001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.action;
016    
017    import com.liferay.portal.NoSuchUserException;
018    import com.liferay.portal.UserPasswordException;
019    import com.liferay.portal.kernel.servlet.SessionErrors;
020    import com.liferay.portal.kernel.util.Constants;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.CompanyConstants;
025    import com.liferay.portal.model.Ticket;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.auth.AuthTokenUtil;
028    import com.liferay.portal.security.auth.PrincipalException;
029    import com.liferay.portal.service.CompanyLocalServiceUtil;
030    import com.liferay.portal.service.TicketLocalServiceUtil;
031    import com.liferay.portal.service.UserLocalServiceUtil;
032    import com.liferay.portal.struts.ActionConstants;
033    import com.liferay.portal.theme.ThemeDisplay;
034    import com.liferay.portal.util.PortalUtil;
035    import com.liferay.portal.util.PortletKeys;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portal.util.WebKeys;
038    import com.liferay.portlet.PortletURLImpl;
039    import com.liferay.portlet.login.util.LoginUtil;
040    
041    import javax.portlet.PortletRequest;
042    import javax.portlet.PortletURL;
043    
044    import javax.servlet.http.HttpServletRequest;
045    import javax.servlet.http.HttpServletResponse;
046    import javax.servlet.http.HttpSession;
047    
048    import org.apache.struts.action.Action;
049    import org.apache.struts.action.ActionForm;
050    import org.apache.struts.action.ActionForward;
051    import org.apache.struts.action.ActionMapping;
052    
053    /**
054     * @author Brian Wing Shun Chan
055     * @author Mika Koivisto
056     */
057    public class UpdatePasswordAction extends Action {
058    
059            public ActionForward execute(
060                            ActionMapping mapping, ActionForm form, HttpServletRequest request,
061                            HttpServletResponse response)
062                    throws Exception {
063    
064                    ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
065                            WebKeys.THEME_DISPLAY);
066    
067                    Ticket ticket = getTicket(request);
068    
069                    if (!themeDisplay.isSignedIn() && (ticket == null)) {
070                            return mapping.findForward(ActionConstants.COMMON_REFERER);
071                    }
072    
073                    String cmd = ParamUtil.getString(request, Constants.CMD);
074    
075                    if (Validator.isNull(cmd)) {
076                            return mapping.findForward("portal.update_password");
077                    }
078    
079                    try {
080                            updatePassword(request, response, themeDisplay, ticket);
081    
082                            PortletURL portletURL = new PortletURLImpl(
083                                    request, PortletKeys.LOGIN, themeDisplay.getPlid(),
084                                    PortletRequest.RENDER_PHASE);
085    
086                            response.sendRedirect(portletURL.toString());
087    
088                            return null;
089                    }
090                    catch (Exception e) {
091                            if (e instanceof UserPasswordException) {
092                                    SessionErrors.add(request, e.getClass().getName(), e);
093    
094                                    return mapping.findForward("portal.update_password");
095                            }
096                            else if (e instanceof NoSuchUserException ||
097                                             e instanceof PrincipalException) {
098    
099                                    SessionErrors.add(request, e.getClass().getName());
100    
101                                    return mapping.findForward("portal.error");
102                            }
103                            else {
104                                    PortalUtil.sendError(e, request, response);
105    
106                                    return null;
107                            }
108                    }
109            }
110    
111            protected Ticket getTicket(HttpServletRequest request) {
112                    String token = ParamUtil.getString(request, "ticket");
113    
114                    if (Validator.isNull(token)) {
115                            return null;
116                    }
117    
118                    try {
119                            Ticket ticket = TicketLocalServiceUtil.getTicket(token);
120    
121                            if (!ticket.isExpired()) {
122                                    return ticket;
123                            }
124                            else {
125                                    TicketLocalServiceUtil.deleteTicket(ticket);
126                            }
127                    }
128                    catch (Exception e) {
129                    }
130    
131                    return null;
132            }
133    
134            protected void updatePassword(
135                            HttpServletRequest request, HttpServletResponse response,
136                            ThemeDisplay themeDisplay, Ticket ticket)
137                    throws Exception {
138    
139                    AuthTokenUtil.check(request);
140    
141                    long userId = 0;
142    
143                    if (ticket != null) {
144                            userId = ticket.getClassPK();
145                    }
146                    else {
147                            userId = themeDisplay.getUserId();
148                    }
149    
150                    String password1 = ParamUtil.getString(request, "password1");
151                    String password2 = ParamUtil.getString(request, "password2");
152                    boolean passwordReset = false;
153    
154                    UserLocalServiceUtil.updatePassword(
155                            userId, password1, password2, passwordReset);
156    
157                    if (ticket != null) {
158                            TicketLocalServiceUtil.deleteTicket(ticket);
159    
160                            User user = UserLocalServiceUtil.getUser(userId);
161    
162                            Company company = CompanyLocalServiceUtil.getCompanyById(
163                                    user.getCompanyId());
164    
165                            String login = null;
166    
167                            String authType = company.getAuthType();
168    
169                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
170                                    login = user.getEmailAddress();
171                            }
172                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
173                                    login = user.getScreenName();
174                            }
175                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
176                                    login = String.valueOf(userId);
177                            }
178    
179                            LoginUtil.login(request, response, login, password1, false, null);
180                    }
181                    else if (PropsValues.SESSION_STORE_PASSWORD) {
182                            HttpSession session = request.getSession();
183    
184                            session.setAttribute(WebKeys.USER_PASSWORD, password1);
185                    }
186            }
187    
188    }