EditPreferencesAction.java

/*
 * This software was designed and created by Jason Carroll.
 * Copyright (c) 2002, 2003, 2004 Jason Carroll.
 * The author can be reached at jcarroll@cowsultants.com
 * ITracker website: http://www.cowsultants.com
 * ITracker forums: http://www.cowsultants.com/phpBB/index.php
 *
 * This program is free software; you can redistribute it and/or modify
 * it only under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */

package org.itracker.web.actions.preferences;

import org.apache.log4j.Logger;
import org.apache.struts.action.*;
import org.itracker.UserException;
import org.itracker.core.resources.ITrackerResources;
import org.itracker.model.User;
import org.itracker.model.UserPreferences;
import org.itracker.model.util.UserUtilities;
import org.itracker.services.UserService;
import org.itracker.services.exceptions.AuthenticatorException;
import org.itracker.PasswordException;
import org.itracker.core.AuthenticationConstants;
import org.itracker.web.actions.base.ItrackerBaseAction;
import org.itracker.web.forms.UserForm;
import org.itracker.web.util.Constants;
import org.itracker.web.util.LoginUtilities;
import org.itracker.web.util.ServletContextUtils;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;


/**
 * This class performas an update of the user's profile information based on their input.
 * Only the users core profile information, password, and preferences are updated, no permissions
 * can be updated from here.  Also each type of information is only updated, if it is allowed
 * by the current systems plugable authentication.
 */
public class EditPreferencesAction extends ItrackerBaseAction {
    private static final Logger log = Logger.getLogger(EditPreferencesAction.class);

    public EditPreferencesAction() {
    }

    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        log.debug("Starting pref mod");
        ActionMessages errors = new ActionMessages();
        //  TODO: Action Cleanup

        if (!isTokenValid(request)) {
            log.debug("Invalid request token while editing user preferences.");
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
                    "itracker.web.error.transaction"));
            saveErrors(request, errors);
            return mapping.findForward("index");
        }
        resetToken(request);

        User user = null;
        try {
            UserService userService = ServletContextUtils.getItrackerServices().getUserService();

            // TODO: the following checks make no sense from my perspective.
            // This check should happen in the ExecuteAlways filter maybe
            // Shall we remove it?

            HttpSession session = request.getSession();
//            user = (User) session.getAttribute(Constants.USER_KEY);
//            if(user == null) {
//                return mapping.findForward("login");
//            }
//
//            User existingUser = userService.getUser(user.getId());
//            if(existingUser == null || user.getId() != existingUser.getId()) {
//            	if (log.isDebugEnabled()) {
//            		log.debug("execute: Unauthorized edit preferences request from " + user.getLogin() + "(" + user.getId() + ") for " + existingUser.getLogin() + "(" + existingUser.getId() + ")");
//            	}
//                return mapping.findForward("unauthorized");
//            }
            UserForm userForm = (UserForm) form;

            if (LoginUtilities.getCurrentUser(request) != null) {
                user = LoginUtilities.getCurrentUser(request);
            }

            if (log.isInfoEnabled()) {
                log.info("execute: found user " + user);
            }
            errors = form.validate(mapping, request);

//            User existingUser = userService.getUser(user.getId());
            // edit user-object
            if (errors.isEmpty()) {
                if (log.isDebugEnabled()) {
                    log.debug("execute: updating user-attributes.");
                }

                if (userService.allowPasswordUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
                    if (userForm.getPassword() != null && userForm.getPassword().trim().length() > 1) {
                        if (userForm.getCurrPassword() == null || "".equals(userForm.getCurrPassword())) {
                            log.error("execute: current password was not set");
                            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.missingpassword"));
                        } else {
                            try {
                                User passwordCheck = userService.checkLogin(user.getLogin(), userForm.getCurrPassword(), AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB);
                                if (passwordCheck == null) {
                                    throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
                                }
                                if (log.isDebugEnabled()) {
                                    log.debug("execute: setting new user password");
                                }
                                user.setPassword(UserUtilities.encryptPassword(userForm.getPassword()));
                            } catch (AuthenticatorException ae) {
                                log.error("execute: current password was wrong, AuthenticatorException", ae);
                                errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
                            } catch (PasswordException e) {
                                log.error("execute: current password was wrong", e);
                                errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
                            }
                        }
                    }
                } else {
//                  itracker.web.error.noprofileupdates
                    log.info("execute: passwords can not be changed in preferences due to incapable authenticator");
                    errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.nopasswordupdates"));
                    saveErrors(request, errors);
                    return mapping.findForward("error");
                }

                // TODO: should this check happen earlier?
                if (userService.allowProfileUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
                    if (log.isInfoEnabled()) {
                        log.info("execute: allowing profile updates for " + user);
                    }
                    user.setFirstName(userForm.getFirstName());
                    user.setLastName(userForm.getLastName());
                    user.setEmail(userForm.getEmail());
                } else {
                    log.error("execute: profile updates are not allowed for " + user);
                    errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.noprofileupdates"));
                    saveErrors(request, errors);
                    return mapping.findForward("error");
                }
            } else {
                // validation errors
                if (log.isInfoEnabled()) {
                    log.info("execute: got actions errors from validation: " + errors);
                }
            }

            if (errors.isEmpty()) {
                log.debug("Passed required checks.  Updating user info for " + user.getLogin());
                user = userService.updateUser(user);

                UserPreferences userPrefs = user.getPreferences();
                if (userPrefs == null) userPrefs = new UserPreferences();

                if (userService.allowPreferenceUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
                    //userPrefs.setUser(existingUser);
                    userPrefs.setUser(user);

                    userPrefs.setUserLocale(userForm.getUserLocale());

                    try {
                        userPrefs.setNumItemsOnIndex(Integer.valueOf(userForm.getNumItemsOnIndex()));
                    } catch (NumberFormatException nfe) {
                        userPrefs.setNumItemsOnIndex(-1);
                    }
                    try {
                        userPrefs.setNumItemsOnIssueList(Integer.valueOf(userForm.getNumItemsOnIssueList()));
                    } catch (NumberFormatException nfe) {
                        userPrefs.setNumItemsOnIssueList(-1);
                    }
                    userPrefs.setShowClosedOnIssueList(Boolean.valueOf(userForm.getShowClosedOnIssueList()));
                    userPrefs.setSortColumnOnIssueList(userForm.getSortColumnOnIssueList());

                    int hiddenSections = 0;
                    Integer[] hiddenSectionsArray = userForm.getHiddenIndexSections();
                    if (hiddenSectionsArray != null) {
                        for (int i = 0; i < hiddenSectionsArray.length; i++) {
                            hiddenSections += hiddenSectionsArray[i].intValue();
                        }
                    }
                    userPrefs.setHiddenIndexSections(hiddenSections);

                    userPrefs.setRememberLastSearch(Boolean.valueOf(userForm.getRememberLastSearch()));
                    userPrefs.setUseTextActions(Boolean.valueOf(userForm.getUseTextActions()));

                    userPrefs = userService.updateUserPreferences(userPrefs);
                }

                //session.setAttribute(Constants.USER_KEY, existingUser);
                session.setAttribute(Constants.USER_KEY, user);
                session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
                session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));

                request.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));

                session.removeAttribute(Constants.EDIT_USER_KEY);
                session.removeAttribute(Constants.EDIT_USER_PREFS_KEY);
            } else {
                // validation errors
                if (log.isInfoEnabled()) {
                    log.info("execute: got actions errors from user manipulation: " + errors);
                }

            }
        } catch (RuntimeException e) {
            log.error("execute", e);
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
        } catch (UserException e) {
            log.error("execute", e);
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
        }

        if (!errors.isEmpty()) {

            if (log.isInfoEnabled()) {
                log.info("execute: got actions errors: " + errors);
            }

            saveErrors(request, errors);
            saveToken(request);
        }

        if (log.isDebugEnabled()) {
            log.debug("execute: done, forward to input forward");
        }
        return mapping.getInputForward();
    }
}