1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.itracker.web.actions.user;
20
21 import org.apache.commons.beanutils.PropertyUtils;
22 import org.apache.log4j.Logger;
23 import org.apache.struts.action.*;
24 import org.itracker.core.resources.ITrackerResources;
25 import org.itracker.model.User;
26 import org.itracker.model.util.UserUtilities;
27 import org.itracker.services.ConfigurationService;
28 import org.itracker.services.UserService;
29 import org.itracker.PasswordException;
30 import org.itracker.web.actions.base.ItrackerBaseAction;
31 import org.itracker.web.util.ServletContextUtils;
32
33 import javax.servlet.ServletException;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36 import java.io.IOException;
37 import java.util.Locale;
38
39 public class ForgotPasswordAction extends ItrackerBaseAction {
40 private static final Logger log = Logger.getLogger(ForgotPasswordAction.class);
41
42 public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
43
44 ActionMessages errors = new ActionMessages();
45
46 try {
47 ConfigurationService configurationService = ServletContextUtils.getItrackerServices().getConfigurationService();
48 UserService userService = ServletContextUtils.getItrackerServices().getUserService();
49
50 if (!configurationService.getBooleanProperty("allow_forgot_password", true)) {
51 throw new PasswordException(PasswordException.FEATURE_DISABLED);
52 }
53
54 String login = (String) PropertyUtils.getSimpleProperty(form, "login");
55 String lastName = (String) PropertyUtils.getSimpleProperty(form, "lastName");
56
57 if (login != null && lastName != null && !login.equals("") && !lastName.equals("")) {
58 User user = null;
59 Locale locale = null;
60 try {
61 user = userService.getUserByLogin(login);
62 if (user == null) {
63 throw new PasswordException(PasswordException.UNKNOWN_USER);
64 }
65 try {
66 locale = ITrackerResources.getLocale(user.getPreferences().getUserLocale());
67 } catch (RuntimeException e) {
68 locale = ITrackerResources.getLocale();
69 }
70
71 if (user.getLastName() == null || !user.getLastName().equalsIgnoreCase(lastName)) {
72 throw new PasswordException(PasswordException.INVALID_NAME);
73 }
74 if (user.getEmail() == null || user.getEmail().equals("")) {
75 throw new PasswordException(PasswordException.INVALID_EMAIL);
76 }
77 if (user.getStatus() != UserUtilities.STATUS_ACTIVE) {
78 throw new PasswordException(PasswordException.INACTIVE_ACCOUNT);
79 }
80
81 if (log.isDebugEnabled()) {
82 log.debug("ForgotPasswordHandler found matching user: " + user.getFirstName() + " " + user.getLastName() + "(" + user.getLogin() + ")");
83 }
84
85 String subject = ITrackerResources.getString("itracker.email.forgotpass.subject", locale);
86 StringBuffer msgText = new StringBuffer();
87 msgText.append(ITrackerResources.getString("itracker.email.forgotpass.body", locale));
88 String newPass = userService.generateUserPassword(user);
89 userService.updateUser(user);
90 msgText.append(ITrackerResources.getString("itracker.web.attr.password", locale)).append(": ").append(newPass);
91
92 ServletContextUtils.getItrackerServices().getEmailService()
93 .sendEmail(user.getEmail(), subject, msgText.toString());
94 } catch (PasswordException pe) {
95 if (log.isDebugEnabled()) {
96 log.debug("Password Exception for user " + login + ". Type = " + pe.getType());
97 }
98 if (pe.getType() == PasswordException.INVALID_NAME) {
99 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.lastname"));
100 } else if (pe.getType() == PasswordException.INVALID_EMAIL) {
101 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.invalidemail"));
102 } else if (pe.getType() == PasswordException.INACTIVE_ACCOUNT) {
103 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.inactive"));
104 } else if (pe.getType() == PasswordException.UNKNOWN_USER) {
105 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.unknown"));
106 }
107 }
108 }
109 } catch (PasswordException pe) {
110 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.notenabled"));
111 log.error("Forgot Password function has been disabled.", pe);
112 } catch (Exception e) {
113 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.system"));
114 log.error("Error during password retrieval.", e);
115 }
116
117 if (!errors.isEmpty()) {
118 saveErrors(request, errors);
119 return (mapping.findForward("forgotpassword"));
120 }
121
122 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.message.forgotpass"));
123 saveErrors(request, errors);
124 return mapping.findForward("success");
125 }
126
127 }