EditPreferencesAction.java
/*
* This software was designed and created by Jason Carroll.
* Copyright (c) 2002, 2003, 2004 Jason Carroll.
* The author can be reached at jcarroll@cowsultants.com
* ITracker website: http://www.cowsultants.com
* ITracker forums: http://www.cowsultants.com/phpBB/index.php
*
* This program is free software; you can redistribute it and/or modify
* it only under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
package org.itracker.web.actions.preferences;
import org.apache.log4j.Logger;
import org.apache.struts.action.*;
import org.itracker.UserException;
import org.itracker.core.resources.ITrackerResources;
import org.itracker.model.User;
import org.itracker.model.UserPreferences;
import org.itracker.model.util.UserUtilities;
import org.itracker.services.UserService;
import org.itracker.services.exceptions.AuthenticatorException;
import org.itracker.PasswordException;
import org.itracker.core.AuthenticationConstants;
import org.itracker.web.actions.base.ItrackerBaseAction;
import org.itracker.web.forms.UserForm;
import org.itracker.web.util.Constants;
import org.itracker.web.util.LoginUtilities;
import org.itracker.web.util.ServletContextUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
/**
* This class performas an update of the user's profile information based on their input.
* Only the users core profile information, password, and preferences are updated, no permissions
* can be updated from here. Also each type of information is only updated, if it is allowed
* by the current systems plugable authentication.
*/
public class EditPreferencesAction extends ItrackerBaseAction {
private static final Logger log = Logger.getLogger(EditPreferencesAction.class);
public EditPreferencesAction() {
}
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
log.debug("Starting pref mod");
ActionMessages errors = new ActionMessages();
// TODO: Action Cleanup
if (!isTokenValid(request)) {
log.debug("Invalid request token while editing user preferences.");
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"itracker.web.error.transaction"));
saveErrors(request, errors);
return mapping.findForward("index");
}
resetToken(request);
User user = null;
try {
UserService userService = ServletContextUtils.getItrackerServices().getUserService();
// TODO: the following checks make no sense from my perspective.
// This check should happen in the ExecuteAlways filter maybe
// Shall we remove it?
HttpSession session = request.getSession();
// user = (User) session.getAttribute(Constants.USER_KEY);
// if(user == null) {
// return mapping.findForward("login");
// }
//
// User existingUser = userService.getUser(user.getId());
// if(existingUser == null || user.getId() != existingUser.getId()) {
// if (log.isDebugEnabled()) {
// log.debug("execute: Unauthorized edit preferences request from " + user.getLogin() + "(" + user.getId() + ") for " + existingUser.getLogin() + "(" + existingUser.getId() + ")");
// }
// return mapping.findForward("unauthorized");
// }
UserForm userForm = (UserForm) form;
if (LoginUtilities.getCurrentUser(request) != null) {
user = LoginUtilities.getCurrentUser(request);
}
if (log.isInfoEnabled()) {
log.info("execute: found user " + user);
}
errors = form.validate(mapping, request);
// User existingUser = userService.getUser(user.getId());
// edit user-object
if (errors.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("execute: updating user-attributes.");
}
if (userService.allowPasswordUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
if (userForm.getPassword() != null && userForm.getPassword().trim().length() > 1) {
if (userForm.getCurrPassword() == null || "".equals(userForm.getCurrPassword())) {
log.error("execute: current password was not set");
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.missingpassword"));
} else {
try {
User passwordCheck = userService.checkLogin(user.getLogin(), userForm.getCurrPassword(), AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB);
if (passwordCheck == null) {
throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
}
if (log.isDebugEnabled()) {
log.debug("execute: setting new user password");
}
user.setPassword(UserUtilities.encryptPassword(userForm.getPassword()));
} catch (AuthenticatorException ae) {
log.error("execute: current password was wrong, AuthenticatorException", ae);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
} catch (PasswordException e) {
log.error("execute: current password was wrong", e);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
}
}
}
} else {
// itracker.web.error.noprofileupdates
log.info("execute: passwords can not be changed in preferences due to incapable authenticator");
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.nopasswordupdates"));
saveErrors(request, errors);
return mapping.findForward("error");
}
// TODO: should this check happen earlier?
if (userService.allowProfileUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
if (log.isInfoEnabled()) {
log.info("execute: allowing profile updates for " + user);
}
user.setFirstName(userForm.getFirstName());
user.setLastName(userForm.getLastName());
user.setEmail(userForm.getEmail());
} else {
log.error("execute: profile updates are not allowed for " + user);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.noprofileupdates"));
saveErrors(request, errors);
return mapping.findForward("error");
}
} else {
// validation errors
if (log.isInfoEnabled()) {
log.info("execute: got actions errors from validation: " + errors);
}
}
if (errors.isEmpty()) {
log.debug("Passed required checks. Updating user info for " + user.getLogin());
user = userService.updateUser(user);
UserPreferences userPrefs = user.getPreferences();
if (userPrefs == null) userPrefs = new UserPreferences();
if (userService.allowPreferenceUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
//userPrefs.setUser(existingUser);
userPrefs.setUser(user);
userPrefs.setUserLocale(userForm.getUserLocale());
try {
userPrefs.setNumItemsOnIndex(Integer.valueOf(userForm.getNumItemsOnIndex()));
} catch (NumberFormatException nfe) {
userPrefs.setNumItemsOnIndex(-1);
}
try {
userPrefs.setNumItemsOnIssueList(Integer.valueOf(userForm.getNumItemsOnIssueList()));
} catch (NumberFormatException nfe) {
userPrefs.setNumItemsOnIssueList(-1);
}
userPrefs.setShowClosedOnIssueList(Boolean.valueOf(userForm.getShowClosedOnIssueList()));
userPrefs.setSortColumnOnIssueList(userForm.getSortColumnOnIssueList());
int hiddenSections = 0;
Integer[] hiddenSectionsArray = userForm.getHiddenIndexSections();
if (hiddenSectionsArray != null) {
for (int i = 0; i < hiddenSectionsArray.length; i++) {
hiddenSections += hiddenSectionsArray[i].intValue();
}
}
userPrefs.setHiddenIndexSections(hiddenSections);
userPrefs.setRememberLastSearch(Boolean.valueOf(userForm.getRememberLastSearch()));
userPrefs.setUseTextActions(Boolean.valueOf(userForm.getUseTextActions()));
userPrefs = userService.updateUserPreferences(userPrefs);
}
//session.setAttribute(Constants.USER_KEY, existingUser);
session.setAttribute(Constants.USER_KEY, user);
session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));
request.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));
session.removeAttribute(Constants.EDIT_USER_KEY);
session.removeAttribute(Constants.EDIT_USER_PREFS_KEY);
} else {
// validation errors
if (log.isInfoEnabled()) {
log.info("execute: got actions errors from user manipulation: " + errors);
}
}
} catch (RuntimeException e) {
log.error("execute", e);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
} catch (UserException e) {
log.error("execute", e);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
}
if (!errors.isEmpty()) {
if (log.isInfoEnabled()) {
log.info("execute: got actions errors: " + errors);
}
saveErrors(request, errors);
saveToken(request);
}
if (log.isDebugEnabled()) {
log.debug("execute: done, forward to input forward");
}
return mapping.getInputForward();
}
}