001: package org.tigris.scarab.actions;
002:
003: /* ================================================================
004: * Copyright (c) 2000-2002 CollabNet. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions are
008: * met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in the
015: * documentation and/or other materials provided with the distribution.
016: *
017: * 3. The end-user documentation included with the redistribution, if
018: * any, must include the following acknowlegement: "This product includes
019: * software developed by Collab.Net <http://www.Collab.Net/>."
020: * Alternately, this acknowlegement may appear in the software itself, if
021: * and wherever such third-party acknowlegements normally appear.
022: *
023: * 4. The hosted project names must not be used to endorse or promote
024: * products derived from this software without prior written
025: * permission. For written permission, please contact info@collab.net.
026: *
027: * 5. Products derived from this software may not use the "Tigris" or
028: * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without
029: * prior written permission of Collab.Net.
030: *
031: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034: * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037: * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039: * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042: *
043: * ====================================================================
044: *
045: * This software consists of voluntary contributions made by many
046: * individuals on behalf of Collab.Net.
047: */
048:
049: import java.util.Calendar;
050: import java.util.Locale;
051:
052: // Turbine Stuff
053: import org.apache.turbine.Turbine;
054: import org.apache.turbine.TemplateContext;
055: import org.apache.turbine.RunData;
056: import org.apache.turbine.modules.ContextAdapter;
057:
058: import org.apache.fulcrum.security.TurbineSecurity;
059: import org.apache.turbine.tool.IntakeTool;
060: import org.apache.fulcrum.intake.model.Group;
061: import org.apache.fulcrum.security.util.TurbineSecurityException;
062:
063: // Scarab Stuff
064: import org.tigris.scarab.om.ScarabUser;
065: import org.tigris.scarab.tools.ScarabLocalizationTool;
066: import org.tigris.scarab.tools.localization.L10NKeySet;
067: import org.tigris.scarab.tools.localization.L10NMessage;
068: import org.tigris.scarab.tools.localization.Localizable;
069: import org.tigris.scarab.util.Email;
070: import org.tigris.scarab.util.Log;
071: import org.tigris.scarab.util.PasswordGenerator;
072: import org.tigris.scarab.util.ScarabConstants;
073: import org.tigris.scarab.actions.base.ScarabTemplateAction;
074:
075: /**
076: * This class is responsible for dealing with the Forgot Password
077: * Action.
078: *
079: * @author <a href="mailto:kevin.minshull@bitonic.com">Kevin Minshull</a>
080: */
081: public class ForgotPassword extends ScarabTemplateAction {
082: /**
083: * This manages clicking the Forgot Password button
084: */
085: public void doForgotpassword(RunData data, TemplateContext context)
086: throws Exception {
087: data.setACL(null);
088: IntakeTool intake = getIntakeTool(context);
089: if (intake.isAllValid() && forgotPassword(data, context)) {
090: setTarget(data, "Login.vm");
091: }
092: }
093:
094: /**
095: * This takes care of looking the user up, setting the password to an arbitrary
096: * value and sending the user an email
097: */
098: public boolean forgotPassword(RunData data, TemplateContext context)
099: throws Exception {
100: IntakeTool intake = getIntakeTool(context);
101:
102: Group password = intake.get("ForgotPassword",
103: IntakeTool.DEFAULT_KEY);
104: String username = password.get("Username").toString();
105:
106: ScarabUser user = null;
107: try {
108: user = (ScarabUser) TurbineSecurity.getUser(username);
109:
110: String tempPassword = PasswordGenerator.generate();
111:
112: // first we need to save the user out of the session
113: user.setPasswordExpire(Calendar.getInstance());
114: user.setHasLoggedIn(Boolean.FALSE);
115: data.setUser(user);
116: data.save();
117:
118: // set the password to a temporary value then set the password to
119: // expire now, forcing the user to change their password after login.
120: TurbineSecurity.forcePassword(user, tempPassword);
121:
122: sendNotificationEmail(context, user, tempPassword);
123:
124: // create confirmation message
125: Localizable msg = new L10NMessage(
126: L10NKeySet.PasswordResetMessage, user.getEmail());
127: getScarabRequestTool(context).setConfirmMessage(msg);
128: } catch (TurbineSecurityException e) {
129: Localizable msg = new L10NMessage(
130: L10NKeySet.InvalidUsername, username);
131: getScarabRequestTool(context).setAlertMessage(msg);
132: Log.get().error("ForgotPassword: ", e);
133: setTarget(data, "ForgotPassword.vm");
134: return false;
135: }
136: return true;
137: }
138:
139: /**
140: * Send the a password reset notification to the given user.
141: *
142: * @param context
143: * @param user
144: * @param tempPassword
145: * @throws Exception
146: */
147: public static void sendNotificationEmail(TemplateContext context,
148: ScarabUser user, String tempPassword) throws Exception {
149: // place the password
150: // in the context for use in the email template.
151: context.put("password", tempPassword);
152:
153: Email te = new Email();
154:
155: // Retrieve the charset to be used for the Email.
156: ScarabLocalizationTool l10n = (new ForgotPassword())
157: .getLocalizationTool(context);
158: Locale locale = l10n.getPrimaryLocale();
159: String charset = Email.getCharset(locale);
160: te.setCharset(charset);
161:
162: te.setContext(new ContextAdapter(context));
163: te.setTo(user.getFirstName() + " " + user.getLastName(), user
164: .getEmail());
165: te.setFrom(Turbine.getConfiguration()
166: .getString("scarab.email.forgotpassword.fromName",
167: "Scarab System"), Turbine.getConfiguration()
168: .getString("scarab.email.forgotpassword.fromAddress",
169: "help@localhost"));
170: te.setSubject(l10n.get(L10NKeySet.ForgotPasswordEmailSubject));
171: te.setTemplate(Turbine.getConfiguration().getString(
172: "scarab.email.forgotpassword.template",
173: "email/ForgotPassword.vm"));
174: te.send();
175: }
176: }
|