Source code

001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software GmbH & Co. KG, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.security;
029
030import org.opencms.file.CmsObject;
031import org.opencms.main.CmsException;
032import org.opencms.main.CmsIllegalArgumentException;
033import org.opencms.main.CmsIllegalStateException;
034import org.opencms.main.OpenCms;
035import org.opencms.util.CmsStringUtil;
036
037/**
038 * Validating bean for changing the password.<p>
039 *
040 * @since 6.0.0
041 */
042public class CmsPasswordInfo {
043
044    /** Cms Context. */
045    private final CmsObject m_cms;
046    /** Password Confirmation. */
047    private String m_confirmation;
048    /** Current (old) users password. */
049    private String m_currentPwd;
050    /** New Password. */
051    private String m_newPwd;
052    /** Current logged in user name. */
053    private final String m_userName;
054
055    /**
056     * Default Constructor.<p>
057     */
058    public CmsPasswordInfo() {
059
060        this(null);
061    }
062
063    /**
064     * Use this Constructor if you need to check the old password of the current logged in user.<p>
065     *
066     * @param cms the cms context
067     */
068    public CmsPasswordInfo(CmsObject cms) {
069
070        m_cms = cms;
071        if (m_cms != null) {
072            m_userName = m_cms.getRequestContext().getCurrentUser().getName();
073        } else {
074            m_userName = null;
075        }
076    }
077
078    /**
079     * Sets the new password for the current logged in user.<p>
080     *
081     * @throws CmsException if something goes wrong
082     */
083    public void applyChanges() throws CmsException {
084
085        if (m_userName == null) {
086            throw new CmsIllegalStateException(Messages.get().container(Messages.ERR_INVALID_USER_CONTEXT_0));
087        }
088        validate();
089        m_cms.setPassword(m_userName, getCurrentPwd(), getNewPwd());
090        CmsUserLog.logPasswordChange(m_cms, m_userName);
091    }
092
093    /**
094     * Returns the confirmation.<p>
095     *
096     * @return the confirmation
097     */
098    public String getConfirmation() {
099
100        return m_confirmation;
101    }
102
103    /**
104     * Returns the current password.<p>
105     *
106     * @return the current password
107     */
108    public String getCurrentPwd() {
109
110        return m_currentPwd;
111    }
112
113    /**
114     * Returns the new password.<p>
115     *
116     * @return the new password
117     */
118    public String getNewPwd() {
119
120        return m_newPwd;
121    }
122
123    /**
124     * Sets the confirmation.<p>
125     *
126     * @param confirmation the confirmation to set
127     */
128    public void setConfirmation(String confirmation) {
129
130        // leave password unchanged, if the new password and the confirmation is empty
131        if (CmsStringUtil.isEmpty(getNewPwd()) && CmsStringUtil.isEmpty(confirmation)) {
132            return;
133        }
134        m_confirmation = confirmation;
135    }
136
137    /**
138     * Sets the current password.<p>
139     *
140     * @param currentPwd the current password to set
141     */
142    public void setCurrentPwd(String currentPwd) {
143
144        if (m_userName == null) {
145            throw new CmsIllegalStateException(Messages.get().container(Messages.ERR_INVALID_USER_CONTEXT_0));
146        }
147        try {
148            m_cms.readUser(m_userName, currentPwd);
149        } catch (CmsException e) {
150            throw new CmsIllegalArgumentException(
151                Messages.get().container(Messages.ERR_INVALID_USER_PWD_1, m_userName));
152        }
153        m_currentPwd = currentPwd;
154    }
155
156    /**
157     * Sets the new password.<p>
158     *
159     * @param newPwd the new password to set
160     */
161    public void setNewPwd(String newPwd) {
162
163        // leave password unchanged, if the new password is empty
164        if (CmsStringUtil.isEmpty(newPwd)) {
165            return;
166        }
167        try {
168            OpenCms.getPasswordHandler().validatePassword(newPwd);
169        } catch (CmsSecurityException e) {
170            throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_INVALID_NEWPWD_0), e);
171        }
172        m_newPwd = newPwd;
173    }
174
175    /**
176     * Validates that the confirmation matches the new password.<p>
177     */
178    public void validate() {
179
180        if (CmsStringUtil.isEmpty(getNewPwd())) {
181            throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_INVALID_NEWPWD_0));
182        }
183        if (!getNewPwd().equals(getConfirmation())) {
184            throw new CmsIllegalArgumentException(Messages.get().container(Messages.ERR_NEWPWD_MISMATCH_0));
185        }
186    }
187}