View Javadoc
1   /*******************************************************************************
2    *   Gisgraphy Project 
3    * 
4    *   This library is free software; you can redistribute it and/or
5    *   modify it under the terms of the GNU Lesser General Public
6    *   License as published by the Free Software Foundation; either
7    *   version 2.1 of the License, or (at your option) any later version.
8    * 
9    *   This library is distributed in the hope that it will be useful,
10   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
11   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12   *   Lesser General Public License for more details.
13   * 
14   *   You should have received a copy of the GNU Lesser General Public
15   *   License along with this library; if not, write to the Free Software
16   *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA
17   * 
18   *  Copyright 2008  Gisgraphy project 
19   *  David Masclet <davidmasclet@gisgraphy.com>
20   *  
21   *  
22   *******************************************************************************/
23  package com.gisgraphy.webapp.action;
24  
25  import java.util.ArrayList;
26  import java.util.List;
27  
28  import javax.servlet.http.HttpServletResponse;
29  
30  import org.springframework.security.AccessDeniedException;
31  import org.springframework.security.context.SecurityContextHolder;
32  import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
33  import org.apache.struts2.ServletActionContext;
34  
35  import com.gisgraphy.Constants;
36  import com.gisgraphy.model.User;
37  import com.gisgraphy.service.UserExistsException;
38  import com.gisgraphy.util.StringUtil;
39  import com.gisgraphy.webapp.util.RequestUtil;
40  
41  /**
42   * Action to allow new users to sign up.
43   */
44  public class SignupAction extends BaseAction {
45      private static final long serialVersionUID = 6558317334878272308L;
46  
47      private User user;
48  
49      private String cancel;
50  
51      public void setCancel(String cancel) {
52  	this.cancel = cancel;
53      }
54  
55      public void setUser(User user) {
56  	this.user = user;
57      }
58  
59      /**
60       * Return an instance of the user - to display when validation errors occur
61       * 
62       * @return a populated user
63       */
64      public User getUser() {
65  	return user;
66      }
67  
68      /**
69       * When method=GET, "input" is returned. Otherwise, "success" is returned.
70       * 
71       * @return cancel, input or success
72       */
73      @Override
74      public String execute() {
75  	if (cancel != null) {
76  	    return CANCEL;
77  	}
78  	if (ServletActionContext.getRequest().getMethod().equals("GET")) {
79  	    return INPUT;
80  	}
81  	return SUCCESS;
82      }
83  
84      /**
85       * Returns "input"
86       * 
87       * @return "input" by default
88       */
89      @Override
90      public String doDefault() {
91  	return INPUT;
92      }
93  
94      /**
95       * Save the user, encrypting their passwords if necessary
96       * 
97       * @return success when good things happen
98       * @throws Exception
99       *                 when bad things happen
100      */
101     public String save() throws Exception {
102 	Boolean encrypt = (Boolean) getConfiguration().get(
103 		Constants.ENCRYPT_PASSWORD);
104 
105 	if (encrypt != null && encrypt) {
106 	    String algorithm = (String) getConfiguration().get(
107 		    Constants.ENC_ALGORITHM);
108 
109 	    if (algorithm == null) { // should only happen for test case
110 		if (log.isDebugEnabled()) {
111 		    log.debug("assuming testcase, setting algorithm to 'SHA'");
112 		}
113 		algorithm = "SHA";
114 	    }
115 
116 	    user.setPassword(StringUtil.encodePassword(user.getPassword(),
117 		    algorithm));
118 	}
119 
120 	user.setEnabled(true);
121 
122 	// Set the default user role on this new user
123 	user.addRole(roleManager.getRole(Constants.USER_ROLE));
124 
125 	try {
126 	    user = userManager.saveUser(user);
127 	} catch (AccessDeniedException ade) {
128 	    // thrown by UserSecurityAdvice configured in aop:advisor
129 	    // userManagerSecurity
130 	    log.warn(ade.getMessage());
131 	    getResponse().sendError(HttpServletResponse.SC_FORBIDDEN);
132 	    return null;
133 	} catch (UserExistsException e) {
134 	    log.warn(e.getMessage());
135 	    List<String> args = new ArrayList<String>();
136 	    args.add(user.getUsername());
137 	    args.add(user.getEmail());
138 	    addActionError(getText("errors.existing.user", args.toArray(new String[]{})));
139 
140 	    // redisplay the unencrypted passwords
141 	    user.setPassword(user.getConfirmPassword());
142 	    return INPUT;
143 	}
144 
145 	saveMessage(getText("user.registered"));
146 	getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
147 
148 	// log user in automatically
149 	UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
150 		user.getUsername(), user.getConfirmPassword(), user
151 			.getAuthorities());
152 	auth.setDetails(user);
153 	SecurityContextHolder.getContext().setAuthentication(auth);
154 
155 	// Send an account information e-mail
156 	mailMessage.setSubject(getText("signup.email.subject"));
157 	sendUserMessage(user, getText("signup.email.message"), RequestUtil
158 		.getAppURL(getRequest()));
159 
160 	return SUCCESS;
161     }
162 }