/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.List; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.util.MiscUtil; import lombok.extern.slf4j.Slf4j; @Slf4j public class UserManagementAction extends BasicAction { private static final long serialVersionUID = 1L; private List userlist = null; private UserDatabaseFrom user = null; private String useridobj = null; private static boolean newUser = false; private InputStream stream; private String nextPage; private String formID; public String init() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } if (session == null) { log.info("No http Session found."); return Constants.STRUTS_ERROR; } if (authUser.isAdmin()) { log.info("Show NewserRequests"); log.info("Show UserList"); final List dbuserlist = configuration.getUserManagement().getAllUsers(); if (dbuserlist != null) { userlist = FormDataHelper.addFormUsers(dbuserlist); } session.setAttribute(Constants.SESSION_RETURNAREA, Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); return Constants.STRUTS_SUCCESS; } else { log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); if (dbuser == null) { return Constants.STRUTS_REAUTHENTICATE; } user = new UserDatabaseFrom(dbuser); session.setAttribute(Constants.SESSION_RETURNAREA, Constants.STRUTS_RETURNAREA_VALUES.main.name()); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_NOTALLOWED; } } public String createuser() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); if (authUser.isAdmin()) { user = new UserDatabaseFrom(); newUser = true; formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_SUCCESS; } else { return Constants.STRUTS_NOTALLOWED; } } public String edituser() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); if (nextPageAttr != null && nextPageAttr instanceof String && MiscUtil.isNotEmpty((String) nextPageAttr)) { nextPage = (String) nextPageAttr; } else { nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); } formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); if (authUser.isAdmin()) { long userid = -1; if (!ValidationHelper.validateOAID(useridobj)) { addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); return Constants.STRUTS_ERROR; } userid = Long.valueOf(useridobj); final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid); if (dbuser == null) { log.info("No User with ID " + userid + " in Database"); addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); return Constants.STRUTS_ERROR; } user = new UserDatabaseFrom(dbuser); newUser = false; return Constants.STRUTS_SUCCESS; } else { log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); user = new UserDatabaseFrom(dbuser); return Constants.STRUTS_SUCCESS; } } public String saveuser() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); if (formidobj != null && formidobj instanceof String) { final String formid = (String) formidobj; if (!formid.equals(formID)) { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); return Constants.STRUTS_ERROR; } } else { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); return Constants.STRUTS_ERROR; } session.setAttribute(Constants.SESSION_FORMID, null); final String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { userID = -1; } else { if (!ValidationHelper.validateOAID(useridobj)) { log.warn("User with ID " + authUser.getUserID() + " would access UserDatabase ID " + useridobj); addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); return Constants.STRUTS_ERROR; } userID = Long.valueOf(useridobj); } UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); if (dbuser == null) { dbuser = new UserDatabase(); dbuser.setIsMandateUser(false); dbuser.setIsAdminRequest(false); dbuser.setIsPVP2Generated(false); dbuser.setUserRequestTokken(null); dbuser.setIsMailAddressVerified(false); dbuser.setUsername(user.getUsername()); } List errors; final UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); boolean ispvp2 = false; boolean ismandate = false; if (dbuser.isIsPVP2Generated() != null) { ispvp2 = dbuser.isIsPVP2Generated(); } if (dbuser.isIsMandateUser() != null) { ismandate = dbuser.isIsMandateUser(); } errors = validator.validate(user, userID, ispvp2, ismandate, request); if (errors.size() > 0) { log.info("UserDataForm has some erros."); for (final String el : errors) { addActionError(el); } user.setPassword(""); if (MiscUtil.isEmpty(user.getUsername())) { newUser = true; } user.setIsmandateuser(ismandate); user.setPVPGenerated(ispvp2); if (dbuser.isIsUsernamePasswordAllowed() != null) { user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); } formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } if (!authUser.isAdmin()) { if (authUser.getUserID() != userID) { log.warn("User with ID " + authUser.getUserID() + " would access UserDatabase Entry " + user.getUsername()); addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); return Constants.STRUTS_ERROR; } } if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { dbuser.setIsMailAddressVerified(false); dbuser.setUserRequestTokken(Random.nextRandom()); try { MailHelper.sendUserMailAddressVerification(dbuser); addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); } catch (final ConfigurationException e) { log.warn("Sending of mailaddress verification mail failed.", e); addActionError(LanguageHelper.getErrorString("error.mail.send", request)); } } final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); if (nextPageAttr != null && nextPageAttr instanceof String && MiscUtil.isNotEmpty((String) nextPageAttr)) { nextPage = (String) nextPageAttr; if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && user.isActive()) { dbuser.setIsAdminRequest(false); try { if (dbuser.isIsMandateUser()) { MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), dbuser.getInstitut(), user.getMail()); } else { MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), null, user.getMail()); } } catch (final ConfigurationException e) { log.warn("Send UserAccountActivation mail failed", e); } } session.setAttribute(Constants.SESSION_RETURNAREA, null); } else { nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); } final String error = saveFormToDB(dbuser); if (error != null) { log.warn("UserData can not be stored in Database"); addActionError(error); return Constants.STRUTS_SUCCESS; } return Constants.STRUTS_SUCCESS; } public String deleteuser() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); if (formidobj != null && formidobj instanceof String) { final String formid = (String) formidobj; if (!formid.equals(formID)) { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); return Constants.STRUTS_ERROR; } } else { log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); return Constants.STRUTS_ERROR; } session.setAttribute(Constants.SESSION_FORMID, null); final String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { userID = -1; } else { if (!ValidationHelper.validateOAID(useridobj)) { log.warn("User with ID " + authUser.getUserID() + " would access UserDatabase ID " + useridobj); addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); return Constants.STRUTS_ERROR; } userID = Long.valueOf(useridobj); } if (!authUser.isAdmin()) { if (authUser.getUserID() != userID) { log.warn("User with ID " + authUser.getUserID() + " would access UserDatabase Entry " + user.getUsername()); addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); return Constants.STRUTS_ERROR; } } final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); if (nextPageAttr != null && nextPageAttr instanceof String && MiscUtil.isNotEmpty((String) nextPageAttr)) { nextPage = (String) nextPageAttr; session.setAttribute(Constants.SESSION_RETURNAREA, null); } else { nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); } final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID); if (dbuser != null) { dbuser.setOaIDs(null); try { configuration.getUserManagement().saveOrUpdate(dbuser); configuration.getUserManagement().delete(dbuser); if (authUser.isAdmin()) { MailHelper.sendUserAccountRevocationMail(dbuser); } if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) { return Constants.STRUTS_REAUTHENTICATE; } } catch (final MOADatabaseException e) { log.warn("UserData can not be deleted from Database", e); addActionError(e.getMessage()); return Constants.STRUTS_SUCCESS; } catch (final ConfigurationException e) { log.warn("Information mail sending failed.", e); addActionError(e.getMessage()); return Constants.STRUTS_SUCCESS; } finally { } } return Constants.STRUTS_SUCCESS; } public String sendVerificationMail() { try { populateBasicInformations(); } catch (final BasicActionException e) { return Constants.STRUTS_ERROR; } String message = LanguageHelper.getErrorString("error.mail.send", request); if (authUser != null) { final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID()); if (dbuser != null) { dbuser.setIsMailAddressVerified(false); dbuser.setUserRequestTokken(Random.nextRandom()); try { configuration.getUserManagement().saveOrUpdate(dbuser); MailHelper.sendUserMailAddressVerification(dbuser); message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); } catch (final ConfigurationException e) { log.warn("Sending of mailaddress verification mail failed.", e); message = LanguageHelper.getErrorString("error.mail.send", request); } catch (final MOADatabaseException e) { log.warn("Access UserInformationDatabase failed.", e); } } } stream = new ByteArrayInputStream(message.getBytes()); return SUCCESS; } private String saveFormToDB(UserDatabase dbuser) { dbuser.setMail(user.getMail()); dbuser.setPhone(user.getPhone()); if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); if (authUser.isAdmin()) { dbuser.setIsActive(user.isActive()); dbuser.setIsAdmin(user.isAdmin()); } } if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { dbuser.setFamilyname(user.getFamilyName()); dbuser.setGivenname(user.getGivenName()); dbuser.setInstitut(user.getInstitut()); if (authUser.isAdmin()) { dbuser.setBpk(user.getBpk()); if (user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + "X" + Constants.IDENIFICATIONTYPE_FN) || user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + "X" + Constants.IDENIFICATIONTYPE_ZVR) || user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { dbuser.setIsMandateUser(true); } } } else { if (!dbuser.isIsMandateUser()) { dbuser.setInstitut(user.getInstitut()); } } if (dbuser.isIsUsernamePasswordAllowed()) { if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) { dbuser.setUsername(user.getUsername()); } if (MiscUtil.isNotEmpty(user.getPassword())) { final String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); if (key == null) { return LanguageHelper.getErrorString("errors.edit.user.save", request); } dbuser.setPassword(key); } } try { configuration.getUserManagement().saveOrUpdate(dbuser); } catch (final MOADatabaseException e) { log.warn("User information can not be stored in Database.", e); return LanguageHelper.getErrorString("errors.edit.user.save", request); } return null; } /** * @return the userlist */ public List getUserlist() { return userlist; } /** * @param userlist the userlist to set */ public void setUserlist(List userlist) { this.userlist = userlist; } /** * @return the user */ public UserDatabaseFrom getUser() { return user; } /** * @param user the user to set */ public void setUser(UserDatabaseFrom user) { this.user = user; } /** * @return the useridobj */ public String getUseridobj() { return useridobj; } /** * @param useridobj the useridobj to set */ public void setUseridobj(String useridobj) { this.useridobj = useridobj; } /** * @return the newUser */ public boolean isNewUser() { return newUser; } /** * @return the nextPage */ public String getNextPage() { return nextPage; } /** * @return the stream */ public InputStream getStream() { return stream; } /** * @return the formID */ @Override public String getFormID() { return formID; } /** * @param formID the formID to set */ @Override public void setFormID(String formID) { this.formID = formID; } }