/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <p>
*/
package org.olat.user;
import java.util.Iterator;
import java.util.List;
import org.olat.basesecurity.Authentication;
import org.olat.basesecurity.Constants;
import org.olat.basesecurity.Manager;
import org.olat.basesecurity.ManagerFactory;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.Component;
import org.olat.core.gui.components.form.Form;
import org.olat.core.gui.components.velocity.VelocityContainer;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.gui.control.controller.BasicController;
import org.olat.core.gui.control.generic.messages.MessageUIFactory;
import org.olat.core.id.Identity;
import org.olat.core.logging.OLATSecurityException;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
import org.olat.core.util.WebappHelper;
import org.olat.core.util.resource.OresHelper;
import org.olat.ldap.LDAPError;
import org.olat.ldap.LDAPLoginModule;
import org.olat.ldap.ui.LDAPAuthenticationController;
import org.olat.login.OLATAuthenticationController;
import org.olat.login.SupportsAfterLoginInterceptor;
import org.olat.login.auth.OLATAuthManager;
/**
* Initial Date: Jul 29, 2003
*
* @author Felix Jost, Florian Gnaegi
*
* Comment:
* Subworkflow that allows the user to search for a user and choose the user from
* the list of users that match the search criteria. Users can be searched by
* <ul>
* <li />Username
* <li />First name
* <li />Last name
* <li />Email address
* </ul>
*
*/
public class ChangePasswordController extends BasicController implements SupportsAfterLoginInterceptor {
OLog log = Tracing.createLoggerFor(ChangePasswordController.class);
private VelocityContainer myContent;
private ChangePasswordForm chPwdForm;
/**
* @param ureq
* @param wControl
*/
public ChangePasswordController(UserRequest ureq, WindowControl wControl) {
super(ureq, wControl);
// if a user is not allowed to change his/her own password, say it here
if (!UserModule.isPwdchangeallowed()) {
String text = getTranslator().translate("notallowedtochangepwd", new String[] { WebappHelper.getMailConfig("mailSupport") });
Controller simpleMsg = MessageUIFactory.createSimpleMessage(ureq, wControl, text);
listenTo(simpleMsg);//register controller to be disposed automatically on dispose of Change password controller
putInitialPanel(simpleMsg.getInitialComponent());
return;
}
Manager mgr = ManagerFactory.getManager();
if (!mgr.isIdentityPermittedOnResourceable(
ureq.getIdentity(),
Constants.PERMISSION_ACCESS,
OresHelper.lookupType(this.getClass())))
throw new OLATSecurityException("Insufficient permissions to access ChangePasswordController");
myContent = createVelocityContainer("pwd");
//adds "provider_..." variables to myContent
exposePwdProviders(ureq.getIdentity());
chPwdForm = new ChangePasswordForm(ChangePasswordForm.FORMNAME, getTranslator());
chPwdForm.addListener(this);
myContent.put(ChangePasswordForm.FORMNAME, chPwdForm);
putInitialPanel(myContent);
}
/**
* @see org.olat.core.gui.control.DefaultController#event(org.olat.core.gui.UserRequest, org.olat.core.gui.components.Component, org.olat.core.gui.control.Event)
*/
public void event(UserRequest ureq, Component source, Event event) {
if (source == chPwdForm) {
if (event == Form.EVNT_VALIDATION_OK) { // form validation was ok
// Form data is ok
// verify old password
String oldPwd = chPwdForm.getOldPasswordValue();
Identity provenIdent = null;
if(ManagerFactory.getManager().findAuthentication(ureq.getIdentity(), LDAPAuthenticationController.PROVIDER_LDAP) != null) {
LDAPError ldapError = new LDAPError();
//fallback to OLAT if enabled happen automatically in LDAPAuthenticationController
provenIdent = LDAPAuthenticationController.authenticate(ureq.getIdentity().getName(), oldPwd, ldapError);
}
else if(ManagerFactory.getManager().findAuthentication(ureq.getIdentity(), OLATAuthenticationController.PROVIDER_OLAT) != null) {
provenIdent = OLATAuthenticationController.authenticate(ureq.getIdentity().getName(), oldPwd);
}
if (provenIdent == null) {
getWindowControl().setError(translate("error.password.noauth"));
}
else {
String newPwd = chPwdForm.getNewPasswordValue();
if(OLATAuthManager.changePassword(ureq.getIdentity(), provenIdent, newPwd)) {
//TODO: verify that we are NOT in a transaction (changepwd should be commited immediately)
log.audit("Changed password for identity."+provenIdent.getName());
getWindowControl().setInfo(translate("password.successful"));
} else {
getWindowControl().setInfo(translate("password.failed"));
}
}
}
}
}
private void exposePwdProviders(Identity identity) {
// check if user has OLAT provider
List<Authentication> authentications = ManagerFactory.getManager().getAuthentications(identity);
Iterator<Authentication> iter = authentications.iterator();
while (iter.hasNext()) {
myContent.contextPut("provider_" + (iter.next()).getProvider(), Boolean.TRUE);
}
//LDAP Module propagate changes to password
if(LDAPLoginModule.isPropagatePasswordChangedOnLdapServer()) {
myContent.contextPut("provider_LDAP_pwdchange", Boolean.TRUE);
}
}
/**
*
* @see org.olat.core.gui.control.DefaultController#doDispose(boolean)
*/
protected void doDispose() {
// nothing to do yet
}
}