View Javadoc
1   /*
2    * This software was designed and created by Jason Carroll.
3    * Copyright (c) 2002, 2003, 2004 Jason Carroll.
4    * The author can be reached at jcarroll@cowsultants.com
5    * ITracker website: http://www.cowsultants.com
6    * ITracker forums: http://www.cowsultants.com/phpBB/index.php
7    *
8    * This program is free software; you can redistribute it and/or modify
9    * it only under the terms of the GNU General Public License as published by
10   * the Free Software Foundation; either version 2 of the License, or
11   * (at your option) any later version.
12   *
13   * This program is distributed in the hope that it will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16   * GNU General Public License for more details.
17   */
18  
19  package org.itracker.web.actions.user;
20  
21  import org.apache.commons.beanutils.PropertyUtils;
22  import org.apache.log4j.Logger;
23  import org.apache.struts.action.*;
24  import org.itracker.core.resources.ITrackerResources;
25  import org.itracker.model.User;
26  import org.itracker.model.util.UserUtilities;
27  import org.itracker.services.ConfigurationService;
28  import org.itracker.services.UserService;
29  import org.itracker.PasswordException;
30  import org.itracker.web.actions.base.ItrackerBaseAction;
31  import org.itracker.web.util.ServletContextUtils;
32  
33  import javax.servlet.ServletException;
34  import javax.servlet.http.HttpServletRequest;
35  import javax.servlet.http.HttpServletResponse;
36  import java.io.IOException;
37  import java.util.Locale;
38  
39  public class ForgotPasswordAction extends ItrackerBaseAction {
40      private static final Logger log = Logger.getLogger(ForgotPasswordAction.class);
41  
42      public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
43  
44          ActionMessages errors = new ActionMessages();
45  
46          try {
47              ConfigurationService configurationService = ServletContextUtils.getItrackerServices().getConfigurationService();
48              UserService userService = ServletContextUtils.getItrackerServices().getUserService();
49  
50              if (!configurationService.getBooleanProperty("allow_forgot_password", true)) {
51                  throw new PasswordException(PasswordException.FEATURE_DISABLED);
52              }
53  
54              String login = (String) PropertyUtils.getSimpleProperty(form, "login");
55              String lastName = (String) PropertyUtils.getSimpleProperty(form, "lastName");
56  
57              if (login != null && lastName != null && !login.equals("") && !lastName.equals("")) {
58                  User user = null;
59                  Locale locale = null;
60                  try {
61                      user = userService.getUserByLogin(login);
62                      if (user == null) {
63                          throw new PasswordException(PasswordException.UNKNOWN_USER);
64                      }
65                      try {
66                          locale = ITrackerResources.getLocale(user.getPreferences().getUserLocale());
67                      } catch (RuntimeException e) {
68                          locale = ITrackerResources.getLocale();
69                      }
70  
71                      if (user.getLastName() == null || !user.getLastName().equalsIgnoreCase(lastName)) {
72                          throw new PasswordException(PasswordException.INVALID_NAME);
73                      }
74                      if (user.getEmail() == null || user.getEmail().equals("")) {
75                          throw new PasswordException(PasswordException.INVALID_EMAIL);
76                      }
77                      if (user.getStatus() != UserUtilities.STATUS_ACTIVE) {
78                          throw new PasswordException(PasswordException.INACTIVE_ACCOUNT);
79                      }
80  
81                      if (log.isDebugEnabled()) {
82                          log.debug("ForgotPasswordHandler found matching user: " + user.getFirstName() + " " + user.getLastName() + "(" + user.getLogin() + ")");
83                      }
84  
85                      String subject = ITrackerResources.getString("itracker.email.forgotpass.subject", locale);
86                      StringBuffer msgText = new StringBuffer();
87                      msgText.append(ITrackerResources.getString("itracker.email.forgotpass.body", locale));
88                      String newPass = userService.generateUserPassword(user);
89                      userService.updateUser(user);
90                      msgText.append(ITrackerResources.getString("itracker.web.attr.password", locale)).append(": ").append(newPass);
91  
92                      ServletContextUtils.getItrackerServices().getEmailService()
93                              .sendEmail(user.getEmail(), subject, msgText.toString());
94                  } catch (PasswordException pe) {
95                      if (log.isDebugEnabled()) {
96                          log.debug("Password Exception for user " + login + ". Type = " + pe.getType());
97                      }
98                      if (pe.getType() == PasswordException.INVALID_NAME) {
99                          errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.lastname"));
100                     } else if (pe.getType() == PasswordException.INVALID_EMAIL) {
101                         errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.invalidemail"));
102                     } else if (pe.getType() == PasswordException.INACTIVE_ACCOUNT) {
103                         errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.inactive"));
104                     } else if (pe.getType() == PasswordException.UNKNOWN_USER) {
105                         errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.unknown"));
106                     }
107                 }
108             }
109         } catch (PasswordException pe) {
110             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.notenabled"));
111             log.error("Forgot Password function has been disabled.", pe);
112         } catch (Exception e) {
113             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.forgotpass.system"));
114             log.error("Error during password retrieval.", e);
115         }
116 
117         if (!errors.isEmpty()) {
118             saveErrors(request, errors);
119             return (mapping.findForward("forgotpassword"));
120         }
121 
122         errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.message.forgotpass"));
123         saveErrors(request, errors);
124         return mapping.findForward("success");
125     }
126 
127 }