ForgottenPasswordPlugin.java [plain text]
package org.blojsom.plugin.admin;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.blojsom.BlojsomException;
import org.blojsom.blog.Blog;
import org.blojsom.blog.BlogEntry;
import org.blojsom.blog.BlogUser;
import org.blojsom.blog.BlojsomConfiguration;
import org.blojsom.plugin.BlojsomPluginException;
import org.blojsom.plugin.email.EmailMessage;
import org.blojsom.plugin.email.EmailUtils;
import org.blojsom.util.BlojsomConstants;
import org.blojsom.util.BlojsomUtils;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.*;
import java.io.IOException;
import java.io.File;
import java.io.FileOutputStream;
public class ForgottenPasswordPlugin extends BaseAdminPlugin implements BlojsomConstants {
private Log _logger = LogFactory.getLog(ForgottenPasswordPlugin.class);
private static final String FORGOTTEN_USERNAME_PARAM = "forgotten-username";
private static final String FORGOTTEN_PASSWORD_PAGE = "forgotten-password";
private String _authorizationConfiguration;
public ForgottenPasswordPlugin() {
}
public void init(ServletConfig servletConfig, BlojsomConfiguration blojsomConfiguration) throws BlojsomPluginException {
super.init(servletConfig, blojsomConfiguration);
_authorizationConfiguration = servletConfig.getInitParameter(BLOG_AUTHORIZATION_IP);
}
public BlogEntry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BlogUser user, Map context, BlogEntry[] entries) throws BlojsomPluginException {
try {
_authorizationProvider.loadAuthenticationCredentials(user);
} catch (BlojsomException e) {
addOperationResultMessage(context, "Error loading authorization credentials for user: " + user.getId());
_logger.error(e);
return entries;
}
String username = BlojsomUtils.getRequestValue(FORGOTTEN_USERNAME_PARAM, httpServletRequest);
if (!BlojsomUtils.checkNullOrBlank(username)) {
Blog blog = user.getBlog();
String authorizedUserEmail = blog.getAuthorizedUserEmail(username);
if (!BlojsomUtils.checkNullOrBlank(authorizedUserEmail)) {
EmailMessage emailMessage = null;
if (!blog.getUseEncryptedPasswords().booleanValue()) {
emailMessage = new EmailMessage(blog.getBlogOwnerEmail(), authorizedUserEmail, "Forgotten password", "Here is your password: " + blog.getAuthorization().get(username));
} else {
String currentPassword = (String) blog.getAuthorization().get(username);
Random random = new Random(new Date().getTime() + System.currentTimeMillis());
int password = random.nextInt(Integer.MAX_VALUE);
String updatedPassword = new String(Integer.toString(password));
emailMessage = new EmailMessage(blog.getBlogOwnerEmail(), authorizedUserEmail, "Forgotten password", "Here is your password: " + updatedPassword);
updatedPassword = BlojsomUtils.digestString(updatedPassword, blog.getDigestAlgorithm());
try {
blog.setAuthorizedUserPassword(username, updatedPassword);
writeAuthorizationConfiguration(blog.getAuthorization(), user.getId());
} catch (IOException e) {
_logger.error(e);
blog.setAuthorizedUserPassword(username, currentPassword);
addOperationResultMessage(context, "Unable to change password for username: " + username);
return entries;
}
}
ArrayList emailMessages = new ArrayList();
emailMessages.add(emailMessage);
context.put(EmailUtils.BLOJSOM_OUTBOUNDMAIL, emailMessages);
_logger.debug("Constructed forgotten password e-mail message for username: " + username);
addOperationResultMessage(context, "Constructed forgotten password e-mail message to username: " + username);
httpServletRequest.setAttribute(PAGE_PARAM, ADMIN_LOGIN_PAGE);
} else {
_logger.debug("Authorized e-mail address was blank for user: " + username);
addOperationResultMessage(context, "Authorized e-mail address was blank for username: " + username);
httpServletRequest.setAttribute(PAGE_PARAM, FORGOTTEN_PASSWORD_PAGE);
}
} else {
addOperationResultMessage(context, "No username provided");
httpServletRequest.setAttribute(PAGE_PARAM, FORGOTTEN_PASSWORD_PAGE);
}
return entries;
}
public void cleanup() throws BlojsomPluginException {
}
public void destroy() throws BlojsomPluginException {
}
private void writeAuthorizationConfiguration(Map authorizationMap, String user) throws IOException {
File authorizationFile = new File(_blojsomConfiguration.getInstallationDirectory() + _blojsomConfiguration.getBaseConfigurationDirectory() + user + "/" + _authorizationConfiguration);
_logger.debug("Writing authorization file: " + authorizationFile.toString());
Properties authorizationProperties = BlojsomUtils.mapToProperties(authorizationMap);
FileOutputStream fos = new FileOutputStream(authorizationFile);
authorizationProperties.store(fos, null);
fos.close();
}
}