registerservlet.java

dspace 用j2ee架构的一个数字图书馆.开源程序

/*
 * RegisterServlet.java
 *
 * Version: $Revision: 1.17 $
 *
 * Date: $Date: 2005/10/17 03:35:44 $
 *
 * Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
 * Institute of Technology.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 * - Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the Hewlett-Packard Company nor the name of the
 * Massachusetts Institute of Technology nor the names of their
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 */
package org.dspace.app.webui.servlet;

import java.io.IOException;
import java.sql.SQLException;

import javax.mail.MessagingException;
import javax.mail.internet.AddressException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.dspace.app.webui.util.Authenticate;
import org.dspace.app.webui.util.JSPManager;
import org.dspace.app.webui.util.UIUtil;
import org.dspace.authorize.AuthorizeException;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.AccountManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.AuthenticationManager;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;

/**
 * Servlet for handling user registration and forgotten passwords.
 * <P>
 * This servlet handles both forgotten passwords and initial registration of
 * users. Which it handles depends on the initialisation parameter "register" -
 * if it's "true", it is treated as an initial registration and the user is
 * asked to input their personal information.
 * <P>
 * The sequence of events is this: The user clicks on "register" or "I forgot my
 * password." This servlet then displays the relevant "enter your e-mail" form.
 * An e-mail address is POSTed back, and if this is valid, a token is created
 * and e-mailed, otherwise an error is displayed, with another "enter your
 * e-mail" form.
 * <P>
 * When the user clicks on the token URL mailed to them, this servlet receives a
 * GET with the token as the parameter "KEY". If this is a valid token, the
 * servlet then displays the "edit profile" or "edit password" screen as
 * appropriate.
 */
public class RegisterServlet extends DSpaceServlet
{
    /** Logger */
    private static Logger log = Logger.getLogger(RegisterServlet.class);

    /** The "enter e-mail" step */
    public static final int ENTER_EMAIL_PAGE = 1;

    /** The "enter personal info" page, for a registering user */
    public static final int PERSONAL_INFO_PAGE = 2;

    /** The simple "enter new password" page, for user who's forgotten p/w */
    public static final int NEW_PASSWORD_PAGE = 3;

    /** true = registering users, false = forgotten passwords */
    private boolean registering;

    /** ldap is enabled */
    private boolean ldap_enabled;

    public void init()
    {
        registering = getInitParameter("register").equalsIgnoreCase("true");
        ldap_enabled = ConfigurationManager.getBooleanProperty("ldap.enable");
    }

    protected void doDSGet(Context context, HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException,
            SQLException, AuthorizeException
    {
        /*
         * Respond to GETs. A simple GET with no parameters will display the
         * relevant "type in your e-mail" form. A GET with a "token" parameter
         * will go to the "enter personal info" or "enter new password" page as
         * appropriate.
         */
        boolean updated = false;

        // Get the token
        String token = request.getParameter("token");

        if (token == null)
        {
            // Simple "enter your e-mail" page
            if (registering)
            {
                // Registering a new user
                if (ldap_enabled) JSPManager.showJSP(request, response, "/register/new-ldap-user.jsp");
                JSPManager.showJSP(request, response, "/register/new-user.jsp");
            }
            else
            {
                // User forgot their password
                JSPManager.showJSP(request, response,
                        "/register/forgot-password.jsp");
            }
        }
        else
        {
            // We have a token. Find out who the it's for
            String email = AccountManager.getEmail(context, token);

            EPerson eperson = null;

            if (email != null)
            {
                eperson = EPerson.findByEmail(context, email);
            }

            // Both forms need an EPerson object (if any)
            request.setAttribute("eperson", eperson);

            // And the token
            request.setAttribute("token", token);

            if (registering && (email != null))
            {
                // Indicate if user can set password
                boolean setPassword =
                    AuthenticationManager.allowSetPassword(context, request, email);
                request.setAttribute("set.password", new Boolean(setPassword));

                // Forward to "personal info page"
                JSPManager.showJSP(request, response,
                        "/register/registration-form.jsp");
            }
            else if (!registering && (eperson != null))
            {
                // Token relates to user who's forgotten password
                JSPManager.showJSP(request, response,
                        "/register/new-password.jsp");
            }
            else
            {
                // Duff token!
                JSPManager.showJSP(request, response,
                        "/register/invalid-token.jsp");

                return;
            }
        }
    }

    protected void doDSPost(Context context, HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException,
            SQLException, AuthorizeException
    {
        /*
         * POSTs are the result of entering an e-mail in the "forgot my
         * password" or "new user" forms, or the "enter profile information" or
         * "enter new password" forms.
         */

        // First get the step
        int step = UIUtil.getIntParameter(request, "step");

        switch (step)
        {
        case ENTER_EMAIL_PAGE:
            processEnterEmail(context, request, response);

            break;

        case PERSONAL_INFO_PAGE:
            processPersonalInfo(context, request, response);

            break;

        case NEW_PASSWORD_PAGE:
            processNewPassword(context, request, response);

            break;

        default:
            log.warn(LogManager.getHeader(context, "integrity_error", UIUtil
                    .getRequestLogInfo(request)));
            JSPManager.showIntegrityError(request, response);
        }
    }

    /**
     * Process information from the "enter e-mail" page. If the e-mail
     * corresponds to a valid user of the system, a token is generated and sent
     * to that user.
     * 
     * @param context
     *            current DSpace context
     * @param request
     *            current servlet request object
     * @param response
     *            current servlet response object
     */
    private void processEnterEmail(Context context, HttpServletRequest request,
            HttpServletResponse response) throws ServletException, IOException,
            SQLException, AuthorizeException
    {
        String email = request.getParameter("email").toLowerCase().trim();
        String netid = request.getParameter("netid");
        String password = request.getParameter("password");
        EPerson eperson = EPerson.findByEmail(context, email);
        EPerson eperson2 = null;
        if (netid!=null) eperson2 = EPerson.findByNetid(context, netid);

        try
        {
            if (registering)
            {
                // If an already-active user is trying to register, inform them so
                if ((eperson != null && eperson.canLogIn()) || (eperson2 != null && eperson2.canLogIn()))
                {
                    log.info(LogManager.getHeader(context,
                            "already_registered", "email=" + email));

                    JSPManager.showJSP(request, response,
                            "/register/already-registered.jsp");
                }
                else
                {
                    // Find out from site authenticator whether this email can
                    // self-register
                    boolean canRegister =
                        AuthenticationManager.canSelfRegister(context, request, email);

                    if (canRegister)
                    {
                        //-- registering by email
                        if ((!ldap_enabled)||(netid==null)||(netid.trim().equals("")))
                        {
                            // OK to register.  Send token.
                            log.info(LogManager.getHeader(context,
                                "sendtoken_register", "email=" + email));

                            AccountManager.sendRegistrationInfo(context, email);
                            JSPManager.showJSP(request, response,
                                "/register/registration-sent.jsp");

                            // Context needs completing to write registration data
                            context.complete();
                        }
                        //-- registering by netid
                        else 
                        {
                            //--------- START LDAP AUTH SECTION -------------
                            if (password!=null && !password.equals("")) 
                            {
                                String ldap_provider_url = ConfigurationManager.getProperty("ldap.provider_url");
                                String ldap_id_field = ConfigurationManager.getProperty("ldap.id_field");
                                String ldap_search_context = ConfigurationManager.getProperty("ldap.search_context");
                           
                                // Set up environment for creating initial context
                                Hashtable env = new Hashtable(11);
                                env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");