1
14
15 package com.liferay.portal.action;
16
17 import com.liferay.portal.NoSuchUserException;
18 import com.liferay.portal.UserPasswordException;
19 import com.liferay.portal.kernel.servlet.SessionErrors;
20 import com.liferay.portal.kernel.util.Constants;
21 import com.liferay.portal.kernel.util.ParamUtil;
22 import com.liferay.portal.kernel.util.Validator;
23 import com.liferay.portal.model.Company;
24 import com.liferay.portal.model.CompanyConstants;
25 import com.liferay.portal.model.Ticket;
26 import com.liferay.portal.model.User;
27 import com.liferay.portal.security.auth.AuthTokenUtil;
28 import com.liferay.portal.security.auth.PrincipalException;
29 import com.liferay.portal.service.CompanyLocalServiceUtil;
30 import com.liferay.portal.service.TicketLocalServiceUtil;
31 import com.liferay.portal.service.UserLocalServiceUtil;
32 import com.liferay.portal.struts.ActionConstants;
33 import com.liferay.portal.theme.ThemeDisplay;
34 import com.liferay.portal.util.PortalUtil;
35 import com.liferay.portal.util.WebKeys;
36 import com.liferay.portlet.login.util.LoginUtil;
37
38 import javax.servlet.http.HttpServletRequest;
39 import javax.servlet.http.HttpServletResponse;
40 import javax.servlet.http.HttpSession;
41
42 import org.apache.struts.action.Action;
43 import org.apache.struts.action.ActionForm;
44 import org.apache.struts.action.ActionForward;
45 import org.apache.struts.action.ActionMapping;
46
47
53 public class UpdatePasswordAction extends Action {
54
55 public ActionForward execute(
56 ActionMapping mapping, ActionForm form, HttpServletRequest request,
57 HttpServletResponse response)
58 throws Exception {
59
60 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
61 WebKeys.THEME_DISPLAY);
62
63 Ticket ticket = getTicket(request);
64
65 if (!themeDisplay.isSignedIn() && (ticket == null)) {
66 return mapping.findForward(ActionConstants.COMMON_REFERER);
67 }
68
69 String cmd = ParamUtil.getString(request, Constants.CMD);
70
71 if (Validator.isNull(cmd)) {
72 return mapping.findForward("portal.update_password");
73 }
74
75 try {
76 updatePassword(request, response, themeDisplay, ticket);
77
78 return mapping.findForward(ActionConstants.COMMON_REFERER);
79 }
80 catch (Exception e) {
81 if (e instanceof UserPasswordException) {
82 SessionErrors.add(request, e.getClass().getName(), e);
83
84 return mapping.findForward("portal.update_password");
85 }
86 else if (e instanceof NoSuchUserException ||
87 e instanceof PrincipalException) {
88
89 SessionErrors.add(request, e.getClass().getName());
90
91 return mapping.findForward("portal.error");
92 }
93 else {
94 PortalUtil.sendError(e, request, response);
95
96 return null;
97 }
98 }
99 }
100
101 protected Ticket getTicket(HttpServletRequest request) {
102 String token = ParamUtil.getString(request, "ticket");
103
104 if (Validator.isNull(token)) {
105 return null;
106 }
107
108 try {
109 Ticket ticket = TicketLocalServiceUtil.getTicket(token);
110
111 if (!ticket.isExpired()) {
112 return ticket;
113 }
114 else {
115 TicketLocalServiceUtil.deleteTicket(ticket);
116 }
117 }
118 catch (Exception e) {
119 }
120
121 return null;
122 }
123
124 protected void updatePassword(
125 HttpServletRequest request, HttpServletResponse response,
126 ThemeDisplay themeDisplay, Ticket ticket)
127 throws Exception {
128
129 AuthTokenUtil.check(request);
130
131 long userId = 0;
132
133 if (ticket != null) {
134 userId = ticket.getClassPK();
135 }
136 else {
137 userId = themeDisplay.getUserId();
138 }
139
140 String password1 = ParamUtil.getString(request, "password1");
141 String password2 = ParamUtil.getString(request, "password2");
142 boolean passwordReset = false;
143
144 UserLocalServiceUtil.updatePassword(
145 userId, password1, password2, passwordReset);
146
147 if (ticket != null) {
148 TicketLocalServiceUtil.deleteTicket(ticket);
149
150 User user = UserLocalServiceUtil.getUser(userId);
151
152 Company company = CompanyLocalServiceUtil.getCompanyById(
153 user.getCompanyId());
154
155 String login = null;
156
157 String authType = company.getAuthType();
158
159 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
160 login = user.getEmailAddress();
161 }
162 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
163 login = user.getScreenName();
164 }
165 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
166 login = String.valueOf(userId);
167 }
168
169 LoginUtil.login(request, response, login, password1, false, null);
170 }
171 else {
172 HttpSession session = request.getSession();
173
174 session.setAttribute(WebKeys.USER_PASSWORD, password1);
175 }
176 }
177
178 }