001: package org.tigris.scarab.actions;
002:
003: /* ================================================================
004: * Copyright (c) 2000-2002 CollabNet. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions are
008: * met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in the
015: * documentation and/or other materials provided with the distribution.
016: *
017: * 3. The end-user documentation included with the redistribution, if
018: * any, must include the following acknowlegement: "This product includes
019: * software developed by Collab.Net <http://www.Collab.Net/>."
020: * Alternately, this acknowlegement may appear in the software itself, if
021: * and wherever such third-party acknowlegements normally appear.
022: *
023: * 4. The hosted project names must not be used to endorse or promote
024: * products derived from this software without prior written
025: * permission. For written permission, please contact info@collab.net.
026: *
027: * 5. Products derived from this software may not use the "Tigris" or
028: * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without
029: * prior written permission of Collab.Net.
030: *
031: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034: * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037: * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039: * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042: *
043: * ====================================================================
044: *
045: * This software consists of voluntary contributions made by many
046: * individuals on behalf of Collab.Net.
047: */
048:
049: import java.util.List;
050:
051: // Turbine Stuff
052: import org.apache.turbine.TemplateContext;
053: import org.apache.turbine.RunData;
054:
055: import org.apache.fulcrum.security.TurbineSecurity;
056: import org.apache.turbine.tool.IntakeTool;
057: import org.apache.fulcrum.intake.model.Group;
058: import org.apache.fulcrum.security.util.DataBackendException;
059: import org.apache.fulcrum.security.util.UnknownEntityException;
060: import org.apache.fulcrum.security.util.PasswordMismatchException;
061: import org.apache.fulcrum.security.util.TurbineSecurityException;
062:
063: // Scarab Stuff
064: import org.tigris.scarab.tools.ScarabRequestTool;
065: import org.tigris.scarab.tools.localization.L10NKeySet;
066: import org.tigris.scarab.tools.localization.L10NMessage;
067: import org.tigris.scarab.tools.localization.Localizable;
068: import org.tigris.scarab.util.AnonymousUserUtil;
069: import org.tigris.scarab.util.ScarabConstants;
070: import org.tigris.scarab.util.Log;
071: import org.tigris.scarab.om.ScarabUser;
072: import org.tigris.scarab.om.Module;
073: import org.tigris.scarab.actions.base.ScarabTemplateAction;
074: import org.tigris.scarab.services.security.ScarabSecurity;
075:
076: /**
077: * This class is responsible for dealing with the Login
078: * Action.
079: *
080: * @author <a href="mailto:jon@collab.net">Jon S. Stevens</a>
081: * @version $Id: Login.java 10230 2006-07-31 22:18:05Z dabbous $
082: */
083: public class Login extends ScarabTemplateAction {
084: /**
085: * This manages clicking the Login button
086: */
087: public void doLogin(RunData data, TemplateContext context)
088: throws Exception {
089: data.setACL(null);
090: IntakeTool intake = getIntakeTool(context);
091: if (intake.isAllValid() && checkUser(data, context)) {
092: ScarabUser user = (ScarabUser) data.getUser();
093: List userModules = user.getModules();
094: if (userModules != null) {
095: Module uniqueModule = null;
096: if (userModules.size() == 2) {
097: Module module1 = (Module) userModules.get(0);
098: Module module2 = (Module) userModules.get(1);
099: if (module1.isGlobalModule()) {
100: uniqueModule = module2;
101: } else if (module2.isGlobalModule()) {
102: uniqueModule = module1;
103: }
104: } else if (userModules.size() == 1) {
105: uniqueModule = (Module) userModules.get(0);
106: if (uniqueModule.isGlobalModule()) {
107: uniqueModule = null;
108: }
109: }
110:
111: if (uniqueModule != null) {
112: getScarabRequestTool(context).setCurrentModule(
113: uniqueModule);
114: data.getParameters().remove(
115: ScarabConstants.CURRENT_MODULE);
116: data.getParameters().add(
117: ScarabConstants.CURRENT_MODULE,
118: uniqueModule.getQueryKey());
119:
120: if ("SelectModule.vm".equals(data.getParameters()
121: .getString(ScarabConstants.NEXT_TEMPLATE,
122: "SelectModule.vm"))
123: && user.hasPermission(
124: ScarabSecurity.ISSUE__ENTER,
125: uniqueModule)) {
126: data.getParameters().remove(
127: ScarabConstants.NEXT_TEMPLATE);
128: data.getParameters().add(
129: ScarabConstants.NEXT_TEMPLATE,
130: "home,EnterNew.vm");
131: }
132: }
133: }
134: String template = data.getParameters().getString(
135: ScarabConstants.NEXT_TEMPLATE, "SelectModule.vm");
136: setTarget(data, template);
137: }
138: }
139:
140: /**
141: * Checks to make sure that the user exists, has been confirmed.
142: */
143: public boolean checkUser(RunData data, TemplateContext context)
144: throws Exception {
145: IntakeTool intake = getIntakeTool(context);
146: ScarabRequestTool scarabR = getScarabRequestTool(context);
147:
148: Group login = intake.get("Login", IntakeTool.DEFAULT_KEY);
149: String username = login.get("Username").toString();
150: String password = login.get("Password").toString();
151:
152: ScarabUser user = null;
153:
154: try {
155: // Authenticate the user and get the object.
156: user = (ScarabUser) TurbineSecurity.getAuthenticatedUser(
157: username, password);
158: } catch (UnknownEntityException e) {
159: scarabR
160: .setAlertMessage(L10NKeySet.InvalidUsernameOrPassword);
161: Log.get()
162: .info("Invalid login attempted: " + e.getMessage());
163: return failAction(data, "Login.vm");
164: } catch (PasswordMismatchException e) {
165: scarabR
166: .setAlertMessage(L10NKeySet.InvalidUsernameOrPassword);
167: Log.get().debug(
168: "Password mis-match during login attempt: "
169: + e.getMessage());
170: return failAction(data, "Login.vm");
171: } catch (DataBackendException e) {
172: scarabR
173: .setAlertMessage(L10NKeySet.ExceptionDatabaseGenericError);
174: Log.get().error("Error while attempting to log in", e);
175: return failAction(data, "Login.vm");
176: }
177:
178: try {
179: if (user.getConfirmed().equals(ScarabUser.DELETED)) {
180: scarabR.setAlertMessage(L10NKeySet.UserIsDeleted);
181: Log.get().error("Deleted user attempting to log in");
182: return failAction(data, "Login.vm");
183: }
184: // check the CONFIRM_VALUE
185: if (!user.isConfirmed()) {
186: if (scarabR != null) {
187: user = (ScarabUser) TurbineSecurity
188: .getUserInstance();
189: scarabR.setUser(user);
190: scarabR
191: .setAlertMessage(L10NKeySet.UserIsNotConfirmed);
192: }
193:
194: return failAction(data, "Confirm.vm");
195: }
196:
197: // store the user object
198: data.setUser(user);
199: // mark the user as being logged in
200: user.setHasLoggedIn(Boolean.TRUE);
201: // set the last_login date in the database
202: user.updateLastLogin();
203:
204: // check if the password is expired
205: boolean userPasswordExpired = user.isPasswordExpired();
206: if (userPasswordExpired) {
207: if (scarabR != null) {
208: user = (ScarabUser) TurbineSecurity
209: .getUserInstance();
210: scarabR.setUser(user);
211: scarabR
212: .setAlertMessage(L10NKeySet.YourPasswordHasExpired);
213: }
214:
215: setTarget(data, "ChangePassword.vm");
216: //change next screen to allow password reset.
217: data.save();
218: return false;
219: }
220:
221: // update the password expire
222: user.setPasswordExpire();
223: // this only happens if the user is valid
224: // otherwise, we will get a valueBound in the User
225: // object when we don't want to because the username is
226: // not set yet.
227:
228: // save the User object into the session
229: data.save();
230:
231: } catch (TurbineSecurityException e) {
232: Localizable msg = new L10NMessage(
233: L10NKeySet.ExceptionTurbineGeneric, e);
234: scarabR.setAlertMessage(msg);
235: return failAction(data, "Login.vm");
236: }
237: return true;
238: }
239:
240: /**
241: * sets an anonymous user
242: * sets the template to the passed in template
243: */
244: private boolean failAction(RunData data, String template)
245: throws DataBackendException, UnknownEntityException {
246: // Retrieve an anonymous user
247: AnonymousUserUtil.anonymousLogin(data);
248: setTarget(data, template);
249: return false;
250: }
251:
252: /**
253: * calls doLogin()
254: */
255: public void doPerform(RunData data, TemplateContext context)
256: throws Exception {
257: doLogin(data, context);
258: }
259:
260: }
|