You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by gm...@apache.org on 2014/08/16 04:28:58 UTC
svn commit: r1618305 - in /roller/trunk/app/src/main:
java/org/apache/roller/weblogger/ui/struts2/admin/
java/org/apache/roller/weblogger/ui/struts2/core/ resources/
resources/org/apache/roller/weblogger/config/ webapp/WEB-INF/jsps/admin/
webapp/WEB-IN...
Author: gmazza
Date: Sat Aug 16 02:28:58 2014
New Revision: 1618305
URL: http://svn.apache.org/r1618305
Log:
Added in better validation checks for LDAP, DB-OpenID, OpenID auth options.
Modified:
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/CreateUserBean.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserAdmin.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
roller/trunk/app/src/main/resources/ApplicationResources.properties
roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserAdmin.jsp
roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserEdit.jsp
roller/trunk/app/src/main/webapp/WEB-INF/jsps/core/Profile.jsp
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/CreateUserBean.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/CreateUserBean.java?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/CreateUserBean.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/CreateUserBean.java Sat Aug 16 02:28:58 2014
@@ -19,7 +19,6 @@
package org.apache.roller.weblogger.ui.struts2.admin;
import java.util.Collections;
-import java.util.Locale;
import org.apache.roller.weblogger.WebloggerException;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.pojos.GlobalPermission;
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserAdmin.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserAdmin.java?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserAdmin.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserAdmin.java Sat Aug 16 02:28:58 2014
@@ -20,6 +20,9 @@ package org.apache.roller.weblogger.ui.s
import java.util.Collections;
import java.util.List;
+
+import org.apache.roller.weblogger.config.AuthMethod;
+import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.pojos.GlobalPermission;
import org.apache.roller.weblogger.ui.struts2.util.UIAction;
@@ -29,14 +32,14 @@ import org.apache.roller.weblogger.ui.st
*/
public class UserAdmin extends UIAction {
-
public UserAdmin() {
this.actionName = "userAdmin";
this.desiredMenu = "admin";
this.pageTitle = "userAdmin.title.searchUser";
}
-
-
+
+ private AuthMethod authMethod = WebloggerConfig.getAuthMethod();
+
// admin role required
public List<String> requiredGlobalPermissionActions() {
return Collections.singletonList(GlobalPermission.ADMIN);
@@ -46,13 +49,16 @@ public class UserAdmin extends UIAction
public boolean isWeblogRequired() {
return false;
}
-
-
+
/**
* Show user admin search page.
*/
public String execute() {
return SUCCESS;
}
-
+
+ public String getAuthMethod() {
+ return authMethod.name();
+ }
+
}
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/admin/UserEdit.java Sat Aug 16 02:28:58 2014
@@ -25,6 +25,7 @@ import java.util.Locale;
import java.util.TimeZone;
import org.apache.commons.lang3.CharSetUtils;
+import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -131,6 +132,30 @@ public class UserEdit extends UIAction {
if (!hasActionErrors()) {
getBean().copyTo(user);
+ if (authMethod == AuthMethod.DB_OPENID) {
+ if (StringUtils.isEmpty(user.getPassword())
+ && StringUtils.isEmpty(bean.getPassword())
+ && StringUtils.isEmpty(bean.getOpenIdUrl())) {
+ addError("userRegister.error.missingOpenIDOrPassword");
+ return INPUT;
+ } else if (StringUtils.isNotEmpty(bean.getOpenIdUrl())
+ && StringUtils.isNotEmpty(bean.getPassword())) {
+ addError("userRegister.error.bothOpenIDAndPassword");
+ return INPUT;
+ }
+ }
+
+ // User.password does not allow null, so generate one
+ if (authMethod.equals(AuthMethod.OPENID) ||
+ (authMethod.equals(AuthMethod.DB_OPENID) && !StringUtils.isEmpty(bean.getOpenIdUrl()))) {
+ try {
+ String randomString = RandomStringUtils.randomAlphanumeric(255);
+ user.resetPassword(randomString);
+ } catch (WebloggerException e) {
+ addMessage("yourProfile.passwordResetError");
+ }
+ }
+
// reset password if set
if (!StringUtils.isEmpty(getBean().getPassword())) {
try {
@@ -217,6 +242,23 @@ public class UserEdit extends UIAction {
addError("userAdmin.error.userNotFound");
}
}
+ if ((authMethod == AuthMethod.OPENID) && StringUtils.isEmpty(getBean().getOpenIdUrl())) {
+ addError("userRegister.error.missingOpenID");
+ }
+
+ // check that OpenID, if provided, is not taken
+ if (!StringUtils.isEmpty(getBean().getOpenIdUrl())) {
+ try {
+ UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
+ User user = mgr.getUserByOpenIdUrl(bean.getOpenIdUrl());
+ if (user != null && !(user.getUserName().equals(bean.getUserName()))) {
+ addError("error.add.user.openIdInUse");
+ }
+ } catch (WebloggerException ex) {
+ log.error("error checking OpenID URL", ex);
+ addError("generic.error.check.logs");
+ }
+ }
}
public CreateUserBean getBean() {
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Profile.java Sat Aug 16 02:28:58 2014
@@ -17,6 +17,7 @@
*/
package org.apache.roller.weblogger.ui.struts2.core;
+import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -59,11 +60,10 @@ public class Profile extends UIAction {
}
public String save() {
-
myValidate();
if (!hasActionErrors()) {
-
+
// We ONLY modify the user currently logged in
User existingUser = getAuthenticatedUser();
@@ -79,7 +79,32 @@ public class Profile extends UIAction {
existingUser.setOpenIdUrl(openidurl);
} catch (Exception ex) {
log.error("Unexpected error saving user OpenID URL", ex);
- addError("Error in action", ex.toString());
+ addError("generic.error.check.logs");
+ return INPUT;
+ }
+ }
+
+ if (authMethod == AuthMethod.DB_OPENID) {
+ if (StringUtils.isEmpty(existingUser.getPassword())
+ && StringUtils.isEmpty(bean.getPasswordText())
+ && StringUtils.isEmpty(bean.getOpenIdUrl())) {
+ addError("userRegister.error.missingOpenIDOrPassword");
+ return INPUT;
+ } else if (StringUtils.isNotEmpty(bean.getOpenIdUrl())
+ && StringUtils.isNotEmpty(bean.getPasswordText())) {
+ addError("userRegister.error.bothOpenIDAndPassword");
+ return INPUT;
+ }
+ }
+
+ // User.password does not allow null, so generate one
+ if (authMethod.equals(AuthMethod.OPENID) ||
+ (authMethod.equals(AuthMethod.DB_OPENID) && !StringUtils.isEmpty(bean.getOpenIdUrl()))) {
+ String randomString = RandomStringUtils.randomAlphanumeric(255);
+ try {
+ existingUser.resetPassword(randomString);
+ } catch (WebloggerException e) {
+ addMessage("yourProfile.passwordResetError");
}
}
@@ -109,17 +134,26 @@ public class Profile extends UIAction {
}
public void myValidate() {
- if (authMethod == AuthMethod.OPENID && StringUtils.isEmpty(getBean().getOpenIdUrl())) {
- addError("userRegister.error.missingOpenID");
- }
-
- if (authMethod == AuthMethod.DB_OPENID && StringUtils.isEmpty(getBean().getOpenIdUrl()) && StringUtils.isEmpty(getBean().getPassword())) {
- addError("userRegister.error.missingOpenIDOrPassword");
- }
-
- // check that passwords match if they were specified (w/StringUtils.equals, null == null)
- if (!StringUtils.equals(getBean().getPasswordText(), getBean().getPasswordConfirm())) {
- addError("userRegister.error.mismatchedPasswords");
+ if (StringUtils.isEmpty(getBean().getOpenIdUrl())) {
+ // check that passwords match if they were specified (w/StringUtils.equals, null == null)
+ if (!StringUtils.equals(getBean().getPasswordText(), getBean().getPasswordConfirm())) {
+ addError("userRegister.error.mismatchedPasswords");
+ }
+ if (authMethod == AuthMethod.OPENID) {
+ addError("userRegister.error.missingOpenID");
+ }
+ } else {
+ // check that OpenID, if provided, is not taken
+ try {
+ UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
+ User user = mgr.getUserByOpenIdUrl(bean.getOpenIdUrl());
+ if (user != null && !(user.getUserName().equals(bean.getUserName()))) {
+ addError("error.add.user.openIdInUse");
+ }
+ } catch (WebloggerException ex) {
+ log.error("error checking OpenID URL", ex);
+ addError("generic.error.check.logs");
+ }
}
}
Modified: roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java (original)
+++ roller/trunk/app/src/main/java/org/apache/roller/weblogger/ui/struts2/core/Register.java Sat Aug 16 02:28:58 2014
@@ -389,6 +389,21 @@ public class Register extends UIAction i
addError("generic.error.check.logs");
}
}
+
+ // check that OpenID, if provided, is not taken
+ if (!StringUtils.isEmpty(getBean().getOpenIdUrl())) {
+ try {
+ UserManager mgr = WebloggerFactory.getWeblogger().getUserManager();
+ if (mgr.getUserByOpenIdUrl(getBean().getOpenIdUrl()) != null) {
+ addError("error.add.user.openIdInUse");
+ // reset OpenID URL
+ getBean().setOpenIdUrl(null);
+ }
+ } catch (WebloggerException ex) {
+ log.error("error checking OpenID URL", ex);
+ addError("generic.error.check.logs");
+ }
+ }
}
Modified: roller/trunk/app/src/main/resources/ApplicationResources.properties
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/ApplicationResources.properties?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/resources/ApplicationResources.properties (original)
+++ roller/trunk/app/src/main/resources/ApplicationResources.properties Sat Aug 16 02:28:58 2014
@@ -428,6 +428,7 @@ email.comment.commentApproved=Comment Ap
error.untranslated={0}
error.add.user.userNameInUse=Username already in use.
+error.add.user.openIdInUse=Open ID already in use with another account.
error.add.user.missingUserName=You must specify a username.
error.add.user.badUserName=Invalid user name (must be alpha-numerics only).
error.add.user.missingPassword=You must specify a password.
@@ -1362,12 +1363,13 @@ userAdmin.newEntry=New Entry
userAdmin.editEntries=Edit Entries
userAdmin.manage=Manage
+userAdmin.noPasswordForOpenID=Leave password field(s) blank if providing an OpenID.
userAdmin.tip.screenName=User''s screen name (with no HTML).
userAdmin.tip.fullName=User''s full name (with no HTML).
userAdmin.tip.userName=A short one-word username for the user account. \
Please limit it to simple ASCII alphanumeric characters (a-z, A-Z and 0-9), \
and do not use HTML.
-userAdmin.tip.openIdUrl=Open ID identifier (in the form of a URL).\
+userAdmin.tip.openIdUrl=Open ID identifier (in the form of a URL).
userAdmin.tip.password=User''s password. Fill in only to change it to what you enter.
userAdmin.tip.email=Valid email address needed for automated notification.
userAdmin.tip.enabled=Disabled users are unable to login to Roller.
@@ -1375,6 +1377,7 @@ userAdmin.tip.userAdmin=Check to give us
userAdmin.tip.locale=User''s preferred locale.
userAdmin.tip.timeZone=User''s preferred timezone.
+
userAdmin.userSaved=User profile saved
userAdmin.cantChangeOwnRole=Cannot change your own role
@@ -1444,6 +1447,7 @@ userRegister.success.ready=Yes, form app
userRegister.error.mismatchedPasswords=Your passwords do not match!
userRegister.error.missingOpenID=Open ID URL must be provided.
userRegister.error.missingOpenIDOrPassword=Either an Open ID URL or a password must be provided.
+userRegister.error.bothOpenIDAndPassword=Please supply just a password or an OpenID (not both).
# errors from validation
Register.error.screenNameNull=Screen Name is a required field
Modified: roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties (original)
+++ roller/trunk/app/src/main/resources/org/apache/roller/weblogger/config/roller.properties Sat Aug 16 02:28:58 2014
@@ -330,8 +330,9 @@ cache.salt.timeout=3600
# see Roller Wiki for more details)
# openid: users must use OpenID to authenticate
# db-openid: users may choose to authenticate via Roller DB or OpenID but not both.
+# Trickier to implement so may not work as well as above methods, test before using.
# cma: container-managed authentication (e.g., Tomcat tomcat-users.xml file). Currently
-# unusable, not fully implemented.
+# unusable, not implemented.
authentication.method=db
# Enables HTTPS for login page only
Modified: roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserAdmin.jsp
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserAdmin.jsp?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserAdmin.jsp (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserAdmin.jsp Sat Aug 16 02:28:58 2014
@@ -39,16 +39,17 @@
</s:form>
-<p class="subtitle"><s:text name="userAdmin.subtitle.userCreation" /></p>
-<s:text name="userAdmin.prompt.orYouCan" />
-<s:url action="createUser" id="createUser" />
-<a href="<s:property value="createUser" />">
- <s:text name="userAdmin.prompt.createANewUser" />
-</a>
+<%-- LDAP uses external user creation --%>
+<s:if test="authMethod != 'LDAP'">
+ <p class="subtitle"><s:text name="userAdmin.subtitle.userCreation" /></p>
+ <s:text name="userAdmin.prompt.orYouCan" />
+ <s:url action="createUser" id="createUser" />
+ <a href="<s:property value="createUser" />">
+ <s:text name="userAdmin.prompt.createANewUser" />
+ </a>
+</s:if>
<%-- this forces focus to the userName field --%>
<script>
-<!--
document.getElementById('userName').focus();
-// -->
</script>
Modified: roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserEdit.jsp
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserEdit.jsp?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserEdit.jsp (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/jsps/admin/UserEdit.jsp Sat Aug 16 02:28:58 2014
@@ -37,6 +37,11 @@
<s:if test="actionName == 'createUser'">
<s:text name="userAdmin.addInstructions"/>
</s:if>
+ <s:if test="authMethod == 'DB_OPENID'">
+ <p class="pagetip">
+ <s:text name="userAdmin.noPasswordForOpenID"/>
+ </p>
+ </s:if>
</p>
<s:form>
Modified: roller/trunk/app/src/main/webapp/WEB-INF/jsps/core/Profile.jsp
URL: http://svn.apache.org/viewvc/roller/trunk/app/src/main/webapp/WEB-INF/jsps/core/Profile.jsp?rev=1618305&r1=1618304&r2=1618305&view=diff
==============================================================================
--- roller/trunk/app/src/main/webapp/WEB-INF/jsps/core/Profile.jsp (original)
+++ roller/trunk/app/src/main/webapp/WEB-INF/jsps/core/Profile.jsp Sat Aug 16 02:28:58 2014
@@ -17,7 +17,13 @@
--%>
<%@ include file="/WEB-INF/jsps/taglibs-struts2.jsp" %>
-<p class="subtitle"><s:text name="yourProfile.description" /></p>
+<p class="subtitle"><s:text name="userAdmin.title.editUser" /></p>
+
+<s:if test="authMethod == 'DB_OPENID'">
+ <p class="pagetip">
+ <s:text name="userAdmin.noPasswordForOpenID"/>
+ </p>
+</s:if>
<s:form action="profile!save">
<s:hidden name="salt" />