View Javadoc
1   /*
2    * This software was designed and created by Jason Carroll.
3    * Copyright (c) 2002, 2003, 2004 Jason Carroll.
4    * The author can be reached at jcarroll@cowsultants.com
5    * ITracker website: http://www.cowsultants.com
6    * ITracker forums: http://www.cowsultants.com/phpBB/index.php
7    *
8    * This program is free software; you can redistribute it and/or modify
9    * it only under the terms of the GNU General Public License as published by
10   * the Free Software Foundation; either version 2 of the License, or
11   * (at your option) any later version.
12   *
13   * This program is distributed in the hope that it will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16   * GNU General Public License for more details.
17   */
18  
19  package org.itracker.web.actions.preferences;
20  
21  import org.apache.log4j.Logger;
22  import org.apache.struts.action.*;
23  import org.itracker.UserException;
24  import org.itracker.core.resources.ITrackerResources;
25  import org.itracker.model.User;
26  import org.itracker.model.UserPreferences;
27  import org.itracker.model.util.UserUtilities;
28  import org.itracker.services.UserService;
29  import org.itracker.services.exceptions.AuthenticatorException;
30  import org.itracker.PasswordException;
31  import org.itracker.core.AuthenticationConstants;
32  import org.itracker.web.actions.base.ItrackerBaseAction;
33  import org.itracker.web.forms.UserForm;
34  import org.itracker.web.util.Constants;
35  import org.itracker.web.util.LoginUtilities;
36  import org.itracker.web.util.ServletContextUtils;
37  
38  import javax.servlet.ServletException;
39  import javax.servlet.http.HttpServletRequest;
40  import javax.servlet.http.HttpServletResponse;
41  import javax.servlet.http.HttpSession;
42  import java.io.IOException;
43  
44  
45  /**
46   * This class performas an update of the user's profile information based on their input.
47   * Only the users core profile information, password, and preferences are updated, no permissions
48   * can be updated from here.  Also each type of information is only updated, if it is allowed
49   * by the current systems plugable authentication.
50   */
51  public class EditPreferencesAction extends ItrackerBaseAction {
52      private static final Logger log = Logger.getLogger(EditPreferencesAction.class);
53  
54      public EditPreferencesAction() {
55      }
56  
57      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
58          log.debug("Starting pref mod");
59          ActionMessages errors = new ActionMessages();
60          //  TODO: Action Cleanup
61  
62          if (!isTokenValid(request)) {
63              log.debug("Invalid request token while editing user preferences.");
64              errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
65                      "itracker.web.error.transaction"));
66              saveErrors(request, errors);
67              return mapping.findForward("index");
68          }
69          resetToken(request);
70  
71          User user = null;
72          try {
73              UserService userService = ServletContextUtils.getItrackerServices().getUserService();
74  
75              // TODO: the following checks make no sense from my perspective.
76              // This check should happen in the ExecuteAlways filter maybe
77              // Shall we remove it?
78  
79              HttpSession session = request.getSession();
80  //            user = (User) session.getAttribute(Constants.USER_KEY);
81  //            if(user == null) {
82  //                return mapping.findForward("login");
83  //            }
84  //
85  //            User existingUser = userService.getUser(user.getId());
86  //            if(existingUser == null || user.getId() != existingUser.getId()) {
87  //            	if (log.isDebugEnabled()) {
88  //            		log.debug("execute: Unauthorized edit preferences request from " + user.getLogin() + "(" + user.getId() + ") for " + existingUser.getLogin() + "(" + existingUser.getId() + ")");
89  //            	}
90  //                return mapping.findForward("unauthorized");
91  //            }
92              UserForm./../../../org/itracker/web/forms/UserForm.html#UserForm">UserForm userForm = (UserForm) form;
93  
94              if (LoginUtilities.getCurrentUser(request) != null) {
95                  user = LoginUtilities.getCurrentUser(request);
96              }
97  
98              if (log.isInfoEnabled()) {
99                  log.info("execute: found user " + user);
100             }
101             errors = form.validate(mapping, request);
102 
103 //            User existingUser = userService.getUser(user.getId());
104             // edit user-object
105             if (errors.isEmpty()) {
106                 if (log.isDebugEnabled()) {
107                     log.debug("execute: updating user-attributes.");
108                 }
109 
110                 if (userService.allowPasswordUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
111                     if (userForm.getPassword() != null && userForm.getPassword().trim().length() > 1) {
112                         if (userForm.getCurrPassword() == null || "".equals(userForm.getCurrPassword())) {
113                             log.error("execute: current password was not set");
114                             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.missingpassword"));
115                         } else {
116                             try {
117                                 User passwordCheck = userService.checkLogin(user.getLogin(), userForm.getCurrPassword(), AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB);
118                                 if (passwordCheck == null) {
119                                     throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
120                                 }
121                                 if (log.isDebugEnabled()) {
122                                     log.debug("execute: setting new user password");
123                                 }
124                                 user.setPassword(UserUtilities.encryptPassword(userForm.getPassword()));
125                             } catch (AuthenticatorException ae) {
126                                 log.error("execute: current password was wrong, AuthenticatorException", ae);
127                                 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
128                             } catch (PasswordException e) {
129                                 log.error("execute: current password was wrong", e);
130                                 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
131                             }
132                         }
133                     }
134                 } else {
135 //                  itracker.web.error.noprofileupdates
136                     log.info("execute: passwords can not be changed in preferences due to incapable authenticator");
137                     errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.nopasswordupdates"));
138                     saveErrors(request, errors);
139                     return mapping.findForward("error");
140                 }
141 
142                 // TODO: should this check happen earlier?
143                 if (userService.allowProfileUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
144                     if (log.isInfoEnabled()) {
145                         log.info("execute: allowing profile updates for " + user);
146                     }
147                     user.setFirstName(userForm.getFirstName());
148                     user.setLastName(userForm.getLastName());
149                     user.setEmail(userForm.getEmail());
150                 } else {
151                     log.error("execute: profile updates are not allowed for " + user);
152                     errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.noprofileupdates"));
153                     saveErrors(request, errors);
154                     return mapping.findForward("error");
155                 }
156             } else {
157                 // validation errors
158                 if (log.isInfoEnabled()) {
159                     log.info("execute: got actions errors from validation: " + errors);
160                 }
161             }
162 
163             if (errors.isEmpty()) {
164                 log.debug("Passed required checks.  Updating user info for " + user.getLogin());
165                 user = userService.updateUser(user);
166 
167                 UserPreferences userPrefs = user.getPreferences();
168                 if (userPrefs == null) userPrefs = new UserPreferences();
169 
170                 if (userService.allowPreferenceUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
171                     //userPrefs.setUser(existingUser);
172                     userPrefs.setUser(user);
173 
174                     userPrefs.setUserLocale(userForm.getUserLocale());
175 
176                     try {
177                         userPrefs.setNumItemsOnIndex(Integer.valueOf(userForm.getNumItemsOnIndex()));
178                     } catch (NumberFormatException nfe) {
179                         userPrefs.setNumItemsOnIndex(-1);
180                     }
181                     try {
182                         userPrefs.setNumItemsOnIssueList(Integer.valueOf(userForm.getNumItemsOnIssueList()));
183                     } catch (NumberFormatException nfe) {
184                         userPrefs.setNumItemsOnIssueList(-1);
185                     }
186                     userPrefs.setShowClosedOnIssueList(Boolean.valueOf(userForm.getShowClosedOnIssueList()));
187                     userPrefs.setSortColumnOnIssueList(userForm.getSortColumnOnIssueList());
188 
189                     int hiddenSections = 0;
190                     Integer[] hiddenSectionsArray = userForm.getHiddenIndexSections();
191                     if (hiddenSectionsArray != null) {
192                         for (int i = 0; i < hiddenSectionsArray.length; i++) {
193                             hiddenSections += hiddenSectionsArray[i].intValue();
194                         }
195                     }
196                     userPrefs.setHiddenIndexSections(hiddenSections);
197 
198                     userPrefs.setRememberLastSearch(Boolean.valueOf(userForm.getRememberLastSearch()));
199                     userPrefs.setUseTextActions(Boolean.valueOf(userForm.getUseTextActions()));
200 
201                     userPrefs = userService.updateUserPreferences(userPrefs);
202                 }
203 
204                 //session.setAttribute(Constants.USER_KEY, existingUser);
205                 session.setAttribute(Constants.USER_KEY, user);
206                 session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
207                 session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));
208 
209                 request.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));
210 
211                 session.removeAttribute(Constants.EDIT_USER_KEY);
212                 session.removeAttribute(Constants.EDIT_USER_PREFS_KEY);
213             } else {
214                 // validation errors
215                 if (log.isInfoEnabled()) {
216                     log.info("execute: got actions errors from user manipulation: " + errors);
217                 }
218 
219             }
220         } catch (RuntimeException e) {
221             log.error("execute", e);
222             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
223         } catch (UserException e) {
224             log.error("execute", e);
225             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
226         }
227 
228         if (!errors.isEmpty()) {
229 
230             if (log.isInfoEnabled()) {
231                 log.info("execute: got actions errors: " + errors);
232             }
233 
234             saveErrors(request, errors);
235             saveToken(request);
236         }
237 
238         if (log.isDebugEnabled()) {
239             log.debug("execute: done, forward to input forward");
240         }
241         return mapping.getInputForward();
242     }
243 }
244