Author: channa
Date: Thu Jan 24 21:39:46 2008
New Revision: 12861
Log:
Added password reset functionality for admin. Secured pages against
unauthorized direct access.
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
trunk/mashup/java/modules/www/add_user.jsp
trunk/mashup/java/modules/www/delete_user.jsp
trunk/mashup/java/modules/www/register_admin.jsp
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/AddUserBean.java
Thu Jan 24 21:39:46 2008
@@ -217,10 +217,9 @@
// Get an instance of the secure registry as admin and then get
it's user manager.
UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
- // todo: need way for admin to reset password without knowing
previous one.
-// if (!"".equals(password)) {
-// userStoreAdmin.updateUser(userName, password, password);
-// }
+ if (!password.equals("")) {
+ userStoreAdmin.updateUser(userName, password);
+ }
RegistryUtils.updateUser(registry, userStoreAdmin, userName,
fullName, emailId, bio);
created = true;
@@ -250,25 +249,22 @@
valid = false;
}
- // These validations are only required when creating a new user.
- if (!editMode) {
- if (password.equals("")) {
- errors.put("password", "Password cannot be empty.");
- valid = false;
- } else if (password.length() <
MashupConstants.MIN_PASSWORD_LENGTH) {
- errors.put("password", "Password should be atleast " +
- MashupConstants.MIN_PASSWORD_LENGTH + " characters.");
+ // Duplicate check is backend call, so done once other data is
validated and only for add.
+ if (!editMode && valid) {
+ if (ManageUsers.isExistingUser(request, userName)) {
+ errors.put("userName", "User name exists, please select
another.");
+ userName = "";
valid = false;
}
+ }
- // Expensive operation, so do only once all other data has been
validated.
- if (valid) {
- if (ManageUsers.isExistingUser(request, userName)) {
- errors.put("userName", "User name exists, please select
another.");
- userName = "";
- valid = false;
- }
- }
+ // Password length check done only in add mode or when resetting
password.
+ if ((!editMode && password.length() <
MashupConstants.MIN_PASSWORD_LENGTH) ||
+ (editMode && password.length() != 0 && password.length() <
+ MashupConstants.MIN_PASSWORD_LENGTH)) {
+ errors.put("password", "Password should be atleast " +
+ MashupConstants.MIN_PASSWORD_LENGTH + " characters.");
+ valid = false;
}
return valid;
Modified: trunk/mashup/java/modules/www/add_user.jsp
==============================================================================
--- trunk/mashup/java/modules/www/add_user.jsp (original)
+++ trunk/mashup/java/modules/www/add_user.jsp Thu Jan 24 21:39:46 2008
@@ -83,21 +83,25 @@
<jsp:setProperty name="addUserHandler" property="*"/>
</jsp:useBean>
<%
- if (!"true".equals(firstCall)) {
- if ("true".equals(editMode)) {
- if (addUserHandler.editUser(request)) {
- response.sendRedirect(bounceback);
+ if (RegistryUtils.isAdminRole(registry)) {
+ if (!"true".equals(firstCall)) {
+ if ("true".equals(editMode)) {
+ if (addUserHandler.editUser(request)) {
+ response.sendRedirect(bounceback);
+ }
+ } else {
+ if (addUserHandler.addUser(request)) {
+ response.sendRedirect(bounceback);
+ }
}
} else {
- if (addUserHandler.addUser(request)) {
- response.sendRedirect(bounceback);
+ if ("true".equals(editMode)) {
+ title = "Edit User";
+ addUserHandler.loadUserDetails(request, userName);
}
}
} else {
- if ("true".equals(editMode)) {
- title = "Edit User";
- addUserHandler.loadUserDetails(request, userName);
- }
+ response.sendRedirect(bounceback);
}
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
@@ -143,15 +147,17 @@
<td><input type="text" name="emailId"
value="<%=addUserHandler.getEmailId()%>"/></td>
</tr>
- <% if (!"true".equals(editMode)) { %>
<tr>
- <td><label><strong>Password:<font
color="#FF0000">*</font></strong></label></td>
+ <td><label><strong>Password:<% if
(!"true".equals(editMode)) { %> <font
color="#FF0000">*</font><%}%></strong></label></td>
<td><input type="password" name="password"
value="<%=addUserHandler.getPassword()%>"/>
<br><div
class="login-error"><%=addUserHandler.getErrorMessage("password")%></div>
+ <% if ("true".equals(editMode)) { %>
+ <br><strong>If a new password is entered
here it will reset the existing password. Leave empty if this is not your
intention.</strong>
+ <% } %>
</td>
+
</tr>
- <% } %>
<tr>
<td><label><strong>Bio:</strong></label></td>
<td><input type="text" name="bio"
Modified: trunk/mashup/java/modules/www/delete_user.jsp
==============================================================================
--- trunk/mashup/java/modules/www/delete_user.jsp (original)
+++ trunk/mashup/java/modules/www/delete_user.jsp Thu Jan 24 21:39:46 2008
@@ -72,8 +72,7 @@
}
}
} else {
- message = "You are not authorized to manage users!";
- actionFailed = true;
+ response.sendRedirect(bounceback);
}
}
%>
Modified: trunk/mashup/java/modules/www/register_admin.jsp
==============================================================================
--- trunk/mashup/java/modules/www/register_admin.jsp (original)
+++ trunk/mashup/java/modules/www/register_admin.jsp Thu Jan 24 21:39:46 2008
@@ -33,7 +33,7 @@
<jsp:setProperty name="registrationHandler" property="adminCreation"
value="true"/>
</jsp:useBean>
<%
- if (MashupUtils.isInitialSetupComplete()) {
+ if (MashupUtils.isInitialSetupComplete() ||
!MashupUtils.isFromLocalHost(request)) {
response.sendRedirect("index.jsp");
}
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
