// PasswordEditorFrame.java
// $Id: PasswordEditorFrame.java,v 1.7 2000/08/16 21:37:44 ylafon Exp $
// (c) COPYRIGHT MIT and INRIA, 1996.
// Please first read the full copyright statement in file COPYRIGHT.html
package org.w3c.jigsaw.resources;
import org.w3c.tools.resources.Attribute;
import org.w3c.tools.resources.AttributeHolder;
import org.w3c.tools.resources.AttributeRegistry;
import org.w3c.tools.resources.InvalidResourceException;
import org.w3c.tools.resources.ProtocolException;
import org.w3c.tools.resources.Resource;
import org.w3c.tools.resources.ResourceException;
import org.w3c.tools.resources.ResourceFrame;
import org.w3c.tools.resources.ResourceReference;
import org.w3c.tools.resources.ServerInterface;
import org.w3c.tools.resources.StringAttribute;
import org.w3c.www.http.HTTP;
import org.w3c.jigsaw.http.Reply;
import org.w3c.jigsaw.http.Request;
import org.w3c.jigsaw.http.httpd;
import org.w3c.jigsaw.frames.HTTPFrame;
import org.w3c.jigsaw.frames.PostableFrame;
import org.w3c.jigsaw.auth.AuthRealm;
import org.w3c.jigsaw.auth.AuthUser;
import org.w3c.jigsaw.auth.RealmsCatalog;
import org.w3c.jigsaw.html.HtmlGenerator;
import org.w3c.jigsaw.forms.URLDecoder;
public class PasswordEditorFrame extends PostableFrame {
/**
* Attribute index - The name of the realm to edit.
*/
protected static int ATTR_REALM = -1;
static {
Class c = null;
Attribute a = null;
try {
c = Class.forName("org.w3c.jigsaw.resources.PasswordEditorFrame");
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
}
// Register the name of the realm to edit
a = new StringAttribute("realm"
, null
, Attribute.EDITABLE);
ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
}
/**
* The loaded realm, when loaded.
*/
ResourceReference rr_realm = null;
/**
* Get the name of the realm to edit.
* @return The name of the realm to edit, as a String.
*/
public String getRealm() {
return getString(ATTR_REALM, null);
}
protected synchronized boolean changePassword(String username,
String oldpassword,
String newpassword)
{
// Get a handle on the authentication realm:
if ( rr_realm == null ) {
// Load the realm from the auth realm catalog:
RealmsCatalog c = ((httpd)getServer()).getRealmsCatalog();
String r = getRealm();
if ( r == null ) {
getServer().errlog(this, "attribute realm no initialized.");
return false;
}
// Really, load the store now:
rr_realm = c.loadRealm(r);
}
// If we did get the realm:
if ( rr_realm != null ) {
try {
AuthRealm realm = (AuthRealm) rr_realm.lock();
// Get the user:
ResourceReference rr_user = realm.loadUser(username);
if (rr_user == null)
return false;
try {
AuthUser user = (AuthUser)rr_user.lock();
// Check the old password first:
String passwd = user.getPassword();
if ((passwd == null) || ! passwd.equals(oldpassword))
return false;
// Set the new password:
user.setPassword(newpassword);
return true;
} catch (InvalidResourceException ex) {
return false;
} finally {
rr_user.unlock();
}
} catch (InvalidResourceException ex) {
return false;
} finally {
rr_realm.unlock();
}
}
return false;
}
protected HtmlGenerator generateForm(String msg) {
// Create the HTML and set title:
HtmlGenerator g = new HtmlGenerator("Password editor for "+getRealm());
// Add style link
addStyleSheet(g);
g.append("<h1>Password editor for "
, getRealm()
, "</h1>");
// If some message is available, dump it:
if ( msg != null )
g.append("<hr>", msg, "</hr>");
// And then display the form:
g.append("<form method=\"POST\" action=\"",
getURLPath(),
"\">");
g.append("<table width=\"100%\">");
g.append("<tr><th align=right>username");
g.append("<th align=left><input type=\"text\" name=\"username\">");
g.append("<tr><th align=right>old password");
g.append("<th align=left><input type=\"password\" name=\"opasswd\">");
g.append("<tr><th align=right>new password");
g.append("<th align=left><input type=\"password\" name=\"npasswd\">");
g.append("<tr><th align=right>confirm");
g.append("<th align=left><input type=\"password\" name=\"cpasswd\">");
g.append("</table>");
g.append("<input type=\"submit\" value=\"Change\">");
g.append("</form>");
return g;
}
protected final HtmlGenerator generateForm() {
return generateForm(null);
}
/**
* Handle a get request on the password editor.
* Dump a form suitable for editing a user entry.
* @param request The request to handle.
* @exception ProtocolException If processing the request failed.
* @exception ResourceException If this resource got a fatal error.
* @return An HTTP Reply instance.
*/
public Reply get(Request request)
throws ProtocolException, ResourceException
{
Reply reply = createDefaultReply(request, HTTP.OK);
reply.setStream(generateForm());
return reply;
}
/**
* Handle a post request.
* Do change the password, when possible.
* @param request The request to handle.
* @param data The form decoded data.
* @exception ProtocolException If processing the request failed.
* @return An HTTP Reply instance.
*/
public Reply handle(Request request, URLDecoder data)
throws ProtocolException
{
String username = data.getValue("username");
String opasswd = data.getValue("opasswd");
String npasswd = data.getValue("npasswd");
String cpasswd = data.getValue("cpasswd");
HtmlGenerator g = null;
if ((username == null)
|| (opasswd == null)
|| (npasswd == null)
|| (cpasswd == null)) {
// Check that all values are available:
if (username == null)
g = generateForm("Fill in <em>all</em> the fields.");
else
g = generateForm("Hey, "+username+", could you feel in "
+ "<em>all</em> the fields please.");
} else if ( ! npasswd.equals(cpasswd) ) {
// Check that new and confirmed password are the same:
g = generateForm("New and confirmed password don't "
+ " match, try again "
+ ((username == null) ? "." : (username+".")));
} else if ( changePassword(username, opasswd, npasswd) ) {
// Run the change:
g = new HtmlGenerator("Password now changed.");
// Add style link
addStyleSheet(g);
g.append("<h1>Your password has been changed</h1>");
g.append("<p>Operation succeeded, have fun !");
} else {
// Changing the password failed, don't provide explanations:
g = new HtmlGenerator("Password change failed");
// Add style link
addStyleSheet(g);
g.append("<h1>Changing the password failed</h1>");
g.append("You were not allowed to change the password for user \""
, username
, "\".");
}
// We always succeed, that's cool:
Reply reply = createDefaultReply(request, HTTP.OK);
reply.setStream(g);
return reply;
}
}