All Downloads are FREE. Search and download functionalities are using the official Maven repository.

net.anotheria.anosite.cms.action.ChangePassAction Maven / Gradle / Ivy

The newest version!
package net.anotheria.anosite.cms.action;

import net.anotheria.anosite.cms.user.CMSUserManager;
import net.anotheria.maf.action.ActionCommand;
import net.anotheria.maf.action.ActionMapping;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * @author vbezuhlyi
 * @see LoginAction
 * @see CMSUserManager
 */
public class ChangePassAction extends BaseAction {

    private static final String LOGIN_PAGE_PATH = "/cms/login";
    private static final String INDEX_PAGE_PATH = "/cms/index";

    private static final String P_IS_SUBMIT = "pIsSubmit";
    private static final String P_OLD_PASS = "pOldPass";
    private static final String P_NEW_PASS_1 = "pNewPass1";
    private static final String P_NEW_PASS_2 = "pNewPass2";

    private static final String BEAN_CHANGE_PASS_PAGE_MESSAGE = "Message";
    private static final String BEAN_USER_DEF_ID = "currentUserDefId";


    @Override
    public ActionCommand execute(ActionMapping mapping, HttpServletRequest req, HttpServletResponse res) throws Exception {

        /* page is just opened (it's not submit) */
        String userId = (String)getBeanFromSession(req, BEAN_USER_DEF_ID);
        String login = CMSUserManager.getLoginById(userId);

        if (req.getParameter(P_IS_SUBMIT) == null) {
            /* for case when not logged user goes on ChangePass page directly */
            if (isAuthorizationRequired()){
                boolean authorized = checkAuthorization(req);
                if (!authorized){
                    res.sendRedirect(LOGIN_PAGE_PATH);
                    return null;
                }

                addBeanToRequest(req, BEAN_CHANGE_PASS_PAGE_MESSAGE, "Fill this fields to change password.");
                return mapping.findCommand("success");
            }
        }

        /* so, user have submitted ChangePass form */
        CMSUserManager manager = CMSUserManager.getInstance();
        String oldPass = req.getParameter(P_OLD_PASS);

        if (req.getParameter(P_IS_SUBMIT).equals("true") && manager.canLoginUser(login, oldPass)) {
            String newPass1 = req.getParameter(P_NEW_PASS_1);
            String newPass2 = req.getParameter(P_NEW_PASS_2);

            // new password field is empty
            if (newPass1.isEmpty()) {
                addBeanToRequest(req, BEAN_CHANGE_PASS_PAGE_MESSAGE, "Enter new password, please.");
                return mapping.findCommand("success");
            }

            // new password doesn't match with confirmed one
            if (!newPass1.equals(newPass2)) {
                addBeanToRequest(req, BEAN_CHANGE_PASS_PAGE_MESSAGE, "Entered password doesn't match with confirmed.");
                return mapping.findCommand("success");
            }

            // changing password
            CMSUserManager.changeUserPassword(login, newPass1);

            // scan users to update password (user should be able to login with new password from another browser)
            CMSUserManager.scanUsers();

            // redirect to index page (login with new password first will not be required while session is alive)
            res.sendRedirect(INDEX_PAGE_PATH);
            return null;
        }
        addBeanToRequest(req, BEAN_CHANGE_PASS_PAGE_MESSAGE, "Incorrect current password.");
        return mapping.findCommand("success");
    }


    protected boolean checkAuthorization(HttpServletRequest req){
        String userId = (String)getBeanFromSession(req, BEAN_USER_ID);
        return userId != null;
    }


    protected boolean isAuthorizationRequired(){
        return true;
    }

}

/* TODO:
 * In future it's better to generate ChangePassAction and LoginAction to make it possible to extend them
 * from BaseAnositeAction which class name is generated depending on project name (e.g. BaseAnositeExampleProjectAction),
 * so duplicated attribute BEAN_USER_DEF_ID would be in single place. Thus, creation of cookies and it's reading methods
 * should be moved directly into LoginAction to remove dependency from AccessControlMafAction,
 * that allows to extend LoginAction from BaseAnositeAction.
 */





© 2015 - 2025 Weber Informatics LLC | Privacy Policy