1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.action;
16  
17  import com.liferay.portal.NoSuchUserException;
18  import com.liferay.portal.UserPasswordException;
19  import com.liferay.portal.kernel.servlet.SessionErrors;
20  import com.liferay.portal.kernel.util.Constants;
21  import com.liferay.portal.kernel.util.ParamUtil;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.portal.model.Company;
24  import com.liferay.portal.model.CompanyConstants;
25  import com.liferay.portal.model.Ticket;
26  import com.liferay.portal.model.User;
27  import com.liferay.portal.security.auth.AuthTokenUtil;
28  import com.liferay.portal.security.auth.PrincipalException;
29  import com.liferay.portal.service.CompanyLocalServiceUtil;
30  import com.liferay.portal.service.TicketLocalServiceUtil;
31  import com.liferay.portal.service.UserLocalServiceUtil;
32  import com.liferay.portal.struts.ActionConstants;
33  import com.liferay.portal.theme.ThemeDisplay;
34  import com.liferay.portal.util.PortalUtil;
35  import com.liferay.portal.util.WebKeys;
36  import com.liferay.portlet.login.util.LoginUtil;
37  
38  import javax.servlet.http.HttpServletRequest;
39  import javax.servlet.http.HttpServletResponse;
40  import javax.servlet.http.HttpSession;
41  
42  import org.apache.struts.action.Action;
43  import org.apache.struts.action.ActionForm;
44  import org.apache.struts.action.ActionForward;
45  import org.apache.struts.action.ActionMapping;
46  
47  /**
48   * <a href="UpdatePasswordAction.java.html"><b><i>View Source</i></b></a>
49   *
50   * @author Brian Wing Shun Chan
51   * @author Mika Koivisto
52   */
53  public class UpdatePasswordAction extends Action {
54  
55      public ActionForward execute(
56              ActionMapping mapping, ActionForm form, HttpServletRequest request,
57              HttpServletResponse response)
58          throws Exception {
59  
60          ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
61              WebKeys.THEME_DISPLAY);
62  
63          Ticket ticket = getTicket(request);
64  
65          if (!themeDisplay.isSignedIn() && (ticket == null)) {
66              return mapping.findForward(ActionConstants.COMMON_REFERER);
67          }
68  
69          String cmd = ParamUtil.getString(request, Constants.CMD);
70  
71          if (Validator.isNull(cmd)) {
72              return mapping.findForward("portal.update_password");
73          }
74  
75          try {
76              updatePassword(request, response, themeDisplay, ticket);
77  
78              return mapping.findForward(ActionConstants.COMMON_REFERER);
79          }
80          catch (Exception e) {
81              if (e instanceof UserPasswordException) {
82                  SessionErrors.add(request, e.getClass().getName(), e);
83  
84                  return mapping.findForward("portal.update_password");
85              }
86              else if (e instanceof NoSuchUserException ||
87                       e instanceof PrincipalException) {
88  
89                  SessionErrors.add(request, e.getClass().getName());
90  
91                  return mapping.findForward("portal.error");
92              }
93              else {
94                  PortalUtil.sendError(e, request, response);
95  
96                  return null;
97              }
98          }
99      }
100 
101     protected Ticket getTicket(HttpServletRequest request) {
102         String token = ParamUtil.getString(request, "ticket");
103 
104         if (Validator.isNull(token)) {
105             return null;
106         }
107 
108         try {
109             Ticket ticket = TicketLocalServiceUtil.getTicket(token);
110 
111             if (!ticket.isExpired()) {
112                 return ticket;
113             }
114             else {
115                 TicketLocalServiceUtil.deleteTicket(ticket);
116             }
117         }
118         catch (Exception e) {
119         }
120 
121         return null;
122     }
123 
124     protected void updatePassword(
125             HttpServletRequest request, HttpServletResponse response,
126             ThemeDisplay themeDisplay, Ticket ticket)
127         throws Exception {
128 
129         AuthTokenUtil.check(request);
130 
131         long userId = 0;
132 
133         if (ticket != null) {
134             userId = ticket.getClassPK();
135         }
136         else {
137             userId = themeDisplay.getUserId();
138         }
139 
140         String password1 = ParamUtil.getString(request, "password1");
141         String password2 = ParamUtil.getString(request, "password2");
142         boolean passwordReset = false;
143 
144         UserLocalServiceUtil.updatePassword(
145             userId, password1, password2, passwordReset);
146 
147         if (ticket != null) {
148             TicketLocalServiceUtil.deleteTicket(ticket);
149 
150             User user = UserLocalServiceUtil.getUser(userId);
151 
152             Company company = CompanyLocalServiceUtil.getCompanyById(
153                 user.getCompanyId());
154 
155             String login = null;
156 
157             String authType = company.getAuthType();
158 
159             if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
160                 login = user.getEmailAddress();
161             }
162             else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
163                 login = user.getScreenName();
164             }
165             else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
166                 login = String.valueOf(userId);
167             }
168 
169             LoginUtil.login(request, response, login, password1, false, null);
170         }
171         else {
172             HttpSession session = request.getSession();
173 
174             session.setAttribute(WebKeys.USER_PASSWORD, password1);
175         }
176     }
177 
178 }