PageRenderTime 380ms CodeModel.GetById 132ms RepoModel.GetById 2ms app.codeStats 1ms

/projects/roller-5.0.1/weblogger-web/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java

https://gitlab.com/essere.lab.public/qualitas.class-corpus
Java | 426 lines | 255 code | 79 blank | 92 comment | 57 complexity | efbd2f3c662317a4ffa41a79f35036a0 MD5 | raw file
  1. /*
  2. * Licensed to the Apache Software Foundation (ASF) under one or more
  3. * contributor license agreements. The ASF licenses this file to You
  4. * under the Apache License, Version 2.0 (the "License"); you may not
  5. * use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License. For additional information regarding
  15. * copyright in this work, please see the NOTICE file in the top level
  16. * directory of this distribution.
  17. */
  18. package org.apache.roller.weblogger.ui.struts2.core;
  19. import java.util.TimeZone;
  20. import java.util.UUID;
  21. import javax.servlet.http.HttpServletRequest;
  22. import org.apache.commons.lang.CharSetUtils;
  23. import org.apache.commons.lang.StringUtils;
  24. import org.apache.commons.logging.Log;
  25. import org.apache.commons.logging.LogFactory;
  26. import org.apache.roller.weblogger.WebloggerException;
  27. import org.apache.roller.weblogger.business.WebloggerFactory;
  28. import org.apache.roller.weblogger.business.UserManager;
  29. import org.apache.roller.weblogger.config.WebloggerConfig;
  30. import org.apache.roller.weblogger.config.WebloggerRuntimeConfig;
  31. import org.apache.roller.weblogger.pojos.User;
  32. import org.apache.roller.weblogger.pojos.UserAttribute;
  33. import org.apache.roller.weblogger.ui.core.security.CustomUserRegistry;
  34. import org.apache.roller.weblogger.ui.struts2.util.UIAction;
  35. import org.apache.roller.weblogger.util.MailUtil;
  36. import org.apache.struts2.interceptor.ServletRequestAware;
  37. import org.apache.struts2.interceptor.validation.SkipValidation;
  38. //import org.springframework.security.userdetails.openid.OpenIDUserAttribute;
  39. /**
  40. * Actions for registering a new user.
  41. */
  42. public class Register extends UIAction implements ServletRequestAware {
  43. private static Log log = LogFactory.getLog(Register.class);
  44. public static String DEFAULT_ALLOWED_CHARS = "A-Za-z0-9";
  45. // this is a no-no, we should not need this
  46. private HttpServletRequest servletRequest = null;
  47. private boolean fromSS0 = false;
  48. private String activationStatus = null;
  49. private String activationCode = null;
  50. private ProfileBean bean = new ProfileBean();
  51. public Register() {
  52. this.pageTitle = "newUser.addNewUser";
  53. }
  54. // override default security, we do not require an authenticated user
  55. public boolean isUserRequired() {
  56. return false;
  57. }
  58. // override default security, we do not require an action weblog
  59. public boolean isWeblogRequired() {
  60. return false;
  61. }
  62. public String getOpenIdConfiguration() {
  63. return WebloggerConfig.getProperty("authentication.openid");
  64. }
  65. @SkipValidation
  66. public String execute() {
  67. // if registation is disabled, then don't allow registration
  68. try {
  69. if (!WebloggerRuntimeConfig.getBooleanProperty("users.registration.enabled")
  70. // unless there are 0 users (need to allow creation of first user)
  71. && WebloggerFactory.getWeblogger().getUserManager().getUserCount() != 0) {
  72. return "disabled";
  73. }
  74. } catch (Exception e) {
  75. log.error("Error checking user count", e);
  76. return "disabled";
  77. }
  78. // For new user default to locale set in browser
  79. bean.setLocale(getServletRequest().getLocale().toString());
  80. // For new user default to timezone of server
  81. bean.setTimeZone(TimeZone.getDefault().getID());
  82. /* TODO: when Spring Security 2.1 is release comment out this stuff,
  83. * which pre-populates the user bean with info from OpenID provider.
  84. *
  85. Collection attrsCollect = (Collection)WebloggerFactory.getWeblogger()
  86. .getUserManager().userAttributes.get(UserAttribute.Attributes.openidUrl.toString());
  87. if (attrsCollect != null) {
  88. ArrayList attrs = new ArrayList(attrsCollect);
  89. for (Iterator it = attrs.iterator(); it.hasNext();) {
  90. OpenIDUserAttribute attr = (OpenIDUserAttribute) it.next();
  91. if (attr.getName().equals(OpenIDUserAttribute.Attributes.country.toString())) {
  92. getBean().setLocale(UIUtils.getLocale(attr.getValue()));
  93. }
  94. if (attr.getName().equals(OpenIDUserAttribute.Attributes.email.toString())) {
  95. getBean().setEmailAddress(attr.getValue());
  96. }
  97. if (attr.getName().equals(OpenIDUserAttribute.Attributes.fullname.toString())) {
  98. getBean().setFullName(attr.getValue());
  99. }
  100. if (attr.getName().equals(OpenIDUserAttribute.Attributes.nickname.toString())) {
  101. getBean().setUserName(attr.getValue());
  102. }
  103. if (attr.getName().equals(OpenIDUserAttribute.Attributes.timezone.toString())) {
  104. getBean().setTimeZone(UIUtils.getTimeZone(attr.getValue()));
  105. }
  106. if (attr.getName().equals(OpenIDUserAttribute.Attributes.openidname.toString())) {
  107. getBean().setOpenidUrl(attr.getValue());
  108. }
  109. }
  110. }*/
  111. try {
  112. boolean usingSSO = WebloggerConfig.getBooleanProperty("users.sso.enabled");
  113. if (usingSSO) {
  114. // See if user is already logged in via Acegi
  115. User fromSSO = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
  116. if (fromSSO != null) {
  117. // Copy user details from Acegi, including LDAP attributes
  118. getBean().copyFrom(fromSSO);
  119. setFromSso(true);
  120. }
  121. // See if user is already logged in via CMA
  122. else if (getServletRequest().getUserPrincipal() != null) {
  123. // Only detail we get is username, sadly no LDAP attributes
  124. getBean().setUserName(getServletRequest().getUserPrincipal().getName());
  125. getBean().setScreenName(getServletRequest().getUserPrincipal().getName());
  126. setFromSso(true);
  127. }
  128. }
  129. } catch (Exception ex) {
  130. log.error("Error reading SSO user data", ex);
  131. addError("error.editing.user", ex.toString());
  132. }
  133. return INPUT;
  134. }
  135. public String save() {
  136. // if registation is disabled, then don't allow registration
  137. try {
  138. if (!WebloggerRuntimeConfig.getBooleanProperty("users.registration.enabled")
  139. // unless there are 0 users (need to allow creation of first user)
  140. && WebloggerFactory.getWeblogger().getUserManager().getUserCount() != 0) {
  141. return "disabled";
  142. }
  143. } catch (Exception e) {
  144. log.error("Error checking user count", e);
  145. return "disabled";
  146. }
  147. myValidate();
  148. if (!hasActionErrors()) try {
  149. UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
  150. // copy form data into new user pojo
  151. User ud = new User();
  152. getBean().copyTo(ud); // doesn't copy password
  153. ud.setUserName(getBean().getUserName());
  154. ud.setDateCreated(new java.util.Date());
  155. ud.setEnabled(Boolean.TRUE);
  156. // If user set both password and passwordConfirm then reset password
  157. if (!StringUtils.isEmpty(getBean().getPasswordText()) &&
  158. !StringUtils.isEmpty(getBean().getPasswordConfirm())) {
  159. ud.resetPassword(getBean().getPasswordText());
  160. }
  161. // are we using email activation?
  162. boolean activationEnabled = WebloggerRuntimeConfig.getBooleanProperty(
  163. "user.account.activation.enabled");
  164. if (activationEnabled) {
  165. // User account will be enabled after the activation process
  166. ud.setEnabled(Boolean.FALSE);
  167. // Create & save the activation data
  168. String activationCode = UUID.randomUUID().toString();
  169. if (mgr.getUserByActivationCode(activationCode) != null) {
  170. // In the *extremely* unlikely event that we generate an
  171. // activation code that is already use, we'll retry 3 times.
  172. int numOfRetries = 3;
  173. if (numOfRetries < 1) numOfRetries = 1;
  174. for (int i = 0; i < numOfRetries; i++) {
  175. activationCode = UUID.randomUUID().toString();
  176. if (mgr.getUserByActivationCode(activationCode) == null) {
  177. break;
  178. } else {
  179. activationCode = null;
  180. }
  181. }
  182. // In more unlikely event that three retries isn't enough
  183. if (activationCode == null){
  184. throw new WebloggerException("error.add.user.activationCodeInUse");
  185. }
  186. }
  187. ud.setActivationCode(activationCode);
  188. }
  189. // save new user
  190. mgr.addUser(ud);
  191. String openidurl = getBean().getOpenIdUrl();
  192. if (openidurl != null) {
  193. if (openidurl.endsWith("/")) {
  194. openidurl = openidurl.substring(0, openidurl.length() - 1);
  195. }
  196. mgr.setUserAttribute(
  197. ud.getUserName(), UserAttribute.Attributes.OPENID_URL.toString(),
  198. openidurl);
  199. }
  200. WebloggerFactory.getWeblogger().flush();
  201. // now send activation email if necessary
  202. if (activationEnabled && ud.getActivationCode() != null) {
  203. try {
  204. // send activation mail to the user
  205. MailUtil.sendUserActivationEmail(ud);
  206. } catch (WebloggerException ex) {
  207. log.error("Error sending activation email to - "+ud.getEmailAddress(), ex);
  208. }
  209. setActivationStatus("pending");
  210. }
  211. // Invalidate session, otherwise new user who was originally
  212. // authenticated via LDAP/SSO will remain logged in with
  213. // a but without a valid Roller role.
  214. getServletRequest().getSession().invalidate();
  215. // set a special page title
  216. setPageTitle("welcome.title");
  217. return SUCCESS;
  218. } catch (WebloggerException ex) {
  219. log.error("Error adding new user", ex);
  220. // TODO: i18n
  221. addError("Error adding new user");
  222. }
  223. return INPUT;
  224. }
  225. @SkipValidation
  226. public String activate() {
  227. try {
  228. UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
  229. if (getActivationCode() == null) {
  230. addError("error.activate.user.missingActivationCode");
  231. } else {
  232. User user = mgr.getUserByActivationCode(getActivationCode());
  233. if (user != null) {
  234. // enable user account
  235. user.setEnabled(Boolean.TRUE);
  236. user.setActivationCode(null);
  237. mgr.saveUser(user);
  238. WebloggerFactory.getWeblogger().flush();
  239. setActivationStatus("active");
  240. } else {
  241. addError("error.activate.user.invalidActivationCode");
  242. }
  243. }
  244. } catch (WebloggerException e) {
  245. addError(e.getMessage());
  246. log.error("ERROR in activateUser", e);
  247. }
  248. if (hasActionErrors()) {
  249. setActivationStatus("error");
  250. }
  251. // set a special page title
  252. setPageTitle("welcome.title");
  253. return SUCCESS;
  254. }
  255. public void myValidate() {
  256. // if usingSSO, we don't want to error on empty password/username from HTML form.
  257. setFromSso(false);
  258. boolean usingSSO = WebloggerConfig.getBooleanProperty("users.sso.enabled");
  259. if (usingSSO) {
  260. boolean storePassword = WebloggerConfig.getBooleanProperty("users.sso.passwords.saveInRollerDb");
  261. String password = WebloggerConfig.getProperty("users.sso.passwords.defaultValue", "<unknown>");
  262. // Preserve username and password, Acegi case
  263. User fromSSO = CustomUserRegistry.getUserDetailsFromAuthentication(getServletRequest());
  264. if (fromSSO != null) {
  265. if (storePassword) {
  266. password = fromSSO.getPassword();
  267. }
  268. getBean().setPasswordText(password);
  269. getBean().setPasswordConfirm(password);
  270. getBean().setUserName(fromSSO.getUserName());
  271. setFromSso(true);
  272. }
  273. // Preserve username and password, CMA case
  274. else if (getServletRequest().getUserPrincipal() != null) {
  275. getBean().setUserName(getServletRequest().getUserPrincipal().getName());
  276. getBean().setPasswordText(password);
  277. getBean().setPasswordConfirm(password);
  278. setFromSso(true);
  279. }
  280. }
  281. String allowed = WebloggerConfig.getProperty("username.allowedChars");
  282. if (allowed == null || allowed.trim().length() == 0) {
  283. allowed = DEFAULT_ALLOWED_CHARS;
  284. }
  285. // check that username only contains safe characters
  286. String safe = CharSetUtils.keep(getBean().getUserName(), allowed);
  287. if (!safe.equals(getBean().getUserName()) ) {
  288. addError("error.add.user.badUserName");
  289. }
  290. // check password, it is required if OpenID and SSO are disabled
  291. if (getOpenIdConfiguration().equals("disabled") && !getFromSso()) {
  292. if (StringUtils.isEmpty(getBean().getPasswordText())) {
  293. addError("error.add.user.passwordEmpty");
  294. return;
  295. }
  296. }
  297. // check that passwords match
  298. if (!getBean().getPasswordText().equals(getBean().getPasswordConfirm())) {
  299. addError("Register.error.passowordMismatch");
  300. }
  301. // check that username is not taken
  302. if (!StringUtils.isEmpty(getBean().getUserName())) try {
  303. UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
  304. if (mgr.getUserByUserName(getBean().getUserName(), null) != null) {
  305. addError("error.add.user.userNameInUse");
  306. // reset user name
  307. getBean().setUserName(null);
  308. }
  309. } catch (WebloggerException ex) {
  310. log.error("error checking for user", ex);
  311. // TODO: i18n
  312. addError("unexpected error");
  313. }
  314. }
  315. public HttpServletRequest getServletRequest() {
  316. return servletRequest;
  317. }
  318. public void setServletRequest(HttpServletRequest servletRequest) {
  319. this.servletRequest = servletRequest;
  320. }
  321. public ProfileBean getBean() {
  322. return bean;
  323. }
  324. public void setBean(ProfileBean bean) {
  325. this.bean = bean;
  326. }
  327. public boolean getFromSso() {
  328. return fromSS0;
  329. }
  330. public void setFromSso(boolean fromSS0) {
  331. this.fromSS0 = fromSS0;
  332. }
  333. public String getActivationStatus() {
  334. return activationStatus;
  335. }
  336. public void setActivationStatus(String activationStatus) {
  337. this.activationStatus = activationStatus;
  338. }
  339. public String getActivationCode() {
  340. return activationCode;
  341. }
  342. public void setActivationCode(String activationCode) {
  343. this.activationCode = activationCode;
  344. }
  345. }