ConfigWebTool Version 0.9.5

--PVP2 Login --PVP2 Users to UserDatabase functionality --Mailaddress verification --Mail status messages to users and admin --add List with OpenRequests for admins --change OA Target configuration --add cleanUp Thread to remove old unused UserAccount requests --update UserDatabase to support PVP2 logins --add formID element validate received forms -- add first classes for STORK configuration make some Bugfixes
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 16:19:00 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 16:19:00 +0200
commit: a27cf61551c129aee48ea533ad73f2ade37a757a (patch)
tree: c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
parent: 2c7d70f182b554321b6baf3e225139a883d61035 (diff)
download: moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip
1 files changed, 303 insertions, 66 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 2a9ec038f..6bc90a417 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -1,11 +1,12 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
-import java.util.ArrayList;
-import java.util.Date;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
@@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
 import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
 import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 import com.opensymphony.xwork2.ActionSupport;
@@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport
 	
 	private String useridobj = null;
 	private static boolean newUser = false;
+	private InputStream stream;
+	private String nextPage;
+	private String formID;
 	
 	public String init() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
-		
+				
 		if (authUser.isAdmin()) {
 			
+			log.info("Show NewserRequests");
+			
 			log.info("Show UserList");
 			
 			List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers();
+						
 			if (dbuserlist != null) {
-				userlist = new ArrayList<AuthenticatedUser>();
-				
-				for (UserDatabase dbuser : dbuserlist) {
-					userlist.add(new AuthenticatedUser(
-							dbuser.getHjid(), 
-							dbuser.getGivenname(), 
-							dbuser.getFamilyname(),
-							dbuser.getUsername(),
-							dbuser.isIsActive(), 
-							dbuser.isIsAdmin()));
-				}
+				userlist = FormDataHelper.addFormUsers(dbuserlist);
 			}
+		
+			session.setAttribute(Constants.SESSION_RETURNAREA,
+					Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());
 			
 			ConfigurationDBUtils.closeSession();
 			return Constants.STRUTS_SUCCESS;
@@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport
 			}
 			user = new UserDatabaseFrom(dbuser);
 			ConfigurationDBUtils.closeSession();
+			
+			session.setAttribute(Constants.SESSION_RETURNAREA,
+					Constants.STRUTS_RETURNAREA_VALUES.main.name());
+			
+			formID = Random.nextRandom();
+			session.setAttribute(Constants.SESSION_FORMID, formID);
+			
 			return Constants.STRUTS_NOTALLOWED;
 		}
 	}
 	
 	public String createuser() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
+		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		
 		authUser = (AuthenticatedUser) authUserObj;
+		nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
 		
 		if (authUser.isAdmin()) {
 							
 			user = new UserDatabaseFrom();
 			
 			newUser = true;
+			
+			formID = Random.nextRandom();
+			session.setAttribute(Constants.SESSION_FORMID, formID);
 			return Constants.STRUTS_SUCCESS;
 			
 		} else {
@@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport
 	}
 	
 	public String edituser() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 		
+		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	
+		if (nextPageAttr != null && nextPageAttr instanceof String 
+				&& MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+			nextPage = (String) nextPageAttr;
+			
+		} else {
+			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+		}
+		
+		formID = Random.nextRandom();
+		session.setAttribute(Constants.SESSION_FORMID, formID);
+		
 		if (authUser.isAdmin()) {
 			long userid = -1;
 			
@@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport
 		}		
 	}
 	
-	public String saveuser() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+	public String saveuser() {	
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 
+		Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+		if (formidobj != null && formidobj instanceof String) {
+			String formid = (String) formidobj;
+			if (!formid.equals(formID)) {
+				log.warn("FormIDs does not match. Some suspect Form is received from user "
+						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+				return Constants.STRUTS_ERROR;
+			}			
+		} else {
+			log.warn("FormIDs does not match. Some suspect Form is received from user "
+					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+			return Constants.STRUTS_ERROR;
+		}
+		session.setAttribute(Constants.SESSION_FORMID, null);
+		
 		String useridobj = user.getUserID();
 		long userID = -1;
 		if (MiscUtil.isEmpty(useridobj)) {
@@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport
 			userID = Long.valueOf(useridobj);
 		}
 		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+		
+		if( dbuser == null) {
+			dbuser = new UserDatabase();
+			dbuser.setIsMandateUser(false);
+			dbuser.setIsAdminRequest(false);
+			dbuser.setIsPVP2Generated(false);
+			dbuser.setUserRequestTokken(null);
+			dbuser.setIsMailAddressVerified(false);
+			dbuser.setUsername(user.getUsername());
+		}
+		
 		List<String> errors;
 		UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
-		errors = validator.validate(user, userID);
+		
+		boolean ispvp2 = false;
+		boolean ismandate = false;
+		if (dbuser.isIsPVP2Generated() != null)
+			ispvp2 = dbuser.isIsPVP2Generated();
+		
+		if (dbuser.isIsMandateUser() != null)
+			ismandate = dbuser.isIsMandateUser();
+		
+		errors = validator.validate(user, userID, ispvp2, ismandate);
 
 		if (errors.size() > 0) {
 			log.info("UserDataForm has some erros.");
@@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport
 			if (MiscUtil.isEmpty(user.getUsername()))
 				newUser = true;
 			
+			user.setIsmandateuser(ismandate);
+			user.setPVPGenerated(ispvp2);
+			if (dbuser.isIsUsernamePasswordAllowed() != null)
+				user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());	
+			
+			formID = Random.nextRandom();
+			session.setAttribute(Constants.SESSION_FORMID, formID);
+			
 			return Constants.STRUTS_ERROR_VALIDATION;
 		}
 		
@@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport
 			}
 							
 		}
-
-		String error = saveFormToDB();
+				
+		if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) {
+			dbuser.setIsMailAddressVerified(false);
+			dbuser.setUserRequestTokken(Random.nextRandom());
+			
+			try {
+				MailHelper.sendUserMailAddressVerification(dbuser);
+				addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify"));
+				
+			} catch (ConfigurationException e) {
+				log.warn("Sending of mailaddress verification mail failed.", e);
+				addActionError(LanguageHelper.getErrorString("error.mail.send"));
+			}
+		}
+			
+		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	
+		if (nextPageAttr != null && nextPageAttr instanceof String 
+				&& MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+			nextPage = (String) nextPageAttr;
+			
+			if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) &&
+					user.isActive()) {
+				dbuser.setIsAdminRequest(false);
+				try {	
+					if (dbuser.isIsMandateUser())
+						MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+								dbuser.getInstitut(), user.getMail());
+					else
+						MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+								null, user.getMail());
+					
+				} catch (ConfigurationException e) {
+					log.warn("Send UserAccountActivation mail failed", e);
+				}
+			}
+			session.setAttribute(Constants.SESSION_RETURNAREA, null);
+			
+		} else {
+			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+		}
+		
+		String error = saveFormToDB(dbuser);
+				
 		if (error != null) {
 			log.warn("UserData can not be stored in Database");
 			addActionError(error);
@@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport
 	}
 	
 	public String deleteuser() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
-							
+		
+		Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+		if (formidobj != null && formidobj instanceof String) {
+			String formid = (String) formidobj;
+			if (!formid.equals(formID)) {
+				log.warn("FormIDs does not match. Some suspect Form is received from user "
+						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+				return Constants.STRUTS_ERROR;
+			}			
+		} else {
+			log.warn("FormIDs does not match. Some suspect Form is received from user "
+					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+			return Constants.STRUTS_ERROR;
+		}
+		session.setAttribute(Constants.SESSION_FORMID, null);
+		
 		String useridobj = user.getUserID();
 		long userID = -1;
 		if (MiscUtil.isEmpty(useridobj)) {
@@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport
 			}
 		}
 		
+		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	
+		if (nextPageAttr != null && nextPageAttr instanceof String 
+				&& MiscUtil.isNotEmpty((String)nextPageAttr)  ) {
+			nextPage = (String) nextPageAttr;
+			session.setAttribute(Constants.SESSION_RETURNAREA, null);
+			
+		} else {
+			nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+		}
+		
 		UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
 		if (dbuser != null) {
 			dbuser.setOnlineApplication(null);
@@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport
 				ConfigurationDBUtils.saveOrUpdate(dbuser);
 				ConfigurationDBUtils.delete(dbuser);
 				
+				if (authUser.isAdmin()) {
+					MailHelper.sendUserAccountRevocationMail(dbuser);
+				}
+				
+				if (dbuser.getHjid() == authUser.getUserID()) {
+					ConfigurationDBUtils.closeSession();
+					return Constants.STRUTS_REAUTHENTICATE;
+				}
+					
 			} catch (MOADatabaseException e) {
-				log.warn("UserData can not be deleted from Database");
+				log.warn("UserData can not be deleted from Database", e);
+				addActionError(e.getMessage());
+				return Constants.STRUTS_SUCCESS;
+				
+			} catch (ConfigurationException e) {
+				log.warn("Information mail sending failed.", e);
 				addActionError(e.getMessage());
 				return Constants.STRUTS_SUCCESS;
 			}
@@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport
 		}
 		
 		ConfigurationDBUtils.closeSession();
+			
 		return Constants.STRUTS_SUCCESS;
 	}
 	
-	private String saveFormToDB() {
+	public String sendVerificationMail () {
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
-		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername());
+		String 	message = LanguageHelper.getErrorString("error.mail.verification");
 		
-		if( dbuser == null) {
-			dbuser = new UserDatabase();
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+		authUser = (AuthenticatedUser) authUserObj;
+		
+		if (authUser != null) {
+			UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+			
+			if (dbuser != null) {	
+				dbuser.setIsMailAddressVerified(false);
+				dbuser.setUserRequestTokken(Random.nextRandom());
+				
+				try {
+					ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+					MailHelper.sendUserMailAddressVerification(dbuser);
+					
+					message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message");
+					
+				} catch (ConfigurationException e) {
+					log.warn("Sending of mailaddress verification mail failed.", e);
+					message = LanguageHelper.getErrorString("error.mail.send");
+					
+				} catch (MOADatabaseException e) {
+					log.warn("Access UserInformationDatabase failed.", e);
+				}	
+			} 
 		}
 		
-		dbuser.setBpk(user.getBpk());
-		dbuser.setFamilyname(user.getFamilyName());
-		dbuser.setGivenname(user.getGivenName());
-		dbuser.setInstitut(user.getInstitut());
+		stream = new ByteArrayInputStream(message.getBytes());
+		
+		return SUCCESS;
+	}
+	
+	private String saveFormToDB(UserDatabase dbuser) {
+				
 		dbuser.setMail(user.getMail());
 		dbuser.setPhone(user.getPhone());
-		dbuser.setUsername(user.getUsername());
 		
-		if (authUser.isAdmin()) {
-			dbuser.setIsActive(user.isActive());
-			dbuser.setIsAdmin(user.isAdmin());
+		if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) {
+			dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed());
+			
+			if (authUser.isAdmin()) {
+				dbuser.setIsActive(user.isActive());
+				dbuser.setIsAdmin(user.isAdmin());
+			
+			}
 		}
 		
-		if (MiscUtil.isNotEmpty(user.getPassword())) {
-			String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
-			if (key == null) {
-				return LanguageHelper.getErrorString("errors.edit.user.save");
+		if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) {
+			dbuser.setFamilyname(user.getFamilyName());
+			dbuser.setGivenname(user.getGivenName());
+			dbuser.setInstitut(user.getInstitut());
+			
+			if (authUser.isAdmin())
+				dbuser.setBpk(user.getBpk());
+			
+		} else {
+			if (!dbuser.isIsMandateUser())
+				dbuser.setInstitut(user.getInstitut());
+		}
+		
+		if (dbuser.isIsUsernamePasswordAllowed()) {
+			
+			if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername()))
+				dbuser.setUsername(user.getUsername());
+			
+			if (MiscUtil.isNotEmpty(user.getPassword())) {
+				String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+				if (key == null) {
+					return LanguageHelper.getErrorString("errors.edit.user.save");
+				}
+				dbuser.setPassword(key);			
 			}
-			dbuser.setPassword(key);			
 		}
 
-		
 		try {
 			ConfigurationDBUtils.saveOrUpdate(dbuser);
 		} catch (MOADatabaseException e) {
@@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport
 		
 		return null;
 	}
-	
-//	public String createTestUser() throws MOADatabaseException {
-//		
-//		UserDatabase user = new UserDatabase();
-//		user.setBpk("");
-//		user.setFamilyname("Max");
-//		user.setGivenname("Mustermann");
-//		user.setIsActive(true);
-//		user.setIsAdmin(false);
-//		user.setInstitut("EGIZ");
-//		user.setLastLoginItem(new Date());
-//		user.setMail("masdf@amfasdf.com");
-//		user.setPhone("00660011542");
-//		user.setUsername("testuser");
-//		
-//		ConfigurationDBUtils.save(user);
-//		
-//		return Constants.STRUTS_SUCCESS;
-//	}
-	
-	
+		
 	public void setServletResponse(HttpServletResponse response) {
 		this.response = response;
 		
@@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport
 	public boolean isNewUser() {
 		return newUser;
 	}
-	
-	
+
+	/**
+	 * @return the nextPage
+	 */
+	public String getNextPage() {
+		return nextPage;
+	}
+
+	/**
+	 * @return the stream
+	 */
+	public InputStream getStream() {
+		return stream;
+	}
+
+	/**
+	 * @return the formID
+	 */
+	public String getFormID() {
+		return formID;
+	}
+
+	/**
+	 * @param formID the formID to set
+	 */
+	public void setFormID(String formID) {
+		this.formID = formID;
+	}
 	
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 16:19:00 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 16:19:00 +0200
commit	a27cf61551c129aee48ea533ad73f2ade37a757a (patch)
tree	c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
parent	2c7d70f182b554321b6baf3e225139a883d61035 (diff)
download	moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2 moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip