source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.struts2.action;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.redback.users.User;
  23 import org.apache.archiva.redback.users.UserNotFoundException;
  24 import org.apache.archiva.redback.policy.PasswordEncoder;
  25 import org.apache.archiva.redback.policy.PasswordRuleViolationException;
  26 import org.apache.archiva.redback.system.DefaultSecuritySession;
  27 import org.apache.archiva.redback.system.SecuritySession;
  28 import org.apache.archiva.redback.system.SecuritySystemConstants;
  29 import org.apache.archiva.redback.users.UserManager;
  30 import org.codehaus.plexus.util.StringUtils;
  31 import org.apache.archiva.redback.integration.interceptor.SecureActionBundle;
  32 import org.apache.archiva.redback.integration.interceptor.SecureActionException;
  33 import org.apache.archiva.redback.integration.model.EditUserCredentials;
  34 import org.springframework.context.annotation.Scope;
  35 import org.springframework.stereotype.Controller;
  36
  37 import java.util.Arrays;
  38
  39 /**
  40  * AccountAction
  41  *
  42  * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
  43  *
  44  */
  45 @Controller( "redback-account" )
  46 @Scope( "prototype" )
  47 public class AccountAction
  48     extends AbstractUserCredentialsAction
  49     implements CancellableAction
  50 {
  51     private static final String ACCOUNT_SUCCESS = "security-account-success";
  52
  53     // ------------------------------------------------------------------
  54     // Action Parameters
  55     // ------------------------------------------------------------------
  56
  57     private EditUserCredentials user;
  58
  59     private String oldPassword;
  60
  61     // ------------------------------------------------------------------
  62     // Action Entry Points - (aka Names)
  63     // ------------------------------------------------------------------
  64
  65     public String show()
  66     {
  67         SecuritySession session = getSecuritySession();
  68
  69         if ( !session.isAuthenticated() )
  70         {
  71             addActionError( getText( "cannot.show.account.login.required" ) );
  72             return REQUIRES_AUTHENTICATION;
  73         }
  74
  75         String username = session.getUser().getUsername();
  76
  77         if ( username == null )
  78         {
  79             addActionError( getText( "cannot.edit.user.null.username" ) );
  80             return ERROR;
  81         }
  82
  83         if ( StringUtils.isEmpty( username ) )
  84         {
  85             addActionError( getText( "cannot.edit.user.empty.username" ) );
  86             return ERROR;
  87         }
  88
  89         UserManager manager = super.securitySystem.getUserManager();
  90
  91         if ( !manager.userExists( username ) )
  92         {
  93             // Means that the role name doesn't exist.
  94             // We need to fail fast and return to the previous page.
  95             addActionError( getText( "user.does.not.exist", Arrays.asList( (Object) username ) ) );
  96             return ERROR;
  97         }
  98
  99         internalUser = user;
 100
 101         try
 102         {
 103             User u = manager.findUser( username );
 104             if ( u == null )
 105             {
 106                 addActionError( getText( "cannot.operate.on.null.user" ) );
 107                 return ERROR;
 108             }
 109
 110             user = new EditUserCredentials( u );
 111         }
 112         catch ( UserNotFoundException e )
 113         {
 114             addActionError( getText( "cannot.get.user", Arrays.asList( (Object) username, e.getMessage() ) ) );
 115             return ERROR;
 116         }
 117
 118         return INPUT;
 119     }
 120
 121     public String submit()
 122     {
 123         SecuritySession session = getSecuritySession();
 124
 125         if ( !session.isAuthenticated() )
 126         {
 127             addActionError( getText( "cannot.show.account.login.required" ) );
 128             return REQUIRES_AUTHENTICATION;
 129         }
 130
 131         String username = session.getUser().getUsername();
 132
 133         if ( username == null )
 134         {
 135             addActionError( getText( "cannot.edit.user.null.username" ) );
 136             return ERROR;
 137         }
 138
 139         if ( StringUtils.isEmpty( username ) )
 140         {
 141             addActionError( getText( "cannot.edit.user.empty.username" ) );
 142             return ERROR;
 143         }
 144
 145         if ( user == null )
 146         {
 147             addActionError( getText( "cannot.edit.user.null.credentials" ) );
 148             return ERROR;
 149         }
 150
 151         if ( !user.getPassword().equals( user.getConfirmPassword() ) )
 152         {
 153             addFieldError( "user.confirmPassword", getText( "password.confimation.failed" ) );
 154             return ERROR;
 155         }
 156
 157         UserManager manager = super.securitySystem.getUserManager();
 158
 159         if ( !manager.userExists( username ) )
 160         {
 161             // Means that the role name doesn't exist.
 162             // We need to fail fast and return to the previous page.
 163             addActionError( getText( "user.does.not.exist", Arrays.asList( (Object) username ) ) );
 164             return ERROR;
 165         }
 166
 167         internalUser = user;
 168
 169         try
 170         {
 171             User u = manager.findUser( username );
 172             if ( u == null )
 173             {
 174                 addActionError( getText( "cannot.operate.on.null.user" ) );
 175                 return ERROR;
 176             }
 177
 178             if ( StringUtils.isNotEmpty( user.getPassword() ) )
 179             {
 180                 PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
 181
 182                 if ( !encoder.isPasswordValid( u.getEncodedPassword(), oldPassword ) )
 183                 {
 184                     addFieldError( "oldPassword", getText( "password.provided.does.not.match.existing" ) );
 185                     return ERROR;
 186                 }
 187
 188                 u.setPassword( user.getPassword() );
 189             }
 190
 191             u.setFullName( user.getFullName() );
 192             u.setEmail( user.getEmail() );
 193             u.setPassword( user.getPassword() );
 194
 195             manager.updateUser( u );
 196
 197             //check if current user then update the session
 198             if ( getSecuritySession().getUser().getUsername().equals( u.getUsername() ) )
 199             {
 200                 SecuritySession securitySession =
 201                     new DefaultSecuritySession( getSecuritySession().getAuthenticationResult(), u );
 202
 203                 this.session.put( SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession );
 204
 205                 setSession( this.session );
 206             }
 207         }
 208         catch ( UserNotFoundException e )
 209         {
 210             addActionError( getText( "cannot.get.user", Arrays.asList( (Object) username, e.getMessage() ) ) );
 211             return ERROR;
 212         }
 213         catch ( PasswordRuleViolationException e )
 214         {
 215             processPasswordRuleViolations( e );
 216             return ERROR;
 217         }
 218
 219         return ACCOUNT_SUCCESS;
 220     }
 221
 222     public String cancel()
 223     {
 224         return CANCEL;
 225     }
 226
 227     // ------------------------------------------------------------------
 228     // Parameter Accessor Methods
 229     // ------------------------------------------------------------------
 230
 231     public EditUserCredentials getUser()
 232     {
 233         return user;
 234     }
 235
 236     public void setUser( EditUserCredentials user )
 237     {
 238         this.user = user;
 239     }
 240
 241     public SecureActionBundle initSecureActionBundle()
 242         throws SecureActionException
 243     {
 244         SecureActionBundle bundle = new SecureActionBundle();
 245         bundle.setRequiresAuthentication( true );
 246         return bundle;
 247     }
 248
 249     public void setOldPassword( String oldPassword )
 250     {
 251         this.oldPassword = oldPassword;
 252     }
 253
 254     public boolean isSelf()
 255     {
 256         return true;
 257     }
 258 }