences.getValue(
267 "emailFromAddress", null);
268 String emailToAddress = user.getEmailAddress();
269
270 String emailParam = "emailPasswordSent";
271
272 if (company.isSendPasswordResetLink()) {
273 emailParam = "emailPasswordReset";
274 }
275
276 String subject = portletPreferences.getValue(
277 emailParam + "Subject_" + languageId, null);
278 String body = portletPreferences.getValue(
279 emailParam + "Body_" + languageId, null);
280
281 LoginUtil.sendPassword(
282 actionRequest, emailFromName, emailFromAddress, emailToAddress,
283 subject, body);
284
285 sendRedirect(actionRequest, actionResponse);
286 }
287
288 private static final boolean _CHECK_METHOD_ON_PROCESS_ACTION = false;
289
290 }