/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; import java.util.Date; import java.util.LinkedHashMap; import java.util.List; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz * */ public class BasicOAAction extends BasicAction { private static final long serialVersionUID = 5676123696807646246L; private final Logger log = Logger.getLogger(BasicOAAction.class); protected LinkedHashMap formList; protected long oaid = -1; private String oaidobj; private boolean newOA; private boolean isMetaDataRefreshRequired = false; /** * */ public BasicOAAction() { formList = new LinkedHashMap(); OAGeneralConfig generalOA = new OAGeneralConfig(); formList.put(generalOA.getName(), generalOA); } protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ if (!ValidationHelper.validateOAID(oaidobj)) { throw new BasicOAActionException( LanguageHelper.getErrorString("errors.edit.oa.oaid", request), Constants.STRUTS_ERROR); } oaid = Long.valueOf(oaidobj); UserDatabase userdb = null; OnlineApplication onlineapplication = null; if (authUser.isAdmin()) onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); else { userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); throw new BasicOAActionException( LanguageHelper.getErrorString("error.editoa.mailverification", request), Constants.STRUTS_SUCCESS); } // TODO: change to direct Database operation List oas = userdb.getOnlineApplication(); for (OnlineApplication oa : oas) { if (oa.getHjid() == oaid) { onlineapplication = oa; break; } } if (onlineapplication == null) { throw new BasicOAActionException( LanguageHelper.getErrorString("errors.edit.oa.oaid", request), Constants.STRUTS_ERROR); } } return onlineapplication; } protected void populateBasicNewOnlineApplicationInformation() { session.setAttribute(Constants.SESSION_OAID, null); setNewOA(true); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); } protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException { if (onlineapplication == null) { onlineapplication = new OnlineApplication(); onlineapplication.setIsNew(true); onlineapplication.setIsActive(false); if (!authUser.isAdmin()) { onlineapplication.setIsAdminRequired(true); } else isMetaDataRefreshRequired = true; } else { onlineapplication.setIsNew(false); if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { onlineapplication.setIsAdminRequired(true); onlineapplication.setIsActive(false); log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); } } if ((onlineapplication.isIsAdminRequired() == null) || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { onlineapplication.setIsAdminRequired(false); isMetaDataRefreshRequired = true; UserDatabase userdb = null; if (onlineapplication.getHjid() != null) userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); if (userdb != null && !userdb.isIsAdmin()) { try { MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); } catch (ConfigurationException e) { log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } } } //save OA configuration String error = saveOAConfigToDatabase(onlineapplication); if (MiscUtil.isNotEmpty(error)) { log.warn("OA configuration can not be stored!"); addActionError(error); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); } //set metadata reload flag if reload is required if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { try { if (isMetaDataRefreshRequired || !getPvp2OA().getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) || getPvp2OA().getFileUpload() != null || getPvp2OA().isReLoad()) { log.debug("Set PVP2 Metadata refresh flag."); MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); moaconfig.setPvp2RefreshItem(new Date()); ConfigurationDBUtils.saveOrUpdate(moaconfig); } } catch (Throwable e) { log.info("Found no MetadataURL in OA-Databaseconfig!", e); } } return onlineapplication; } protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { try { Object formidobj = session.getAttribute(Constants.SESSION_FORMID); if (formidobj != null && formidobj instanceof String) { String formid = (String) formidobj; if (!formid.equals(formID)) { throw new BasicOAActionException( "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID(), Constants.STRUTS_ERROR); } } else { throw new BasicOAActionException( "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID(), Constants.STRUTS_ERROR); } session.setAttribute(Constants.SESSION_FORMID, null); UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); throw new BasicOAActionException( LanguageHelper.getErrorString("error.editoa.mailverification", request), Constants.STRUTS_SUCCESS); } OnlineApplication onlineapplication = null; Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); Long oaid = (long) -1; if (oadbid != null) { try { oaid = (Long) oadbid; if (oaid < 0 || oaid > Long.MAX_VALUE) { throw new BasicOAActionException( LanguageHelper.getErrorString("errors.edit.oa.oaid", request), Constants.STRUTS_ERROR); } } catch (Throwable t) { throw new BasicOAActionException( LanguageHelper.getErrorString("errors.edit.oa.oaid", request), Constants.STRUTS_ERROR); } } // valid DBID and check entry OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); String oaidentifier = oaGeneralForm.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), Constants.STRUTS_ERROR_VALIDATION); } else { if (!ValidationHelper.validateURL(oaidentifier)) { log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.valid", new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), Constants.STRUTS_ERROR_VALIDATION); } else { if (oaid == -1) { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); setNewOA(true); if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), Constants.STRUTS_ERROR_VALIDATION); } } else { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { log.info("The OAIdentifier is not unique"); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), Constants.STRUTS_ERROR_VALIDATION); } } } } } return onlineapplication; } catch (BasicOAActionException e) { formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); throw e; } } protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { try { Object formidobj = session.getAttribute(Constants.SESSION_FORMID); if (formidobj != null && formidobj instanceof String) { String formid = (String) formidobj; if (!formid.equals(formID)) { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); throw new BasicOAActionException( "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID(), Constants.STRUTS_ERROR); } } else { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); throw new BasicOAActionException( "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID(), Constants.STRUTS_ERROR); } session.setAttribute(Constants.SESSION_FORMID, null); UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); throw new BasicOAActionException( LanguageHelper.getErrorString("error.editoa.mailverification", request), Constants.STRUTS_SUCCESS); } String oaidentifier = getGeneralOA().getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), Constants.STRUTS_ERROR_VALIDATION); } else { if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); throw new BasicOAActionException( LanguageHelper.getErrorString("validation.general.oaidentifier.valid", new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), Constants.STRUTS_ERROR_VALIDATION); } } return oaidentifier; } catch (BasicOAActionException e) { formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); throw e; } } private String saveOAConfigToDatabase(OnlineApplication dboa) { for (IOnlineApplicationData form : formList.values()) form.store(dboa, authUser, request); try { if (dboa.isIsNew()) { ConfigurationDBUtils.save(dboa); if (!authUser.isAdmin()) { UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); List useroas = user.getOnlineApplication(); if (useroas == null) useroas = new ArrayList(); useroas.add(dboa); ConfigurationDBUtils.saveOrUpdate(user); } } else ConfigurationDBUtils.saveOrUpdate(dboa); } catch (MOADatabaseException e) { log.warn("Online-Application can not be stored.", e); return LanguageHelper.getErrorString("error.db.oa.store", request); } return null; } /** * @param oaidobj the oaidobj to set */ public void setOaidobj(String oaidobj) { this.oaidobj = oaidobj; } /** * @return the newOA */ public boolean isNewOA() { return newOA; } /** * @param newOA the newOA to set */ public void setNewOA(boolean newOA) { this.newOA = newOA; } public OAGeneralConfig getGeneralOA() { return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); } public void setGeneralOA(OAGeneralConfig generalOA) { formList.put(generalOA.getName(), generalOA); } public OAPVP2Config getPvp2OA() { return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); } public void setPvp2OA(OAPVP2Config pvp2oa) { formList.put(pvp2oa.getName(), pvp2oa); } }