EditPreferencesAction.java

  1. /*
  2.  * This software was designed and created by Jason Carroll.
  3.  * Copyright (c) 2002, 2003, 2004 Jason Carroll.
  4.  * The author can be reached at jcarroll@cowsultants.com
  5.  * ITracker website: http://www.cowsultants.com
  6.  * ITracker forums: http://www.cowsultants.com/phpBB/index.php
  7.  *
  8.  * This program is free software; you can redistribute it and/or modify
  9.  * it only under the terms of the GNU General Public License as published by
  10.  * the Free Software Foundation; either version 2 of the License, or
  11.  * (at your option) any later version.
  12.  *
  13.  * This program is distributed in the hope that it will be useful,
  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16.  * GNU General Public License for more details.
  17.  */

  18. package org.itracker.web.actions.preferences;

  19. import org.apache.log4j.Logger;
  20. import org.apache.struts.action.*;
  21. import org.itracker.UserException;
  22. import org.itracker.core.resources.ITrackerResources;
  23. import org.itracker.model.User;
  24. import org.itracker.model.UserPreferences;
  25. import org.itracker.model.util.UserUtilities;
  26. import org.itracker.services.UserService;
  27. import org.itracker.services.exceptions.AuthenticatorException;
  28. import org.itracker.PasswordException;
  29. import org.itracker.core.AuthenticationConstants;
  30. import org.itracker.web.actions.base.ItrackerBaseAction;
  31. import org.itracker.web.forms.UserForm;
  32. import org.itracker.web.util.Constants;
  33. import org.itracker.web.util.LoginUtilities;
  34. import org.itracker.web.util.ServletContextUtils;

  35. import javax.servlet.ServletException;
  36. import javax.servlet.http.HttpServletRequest;
  37. import javax.servlet.http.HttpServletResponse;
  38. import javax.servlet.http.HttpSession;
  39. import java.io.IOException;


  40. /**
  41.  * This class performas an update of the user's profile information based on their input.
  42.  * Only the users core profile information, password, and preferences are updated, no permissions
  43.  * can be updated from here.  Also each type of information is only updated, if it is allowed
  44.  * by the current systems plugable authentication.
  45.  */
  46. public class EditPreferencesAction extends ItrackerBaseAction {
  47.     private static final Logger log = Logger.getLogger(EditPreferencesAction.class);

  48.     public EditPreferencesAction() {
  49.     }

  50.     public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  51.         log.debug("Starting pref mod");
  52.         ActionMessages errors = new ActionMessages();
  53.         //  TODO: Action Cleanup

  54.         if (!isTokenValid(request)) {
  55.             log.debug("Invalid request token while editing user preferences.");
  56.             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
  57.                     "itracker.web.error.transaction"));
  58.             saveErrors(request, errors);
  59.             return mapping.findForward("index");
  60.         }
  61.         resetToken(request);

  62.         User user = null;
  63.         try {
  64.             UserService userService = ServletContextUtils.getItrackerServices().getUserService();

  65.             // TODO: the following checks make no sense from my perspective.
  66.             // This check should happen in the ExecuteAlways filter maybe
  67.             // Shall we remove it?

  68.             HttpSession session = request.getSession();
  69. //            user = (User) session.getAttribute(Constants.USER_KEY);
  70. //            if(user == null) {
  71. //                return mapping.findForward("login");
  72. //            }
  73. //
  74. //            User existingUser = userService.getUser(user.getId());
  75. //            if(existingUser == null || user.getId() != existingUser.getId()) {
  76. //              if (log.isDebugEnabled()) {
  77. //                  log.debug("execute: Unauthorized edit preferences request from " + user.getLogin() + "(" + user.getId() + ") for " + existingUser.getLogin() + "(" + existingUser.getId() + ")");
  78. //              }
  79. //                return mapping.findForward("unauthorized");
  80. //            }
  81.             UserForm userForm = (UserForm) form;

  82.             if (LoginUtilities.getCurrentUser(request) != null) {
  83.                 user = LoginUtilities.getCurrentUser(request);
  84.             }

  85.             if (log.isInfoEnabled()) {
  86.                 log.info("execute: found user " + user);
  87.             }
  88.             errors = form.validate(mapping, request);

  89. //            User existingUser = userService.getUser(user.getId());
  90.             // edit user-object
  91.             if (errors.isEmpty()) {
  92.                 if (log.isDebugEnabled()) {
  93.                     log.debug("execute: updating user-attributes.");
  94.                 }

  95.                 if (userService.allowPasswordUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
  96.                     if (userForm.getPassword() != null && userForm.getPassword().trim().length() > 1) {
  97.                         if (userForm.getCurrPassword() == null || "".equals(userForm.getCurrPassword())) {
  98.                             log.error("execute: current password was not set");
  99.                             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.missingpassword"));
  100.                         } else {
  101.                             try {
  102.                                 User passwordCheck = userService.checkLogin(user.getLogin(), userForm.getCurrPassword(), AuthenticationConstants.AUTH_TYPE_PASSWORD_PLAIN, AuthenticationConstants.REQ_SOURCE_WEB);
  103.                                 if (passwordCheck == null) {
  104.                                     throw new AuthenticatorException(AuthenticatorException.INVALID_DATA);
  105.                                 }
  106.                                 if (log.isDebugEnabled()) {
  107.                                     log.debug("execute: setting new user password");
  108.                                 }
  109.                                 user.setPassword(UserUtilities.encryptPassword(userForm.getPassword()));
  110.                             } catch (AuthenticatorException ae) {
  111.                                 log.error("execute: current password was wrong, AuthenticatorException", ae);
  112.                                 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
  113.                             } catch (PasswordException e) {
  114.                                 log.error("execute: current password was wrong", e);
  115.                                 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.wrongpassword"));
  116.                             }
  117.                         }
  118.                     }
  119.                 } else {
  120. //                  itracker.web.error.noprofileupdates
  121.                     log.info("execute: passwords can not be changed in preferences due to incapable authenticator");
  122.                     errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.nopasswordupdates"));
  123.                     saveErrors(request, errors);
  124.                     return mapping.findForward("error");
  125.                 }

  126.                 // TODO: should this check happen earlier?
  127.                 if (userService.allowProfileUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
  128.                     if (log.isInfoEnabled()) {
  129.                         log.info("execute: allowing profile updates for " + user);
  130.                     }
  131.                     user.setFirstName(userForm.getFirstName());
  132.                     user.setLastName(userForm.getLastName());
  133.                     user.setEmail(userForm.getEmail());
  134.                 } else {
  135.                     log.error("execute: profile updates are not allowed for " + user);
  136.                     errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.noprofileupdates"));
  137.                     saveErrors(request, errors);
  138.                     return mapping.findForward("error");
  139.                 }
  140.             } else {
  141.                 // validation errors
  142.                 if (log.isInfoEnabled()) {
  143.                     log.info("execute: got actions errors from validation: " + errors);
  144.                 }
  145.             }

  146.             if (errors.isEmpty()) {
  147.                 log.debug("Passed required checks.  Updating user info for " + user.getLogin());
  148.                 user = userService.updateUser(user);

  149.                 UserPreferences userPrefs = user.getPreferences();
  150.                 if (userPrefs == null) userPrefs = new UserPreferences();

  151.                 if (userService.allowPreferenceUpdates(user, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
  152.                     //userPrefs.setUser(existingUser);
  153.                     userPrefs.setUser(user);

  154.                     userPrefs.setUserLocale(userForm.getUserLocale());

  155.                     try {
  156.                         userPrefs.setNumItemsOnIndex(Integer.valueOf(userForm.getNumItemsOnIndex()));
  157.                     } catch (NumberFormatException nfe) {
  158.                         userPrefs.setNumItemsOnIndex(-1);
  159.                     }
  160.                     try {
  161.                         userPrefs.setNumItemsOnIssueList(Integer.valueOf(userForm.getNumItemsOnIssueList()));
  162.                     } catch (NumberFormatException nfe) {
  163.                         userPrefs.setNumItemsOnIssueList(-1);
  164.                     }
  165.                     userPrefs.setShowClosedOnIssueList(Boolean.valueOf(userForm.getShowClosedOnIssueList()));
  166.                     userPrefs.setSortColumnOnIssueList(userForm.getSortColumnOnIssueList());

  167.                     int hiddenSections = 0;
  168.                     Integer[] hiddenSectionsArray = userForm.getHiddenIndexSections();
  169.                     if (hiddenSectionsArray != null) {
  170.                         for (int i = 0; i < hiddenSectionsArray.length; i++) {
  171.                             hiddenSections += hiddenSectionsArray[i].intValue();
  172.                         }
  173.                     }
  174.                     userPrefs.setHiddenIndexSections(hiddenSections);

  175.                     userPrefs.setRememberLastSearch(Boolean.valueOf(userForm.getRememberLastSearch()));
  176.                     userPrefs.setUseTextActions(Boolean.valueOf(userForm.getUseTextActions()));

  177.                     userPrefs = userService.updateUserPreferences(userPrefs);
  178.                 }

  179.                 //session.setAttribute(Constants.USER_KEY, existingUser);
  180.                 session.setAttribute(Constants.USER_KEY, user);
  181.                 session.setAttribute(Constants.PREFERENCES_KEY, userPrefs);
  182.                 session.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));

  183.                 request.setAttribute(Constants.LOCALE_KEY, ITrackerResources.getLocale(userPrefs.getUserLocale()));

  184.                 session.removeAttribute(Constants.EDIT_USER_KEY);
  185.                 session.removeAttribute(Constants.EDIT_USER_PREFS_KEY);
  186.             } else {
  187.                 // validation errors
  188.                 if (log.isInfoEnabled()) {
  189.                     log.info("execute: got actions errors from user manipulation: " + errors);
  190.                 }

  191.             }
  192.         } catch (RuntimeException e) {
  193.             log.error("execute", e);
  194.             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
  195.         } catch (UserException e) {
  196.             log.error("execute", e);
  197.             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.save"));
  198.         }

  199.         if (!errors.isEmpty()) {

  200.             if (log.isInfoEnabled()) {
  201.                 log.info("execute: got actions errors: " + errors);
  202.             }

  203.             saveErrors(request, errors);
  204.             saveToken(request);
  205.         }

  206.         if (log.isDebugEnabled()) {
  207.             log.debug("execute: done, forward to input forward");
  208.         }
  209.         return mapping.getInputForward();
  210.     }
  211. }
  212.