ForgottenPasswordPlugin.java   [plain text]

/**
 * Copyright (c) 2003-2005, David A. Czarnecki
 * All rights reserved.
 *
 * Portions Copyright (c) 2003-2005 by Mark Lussier
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * Redistributions of source code must retain the above copyright notice,
 *      this list of conditions and the following disclaimer.
 * Redistributions in binary form must reproduce the above copyright notice,
 *      this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 * Neither the name of the "David A. Czarnecki" and "blojsom" nor the names of
 * its contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 * Products derived from this software may not be called "blojsom",
 * nor may "blojsom" appear in their name, without prior written permission of
 * David A. Czarnecki.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
 * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
package org.blojsom.plugin.admin;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.blojsom.BlojsomException;
import org.blojsom.blog.Blog;
import org.blojsom.blog.BlogEntry;
import org.blojsom.blog.BlogUser;
import org.blojsom.blog.BlojsomConfiguration;
import org.blojsom.plugin.BlojsomPluginException;
import org.blojsom.plugin.email.EmailMessage;
import org.blojsom.plugin.email.EmailUtils;
import org.blojsom.util.BlojsomConstants;
import org.blojsom.util.BlojsomUtils;

import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.*;
import java.io.IOException;
import java.io.File;
import java.io.FileOutputStream;

/**
 * Forgotten password plugin.
 *
 * @author David Czarnecki
 * @since blojsom 2.14
 * @version $Id: ForgottenPasswordPlugin.java,v 1.1.2.1 2005/07/21 04:30:24 johnan Exp $
 */
public class ForgottenPasswordPlugin extends BaseAdminPlugin implements BlojsomConstants {

    private Log _logger = LogFactory.getLog(ForgottenPasswordPlugin.class);

    private static final String FORGOTTEN_USERNAME_PARAM = "forgotten-username";
    private static final String FORGOTTEN_PASSWORD_PAGE = "forgotten-password";

    private String _authorizationConfiguration;

    /**
     * Default constructor.
     */
    public ForgottenPasswordPlugin() {
    }

    /**
     * Initialize this plugin. This method only called when the plugin is instantiated.
     *
     * @param servletConfig        Servlet config object for the plugin to retrieve any initialization parameters
     * @param blojsomConfiguration {@link org.blojsom.blog.BlojsomConfiguration} information
     * @throws org.blojsom.plugin.BlojsomPluginException
     *          If there is an error initializing the plugin
     */
    public void init(ServletConfig servletConfig, BlojsomConfiguration blojsomConfiguration) throws BlojsomPluginException {
        super.init(servletConfig, blojsomConfiguration);

        _authorizationConfiguration = servletConfig.getInitParameter(BLOG_AUTHORIZATION_IP);
    }

    /**
     * Process the blog entries
     *
     * @param httpServletRequest  Request
     * @param httpServletResponse Response
     * @param user                {@link org.blojsom.blog.BlogUser} instance
     * @param context             Context
     * @param entries             Blog entries retrieved for the particular request
     * @return Modified set of blog entries
     * @throws org.blojsom.plugin.BlojsomPluginException
     *          If there is an error processing the blog entries
     */
    public BlogEntry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BlogUser user, Map context, BlogEntry[] entries) throws BlojsomPluginException {
        try {
            _authorizationProvider.loadAuthenticationCredentials(user);
        } catch (BlojsomException e) {
            addOperationResultMessage(context, "Error loading authorization credentials for user: " + user.getId());
            _logger.error(e);

            return entries;
        }

        String username = BlojsomUtils.getRequestValue(FORGOTTEN_USERNAME_PARAM, httpServletRequest);
        if (!BlojsomUtils.checkNullOrBlank(username)) {
            Blog blog = user.getBlog();
            String authorizedUserEmail = blog.getAuthorizedUserEmail(username);

            if (!BlojsomUtils.checkNullOrBlank(authorizedUserEmail)) {
                EmailMessage emailMessage = null;

                if (!blog.getUseEncryptedPasswords().booleanValue()) {
                    emailMessage = new EmailMessage(blog.getBlogOwnerEmail(), authorizedUserEmail, "Forgotten password", "Here is your password: " + blog.getAuthorization().get(username));
                } else {
                    // Otherwise we have to create a new password since the password is one-way encrypted with MD5
                    String currentPassword = (String) blog.getAuthorization().get(username);

                    Random random = new Random(new Date().getTime() + System.currentTimeMillis());
                    int password = random.nextInt(Integer.MAX_VALUE);
                    String updatedPassword = new String(Integer.toString(password));
                    emailMessage = new EmailMessage(blog.getBlogOwnerEmail(), authorizedUserEmail, "Forgotten password", "Here is your password: " + updatedPassword);
                    updatedPassword = BlojsomUtils.digestString(updatedPassword, blog.getDigestAlgorithm());

                    try {
                        blog.setAuthorizedUserPassword(username, updatedPassword);
                        writeAuthorizationConfiguration(blog.getAuthorization(), user.getId());
                    } catch (IOException e) {
                        _logger.error(e);
                        blog.setAuthorizedUserPassword(username, currentPassword);
                        addOperationResultMessage(context, "Unable to change password for username: " + username);

                        return entries;
                    }
                }

                ArrayList emailMessages = new ArrayList();
                emailMessages.add(emailMessage);
                context.put(EmailUtils.BLOJSOM_OUTBOUNDMAIL, emailMessages);
                _logger.debug("Constructed forgotten password e-mail message for username: " + username);
                addOperationResultMessage(context, "Constructed forgotten password e-mail message to username: " + username);
                httpServletRequest.setAttribute(PAGE_PARAM, ADMIN_LOGIN_PAGE);
            } else {
                _logger.debug("Authorized e-mail address was blank for user: " + username);
                addOperationResultMessage(context, "Authorized e-mail address was blank for username: " + username);
                httpServletRequest.setAttribute(PAGE_PARAM, FORGOTTEN_PASSWORD_PAGE);
            }
        } else {
            addOperationResultMessage(context, "No username provided");
            httpServletRequest.setAttribute(PAGE_PARAM, FORGOTTEN_PASSWORD_PAGE);
        }


        return entries;
    }

    /**
     * Perform any cleanup for the plugin. Called after {@link #process}.
     *
     * @throws org.blojsom.plugin.BlojsomPluginException
     *          If there is an error performing cleanup for this plugin
     */
    public void cleanup() throws BlojsomPluginException {
    }

    /**
     * Called when BlojsomServlet is taken out of service
     *
     * @throws org.blojsom.plugin.BlojsomPluginException
     *          If there is an error in finalizing this plugin
     */
    public void destroy() throws BlojsomPluginException {
    }

    /**
     * Write out the authorization configuration information for a particular user
     *
     * @param authorizationMap Authorization usernames/passwords
     * @param user             User id
     * @throws java.io.IOException If there is an error writing the authorization file
     */
    private void writeAuthorizationConfiguration(Map authorizationMap, String user) throws IOException {
        File authorizationFile = new File(_blojsomConfiguration.getInstallationDirectory() + _blojsomConfiguration.getBaseConfigurationDirectory() + user + "/" + _authorizationConfiguration);
        _logger.debug("Writing authorization file: " + authorizationFile.toString());
        Properties authorizationProperties = BlojsomUtils.mapToProperties(authorizationMap);
        FileOutputStream fos = new FileOutputStream(authorizationFile);
        authorizationProperties.store(fos, null);
        fos.close();
    }
}