001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.UserLockoutException;
019 import com.liferay.portal.UserPasswordException;
020 import com.liferay.portal.kernel.servlet.SessionErrors;
021 import com.liferay.portal.kernel.util.Constants;
022 import com.liferay.portal.kernel.util.ParamUtil;
023 import com.liferay.portal.kernel.util.Validator;
024 import com.liferay.portal.model.Company;
025 import com.liferay.portal.model.CompanyConstants;
026 import com.liferay.portal.model.Ticket;
027 import com.liferay.portal.model.User;
028 import com.liferay.portal.security.auth.AuthTokenUtil;
029 import com.liferay.portal.security.auth.PrincipalException;
030 import com.liferay.portal.service.CompanyLocalServiceUtil;
031 import com.liferay.portal.service.TicketLocalServiceUtil;
032 import com.liferay.portal.service.UserLocalServiceUtil;
033 import com.liferay.portal.struts.ActionConstants;
034 import com.liferay.portal.theme.ThemeDisplay;
035 import com.liferay.portal.util.PortalUtil;
036 import com.liferay.portal.util.PortletKeys;
037 import com.liferay.portal.util.PropsValues;
038 import com.liferay.portal.util.WebKeys;
039 import com.liferay.portlet.PortletURLImpl;
040 import com.liferay.portlet.login.util.LoginUtil;
041
042 import javax.portlet.PortletRequest;
043 import javax.portlet.PortletURL;
044
045 import javax.servlet.http.HttpServletRequest;
046 import javax.servlet.http.HttpServletResponse;
047 import javax.servlet.http.HttpSession;
048
049 import org.apache.struts.action.Action;
050 import org.apache.struts.action.ActionForm;
051 import org.apache.struts.action.ActionForward;
052 import org.apache.struts.action.ActionMapping;
053
054
058 public class UpdatePasswordAction extends Action {
059
060 @Override
061 public ActionForward execute(
062 ActionMapping mapping, ActionForm form, HttpServletRequest request,
063 HttpServletResponse response)
064 throws Exception {
065
066 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
067 WebKeys.THEME_DISPLAY);
068
069 Ticket ticket = getTicket(request);
070
071 if (!themeDisplay.isSignedIn() && (ticket == null)) {
072 return mapping.findForward(ActionConstants.COMMON_REFERER);
073 }
074
075 String cmd = ParamUtil.getString(request, Constants.CMD);
076
077 if (Validator.isNull(cmd)) {
078 if (ticket != null) {
079 User user = UserLocalServiceUtil.getUser(ticket.getClassPK());
080
081 try {
082 UserLocalServiceUtil.checkLockout(user);
083 }
084 catch (UserLockoutException ule) {
085 SessionErrors.add(request, ule.getClass().getName());
086 }
087 }
088
089 return mapping.findForward("portal.update_password");
090 }
091
092 try {
093 updatePassword(request, response, themeDisplay, ticket);
094
095 PortletURL portletURL = new PortletURLImpl(
096 request, PortletKeys.LOGIN, themeDisplay.getPlid(),
097 PortletRequest.RENDER_PHASE);
098
099 response.sendRedirect(portletURL.toString());
100
101 return null;
102 }
103 catch (Exception e) {
104 if (e instanceof UserPasswordException) {
105 SessionErrors.add(request, e.getClass().getName(), e);
106
107 return mapping.findForward("portal.update_password");
108 }
109 else if (e instanceof NoSuchUserException ||
110 e instanceof PrincipalException) {
111
112 SessionErrors.add(request, e.getClass().getName());
113
114 return mapping.findForward("portal.error");
115 }
116 else {
117 PortalUtil.sendError(e, request, response);
118
119 return null;
120 }
121 }
122 }
123
124 protected Ticket getTicket(HttpServletRequest request) {
125 String ticketKey = ParamUtil.getString(request, "ticketKey");
126
127 if (Validator.isNull(ticketKey)) {
128 return null;
129 }
130
131 try {
132 Ticket ticket = TicketLocalServiceUtil.getTicket(ticketKey);
133
134 if (!ticket.isExpired()) {
135 return ticket;
136 }
137 else {
138 TicketLocalServiceUtil.deleteTicket(ticket);
139 }
140 }
141 catch (Exception e) {
142 }
143
144 return null;
145 }
146
147 protected void updatePassword(
148 HttpServletRequest request, HttpServletResponse response,
149 ThemeDisplay themeDisplay, Ticket ticket)
150 throws Exception {
151
152 AuthTokenUtil.check(request);
153
154 long userId = 0;
155
156 if (ticket != null) {
157 userId = ticket.getClassPK();
158 }
159 else {
160 userId = themeDisplay.getUserId();
161 }
162
163 String password1 = request.getParameter("password1");
164 String password2 = request.getParameter("password2");
165 boolean passwordReset = false;
166
167 UserLocalServiceUtil.updatePassword(
168 userId, password1, password2, passwordReset);
169
170 if (ticket != null) {
171 TicketLocalServiceUtil.deleteTicket(ticket);
172
173 User user = UserLocalServiceUtil.getUser(userId);
174
175 Company company = CompanyLocalServiceUtil.getCompanyById(
176 user.getCompanyId());
177
178 String login = null;
179
180 String authType = company.getAuthType();
181
182 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
183 login = user.getEmailAddress();
184 }
185 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
186 login = user.getScreenName();
187 }
188 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
189 login = String.valueOf(userId);
190 }
191
192 LoginUtil.login(request, response, login, password1, false, null);
193 }
194 else if (PropsValues.SESSION_STORE_PASSWORD) {
195 HttpSession session = request.getSession();
196
197 session.setAttribute(WebKeys.USER_PASSWORD, password1);
198 }
199 }
200
201 }