001/* 002 * This library is part of OpenCms - 003 * the Open Source Content Management System 004 * 005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com) 006 * 007 * This library is free software; you can redistribute it and/or 008 * modify it under the terms of the GNU Lesser General Public 009 * License as published by the Free Software Foundation; either 010 * version 2.1 of the License, or (at your option) any later version. 011 * 012 * This library is distributed in the hope that it will be useful, 013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 015 * Lesser General Public License for more details. 016 * 017 * For further information about Alkacon Software GmbH & Co. KG, please see the 018 * company website: http://www.alkacon.com 019 * 020 * For further information about OpenCms, please see the 021 * project website: http://www.opencms.org 022 * 023 * You should have received a copy of the GNU Lesser General Public 024 * License along with this library; if not, write to the Free Software 025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 026 */ 027 028package org.opencms.security; 029 030import org.opencms.file.CmsObject; 031import org.opencms.main.CmsException; 032import org.opencms.main.CmsIllegalArgumentException; 033import org.opencms.main.CmsIllegalStateException; 034import org.opencms.main.OpenCms; 035import org.opencms.util.CmsStringUtil; 036 037/** 038 * Validating bean for changing the password.<p> 039 * 040 * @since 6.0.0 041 */ 042public class CmsPasswordInfo { 043 044 /** Cms Context. */ 045 private final CmsObject m_cms; 046 /** Password Confirmation. */ 047 private String m_confirmation; 048 /** Current (old) users password. */ 049 private String m_currentPwd; 050 /** New Password. */ 051 private String m_newPwd; 052 /** Current logged in user name. */ 053 private final String m_userName; 054 055 /** 056 * Default Constructor.<p> 057 */ 058 public CmsPasswordInfo() { 059 060 this(null); 061 } 062 063 /** 064 * Use this Constructor if you need to check the old password of the current logged in user.<p> 065 * 066 * @param cms the cms context 067 */ 068 public CmsPasswordInfo(CmsObject cms) { 069 070 m_cms = cms; 071 if (m_cms != null) { 072 m_userName = m_cms.getRequestContext().getCurrentUser().getName(); 073 } else { 074 m_userName = null; 075 } 076 } 077 078 /** 079 * Sets the new password for the current logged in user.<p> 080 * 081 * @throws CmsException if something goes wrong 082 */ 083 public void applyChanges() throws CmsException { 084 085 if (m_userName == null) { 086 throw new CmsIllegalStateException(Messages.get().container(Messages.ERR_INVALID_USER_CONTEXT_0)); 087 } 088 validate(); 089 m_cms.setPassword(m_userName, getCurrentPwd(), getNewPwd()); 090 CmsUserLog.logPasswordChange(m_cms, m_userName); 091 } 092 093 /** 094 * Returns the confirmation.<p> 095 * 096 * @return the confirmation 097 */ 098 public String getConfirmation() { 099 100 return m_confirmation; 101 } 102 103 /** 104 * Returns the current password.<p> 105 * 106 * @return the current password 107 */ 108 public String getCurrentPwd() { 109 110 return m_currentPwd; 111 } 112 113 /** 114 * Returns the new password.<p> 115 * 116 * @return the new password 117 */ 118 public String getNewPwd() { 119 120 return m_newPwd; 121 } 122 123 /** 124 * Sets the confirmation.<p> 125 * 126 * @param confirmation the confirmation to set 127 */ 128 public void setConfirmation(String confirmation) { 129 130 // leave password unchanged, if the new password and the confirmation is empty 131 if (CmsStringUtil.isEmpty(getNewPwd()) && CmsStringUtil.isEmpty(confirmation)) { 132 return; 133 } 134 m_confirmation = confirmation; 135 } 136 137 /** 138 * Sets the current password.<p> 139 * 140 * @param currentPwd the current password to set 141 */ 142 public void setCurrentPwd(String currentPwd) { 143 144 if (m_userName == null) { 145 throw new CmsIllegalStateException(Messages.get().container(Messages.ERR_INVALID_USER_CONTEXT_0)); 146 } 147 try { 148 m_cms.readUser(m_userName, currentPwd); 149 } catch (CmsException e) { 150 throw new CmsIllegalArgumentException( 151 Messages.get().container(Messages.ERR_INVALID_USER_PWD_1, m_userName)); 152 } 153 m_currentPwd = currentPwd; 154 } 155 156 /** 157 * Sets the new password.<p> 158 * 159 * @param newPwd the new password to set 160 */ 161 public void setNewPwd(String newPwd) { 162 163 // leave password unchanged, if the new password is empty 164 if (CmsStringUtil.isEmpty(newPwd)) { 165 return; 166 } 167 try { 168 OpenCms.getPasswordHandler().validatePassword(newPwd); 169 } catch (CmsSecurityException e) { 170 throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_INVALID_NEWPWD_0), e); 171 } 172 m_newPwd = newPwd; 173 } 174 175 /** 176 * Validates that the confirmation matches the new password.<p> 177 */ 178 public void validate() { 179 180 if (CmsStringUtil.isEmpty(getNewPwd())) { 181 throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_INVALID_NEWPWD_0)); 182 } 183 if (!getNewPwd().equals(getConfirmation())) { 184 throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_NEWPWD_MISMATCH_0)); 185 } 186 } 187}