Coverage Report - net.sourceforge.pebble.web.action.AddOpenIdAction
 
Classes in this File Line Coverage Branch Coverage Complexity
AddOpenIdAction
0%
0/35
0%
0/8
5.5
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 
 33  
 package net.sourceforge.pebble.web.action;
 34  
 
 35  
 import net.sourceforge.pebble.Constants;
 36  
 import net.sourceforge.pebble.PebbleContext;
 37  
 import net.sourceforge.pebble.domain.AbstractBlog;
 38  
 import net.sourceforge.pebble.security.PebbleUserDetails;
 39  
 import net.sourceforge.pebble.security.SecurityRealm;
 40  
 import net.sourceforge.pebble.security.SecurityRealmException;
 41  
 import net.sourceforge.pebble.util.SecurityUtils;
 42  
 import net.sourceforge.pebble.util.StringUtils;
 43  
 import net.sourceforge.pebble.web.validation.ValidationContext;
 44  
 import net.sourceforge.pebble.web.view.RedirectView;
 45  
 import net.sourceforge.pebble.web.view.View;
 46  
 import net.sourceforge.pebble.web.view.impl.UserPreferencesView;
 47  
 import org.apache.commons.logging.Log;
 48  
 import org.apache.commons.logging.LogFactory;
 49  
 import org.springframework.security.openid.OpenIDAuthenticationStatus;
 50  
 import org.springframework.security.openid.OpenIDAuthenticationToken;
 51  
 import org.springframework.security.openid.OpenIDConsumer;
 52  
 import org.springframework.security.openid.OpenIDConsumerException;
 53  
 
 54  
 import javax.inject.Inject;
 55  
 import javax.servlet.ServletException;
 56  
 import javax.servlet.http.HttpServletRequest;
 57  
 import javax.servlet.http.HttpServletResponse;
 58  
 
 59  
 /**
 60  
  * @author James Roper
 61  
  */
 62  0
 public class AddOpenIdAction extends SecureAction {
 63  0
   private static final Log log = LogFactory.getLog(AddOpenIdAction.class);
 64  
 
 65  
   @Inject
 66  
   private OpenIDConsumer openIDConsumer;
 67  
   @Inject
 68  
   private SecurityRealm securityRealm;
 69  
 
 70  
   public View process(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 71  0
     PebbleUserDetails userDetails = SecurityUtils.getUserDetails();
 72  0
     ValidationContext validationContext = new ValidationContext();
 73  0
     AbstractBlog blog = (AbstractBlog)getModel().get(Constants.BLOG_KEY);
 74  
 
 75  0
     String identity = request.getParameter("openid.identity");
 76  
 
 77  
     // No identity, assume this is an add request
 78  0
     if (identity == null || identity.length() == 0) {
 79  0
       String claimedIdentity = request.getParameter("openid_identifier");
 80  
       try {
 81  0
         String returnToUrl = request.getRequestURL().toString();
 82  0
         String realm = PebbleContext.getInstance().getConfiguration().getUrl();
 83  0
         String openIdUrl = openIDConsumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
 84  0
         return new RedirectView(openIdUrl);
 85  0
       } catch (OpenIDConsumerException oice) {
 86  0
         log.error("Error adding OpenID", oice);
 87  0
         validationContext.addError("Error adding OpenID " + oice.getMessage());
 88  
       }
 89  
 
 90  0
     } else {
 91  
 
 92  
       try {
 93  0
         OpenIDAuthenticationToken token = openIDConsumer.endConsumption(request);
 94  0
         if (token.getStatus() == OpenIDAuthenticationStatus.SUCCESS) {
 95  
           // Check that the OpenID isn't already mapped
 96  0
           String openId = token.getIdentityUrl();
 97  0
           if (securityRealm.getUserForOpenId(openId) != null) {
 98  0
             validationContext.addError("The OpenID supplied is already mapped to a user.");
 99  
           } else {
 100  
             // Add it
 101  0
             securityRealm.addOpenIdToUser(userDetails, openId);
 102  0
             return new RedirectView(blog.getUrl() + "/editUserPreferences.secureaction");
 103  
           }
 104  0
         } else {
 105  0
           validationContext.addError(StringUtils.transformHTML(token.getMessage()));
 106  
         }
 107  
 
 108  0
       } catch (OpenIDConsumerException oice) {
 109  0
         log.error("Error in consumer", oice);
 110  0
         validationContext.addError("Error adding OpenID " + oice.getMessage());
 111  0
       } catch (SecurityRealmException sre) {
 112  0
         log.error("Error looking up user by security realm", sre);
 113  0
       }
 114  
     }
 115  
 
 116  0
     getModel().put("user", userDetails);
 117  0
     getModel().put("validationContext", validationContext);
 118  0
     return new UserPreferencesView();
 119  
   }
 120  
 
 121  
 
 122  
   /**
 123  
    * Gets a list of all roles that are allowed to access this action.
 124  
    *
 125  
    * @return  an array of Strings representing role names
 126  
    * @param request
 127  
    */
 128  
   public String[] getRoles(HttpServletRequest request) {
 129  0
     return new String[]{Constants.ANY_ROLE};
 130  
   }
 131  
 }