001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.UserLockoutException;
019    import com.liferay.portal.UserPasswordException;
020    import com.liferay.portal.kernel.servlet.SessionErrors;
021    import com.liferay.portal.kernel.util.Constants;
022    import com.liferay.portal.kernel.util.ParamUtil;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.model.Company;
025    import com.liferay.portal.model.CompanyConstants;
026    import com.liferay.portal.model.Ticket;
027    import com.liferay.portal.model.User;
028    import com.liferay.portal.security.auth.AuthTokenUtil;
029    import com.liferay.portal.security.auth.PrincipalException;
030    import com.liferay.portal.service.CompanyLocalServiceUtil;
031    import com.liferay.portal.service.TicketLocalServiceUtil;
032    import com.liferay.portal.service.UserLocalServiceUtil;
033    import com.liferay.portal.struts.ActionConstants;
034    import com.liferay.portal.theme.ThemeDisplay;
035    import com.liferay.portal.util.PortalUtil;
036    import com.liferay.portal.util.PortletKeys;
037    import com.liferay.portal.util.PropsValues;
038    import com.liferay.portal.util.WebKeys;
039    import com.liferay.portlet.PortletURLImpl;
040    import com.liferay.portlet.login.util.LoginUtil;
041    
042    import javax.portlet.PortletRequest;
043    import javax.portlet.PortletURL;
044    
045    import javax.servlet.http.HttpServletRequest;
046    import javax.servlet.http.HttpServletResponse;
047    import javax.servlet.http.HttpSession;
048    
049    import org.apache.struts.action.Action;
050    import org.apache.struts.action.ActionForm;
051    import org.apache.struts.action.ActionForward;
052    import org.apache.struts.action.ActionMapping;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Mika Koivisto
057     */
058    public class UpdatePasswordAction extends Action {
059    
060            @Override
061            public ActionForward execute(
062                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
063                            HttpServletResponse response)
064                    throws Exception {
065    
066                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
067                            WebKeys.THEME_DISPLAY);
068    
069                    Ticket ticket = getTicket(request);
070    
071                    if (!themeDisplay.isSignedIn() && (ticket == null)) {
072                            return mapping.findForward(ActionConstants.COMMON_REFERER);
073                    }
074    
075                    String cmd = ParamUtil.getString(request, Constants.CMD);
076    
077                    if (Validator.isNull(cmd)) {
078                            if (ticket != null) {
079                                    User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
080    
081                                    try {
082                                            UserLocalServiceUtil.checkLockout(user);
083                                    }
084                                    catch (UserLockoutException ule) {
085                                            SessionErrors.add(request, ule.getClass().getName());
086                                    }
087                            }
088    
089                            return mapping.findForward("portal.update_password");
090                    }
091    
092                    try {
093                            updatePassword(request, response, themeDisplay, ticket);
094    
095                            PortletURL portletURL = new PortletURLImpl(
096                                    request, PortletKeys.LOGIN, themeDisplay.getPlid(),
097                                    PortletRequest.RENDER_PHASE);
098    
099                            response.sendRedirect(portletURL.toString());
100    
101                            return null;
102                    }
103                    catch (Exception e) {
104                            if (e instanceof UserPasswordException) {
105                                    SessionErrors.add(request, e.getClass().getName(), e);
106    
107                                    return mapping.findForward("portal.update_password");
108                            }
109                            else if (e instanceof NoSuchUserException ||
110                                             e instanceof PrincipalException) {
111    
112                                    SessionErrors.add(request, e.getClass().getName());
113    
114                                    return mapping.findForward("portal.error");
115                            }
116                            else {
117                                    PortalUtil.sendError(e, request, response);
118    
119                                    return null;
120                            }
121                    }
122            }
123    
124            protected Ticket getTicket(HttpServletRequest request) {
125                    String ticketKey = ParamUtil.getString(request, "ticketKey");
126    
127                    if (Validator.isNull(ticketKey)) {
128                            return null;
129                    }
130    
131                    try {
132                            Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
133    
134                            if (!ticket.isExpired()) {
135                                    return ticket;
136                            }
137                            else {
138                                    TicketLocalServiceUtil.deleteTicket(ticket);
139                            }
140                    }
141                    catch (Exception e) {
142                    }
143    
144                    return null;
145            }
146    
147            protected void updatePassword(
148                            HttpServletRequest request, HttpServletResponse response,
149                            ThemeDisplay themeDisplay, Ticket ticket)
150                    throws Exception {
151    
152                    AuthTokenUtil.check(request);
153    
154                    long userId = 0;
155    
156                    if (ticket != null) {
157                            userId = ticket.getClassPK();
158                    }
159                    else {
160                            userId = themeDisplay.getUserId();
161                    }
162    
163                    String password1 = request.getParameter("password1");
164                    String password2 = request.getParameter("password2");
165                    boolean passwordReset = false;
166    
167                    UserLocalServiceUtil.updatePassword(
168                            userId, password1, password2, passwordReset);
169    
170                    if (ticket != null) {
171                            TicketLocalServiceUtil.deleteTicket(ticket);
172    
173                            User user = UserLocalServiceUtil.getUser(userId);
174    
175                            Company company = CompanyLocalServiceUtil.getCompanyById(
176                                    user.getCompanyId());
177    
178                            String login = null;
179    
180                            String authType = company.getAuthType();
181    
182                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
183                                    login = user.getEmailAddress();
184                            }
185                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
186                                    login = user.getScreenName();
187                            }
188                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
189                                    login = String.valueOf(userId);
190                            }
191    
192                            LoginUtil.login(request, response, login, password1, false, null);
193                    }
194                    else if (PropsValues.SESSION_STORE_PASSWORD) {
195                            HttpSession session = request.getSession();
196    
197                            session.setAttribute(WebKeys.USER_PASSWORD, password1);
198                    }
199            }
200    
201    }