Coverage Report - net.sourceforge.pebble.web.action.ChangePasswordAction
 
Classes in this File Line Coverage Branch Coverage Complexity
ChangePasswordAction
0%
0/25
0%
0/14
5.333
ChangePasswordAction$ChangePasswordCondition
0%
0/2
0%
0/2
5.333
 
 1  
 /*
 2  
  * Copyright (c) 2003-2011, Simon Brown
 3  
  * All rights reserved.
 4  
  *
 5  
  * Redistribution and use in source and binary forms, with or without
 6  
  * modification, are permitted provided that the following conditions are met:
 7  
  *
 8  
  *   - Redistributions of source code must retain the above copyright
 9  
  *     notice, this list of conditions and the following disclaimer.
 10  
  *
 11  
  *   - Redistributions in binary form must reproduce the above copyright
 12  
  *     notice, this list of conditions and the following disclaimer in
 13  
  *     the documentation and/or other materials provided with the
 14  
  *     distribution.
 15  
  *
 16  
  *   - Neither the name of Pebble nor the names of its contributors may
 17  
  *     be used to endorse or promote products derived from this software
 18  
  *     without specific prior written permission.
 19  
  *
 20  
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 21  
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 24  
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 25  
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 26  
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 27  
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 28  
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 29  
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 30  
  * POSSIBILITY OF SUCH DAMAGE.
 31  
  */
 32  
 package net.sourceforge.pebble.web.action;
 33  
 
 34  
 import net.sourceforge.pebble.Constants;
 35  
 import net.sourceforge.pebble.PebbleContext;
 36  
 import net.sourceforge.pebble.security.PebbleUserDetails;
 37  
 import net.sourceforge.pebble.security.SecurityRealm;
 38  
 import net.sourceforge.pebble.security.SecurityRealmException;
 39  
 import net.sourceforge.pebble.util.SecurityUtils;
 40  
 import net.sourceforge.pebble.web.security.RequireSecurityToken;
 41  
 import net.sourceforge.pebble.web.security.SecurityTokenValidatorCondition;
 42  
 import net.sourceforge.pebble.web.validation.ValidationContext;
 43  
 import net.sourceforge.pebble.web.view.ForbiddenView;
 44  
 import net.sourceforge.pebble.web.view.View;
 45  
 import net.sourceforge.pebble.web.view.impl.ChangePasswordView;
 46  
 import net.sourceforge.pebble.web.view.impl.PasswordChangedView;
 47  
 import org.apache.commons.logging.Log;
 48  
 import org.apache.commons.logging.LogFactory;
 49  
 
 50  
 import javax.servlet.ServletException;
 51  
 import javax.servlet.http.HttpServletRequest;
 52  
 import javax.servlet.http.HttpServletResponse;
 53  
 
 54  
 /**
 55  
  * Changes the user's password.
 56  
  *
 57  
  * @author    Simon Brown
 58  
  */
 59  
 @RequireSecurityToken(ChangePasswordAction.ChangePasswordCondition.class)
 60  0
 public class ChangePasswordAction extends SecureAction {
 61  
 
 62  
   /** the log used by this class */
 63  0
   private static final Log log = LogFactory.getLog(ChangePasswordAction.class);
 64  
 
 65  
   /**
 66  
    * Peforms the processing associated with this action.
 67  
    *
 68  
    * @param request  the HttpServletRequest instance
 69  
    * @param response the HttpServletResponse instance
 70  
    * @return the name of the next view
 71  
    */
 72  
   public View process(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 73  
     try {
 74  0
       SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
 75  0
       PebbleUserDetails currentUserDetails = SecurityUtils.getUserDetails();
 76  0
       String password1 = request.getParameter("password1");
 77  0
       String password2 = request.getParameter("password2");
 78  0
       String submit = request.getParameter("submit");
 79  
 
 80  
       // can the user change their user details?
 81  0
       if (!currentUserDetails.isDetailsUpdateable()) {
 82  0
         return new ForbiddenView();
 83  
       }
 84  
 
 85  0
       if (submit == null || submit.length() == 0) {
 86  0
         return new ChangePasswordView();
 87  
       }
 88  
 
 89  0
       ValidationContext validationContext = new ValidationContext();
 90  
 
 91  0
       if (password1 == null || password1.length() == 0) {
 92  0
         validationContext.addError("Password can not be empty");
 93  0
       } else if (!password1.equals(password2)) {
 94  0
         validationContext.addError("Passwords do not match");
 95  
       }
 96  
 
 97  0
       if (!validationContext.hasErrors()) {
 98  0
           realm.changePassword(currentUserDetails.getUsername(), password1);
 99  
 
 100  0
           return new PasswordChangedView();
 101  
       }
 102  
 
 103  0
       getModel().put("validationContext", validationContext);
 104  0
       return new ChangePasswordView();
 105  0
     } catch (SecurityRealmException e) {
 106  0
       throw new ServletException(e);
 107  
     }
 108  
   }
 109  
 
 110  
   /**
 111  
    * Gets a list of all roles that are allowed to access this action.
 112  
    *
 113  
    * @return  an array of Strings representing role names
 114  
    * @param request
 115  
    */
 116  
   public String[] getRoles(HttpServletRequest request) {
 117  0
     return new String[]{Constants.ANY_ROLE};
 118  
   }
 119  
 
 120  
   /**
 121  
    * The same action is used for viewing the password changed screen as changing the password.  Displaying the screen
 122  
    * is detected by the lack of a submit parameter above, so validate the security token if there is a submit parameter.
 123  
    */
 124  0
   public static class ChangePasswordCondition implements SecurityTokenValidatorCondition
 125  
   {
 126  
     public boolean shouldValidate(HttpServletRequest request) {
 127  0
       return request.getParameter("submit") != null;
 128  
     }
 129  
   }
 130  
 
 131  
 }