1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.database.authentication.web;
35
36 import java.io.IOException;
37 import java.sql.Timestamp;
38 import java.util.Collection;
39 import java.util.HashMap;
40 import java.util.List;
41 import java.util.Locale;
42 import java.util.Map;
43
44 import javax.servlet.http.HttpServletRequest;
45
46 import org.apache.commons.collections.CollectionUtils;
47 import org.apache.commons.lang3.StringUtils;
48
49 import fr.paris.lutece.plugins.mylutece.business.attribute.AttributeField;
50 import fr.paris.lutece.plugins.mylutece.business.attribute.AttributeFieldHome;
51 import fr.paris.lutece.plugins.mylutece.business.attribute.AttributeHome;
52 import fr.paris.lutece.plugins.mylutece.business.attribute.IAttribute;
53 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.business.DatabaseHome;
54 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.business.DatabaseUser;
55 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.business.DatabaseUserFactory;
56 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.business.DatabaseUserHome;
57 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.business.key.DatabaseUserKey;
58 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.service.DatabasePlugin;
59 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.service.DatabaseService;
60 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.service.key.DatabaseUserKeyService;
61 import fr.paris.lutece.plugins.mylutece.modules.database.authentication.service.parameter.DatabaseUserParameterService;
62 import fr.paris.lutece.plugins.mylutece.service.MyLutecePlugin;
63 import fr.paris.lutece.plugins.mylutece.service.attribute.MyLuteceUserFieldService;
64 import fr.paris.lutece.plugins.mylutece.util.SecurityUtils;
65 import fr.paris.lutece.portal.service.captcha.CaptchaSecurityService;
66 import fr.paris.lutece.portal.service.i18n.I18nService;
67 import fr.paris.lutece.portal.service.mail.MailService;
68 import fr.paris.lutece.portal.service.message.SiteMessage;
69 import fr.paris.lutece.portal.service.message.SiteMessageException;
70 import fr.paris.lutece.portal.service.message.SiteMessageService;
71 import fr.paris.lutece.portal.service.plugin.Plugin;
72 import fr.paris.lutece.portal.service.plugin.PluginService;
73 import fr.paris.lutece.portal.service.security.LuteceUser;
74 import fr.paris.lutece.portal.service.security.SecurityService;
75 import fr.paris.lutece.portal.service.security.UserNotSignedException;
76 import fr.paris.lutece.portal.service.template.AppTemplateService;
77 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
78 import fr.paris.lutece.portal.service.util.AppLogService;
79 import fr.paris.lutece.portal.service.util.AppPathService;
80 import fr.paris.lutece.portal.service.util.AppPropertiesService;
81 import fr.paris.lutece.portal.service.util.CryptoService;
82 import fr.paris.lutece.portal.web.LocalVariables;
83 import fr.paris.lutece.portal.web.constants.Messages;
84 import fr.paris.lutece.portal.web.xpages.XPage;
85 import fr.paris.lutece.portal.web.xpages.XPageApplication;
86 import fr.paris.lutece.util.ReferenceItem;
87 import fr.paris.lutece.util.date.DateUtil;
88 import fr.paris.lutece.util.html.HtmlTemplate;
89 import fr.paris.lutece.util.password.IPassword;
90 import fr.paris.lutece.util.string.StringUtil;
91 import fr.paris.lutece.util.url.UrlItem;
92
93
94
95
96 public class MyLuteceDatabaseApp implements XPageApplication
97 {
98
99 private static final long serialVersionUID = -467672310904504414L;
100
101
102 private static final String MARK_USER = "user";
103 private static final String MARK_ROLES = "roles";
104 private static final String MARK_GROUPS = "groups";
105 private static final String MARK_PLUGIN_NAME = "plugin_name";
106 private static final String MARK_ERROR_CODE = "error_code";
107 private static final String MARK_ACTION_SUCCESSFUL = "action_successful";
108 private static final String MARK_EMAIL = "email";
109 private static final String MARK_ACTION_VALIDATION_EMAIL = "action_validation_email";
110 private static final String MARK_ACTION_VALIDATION_SUCCESS = "action_validation_success";
111 private static final String MARK_VALIDATION_URL = "validation_url";
112 private static final String MARK_JCAPTCHA = "jcaptcha";
113 private static final String MARK_SHOW_INPUT_LOGIN = "show_input_login";
114 private static final String MARK_SHOW_INPUT_EMAIL = "show_input_email";
115 private static final String MARK_REINIT_URL = "reinit_url";
116 private static final String MARK_KEY = "key";
117 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
118 private static final String MARK_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
119 private static final String MARK_PASSWORD_FORMAT_MESSAGE = "password_format_message";
120 private static final String MARK_USER_ID = "user_id";
121 private static final String MARK_REF = "ref";
122 private static final String MARK_SITE_LINK = "site_link";
123 private static final String MARK_LOGIN = "login";
124 private static final String MARK_LOGIN_URL = "login_url";
125 private static final String MARK_PASSWORD_HISTORY_SIZE = "password_history_size";
126
127
128 private static final String PARAMETER_ACTION = "action";
129 private static final String PARAMETER_OLD_PASSWORD = "old_password";
130 private static final String PARAMETER_NEW_PASSWORD = "new_password";
131 private static final String PARAMETER_CONFIRMATION_PASSWORD = "confirmation_password";
132 private static final String PARAMETER_PLUGIN_NAME = "plugin_name";
133 private static final String PARAMETER_ERROR_CODE = "error_code";
134 private static final String PARAMETER_EMAIL = "email";
135 private static final String PARAMETER_ACTION_SUCCESSFUL = "action_successful";
136 private static final String PARAMETER_LOGIN = "login";
137 private static final String PARAMETER_PASSWORD = "password";
138 private static final String PARAMETER_LAST_NAME = "last_name";
139 private static final String PARAMETER_FIRST_NAME = "first_name";
140 private static final String PARAMETER_KEY = "key";
141 private static final String PARAMETER_ACTION_VALIDATION_EMAIL = "action_validation_email";
142 private static final String PARAMETER_ACTION_VALIDATION_SUCCESS = "action_validation_success";
143 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
144 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
145 private static final String PARAMETER_MAIL_LOST_PASSWORD_SENDER = "mail_lost_password_sender";
146 private static final String PARAMETER_MAIL_LOST_PASSWORD_SUBJECT = "mail_lost_password_subject";
147
148
149 private static final String ACTION_CHANGE_PASSWORD = "changePassword";
150 private static final String ACTION_DELETE = "delete";
151 private static final String ACTION_CONFIRM_DELETE = "deleteConfirm";
152 private static final String ACTION_VIEW_ACCOUNT = "viewAccount";
153 private static final String ACTION_MODIFY_ACCOUNT = "modifyAccount";
154 private static final String ACTION_LOST_PASSWORD = "lostPassword";
155 private static final String ACTION_LOST_LOGIN = "lostLogin";
156 private static final String ACTION_ACCESS_DENIED = "accessDenied";
157 private static final String ACTION_CREATE_ACCOUNT = "createAccount";
158 private static final String ACTION_REINIT_PASSWORD = "reinitPassword";
159 private static final String ACTION_REACTIVATE_ACCOUNT = "reactivateAccount";
160 private static final String ACTION_GET_RESET_PASSWORD = "getResetPasswordPage";
161
162
163 private static final String ERROR_OLD_PASSWORD = "error_old_password";
164 private static final String ERROR_CONFIRMATION_PASSWORD = "error_confirmation_password";
165 private static final String ERROR_SAME_PASSWORD = "error_same_password";
166 private static final String ERROR_SYNTAX_EMAIL = "error_syntax_email";
167 private static final String ERROR_SENDING_EMAIL = "error_sending_email";
168 private static final String ERROR_UNKNOWN_EMAIL = "error_unknown_email";
169 private static final String ERROR_MANDATORY_FIELDS = "error_mandatory_fields";
170 private static final String ERROR_LOGIN_ALREADY_EXISTS = "error_login_already_exists";
171 private static final String ERROR_CAPTCHA = "error_captcha";
172 private static final String ERROR_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
173 private static final String ERROR_PASSWORD_ALREADY_USED = "password_already_used";
174
175
176 private static final String TEMPLATE_LOST_PASSWORD_PAGE = "skin/plugins/mylutece/modules/database/lost_password.html";
177 private static final String TEMPLATE_LOST_LOGIN_PAGE = "skin/plugins/mylutece/modules/database/lost_login.html";
178 private static final String TEMPLATE_VIEW_ACCOUNT_PAGE = "skin/plugins/mylutece/modules/database/view_account.html";
179 private static final String TEMPLATE_MODIFY_ACCOUNT_PAGE = "skin/plugins/mylutece/modules/database/modify_account.html";
180 private static final String TEMPLATE_CHANGE_PASSWORD_PAGE = "skin/plugins/mylutece/modules/database/change_password.html";
181 private static final String TEMPLATE_CREATE_ACCOUNT_PAGE = "skin/plugins/mylutece/modules/database/create_account.html";
182 private static final String TEMPLATE_EMAIL_VALIDATION = "skin/plugins/mylutece/modules/database/email_validation.html";
183 private static final String TEMPLATE_REINIT_PASSWORD_PAGE = "skin/plugins/mylutece/modules/database/reinit_password.html";
184 private static final String TEMPLATE_EMAIL_LOST_LOGIN = "skin/plugins/mylutece/email_lost_login.html";
185
186
187 private static final String PROPERTY_MYLUTECE_CHANGE_PASSWORD_URL = "mylutece-database.url.changePassword.page";
188 private static final String PROPERTY_MYLUTECE_VIEW_ACCOUNT_URL = "mylutece-database.url.viewAccount.page";
189 private static final String PROPERTY_MYLUTECE_CREATE_ACCOUNT_URL = "mylutece-database.url.createAccount.page";
190 private static final String PROPERTY_MYLUTECE_MODIFY_ACCOUNT_URL = "mylutece-database.url.modifyAccount.page";
191 private static final String PROPERTY_MYLUTECE_LOST_PASSWORD_URL = "mylutece-database.url.lostPassword.page";
192 private static final String PROPERTY_MYLUTECE_LOST_LOGIN_URL = "mylutece-database.url.lostLogin.page";
193 private static final String PROPERTY_MYLUTECE_RESET_PASSWORD_URL = "mylutece-database.url.resetPassword.page";
194 private static final String PROPERTY_MYLUTECE_ACCESS_DENIED_URL = "mylutece-database.url.accessDenied.page";
195 private static final String PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL = "mylutece-database.url.default.redirect";
196 private static final String PROPERTY_MYLUTECE_DELETE_URL = "mylutece-database.url.delete.page";
197 private static final String PROPERTY_MYLUTECE_TEMPLATE_ACCESS_DENIED = "mylutece-database.template.accessDenied";
198 private static final String PROPERTY_MYLUTECE_TEMPLATE_ACCESS_CONTROLED = "mylutece-database.template.accessControled";
199 private static final String PROPERTY_MYLUTECE_LOGIN_PAGE_URL = "mylutece.url.login.page";
200 private static final String PROPERTY_MYLUTECE_REINIT_PASSWORD_URL = "mylutece-database.url.reinitPassword.page";
201 private static final String PROPERTY_PORTAL_NAME = "lutece.name";
202 private static final String PROPERTY_NOREPLY_EMAIL = "mail.noreply.email";
203 private static final String PROPERTY_MAIL_HOST = "mail.server";
204 private static final String PROPERTY_NO_REPLY_EMAIL = "mail.noreply.email";
205 private static final String PROPERTY_ACCOUNT_REF_ENCRYPT_ALGO = "mylutece-database.account_life_time.refEncryptionAlgorythm";
206 private static final String PROPERTY_DATABASE_MAIL_LOST_PASSWORD = "mylutece_database_mailLostPassword";
207
208
209 private static final String PROPERTY_CHANGE_PASSWORD_LABEL = "module.mylutece.database.xpage.changePassword.label";
210 private static final String PROPERTY_CHANGE_PASSWORD_TITLE = "module.mylutece.database.xpage.changePassword.title";
211 private static final String PROPERTY_VIEW_ACCOUNT_LABEL = "module.mylutece.database.xpage.viewAccount.label";
212 private static final String PROPERTY_VIEW_ACCOUNT_TITLE = "module.mylutece.database.xpage.viewAccount.title";
213 private static final String PROPERTY_MODIFY_ACCOUNT_LABEL = "module.mylutece.database.xpage.modifyAccount.label";
214 private static final String PROPERTY_MODIFY_ACCOUNT_TITLE = "module.mylutece.database.xpage.modifyAccount.title";
215
216 private static final String PROPERTY_LOST_PASSWORD_LABEL = "module.mylutece.database.xpage.lostPassword.label";
217 private static final String PROPERTY_LOST_PASSWORD_TITLE = "module.mylutece.database.xpage.lostPassword.title";
218 private static final String PROPERTY_LOST_LOGIN_LABEL = "module.mylutece.database.xpage.lostLogin.label";
219 private static final String PROPERTY_LOST_LOGIN_TITLE = "module.mylutece.database.xpage.lostLogin.title";
220 private static final String PROPERTY_CREATE_ACCOUNT_LABEL = "module.mylutece.database.xpage.createAccount.label";
221 private static final String PROPERTY_CREATE_ACCOUNT_TITLE = "module.mylutece.database.xpage.createAccount.title";
222 private static final String PROPERTY_EMAIL_OBJECT = "module.mylutece.database.email.object";
223 private static final String PROPERTY_EMAIL_OBJECT_LOST_LOGIN = "module.mylutece.database.email_lost_login.object";
224 private static final String PROPERTY_EMAIL_VALIDATION_OBJECT = "module.mylutece.database.email_validation.object";
225 private static final String PROPERTY_ACCESS_DENIED_ERROR_MESSAGE = "module.mylutece.database.siteMessage.access_denied.errorMessage";
226 private static final String PROPERTY_ACCESS_DENIED_TITLE_MESSAGE = "module.mylutece.database.siteMessage.access_denied.title";
227 private static final String PROPERTY_REINIT_PASSWORD_LABEL = "module.mylutece.database.xpage.reinitPassword.label";
228 private static final String PROPERTY_REINIT_PASSWORD_TITLE = "module.mylutece.database.xpage.reinitPassword.title";
229 private static final String PROPERTY_NO_USER_SELECTED = "mylutece.message.noUserSelected";
230 private static final String PROPERTY_VALIDATE_DELETE = "mylutece.message.deleteValidate";
231 private static final String PROPERTY_MESSAGE_LABEL_ERROR = "mylutece.message.labelError";
232 private static final String PROPERTY_MESSAGE_LABEL_WARNING = "mylutece.message.labelWarning";
233 private static final String PROPERTY_ERROR_NO_ACCOUNT_TO_REACTIVATE = "mylutece.message.error.noAccountToReactivate";
234 private static final String PROPERTY_ACCOUNT_REACTIVATED = "mylutece.user.messageAccountReactivated";
235 private static final String PROPERTY_ACCOUNT_REACTIVATED_TITLE = "mylutece.user.messageAccountReactivatedTitle";
236
237
238 private static final String MESSAGE_REINIT_PASSWORD_SUCCESS = "module.mylutece.database.message.reinit_password.success";
239 private static final String MESSAGE_MINIMUM_PASSWORD_LENGTH = "mylutece.message.password.minimumPasswordLength";
240 private static final String MESSAGE_PASSWORD_EXPIRED = "module.mylutece.database.message.passwordExpired";
241 private static final String MESSAGE_MUST_CHANGE_PASSWORD = "module.mylutece.database.message.userMustChangePassword";
242
243
244 private static final String JSP_URL_GET_RESET_PASSWORD_PAGE = "jsp/site/Portal.jsp?page=mylutecedatabase&action=getResetPasswordPage";
245 private static final String JSP_URL_MYLUTECE_LOGIN = "jsp/site/Portal.jsp?page=mylutece&action=login";
246 private static final String JSP_URL_HOME = "Portal.jsp";
247
248
249 private Plugin _plugin;
250 private Locale _locale;
251 private DatabaseUserParameterService _userParamService = DatabaseUserParameterService.getService( );
252 private DatabaseUserKeyService _userKeyService = DatabaseUserKeyService.getService( );
253 private CaptchaSecurityService _captchaService = new CaptchaSecurityService( );
254 private DatabaseUserFactory _userFactory = DatabaseUserFactory.getFactory( );
255 private DatabaseService _databaseService = DatabaseService.getService( );
256
257
258
259
260
261
262
263
264 public void init( HttpServletRequest request, Plugin plugin )
265 {
266 _locale = request.getLocale( );
267 _plugin = plugin;
268 }
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284 public XPage getPage( HttpServletRequest request, int nMode, Plugin plugin ) throws UserNotSignedException, SiteMessageException
285 {
286 XPage page = new XPage( );
287 String strAction = request.getParameter( PARAMETER_ACTION );
288 init( request, plugin );
289
290 LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
291
292 if ( ( luteceUser != null ) && _databaseService.mustUserChangePassword( luteceUser, plugin ) && !ACTION_CHANGE_PASSWORD.equals( strAction ) )
293 {
294 getMessageResetPassword( request );
295 }
296 else
297 {
298 if ( ACTION_CHANGE_PASSWORD.equals( strAction ) )
299 {
300 page = getChangePasswordPage( page, request );
301 }
302 else
303 if ( ACTION_VIEW_ACCOUNT.equals( strAction ) )
304 {
305 page = getViewAccountPage( page, request );
306 }
307 else
308 if ( ACTION_LOST_PASSWORD.equals( strAction ) )
309 {
310 page = getLostPasswordPage( page, request );
311 }
312 else
313 if ( ACTION_LOST_LOGIN.equals( strAction ) )
314 {
315 page = getLostLoginPage( page, request );
316 }
317 else
318 if ( ACTION_CREATE_ACCOUNT.equals( strAction ) )
319 {
320 page = getCreateAccountPage( page, request );
321 }
322 else
323 if ( ACTION_MODIFY_ACCOUNT.equals( strAction ) )
324 {
325 page = getModifyAccountPage( page, request );
326 }
327 else
328 if ( ACTION_REINIT_PASSWORD.equals( strAction ) )
329 {
330 page = getReinitPasswordPage( page, request );
331 }
332 else
333 if ( ACTION_REACTIVATE_ACCOUNT.equals( strAction ) )
334 {
335 reactivateAccount( request );
336 }
337 else
338 if ( ACTION_GET_RESET_PASSWORD.equals( strAction ) )
339 {
340 getMessageResetPassword( request );
341 }
342 else
343 if ( ACTION_DELETE.equals( strAction ) )
344 {
345 if ( getRemoteUser( request ) != null )
346 {
347 SiteMessageService.setMessage( request, PROPERTY_VALIDATE_DELETE, null, PROPERTY_MESSAGE_LABEL_WARNING,
348 AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DELETE_URL ), null,
349 SiteMessage.TYPE_CONFIRMATION );
350 }
351 else
352 {
353 strAction = null;
354 }
355
356 }
357 else
358 if ( ACTION_CONFIRM_DELETE.equals( strAction ) )
359 {
360 if ( getRemoteUser( request ) != null )
361 {
362 deleteAccount( request );
363 try
364 {
365 LocalVariables.getResponse( ).sendRedirect( JSP_URL_HOME );
366 }
367 catch( IOException e )
368 {
369 AppLogService.error( e );
370 }
371 }
372 else
373 {
374 strAction = null;
375 }
376 }
377 }
378
379 if ( ( strAction == null ) || strAction.equals( ACTION_ACCESS_DENIED ) || ( page == null ) )
380 {
381 SiteMessageService.setMessage( request, PROPERTY_ACCESS_DENIED_ERROR_MESSAGE, null, PROPERTY_ACCESS_DENIED_TITLE_MESSAGE, null, null,
382 SiteMessage.TYPE_STOP );
383 }
384
385 return page;
386 }
387
388
389
390
391
392
393 public static String getChangePasswordUrl( )
394 {
395 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_CHANGE_PASSWORD_URL );
396 }
397
398
399
400
401
402
403 public static String getViewAccountUrl( )
404 {
405 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_VIEW_ACCOUNT_URL );
406 }
407
408
409
410
411
412
413 public static String getNewAccountUrl( )
414 {
415 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_CREATE_ACCOUNT_URL );
416 }
417
418
419
420
421
422
423 public static String getModifyAccountUrl( )
424 {
425 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_MODIFY_ACCOUNT_URL );
426 }
427
428
429
430
431
432
433 public static String getLostPasswordUrl( )
434 {
435 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_LOST_PASSWORD_URL );
436 }
437
438
439
440
441
442
443 public static String getLostLoginUrl( )
444 {
445 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_LOST_LOGIN_URL );
446 }
447
448
449
450
451
452
453 public static String getResetPasswordUrl( )
454 {
455 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_RESET_PASSWORD_URL );
456 }
457
458
459
460
461
462
463 public static String getMessageResetPasswordUrl( )
464 {
465 return JSP_URL_GET_RESET_PASSWORD_PAGE;
466 }
467
468
469
470
471
472
473 public static String getDefaultRedirectUrl( )
474 {
475 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL );
476 }
477
478
479
480
481
482
483 public static String getAccessDeniedUrl( )
484 {
485 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_ACCESS_DENIED_URL );
486 }
487
488
489
490
491
492
493 public static String getLoginPageUrl( )
494 {
495 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_LOGIN_PAGE_URL );
496 }
497
498
499
500
501
502
503 public static String getReinitPageUrl( )
504 {
505 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_REINIT_PASSWORD_URL );
506 }
507
508
509
510
511
512
513
514
515 public String doLogout( HttpServletRequest request )
516 {
517 SecurityService.getInstance( ).logoutUser( request );
518
519 return getDefaultRedirectUrl( );
520 }
521
522
523
524
525
526
527
528
529
530
531 private XPage getModifyAccountPage( XPage page, HttpServletRequest request ) throws UserNotSignedException
532 {
533 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
534 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
535 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
536 String strEmail = request.getParameter( PARAMETER_EMAIL );
537 String strSuccess = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
538 String strValidationEmail = request.getParameter( PARAMETER_ACTION_VALIDATION_EMAIL );
539 String strValidationSuccess = request.getParameter( PARAMETER_ACTION_VALIDATION_SUCCESS );
540
541 Map<String, Object> model = new HashMap<>( );
542 LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
543
544 if ( luteceUser == null )
545 {
546 throw new UserNotSignedException( );
547 }
548
549 DatabaseUser user = getRemoteUser( request );
550
551 if ( user == null )
552 {
553 return null;
554 }
555
556 if ( strLastName != null )
557 {
558 user.setLastName( strLastName );
559 }
560
561 if ( strFirstName != null )
562 {
563 user.setFirstName( strFirstName );
564 }
565
566 if ( strEmail != null )
567 {
568 user.setEmail( strEmail );
569 }
570
571 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
572 model.put( MARK_ERROR_CODE, strErrorCode );
573 model.put( MARK_USER, user );
574 model.put( MARK_ACTION_SUCCESSFUL, strSuccess );
575 model.put( MARK_ACTION_VALIDATION_EMAIL, strValidationEmail );
576 model.put( MARK_ACTION_VALIDATION_SUCCESS, strValidationSuccess );
577 model.put( MARK_SHOW_INPUT_EMAIL, !_userFactory.isEmailUsedAsLogin( ) );
578 model.put( MARK_PASSWORD_FORMAT_MESSAGE, SecurityUtils.getMessageFrontPasswordFormat( _locale, _userParamService, _plugin ) );
579
580 if ( StringUtils.equals( strErrorCode, ERROR_PASSWORD_MINIMUM_LENGTH ) )
581 {
582 Object [ ] param = {
583 _userParamService.findByKey( MARK_PASSWORD_MINIMUM_LENGTH, _plugin ).getName( )
584 };
585 model.put( MARK_PASSWORD_MINIMUM_LENGTH, I18nService.getLocalizedString( MESSAGE_MINIMUM_PASSWORD_LENGTH, param, _locale ) );
586 }
587
588 if ( _userParamService.isJcaptchaEnable( _plugin ) )
589 {
590 model.put( MARK_JCAPTCHA, _captchaService.getHtmlCode( ) );
591 }
592
593 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_MODIFY_ACCOUNT_PAGE, _locale, model );
594 page.setContent( t.getHtml( ) );
595 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_MODIFY_ACCOUNT_LABEL, _locale ) );
596 page.setTitle( I18nService.getLocalizedString( PROPERTY_MODIFY_ACCOUNT_TITLE, _locale ) );
597
598 return page;
599
600 }
601
602
603
604
605
606
607
608
609
610
611 private XPage getViewAccountPage( XPage page, HttpServletRequest request ) throws UserNotSignedException
612 {
613 Map<String, Object> model = new HashMap<>( );
614 LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
615
616 if ( luteceUser == null )
617 {
618 throw new UserNotSignedException( );
619 }
620
621 DatabaseUser user = getRemoteUser( request );
622
623 if ( user == null )
624 {
625 return null;
626 }
627
628 model.put( MARK_USER, user );
629 model.put( MARK_ROLES, luteceUser.getRoles( ) );
630 model.put( MARK_GROUPS, luteceUser.getGroups( ) );
631 model.put( MARK_SHOW_INPUT_LOGIN, !_userFactory.isEmailUsedAsLogin( ) );
632
633 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_VIEW_ACCOUNT_PAGE, _locale, model );
634 page.setContent( t.getHtml( ) );
635 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_VIEW_ACCOUNT_LABEL, _locale ) );
636 page.setTitle( I18nService.getLocalizedString( PROPERTY_VIEW_ACCOUNT_TITLE, _locale ) );
637
638 return page;
639 }
640
641
642
643
644
645
646
647
648
649
650 private XPage getCreateAccountPage( XPage page, HttpServletRequest request )
651 {
652 Map<String, Object> model = new HashMap<>( );
653 DatabaseUser user = _userFactory.newDatabaseUser( );
654
655 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
656 String strLogin = request.getParameter( PARAMETER_LOGIN );
657 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
658 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
659 String strEmail = request.getParameter( PARAMETER_EMAIL );
660 String strSuccess = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
661 String strValidationEmail = request.getParameter( PARAMETER_ACTION_VALIDATION_EMAIL );
662 String strValidationSuccess = request.getParameter( PARAMETER_ACTION_VALIDATION_SUCCESS );
663
664 if ( StringUtils.isNotBlank( strLogin ) )
665 {
666 user.setLogin( strLogin );
667 }
668
669 if ( StringUtils.isNotBlank( strLastName ) )
670 {
671 user.setLastName( strLastName );
672 }
673
674 if ( StringUtils.isNotBlank( strFirstName ) )
675 {
676 user.setFirstName( strFirstName );
677 }
678
679 if ( StringUtils.isNotBlank( strEmail ) )
680 {
681 user.setEmail( strEmail );
682 }
683
684 Plugin myLutecePlugin = PluginService.getPlugin( MyLutecePlugin.PLUGIN_NAME );
685
686
687 List<IAttribute> listAttributes = AttributeHome.findAll( _locale, myLutecePlugin );
688
689 for ( IAttribute attribute : listAttributes )
690 {
691 List<AttributeField> listAttributeFields = AttributeFieldHome.selectAttributeFieldsByIdAttribute( attribute.getIdAttribute( ), myLutecePlugin );
692 attribute.setListAttributeFields( listAttributeFields );
693 }
694
695 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
696 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
697 model.put( MARK_ERROR_CODE, strErrorCode );
698 model.put( MARK_USER, user );
699 model.put( MARK_ACTION_SUCCESSFUL, strSuccess );
700 model.put( MARK_ACTION_VALIDATION_EMAIL, strValidationEmail );
701 model.put( MARK_ACTION_VALIDATION_SUCCESS, strValidationSuccess );
702 model.put( MARK_SHOW_INPUT_LOGIN, !_userFactory.isEmailUsedAsLogin( ) );
703 model.put( MARK_PASSWORD_FORMAT_MESSAGE, SecurityUtils.getMessageFrontPasswordFormat( _locale, _userParamService, _plugin ) );
704
705 if ( StringUtils.equals( strErrorCode, ERROR_PASSWORD_MINIMUM_LENGTH ) )
706 {
707 Object [ ] param = {
708 _userParamService.findByKey( MARK_PASSWORD_MINIMUM_LENGTH, _plugin ).getName( )
709 };
710 model.put( MARK_PASSWORD_MINIMUM_LENGTH, I18nService.getLocalizedString( MESSAGE_MINIMUM_PASSWORD_LENGTH, param, _locale ) );
711 }
712
713 if ( _userParamService.isJcaptchaEnable( _plugin ) )
714 {
715 model.put( MARK_JCAPTCHA, _captchaService.getHtmlCode( ) );
716 }
717
718 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_CREATE_ACCOUNT_PAGE, _locale, model );
719 page.setContent( t.getHtml( ) );
720 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_CREATE_ACCOUNT_LABEL, _locale ) );
721 page.setTitle( I18nService.getLocalizedString( PROPERTY_CREATE_ACCOUNT_TITLE, _locale ) );
722
723 return page;
724 }
725
726
727
728
729
730
731
732
733 public String doCreateAccount( HttpServletRequest request )
734 {
735 Plugin plugin = PluginService.getPlugin( request.getParameter( PARAMETER_PLUGIN_NAME ) );
736 init( request, plugin );
737
738 String strError = StringUtils.EMPTY;
739 String strPassword = request.getParameter( PARAMETER_PASSWORD );
740 String strConfirmation = request.getParameter( PARAMETER_CONFIRMATION_PASSWORD );
741 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
742 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
743 String strEmail = request.getParameter( PARAMETER_EMAIL );
744 String strLogin;
745
746 if ( _userFactory.isEmailUsedAsLogin( ) )
747 {
748 strLogin = strEmail;
749 }
750 else
751 {
752 strLogin = request.getParameter( PARAMETER_LOGIN );
753 }
754
755 if ( StringUtils.isBlank( strLogin ) || StringUtils.isBlank( strPassword ) || StringUtils.isBlank( strConfirmation )
756 || StringUtils.isBlank( strFirstName ) || StringUtils.isBlank( strEmail ) || StringUtils.isBlank( strLastName ) )
757 {
758 strError = ERROR_MANDATORY_FIELDS;
759 }
760
761
762 if ( StringUtils.isBlank( strError ) && !DatabaseUserHome.findDatabaseUsersListForLogin( strLogin, _plugin ).isEmpty( ) )
763 {
764 strError = ERROR_LOGIN_ALREADY_EXISTS;
765 }
766
767
768 if ( StringUtils.isBlank( strError ) && !checkPassword( strPassword, strConfirmation ) )
769 {
770 strError = ERROR_CONFIRMATION_PASSWORD;
771 }
772
773 if ( StringUtils.isBlank( strError ) )
774 {
775 strError = SecurityUtils.checkPasswordForFrontOffice( _userParamService, plugin, strPassword, 0 );
776 }
777
778
779 if ( StringUtils.isBlank( strError )
780 && !StringUtil.checkEmailAndDomainName( strEmail, SecurityUtils.getBannedDomainNames( _userParamService, plugin ) ) )
781 {
782 strError = ERROR_SYNTAX_EMAIL;
783 }
784
785
786 if ( StringUtils.isBlank( strError ) && !checkSendingEmailValidation( ) )
787 {
788 strError = ERROR_SENDING_EMAIL;
789 }
790
791 if ( StringUtils.isBlank( strError ) && _userParamService.isJcaptchaEnable( _plugin ) && !_captchaService.validate( request ) )
792 {
793 strError = ERROR_CAPTCHA;
794 }
795
796 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + getNewAccountUrl( ) );
797 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
798 url.addParameter( PARAMETER_LAST_NAME, strLastName );
799 url.addParameter( PARAMETER_FIRST_NAME, strFirstName );
800 url.addParameter( PARAMETER_EMAIL, strEmail );
801
802 if ( !_userFactory.isEmailUsedAsLogin( ) )
803 {
804 url.addParameter( PARAMETER_LOGIN, strLogin );
805 }
806
807 if ( StringUtils.isBlank( strError ) )
808 {
809 boolean bAccountCreationValidationEmail = _userParamService.isAccountCreationValidationEmail( _plugin );
810 DatabaseUser databaseUser = _userFactory.newDatabaseUser( );
811 databaseUser.setLogin( strLogin );
812 databaseUser.setLastName( strLastName );
813 databaseUser.setFirstName( strFirstName );
814 databaseUser.setEmail( strEmail );
815
816 int nStatus = bAccountCreationValidationEmail ? DatabaseUser.STATUS_NOT_ACTIVATED : DatabaseUser.STATUS_ACTIVATED;
817 databaseUser.setStatus( nStatus );
818 databaseUser = _databaseService.doCreateUser( databaseUser, strPassword, _plugin );
819
820 int nUserId = DatabaseUserHome.findDatabaseUserIdFromLogin( strLogin, _plugin );
821
822 if ( nUserId > 0 )
823 {
824 _databaseService.doInsertNewPasswordInHistory( strPassword, nUserId, plugin );
825 }
826
827 MyLuteceUserFieldService.doCreateUserFields( databaseUser.getUserId( ), request, _locale );
828
829 if ( bAccountCreationValidationEmail )
830 {
831 DatabaseUserKey userKey = _userKeyService.create( databaseUser.getUserId( ) );
832
833 String strName = AppPropertiesService.getProperty( PROPERTY_PORTAL_NAME );
834 String strSender = AppPropertiesService.getProperty( PROPERTY_NOREPLY_EMAIL );
835 String strObject = I18nService.getLocalizedString( PROPERTY_EMAIL_VALIDATION_OBJECT, _locale );
836
837
838 Map<String, Object> model = new HashMap<>( );
839 model.put( MARK_VALIDATION_URL, _userKeyService.getValidationUrl( userKey.getKey( ), request ) );
840 model.put( MARK_SITE_LINK, MailService.getSiteLink( AppPathService.getBaseUrl( request ), true ) );
841
842 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EMAIL_VALIDATION, _locale, model );
843 MailService.sendMailHtml( strEmail, strName, strSender, strObject, template.getHtml( ) );
844 url.addParameter( PARAMETER_ACTION_VALIDATION_EMAIL, getDefaultRedirectUrl( ) );
845 }
846 else
847 {
848 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
849 }
850 }
851 else
852 {
853 url.addParameter( PARAMETER_ERROR_CODE, strError );
854 }
855
856 return url.getUrl( );
857 }
858
859
860
861
862
863
864
865
866 public String doModifyAccount( HttpServletRequest request )
867 {
868 DatabaseUser user = getRemoteUser( request );
869
870 if ( user == null )
871 {
872 return getLoginPageUrl( );
873 }
874 Plugin plugin = PluginService.getPlugin( request.getParameter( PARAMETER_PLUGIN_NAME ) );
875 init( request, plugin );
876
877 String strError = StringUtils.EMPTY;
878 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
879 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
880 String strEmail = request.getParameter( PARAMETER_EMAIL );
881
882 if ( _userParamService.isJcaptchaEnable( _plugin ) && !_captchaService.validate( request ) )
883 {
884 strError = ERROR_CAPTCHA;
885 }
886
887 else
888
889 {
890
891 if ( ( !_userFactory.isEmailUsedAsLogin( ) && StringUtils.isBlank( strEmail ) ) || StringUtils.isBlank( strFirstName )
892 || StringUtils.isBlank( strEmail ) || StringUtils.isBlank( strLastName ) )
893 {
894 strError = ERROR_MANDATORY_FIELDS;
895 }
896
897
898 if ( StringUtils.isBlank( strError ) && ( !_userFactory.isEmailUsedAsLogin( )
899 && !StringUtil.checkEmailAndDomainName( strEmail, SecurityUtils.getBannedDomainNames( _userParamService, plugin ) ) ) )
900 {
901 strError = ERROR_SYNTAX_EMAIL;
902 }
903
904 }
905
906 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + getModifyAccountUrl( ) );
907 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
908 url.addParameter( PARAMETER_LAST_NAME, strLastName );
909 url.addParameter( PARAMETER_FIRST_NAME, strFirstName );
910 url.addParameter( PARAMETER_EMAIL, strEmail );
911
912 if ( StringUtils.isBlank( strError ) )
913 {
914
915 user.setLastName( strLastName );
916 user.setFirstName( strFirstName );
917 user.setEmail( strEmail );
918 _databaseService.doUpdateUser( user, plugin );
919
920 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
921 }
922 else
923 {
924 url.addParameter( PARAMETER_ERROR_CODE, strError );
925 }
926
927 return url.getUrl( );
928 }
929
930
931
932
933
934
935
936
937 public String doValidateAccount( HttpServletRequest request )
938 {
939 Plugin plugin = PluginService.getPlugin( DatabasePlugin.PLUGIN_NAME );
940 init( request, plugin );
941
942 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + getNewAccountUrl( ) );
943 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
944
945 String strKey = request.getParameter( PARAMETER_KEY );
946
947 if ( StringUtils.isNotBlank( strKey ) )
948 {
949 DatabaseUserKey userKey = _userKeyService.findByPrimaryKey( strKey );
950
951 if ( userKey != null )
952 {
953 DatabaseUser databaseUser = DatabaseUserHome.findByPrimaryKey( userKey.getUserId( ), _plugin );
954
955 if ( databaseUser != null )
956 {
957 databaseUser.setStatus( DatabaseUser.STATUS_ACTIVATED );
958 _databaseService.doUpdateUser( databaseUser, _plugin );
959 _userKeyService.remove( strKey );
960 url.addParameter( PARAMETER_ACTION_VALIDATION_SUCCESS, getDefaultRedirectUrl( ) );
961
962 if ( _userParamService.isAutoLoginAfterValidationEmail( plugin ) )
963 {
964 DatabaseService.getService( ).doAutoLoginDatabaseUser( request, databaseUser, plugin );
965 }
966 }
967 }
968 }
969
970 return url.getUrl( );
971 }
972
973
974
975
976
977
978
979
980
981
982
983
984 public XPage getReinitPasswordPage( XPage page, HttpServletRequest request ) throws SiteMessageException
985 {
986 String strActionSuccess = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
987
988 if ( StringUtils.isNotBlank( strActionSuccess ) )
989 {
990 SiteMessageService.setMessage( request, MESSAGE_REINIT_PASSWORD_SUCCESS, SiteMessage.TYPE_INFO,
991 AppPathService.getBaseUrl( request ) + strActionSuccess );
992 }
993
994 String strKey = request.getParameter( PARAMETER_KEY );
995 DatabaseUserKey key = null;
996
997 if ( StringUtils.isNotBlank( strKey ) )
998 {
999 key = _userKeyService.findByPrimaryKey( strKey );
1000 }
1001
1002 LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
1003
1004 if ( key == null )
1005 {
1006 key = _userKeyService.findKeyByLogin( luteceUser.getName( ) );
1007 }
1008
1009
1010 if ( ( key == null ) && _databaseService.mustUserChangePassword( luteceUser, _plugin ) )
1011 {
1012 DatabaseUser user = getRemoteUser( request );
1013 key = _userKeyService.create( user.getUserId( ) );
1014 }
1015
1016 if ( key != null )
1017 {
1018 strKey = key.getKey( );
1019
1020 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
1021 Map<String, Object> model = new HashMap<>( );
1022 model.put( MARK_ERROR_CODE, strErrorCode );
1023
1024 if ( StringUtils.equals( strErrorCode, ERROR_PASSWORD_MINIMUM_LENGTH ) )
1025 {
1026 Object [ ] param = {
1027 _userParamService.findByKey( MARK_PASSWORD_MINIMUM_LENGTH, _plugin ).getName( )
1028 };
1029 model.put( MARK_PASSWORD_MINIMUM_LENGTH, I18nService.getLocalizedString( MESSAGE_MINIMUM_PASSWORD_LENGTH, param, _locale ) );
1030 }
1031 model.put( MARK_PASSWORD_FORMAT_MESSAGE, SecurityUtils.getMessageFrontPasswordFormat( _locale, _userParamService, _plugin ) );
1032 model.put( MARK_KEY, strKey );
1033 model.put( MARK_ACTION_SUCCESSFUL, request.getParameter( PARAMETER_ACTION_SUCCESSFUL ) );
1034
1035 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_REINIT_PASSWORD_PAGE, _locale, model );
1036 page.setContent( t.getHtml( ) );
1037 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_REINIT_PASSWORD_LABEL, _locale ) );
1038 page.setTitle( I18nService.getLocalizedString( PROPERTY_REINIT_PASSWORD_TITLE, _locale ) );
1039 }
1040 else
1041 {
1042 SiteMessageService.setMessage( request, Messages.USER_ACCESS_DENIED, SiteMessage.TYPE_STOP,
1043 AppPathService.getBaseUrl( request ) + getDefaultRedirectUrl( ) );
1044 }
1045
1046 return page;
1047 }
1048
1049
1050
1051
1052
1053
1054
1055
1056 public String doReinitPassword( HttpServletRequest request )
1057 {
1058 Plugin plugin = PluginService.getPlugin( DatabasePlugin.PLUGIN_NAME );
1059 init( request, plugin );
1060
1061 String strKey = request.getParameter( PARAMETER_KEY );
1062
1063 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + getReinitPageUrl( ) );
1064 url.addParameter( PARAMETER_KEY, strKey );
1065
1066 if ( StringUtils.isNotBlank( strKey ) )
1067 {
1068 DatabaseUserKey userKey = _userKeyService.findByPrimaryKey( strKey );
1069
1070 if ( userKey != null )
1071 {
1072 DatabaseUser databaseUser = DatabaseUserHome.findByPrimaryKey( userKey.getUserId( ), _plugin );
1073
1074 if ( databaseUser != null )
1075 {
1076 String strPassword = request.getParameter( PARAMETER_PASSWORD );
1077 String strConfirmationPassword = request.getParameter( PARAMETER_CONFIRMATION_PASSWORD );
1078
1079 if ( !( StringUtils.isNotBlank( strPassword ) && StringUtils.isNotBlank( strConfirmationPassword )
1080 && strPassword.equals( strConfirmationPassword ) ) )
1081 {
1082 url.addParameter( PARAMETER_ERROR_CODE, ERROR_CONFIRMATION_PASSWORD );
1083
1084 return url.getUrl( );
1085 }
1086
1087 String strErrorCode = SecurityUtils.checkPasswordForFrontOffice( _userParamService, plugin, strPassword, userKey.getUserId( ) );
1088
1089 if ( StringUtils.isBlank( strErrorCode ) )
1090 {
1091 strErrorCode = checkPasswordHistory( strPassword, userKey.getUserId( ), plugin );
1092 }
1093
1094 if ( strErrorCode != null )
1095 {
1096 url.addParameter( PARAMETER_ERROR_CODE, strErrorCode );
1097
1098 return url.getUrl( );
1099 }
1100
1101 _databaseService.doModifyPassword( databaseUser, strPassword, _plugin );
1102 _databaseService.doModifyResetPassword( databaseUser, Boolean.FALSE, _plugin );
1103 _databaseService.doInsertNewPasswordInHistory( strPassword, databaseUser.getUserId( ), plugin );
1104 _userKeyService.remove( userKey.getKey( ) );
1105 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
1106 }
1107 }
1108 }
1109
1110 return url.getUrl( );
1111 }
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124 private String checkPasswordHistory( String strPassword, int nUserId, Plugin plugin )
1125 {
1126 int nPasswordHistorySize = SecurityUtils.getIntegerSecurityParameter( _userParamService, plugin, MARK_PASSWORD_HISTORY_SIZE );
1127
1128 if ( nPasswordHistorySize > 0 )
1129 {
1130 List<IPassword> passwordHistory = DatabaseUserHome.selectUserPasswordHistory( nUserId, plugin );
1131
1132 if ( nPasswordHistorySize < passwordHistory.size( ) )
1133 {
1134 passwordHistory = passwordHistory.subList( 0, nPasswordHistorySize );
1135 }
1136
1137 boolean passwordFound = false;
1138 for ( IPassword password : passwordHistory )
1139 {
1140 if ( password.check( strPassword ) )
1141 {
1142 passwordFound = true;
1143 break;
1144 }
1145 }
1146 if ( passwordFound )
1147 {
1148 return ERROR_PASSWORD_ALREADY_USED;
1149 }
1150 }
1151 return null;
1152 }
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163 private XPage getLostPasswordPage( XPage page, HttpServletRequest request )
1164 {
1165 Map<String, Object> model = new HashMap<>( );
1166 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
1167 String strStateSending = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
1168 String strEmail = request.getParameter( PARAMETER_EMAIL );
1169
1170 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
1171 model.put( MARK_ERROR_CODE, strErrorCode );
1172 model.put( MARK_ACTION_SUCCESSFUL, strStateSending );
1173 model.put( MARK_EMAIL, strEmail );
1174
1175 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_LOST_PASSWORD_PAGE, _locale, model );
1176 page.setContent( t.getHtml( ) );
1177 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_LOST_PASSWORD_LABEL, _locale ) );
1178 page.setTitle( I18nService.getLocalizedString( PROPERTY_LOST_PASSWORD_TITLE, _locale ) );
1179
1180 return page;
1181 }
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192 private XPage getLostLoginPage( XPage page, HttpServletRequest request )
1193 {
1194 Map<String, Object> model = new HashMap<>( );
1195 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
1196 String strStateSending = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
1197 String strEmail = request.getParameter( PARAMETER_EMAIL );
1198
1199 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
1200 model.put( MARK_ERROR_CODE, strErrorCode );
1201 model.put( MARK_ACTION_SUCCESSFUL, strStateSending );
1202 model.put( MARK_EMAIL, strEmail );
1203
1204 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_LOST_LOGIN_PAGE, _locale, model );
1205 page.setContent( t.getHtml( ) );
1206 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_LOST_LOGIN_LABEL, _locale ) );
1207 page.setTitle( I18nService.getLocalizedString( PROPERTY_LOST_LOGIN_TITLE, _locale ) );
1208
1209 return page;
1210 }
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221 private XPage getChangePasswordPage( XPage page, HttpServletRequest request )
1222 {
1223 Map<String, Object> model = new HashMap<>( );
1224 String strErrorCode = request.getParameter( PARAMETER_ERROR_CODE );
1225 String strSuccess = request.getParameter( PARAMETER_ACTION_SUCCESSFUL );
1226
1227 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
1228 model.put( MARK_ERROR_CODE, strErrorCode );
1229 model.put( MARK_ACTION_SUCCESSFUL, strSuccess );
1230
1231 if ( StringUtils.equals( strErrorCode, ERROR_PASSWORD_MINIMUM_LENGTH ) )
1232 {
1233 Object [ ] param = {
1234 _userParamService.findByKey( MARK_PASSWORD_MINIMUM_LENGTH, _plugin ).getName( )
1235 };
1236 model.put( MARK_PASSWORD_MINIMUM_LENGTH, I18nService.getLocalizedString( MESSAGE_MINIMUM_PASSWORD_LENGTH, param, _locale ) );
1237 }
1238
1239 HtmlTemplate t = AppTemplateService.getTemplate( TEMPLATE_CHANGE_PASSWORD_PAGE, _locale, model );
1240 page.setContent( t.getHtml( ) );
1241 page.setPathLabel( I18nService.getLocalizedString( PROPERTY_CHANGE_PASSWORD_LABEL, _locale ) );
1242 page.setTitle( I18nService.getLocalizedString( PROPERTY_CHANGE_PASSWORD_TITLE, _locale ) );
1243
1244 return page;
1245 }
1246
1247
1248
1249
1250
1251
1252
1253
1254 public String doChangePassword( HttpServletRequest request )
1255 {
1256 Plugin plugin = PluginService.getPlugin( request.getParameter( PARAMETER_PLUGIN_NAME ) );
1257 init( request, plugin );
1258
1259 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + getChangePasswordUrl( ) );
1260 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
1261
1262 String strError = StringUtils.EMPTY;
1263 DatabaseUser user = getRemoteUser( request );
1264 String strOldPassword = request.getParameter( PARAMETER_OLD_PASSWORD );
1265 String strNewPassword = request.getParameter( PARAMETER_NEW_PASSWORD );
1266 String strConfirmationPassword = request.getParameter( PARAMETER_CONFIRMATION_PASSWORD );
1267
1268 if ( ( user == null ) )
1269 {
1270 return AppPathService.getBaseUrl( request );
1271 }
1272
1273 if ( StringUtils.isBlank( strOldPassword ) || StringUtils.isBlank( strNewPassword ) || StringUtils.isBlank( strConfirmationPassword ) )
1274 {
1275 strError = ERROR_MANDATORY_FIELDS;
1276 }
1277
1278 if ( StringUtils.isBlank( strError ) && !_databaseService.checkPassword( user.getLogin( ), strOldPassword, _plugin ) )
1279 {
1280 strError = ERROR_OLD_PASSWORD;
1281 }
1282
1283 if ( StringUtils.isBlank( strError ) && !checkPassword( strNewPassword, strConfirmationPassword ) )
1284 {
1285 strError = ERROR_CONFIRMATION_PASSWORD;
1286 }
1287
1288 if ( StringUtils.isBlank( strError ) && strNewPassword.equals( strOldPassword ) )
1289 {
1290 strError = ERROR_SAME_PASSWORD;
1291 }
1292
1293 if ( StringUtils.isBlank( strError ) )
1294 {
1295 strError = SecurityUtils.checkPasswordForFrontOffice( _userParamService, plugin, strNewPassword, user.getUserId( ) );
1296 }
1297
1298 if ( StringUtils.isBlank( strError ) )
1299 {
1300 strError = checkPasswordHistory( strNewPassword, user.getUserId( ), plugin );
1301 }
1302
1303 if ( StringUtils.isBlank( strError ) )
1304 {
1305 _databaseService.doModifyPassword( user, strNewPassword, _plugin );
1306 _databaseService.doInsertNewPasswordInHistory( strNewPassword, user.getUserId( ), plugin );
1307 _databaseService.doModifyResetPassword( user, false, _plugin );
1308
1309 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
1310 }
1311 else
1312 {
1313 url.addParameter( PARAMETER_ERROR_CODE, strError );
1314 }
1315
1316 return url.getUrl( );
1317 }
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328 private boolean checkPassword( String strPassword, String strConfirmation )
1329 {
1330 boolean bIsPasswordCorrect = false;
1331
1332 if ( StringUtils.isNotBlank( strPassword ) && StringUtils.isNotBlank( strConfirmation ) && strPassword.equals( strConfirmation ) )
1333 {
1334 bIsPasswordCorrect = true;
1335 }
1336
1337 return bIsPasswordCorrect;
1338 }
1339
1340
1341
1342
1343
1344
1345
1346
1347 public String doSendPassword( HttpServletRequest request )
1348 {
1349 Plugin plugin = PluginService.getPlugin( request.getParameter( PARAMETER_PLUGIN_NAME ) );
1350 init( request, plugin );
1351
1352 String strError = null;
1353 UrlItem url = null;
1354 Collection<DatabaseUser> listUser = null;
1355
1356 String strEmail = request.getParameter( PARAMETER_EMAIL );
1357 url = new UrlItem( AppPathService.getBaseUrl( request ) + getLostPasswordUrl( ) );
1358 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
1359 url.addParameter( PARAMETER_EMAIL, strEmail );
1360
1361
1362 if ( StringUtils.isBlank( strEmail ) )
1363 {
1364 strError = ERROR_MANDATORY_FIELDS;
1365 }
1366
1367
1368 if ( StringUtils.isBlank( strError ) && !StringUtil.checkEmail( strEmail ) )
1369 {
1370 strError = ERROR_SYNTAX_EMAIL;
1371 }
1372
1373 listUser = DatabaseUserHome.findDatabaseUsersListForEmail( strEmail, _plugin );
1374
1375 if ( StringUtils.isBlank( strError ) && CollectionUtils.isEmpty( listUser ) )
1376 {
1377 strError = ERROR_UNKNOWN_EMAIL;
1378 }
1379
1380 if ( !checkSendingPasswordEmail( ) )
1381 {
1382 strError = ERROR_SENDING_EMAIL;
1383 }
1384
1385 if ( StringUtils.isBlank( strError ) )
1386 {
1387 for ( DatabaseUser user : listUser )
1388 {
1389 if ( user.isActive( ) )
1390 {
1391
1392 String strPassword = SecurityUtils.makePassword( _userParamService, _plugin );
1393
1394
1395 String strEncryptedPassword = strPassword;
1396
1397 _databaseService.doModifyPassword( user, strEncryptedPassword, _plugin );
1398
1399 if ( SecurityUtils.getBooleanSecurityParameter( _userParamService, plugin, PARAMETER_FORCE_CHANGE_PASSWORD_REINIT ) )
1400 {
1401 _databaseService.doModifyResetPassword( user, Boolean.TRUE, _plugin );
1402 }
1403
1404 DatabaseUserHome.update( user, _plugin );
1405
1406 String strHost = AppPropertiesService.getProperty( PROPERTY_MAIL_HOST );
1407
1408 if ( StringUtils.isBlank( strError ) && StringUtils.isBlank( strHost ) )
1409 {
1410 strError = ERROR_SENDING_EMAIL;
1411 }
1412 else
1413 {
1414 HashMap<String, Object> model = new HashMap<>( );
1415 model.put( PARAMETER_NEW_PASSWORD, strPassword );
1416 model.put( MARK_SITE_LINK, MailService.getSiteLink( AppPathService.getBaseUrl( request ), true ) );
1417
1418 DatabaseUserKey key = _userKeyService.create( user.getUserId( ) );
1419 model.put( MARK_REINIT_URL, _userKeyService.getReinitUrl( key.getKey( ), request ) );
1420
1421 HtmlTemplate template = AppTemplateService
1422 .getTemplateFromStringFtl( DatabaseTemplateService.getTemplateFromKey( PROPERTY_DATABASE_MAIL_LOST_PASSWORD ), _locale, model );
1423
1424 ReferenceItem referenceItem = _userParamService.findByKey( PARAMETER_MAIL_LOST_PASSWORD_SENDER, plugin );
1425 String strSender = ( referenceItem == null ) ? StringUtils.EMPTY : referenceItem.getName( );
1426
1427 referenceItem = _userParamService.findByKey( PARAMETER_MAIL_LOST_PASSWORD_SUBJECT, plugin );
1428
1429 String strSubject = ( referenceItem == null ) ? StringUtils.EMPTY : referenceItem.getName( );
1430
1431 MailService.sendMailHtml( strEmail, PROPERTY_NO_REPLY_EMAIL, strSender, strSubject, template.getHtml( ) );
1432 }
1433 }
1434 }
1435
1436 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
1437 }
1438 else
1439 {
1440 url.addParameter( PARAMETER_ERROR_CODE, strError );
1441 }
1442
1443 return url.getUrl( );
1444 }
1445
1446
1447
1448
1449
1450
1451
1452
1453 public String doSendLogin( HttpServletRequest request )
1454 {
1455 Plugin plugin = PluginService.getPlugin( request.getParameter( PARAMETER_PLUGIN_NAME ) );
1456 init( request, plugin );
1457
1458 String strError = null;
1459 UrlItem url = null;
1460 Collection<DatabaseUser> listUser = null;
1461
1462 String strEmail = request.getParameter( PARAMETER_EMAIL );
1463 url = new UrlItem( AppPathService.getBaseUrl( request ) + getLostLoginUrl( ) );
1464 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
1465 url.addParameter( PARAMETER_EMAIL, strEmail );
1466
1467
1468 if ( StringUtils.isBlank( strEmail ) )
1469 {
1470 strError = ERROR_MANDATORY_FIELDS;
1471 }
1472
1473
1474 if ( StringUtils.isBlank( strError ) && !StringUtil.checkEmail( strEmail ) )
1475 {
1476 strError = ERROR_SYNTAX_EMAIL;
1477 }
1478
1479 listUser = DatabaseUserHome.findDatabaseUsersListForEmail( strEmail, _plugin );
1480
1481 if ( StringUtils.isBlank( strError ) && CollectionUtils.isEmpty( listUser ) )
1482 {
1483 strError = ERROR_UNKNOWN_EMAIL;
1484 }
1485
1486 if ( !checkSendingEmail( PROPERTY_EMAIL_OBJECT_LOST_LOGIN ) )
1487 {
1488 strError = ERROR_SENDING_EMAIL;
1489 }
1490
1491 if ( StringUtils.isBlank( strError ) )
1492 {
1493 for ( DatabaseUser user : listUser )
1494 {
1495 if ( user.isActive( ) )
1496 {
1497 String strHost = AppPropertiesService.getProperty( PROPERTY_MAIL_HOST );
1498 String strSender = AppPropertiesService.getProperty( PROPERTY_NOREPLY_EMAIL );
1499 String strObject = I18nService.getLocalizedString( PROPERTY_EMAIL_OBJECT_LOST_LOGIN, _locale );
1500
1501 if ( StringUtils.isBlank( strError )
1502 && ( StringUtils.isBlank( strHost ) || StringUtils.isBlank( strSender ) || StringUtils.isBlank( strObject ) ) )
1503 {
1504 strError = ERROR_SENDING_EMAIL;
1505 }
1506 else
1507 {
1508 HashMap<String, Object> model = new HashMap<>( );
1509 model.put( MARK_LOGIN, user.getLogin( ) );
1510 model.put( MARK_SITE_LINK, MailService.getSiteLink( AppPathService.getBaseUrl( request ), true ) );
1511 model.put( MARK_LOGIN_URL, AppPathService.getBaseUrl( request ) + JSP_URL_MYLUTECE_LOGIN );
1512
1513 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EMAIL_LOST_LOGIN, _locale, model );
1514 MailService.sendMailHtml( strEmail, strSender, strSender, strObject, template.getHtml( ) );
1515 }
1516 }
1517 }
1518
1519 url.addParameter( PARAMETER_ACTION_SUCCESSFUL, getDefaultRedirectUrl( ) );
1520 }
1521 else
1522 {
1523 url.addParameter( PARAMETER_ERROR_CODE, strError );
1524 }
1525
1526 return url.getUrl( );
1527 }
1528
1529
1530
1531
1532
1533
1534 public static String getAccessDeniedTemplate( )
1535 {
1536 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_TEMPLATE_ACCESS_DENIED );
1537 }
1538
1539
1540
1541
1542
1543
1544 public static String getAccessControledTemplate( )
1545 {
1546 return AppPropertiesService.getProperty( PROPERTY_MYLUTECE_TEMPLATE_ACCESS_CONTROLED );
1547 }
1548
1549
1550
1551
1552
1553
1554
1555
1556 private DatabaseUser getRemoteUser( HttpServletRequest request )
1557 {
1558 LuteceUser luteceUser = SecurityService.getInstance( ).getRegisteredUser( request );
1559
1560 if ( luteceUser == null )
1561 {
1562 return null;
1563 }
1564
1565 Collection<DatabaseUser> listUsers = DatabaseUserHome.findDatabaseUsersListForLogin( luteceUser.getName( ), _plugin );
1566
1567 if ( listUsers.size( ) != 1 )
1568 {
1569 return null;
1570 }
1571
1572 return listUsers.iterator( ).next( );
1573 }
1574
1575
1576
1577
1578
1579
1580 private boolean checkSendingEmailValidation( )
1581 {
1582 boolean bIsCorrect = false;
1583 boolean bAccountCreationValidationEmail = _userParamService.isAccountCreationValidationEmail( _plugin );
1584
1585 if ( bAccountCreationValidationEmail )
1586 {
1587 bIsCorrect = checkSendingEmail( PROPERTY_EMAIL_VALIDATION_OBJECT );
1588 }
1589 else
1590 {
1591 bIsCorrect = true;
1592 }
1593
1594 return bIsCorrect;
1595 }
1596
1597
1598
1599
1600
1601
1602 private boolean checkSendingPasswordEmail( )
1603 {
1604 return checkSendingEmail( PROPERTY_EMAIL_OBJECT );
1605 }
1606
1607
1608
1609
1610
1611
1612
1613
1614 private boolean checkSendingEmail( String strPropertyObject )
1615 {
1616 boolean bIsCorrect = false;
1617 String strName = AppPropertiesService.getProperty( PROPERTY_PORTAL_NAME );
1618 String strSender = AppPropertiesService.getProperty( PROPERTY_NOREPLY_EMAIL );
1619 String strObject = I18nService.getLocalizedString( strPropertyObject, _locale );
1620
1621 if ( StringUtils.isNotBlank( strName ) && StringUtils.isNotBlank( strSender ) && StringUtils.isNotBlank( strObject ) )
1622 {
1623 bIsCorrect = true;
1624 }
1625
1626 return bIsCorrect;
1627 }
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637 public void reactivateAccount( HttpServletRequest request ) throws SiteMessageException
1638 {
1639 String strUserId = request.getParameter( MARK_USER_ID );
1640 String strRef = request.getParameter( MARK_REF );
1641
1642 int nUserId = -1;
1643
1644 if ( ( strUserId != null ) && StringUtils.isNotBlank( strUserId ) )
1645 {
1646 try
1647 {
1648 nUserId = Integer.parseInt( strUserId );
1649 }
1650 catch( NumberFormatException e )
1651 {
1652 nUserId = -1;
1653 }
1654 }
1655
1656 if ( ( nUserId < 0 ) || StringUtils.isEmpty( strRef ) )
1657 {
1658 SiteMessageService.setMessage( request, PROPERTY_NO_USER_SELECTED, null, PROPERTY_MESSAGE_LABEL_ERROR,
1659 AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL ), null, SiteMessage.TYPE_ERROR );
1660 }
1661 else
1662 {
1663 DatabaseUser user = DatabaseUserHome.findByPrimaryKey( nUserId, _plugin );
1664
1665 if ( ( user == null ) || ( user.getAccountMaxValidDate( ) == null )
1666 || !StringUtils.equals( CryptoService.encrypt( Long.toString( user.getAccountMaxValidDate( ).getTime( ) ),
1667 AppPropertiesService.getProperty( PROPERTY_ACCOUNT_REF_ENCRYPT_ALGO ) ), strRef ) )
1668 {
1669 SiteMessageService.setMessage( request, PROPERTY_NO_USER_SELECTED, null, PROPERTY_MESSAGE_LABEL_ERROR,
1670 AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL ), null, SiteMessage.TYPE_ERROR );
1671 }
1672
1673 int nbDaysBeforeFirstAlert = SecurityUtils.getIntegerSecurityParameter( _userParamService, _plugin, PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
1674 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
1675
1676
1677 if ( user.getAccountMaxValidDate( ) != null )
1678 {
1679 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < DatabaseUser.STATUS_EXPIRED ) )
1680 {
1681 _databaseService.updateUserExpirationDate( nUserId, _plugin );
1682 }
1683
1684 SiteMessageService.setMessage( request, PROPERTY_ACCOUNT_REACTIVATED, null, PROPERTY_ACCOUNT_REACTIVATED_TITLE,
1685 AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL ), null, SiteMessage.TYPE_INFO );
1686 }
1687 }
1688
1689 SiteMessageService.setMessage( request, PROPERTY_ERROR_NO_ACCOUNT_TO_REACTIVATE, null, PROPERTY_MESSAGE_LABEL_ERROR,
1690 AppPropertiesService.getProperty( PROPERTY_MYLUTECE_DEFAULT_REDIRECT_URL ), null, SiteMessage.TYPE_ERROR );
1691 }
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701 public void getMessageResetPassword( HttpServletRequest request ) throws SiteMessageException
1702 {
1703 SiteMessageService.setMessage( request, MESSAGE_MUST_CHANGE_PASSWORD, null, MESSAGE_PASSWORD_EXPIRED, getResetPasswordUrl( ), null,
1704 SiteMessage.TYPE_INFO );
1705 }
1706
1707
1708
1709
1710
1711
1712
1713 private void deleteAccount( HttpServletRequest request )
1714 {
1715
1716 DatabaseUser user = getRemoteUser( request );
1717 if ( user == null )
1718 {
1719 return;
1720 }
1721
1722 DatabaseUserHome.remove( user, PluginService.getPlugin( MyLutecePlugin.PLUGIN_NAME ) );
1723 DatabaseHome.removeGroupsForUser( user.getUserId( ), _plugin );
1724 DatabaseHome.removeRolesForUser( user.getUserId( ), _plugin );
1725 MyLuteceUserFieldService.doRemoveUserFields( user.getUserId( ), request, request.getLocale( ) );
1726 DatabaseUserKeyService.getService( ).removeByIdUser( user.getUserId( ) );
1727 SecurityService.getInstance( ).logoutUser( request );
1728 }
1729 }