diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java | 369 |
1 files changed, 303 insertions, 66 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 2a9ec038f..6bc90a417 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -1,11 +1,12 @@ package at.gv.egovernment.moa.id.configuration.struts.action; -import java.util.ArrayList; -import java.util.Date; +import java.io.ByteArrayInputStream; +import java.io.InputStream; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport private String useridobj = null; private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; public String init() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + if (authUser.isAdmin()) { + log.info("Show NewserRequests"); + log.info("Show UserList"); List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); + if (dbuserlist != null) { - userlist = new ArrayList<AuthenticatedUser>(); - - for (UserDatabase dbuser : dbuserlist) { - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getUsername(), - dbuser.isIsActive(), - dbuser.isIsAdmin())); - } + userlist = FormDataHelper.addFormUsers(dbuserlist); } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport } user = new UserDatabaseFrom(dbuser); ConfigurationDBUtils.closeSession(); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_NOTALLOWED; } } public String createuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); if (authUser.isAdmin()) { user = new UserDatabaseFrom(); newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_SUCCESS; } else { @@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport } public String edituser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + if (authUser.isAdmin()) { long userid = -1; @@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport } } - public String saveuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + public String saveuser() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport userID = Long.valueOf(useridobj); } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + + if( dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + List<String> errors; UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - errors = validator.validate(user, userID); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) + ispvp2 = dbuser.isIsPVP2Generated(); + + if (dbuser.isIsMandateUser() != null) + ismandate = dbuser.isIsMandateUser(); + + errors = validator.validate(user, userID, ispvp2, ismandate); if (errors.size() > 0) { log.info("UserDataForm has some erros."); @@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport if (MiscUtil.isEmpty(user.getUsername())) newUser = true; + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; } @@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport } } - - String error = saveFormToDB(); + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send")); + } + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + else + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + + } catch (ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + String error = saveFormToDB(dbuser); + if (error != null) { log.warn("UserData can not be stored in Database"); addActionError(error); @@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport } public String deleteuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport } } + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); if (dbuser != null) { dbuser.setOnlineApplication(null); @@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport ConfigurationDBUtils.saveOrUpdate(dbuser); ConfigurationDBUtils.delete(dbuser); + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid() == authUser.getUserID()) { + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_REAUTHENTICATE; + } + } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database"); + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (ConfigurationException e) { + log.warn("Information mail sending failed.", e); addActionError(e.getMessage()); return Constants.STRUTS_SUCCESS; } @@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport } ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; } - private String saveFormToDB() { + public String sendVerificationMail () { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername()); + String message = LanguageHelper.getErrorString("error.mail.verification"); - if( dbuser == null) { - dbuser = new UserDatabase(); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (authUser != null) { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message"); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send"); + + } catch (MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } } - dbuser.setBpk(user.getBpk()); - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + dbuser.setMail(user.getMail()); dbuser.setPhone(user.getPhone()); - dbuser.setUsername(user.getUsername()); - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } } - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save"); + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) + dbuser.setBpk(user.getBpk()); + + } else { + if (!dbuser.isIsMandateUser()) + dbuser.setInstitut(user.getInstitut()); + } + + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) + dbuser.setUsername(user.getUsername()); + + if (MiscUtil.isNotEmpty(user.getPassword())) { + String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save"); + } + dbuser.setPassword(key); } - dbuser.setPassword(key); } - try { ConfigurationDBUtils.saveOrUpdate(dbuser); } catch (MOADatabaseException e) { @@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport return null; } - -// public String createTestUser() throws MOADatabaseException { -// -// UserDatabase user = new UserDatabase(); -// user.setBpk(""); -// user.setFamilyname("Max"); -// user.setGivenname("Mustermann"); -// user.setIsActive(true); -// user.setIsAdmin(false); -// user.setInstitut("EGIZ"); -// user.setLastLoginItem(new Date()); -// user.setMail("masdf@amfasdf.com"); -// user.setPhone("00660011542"); -// user.setUsername("testuser"); -// -// ConfigurationDBUtils.save(user); -// -// return Constants.STRUTS_SUCCESS; -// } - - + public void setServletResponse(HttpServletResponse response) { this.response = response; @@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport public boolean isNewUser() { return newUser; } - - + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } |