001
014
015 package com.liferay.portal.action;
016
017 import com.liferay.portal.NoSuchUserException;
018 import com.liferay.portal.UserPasswordException;
019 import com.liferay.portal.kernel.servlet.SessionErrors;
020 import com.liferay.portal.kernel.util.Constants;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Company;
024 import com.liferay.portal.model.CompanyConstants;
025 import com.liferay.portal.model.Ticket;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.AuthTokenUtil;
028 import com.liferay.portal.security.auth.PrincipalException;
029 import com.liferay.portal.service.CompanyLocalServiceUtil;
030 import com.liferay.portal.service.TicketLocalServiceUtil;
031 import com.liferay.portal.service.UserLocalServiceUtil;
032 import com.liferay.portal.struts.ActionConstants;
033 import com.liferay.portal.theme.ThemeDisplay;
034 import com.liferay.portal.util.PortalUtil;
035 import com.liferay.portal.util.PortletKeys;
036 import com.liferay.portal.util.PropsValues;
037 import com.liferay.portal.util.WebKeys;
038 import com.liferay.portlet.PortletURLImpl;
039 import com.liferay.portlet.login.util.LoginUtil;
040
041 import javax.portlet.PortletRequest;
042 import javax.portlet.PortletURL;
043
044 import javax.servlet.http.HttpServletRequest;
045 import javax.servlet.http.HttpServletResponse;
046 import javax.servlet.http.HttpSession;
047
048 import org.apache.struts.action.Action;
049 import org.apache.struts.action.ActionForm;
050 import org.apache.struts.action.ActionForward;
051 import org.apache.struts.action.ActionMapping;
052
053
057 public class UpdatePasswordAction extends Action {
058
059 public ActionForward execute(
060 ActionMapping mapping, ActionForm form, HttpServletRequest request,
061 HttpServletResponse response)
062 throws Exception {
063
064 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
065 WebKeys.THEME_DISPLAY);
066
067 Ticket ticket = getTicket(request);
068
069 if (!themeDisplay.isSignedIn() && (ticket == null)) {
070 return mapping.findForward(ActionConstants.COMMON_REFERER);
071 }
072
073 String cmd = ParamUtil.getString(request, Constants.CMD);
074
075 if (Validator.isNull(cmd)) {
076 return mapping.findForward("portal.update_password");
077 }
078
079 try {
080 updatePassword(request, response, themeDisplay, ticket);
081
082 PortletURL portletURL = new PortletURLImpl(
083 request, PortletKeys.LOGIN, themeDisplay.getPlid(),
084 PortletRequest.RENDER_PHASE);
085
086 response.sendRedirect(portletURL.toString());
087
088 return null;
089 }
090 catch (Exception e) {
091 if (e instanceof UserPasswordException) {
092 SessionErrors.add(request, e.getClass().getName(), e);
093
094 return mapping.findForward("portal.update_password");
095 }
096 else if (e instanceof NoSuchUserException ||
097 e instanceof PrincipalException) {
098
099 SessionErrors.add(request, e.getClass().getName());
100
101 return mapping.findForward("portal.error");
102 }
103 else {
104 PortalUtil.sendError(e, request, response);
105
106 return null;
107 }
108 }
109 }
110
111 protected Ticket getTicket(HttpServletRequest request) {
112 String token = ParamUtil.getString(request, "ticket");
113
114 if (Validator.isNull(token)) {
115 return null;
116 }
117
118 try {
119 Ticket ticket = TicketLocalServiceUtil.getTicket(token);
120
121 if (!ticket.isExpired()) {
122 return ticket;
123 }
124 else {
125 TicketLocalServiceUtil.deleteTicket(ticket);
126 }
127 }
128 catch (Exception e) {
129 }
130
131 return null;
132 }
133
134 protected void updatePassword(
135 HttpServletRequest request, HttpServletResponse response,
136 ThemeDisplay themeDisplay, Ticket ticket)
137 throws Exception {
138
139 AuthTokenUtil.check(request);
140
141 long userId = 0;
142
143 if (ticket != null) {
144 userId = ticket.getClassPK();
145 }
146 else {
147 userId = themeDisplay.getUserId();
148 }
149
150 String password1 = ParamUtil.getString(request, "password1");
151 String password2 = ParamUtil.getString(request, "password2");
152 boolean passwordReset = false;
153
154 UserLocalServiceUtil.updatePassword(
155 userId, password1, password2, passwordReset);
156
157 if (ticket != null) {
158 TicketLocalServiceUtil.deleteTicket(ticket);
159
160 User user = UserLocalServiceUtil.getUser(userId);
161
162 Company company = CompanyLocalServiceUtil.getCompanyById(
163 user.getCompanyId());
164
165 String login = null;
166
167 String authType = company.getAuthType();
168
169 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
170 login = user.getEmailAddress();
171 }
172 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
173 login = user.getScreenName();
174 }
175 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
176 login = String.valueOf(userId);
177 }
178
179 LoginUtil.login(request, response, login, password1, false, null);
180 }
181 else if (PropsValues.SESSION_STORE_PASSWORD) {
182 HttpSession session = request.getSession();
183
184 session.setAttribute(WebKeys.USER_PASSWORD, password1);
185 }
186 }
187
188 }