📄 usermanager.java
字号:
if ( !m_engine.getAuthorizationManager().checkPermission( session, p ) ) { throw new WikiSecurityException( "You are not allowed to save wiki profiles." ); } // Check if profile is new, and see if container allows creation boolean newProfile = profile.isNew(); // Check if another user profile already has the fullname or loginname UserProfile oldProfile = getUserProfile( session ); boolean nameChanged = ( oldProfile == null || oldProfile.getFullname() == null ) ? false : !( oldProfile.getFullname().equals( profile.getFullname() ) && oldProfile.getLoginName().equals( profile.getLoginName() ) ); UserProfile otherProfile; try { otherProfile = getUserDatabase().findByLoginName( profile.getLoginName() ); if ( otherProfile != null && !otherProfile.equals( oldProfile ) ) { throw new DuplicateUserException( "The login name '" + profile.getLoginName() + "' is already taken." ); } } catch( NoSuchPrincipalException e ) { } try { otherProfile = getUserDatabase().findByFullName( profile.getFullname() ); if ( otherProfile != null && !otherProfile.equals( oldProfile ) ) { throw new DuplicateUserException( "The full name '" + profile.getFullname() + "' is already taken." ); } } catch( NoSuchPrincipalException e ) { } // For new accounts, create approval workflow for user profile save. if ( newProfile && oldProfile != null && oldProfile.isNew() ) { WorkflowBuilder builder = WorkflowBuilder.getBuilder( m_engine ); Principal submitter = session.getUserPrincipal(); Task completionTask = new SaveUserProfileTask( m_engine ); // Add user profile attribute as Facts for the approver (if required) boolean hasEmail = profile.getEmail() != null; Fact[] facts = new Fact[ hasEmail ? 4 : 3]; facts[0] = new Fact( PREFS_FULL_NAME, profile.getFullname() ); facts[1] = new Fact( PREFS_LOGIN_NAME, profile.getLoginName() ); facts[2] = new Fact( FACT_SUBMITTER, submitter.getName() ); if ( hasEmail ) { facts[3] = new Fact( PREFS_EMAIL, profile.getEmail() ); } Workflow workflow = builder.buildApprovalWorkflow( submitter, SAVE_APPROVER, null, SAVE_DECISION_MESSAGE_KEY, facts, completionTask, null ); workflow.setAttribute( SAVED_PROFILE, profile ); m_engine.getWorkflowManager().start(workflow); boolean approvalRequired = workflow.getCurrentStep() instanceof Decision; // If the profile requires approval, redirect user to message page if ( approvalRequired ) { throw new DecisionRequiredException( "This profile must be approved before it becomes active" ); } // If the profile doesn't need approval, then just log the user in try { AuthenticationManager mgr = m_engine.getAuthenticationManager(); if ( newProfile && !mgr.isContainerAuthenticated() ) { mgr.login( session, profile.getLoginName(), profile.getPassword() ); } } catch ( WikiException e ) { throw new WikiSecurityException( e.getMessage() ); } // Alert all listeners that the profile changed... // ...this will cause credentials to be reloaded in the wiki session fireEvent( WikiSecurityEvent.PROFILE_SAVE, session, profile ); } // For existing accounts, just save the profile else { // If login name changed, rename it first if ( nameChanged && oldProfile != null && !oldProfile.getLoginName().equals( profile.getLoginName() ) ) { getUserDatabase().rename( oldProfile.getLoginName(), profile.getLoginName() ); } // Now, save the profile (userdatabase will take care of timestamps for us) getUserDatabase().save( profile ); if ( nameChanged ) { // Fire an event if the login name or full name changed UserProfile[] profiles = new UserProfile[] { oldProfile, profile }; fireEvent( WikiSecurityEvent.PROFILE_NAME_CHANGED, session, profiles ); } else { // Fire an event that says we have new a new profile (new principals) fireEvent( WikiSecurityEvent.PROFILE_SAVE, session, profile ); } } } /** * <p> Extracts user profile parameters from the HTTP request and populates * a UserProfile with them. The UserProfile will either be a copy of the * user's existing profile (if one can be found), or a new profile (if not). * The rules for populating the profile as as follows: </p> <ul> <li>If the * <code>email</code> or <code>password</code> parameter values differ * from those in the existing profile, the passed parameters override the * old values.</li> <li>For new profiles, the user-supplied * <code>fullname</code parameter is always * used; for existing profiles the existing value is used, and whatever * value the user supplied is discarded. The wiki name is automatically * computed by taking the full name and extracting all whitespace.</li> * <li>In all cases, the * created/last modified timestamps of the user's existing or new profile * always override whatever values the user supplied.</li> <li>If * container authentication is used, the login name property of the profile * is set to the name of * {@link com.ecyrd.jspwiki.WikiSession#getLoginPrincipal()}. Otherwise, * the value of the <code>loginname</code> parameter is used.</li> </ul> * @param context the current wiki context * @return a new, populated user profile */ public final UserProfile parseProfile( WikiContext context ) { // Retrieve the user's profile (may have been previously cached) UserProfile profile = getUserProfile( context.getWikiSession() ); HttpServletRequest request = context.getHttpRequest(); // Extract values from request stream (cleanse whitespace as needed) String loginName = request.getParameter( PARAM_LOGINNAME ); String password = request.getParameter( PARAM_PASSWORD ); String fullname = request.getParameter( PARAM_FULLNAME ); String email = request.getParameter( PARAM_EMAIL ); loginName = InputValidator.isBlank( loginName ) ? null : loginName; password = InputValidator.isBlank( password ) ? null : password; fullname = InputValidator.isBlank( fullname ) ? null : fullname; email = InputValidator.isBlank( email ) ? null : email; // A special case if we have container authentication if ( m_engine.getAuthenticationManager().isContainerAuthenticated() ) { // If authenticated, login name is always taken from container if ( context.getWikiSession().isAuthenticated() ) { loginName = context.getWikiSession().getLoginPrincipal().getName(); } } // Set the profile fields! profile.setLoginName( loginName ); profile.setEmail( email ); profile.setFullname( fullname ); profile.setPassword( password ); return profile; } /** * Validates a user profile, and appends any errors to the session errors * list. If the profile is new, the password will be checked to make sure it * isn't null. Otherwise, the password is checked for length and that it * matches the value of the 'password2' HTTP parameter. Note that we have a * special case when container-managed authentication is used and the user * is not authenticated; this will always cause validation to fail. Any * validation errors are added to the wiki session's messages collection * (see {@link WikiSession#getMessages()}. * @param context the current wiki context * @param profile the supplied UserProfile */ @SuppressWarnings("unchecked") public final void validateProfile( WikiContext context, UserProfile profile ) { boolean isNew = profile.isNew(); WikiSession session = context.getWikiSession(); InputValidator validator = new InputValidator( SESSION_MESSAGES, context ); ResourceBundle rb = context.getBundle( InternationalizationManager.CORE_BUNDLE ); // // Query the SpamFilter first // List<PageFilter> ls = m_engine.getFilterManager().getFilterList(); for( PageFilter pf : ls ) { if( pf instanceof SpamFilter ) { if( ((SpamFilter)pf).isValidUserProfile( context, profile ) == false ) { session.addMessage( SESSION_MESSAGES, "Invalid userprofile" ); return; } break; } } // If container-managed auth and user not logged in, throw an error if ( m_engine.getAuthenticationManager().isContainerAuthenticated() && !context.getWikiSession().isAuthenticated() ) { session.addMessage( SESSION_MESSAGES, rb.getString("security.error.createprofilebeforelogin") ); } validator.validateNotNull( profile.getLoginName(), rb.getString("security.user.loginname") ); validator.validateNotNull( profile.getFullname(), rb.getString("security.user.fullname") ); validator.validate( profile.getEmail(), rb.getString("security.user.email"), InputValidator.EMAIL ); // If new profile, passwords must match and can't be null if ( !m_engine.getAuthenticationManager().isContainerAuthenticated() ) { String password = profile.getPassword(); if ( password == null ) { if ( isNew ) { session.addMessage( SESSION_MESSAGES, rb.getString("security.error.blankpassword") ); } } else { HttpServletRequest request = context.getHttpRequest(); String password2 = ( request == null ) ? null : request.getParameter( "password2" ); if ( !password.equals( password2 ) ) { session.addMessage( SESSION_MESSAGES, rb.getString("security.error.passwordnomatch") ); } } } UserProfile otherProfile; String fullName = profile.getFullname(); String loginName = profile.getLoginName(); // It's illegal to use as a full name someone else's login name try { otherProfile = getUserDatabase().find( fullName ); if ( otherProfile != null && !profile.equals( otherProfile ) && !fullName.equals( otherProfile.getFullname() ) ) { Object[] args = { fullName }; session.addMessage( SESSION_MESSAGES, MessageFormat.format( rb.getString("security.error.illegalfullname"), args ) ); } } catch ( NoSuchPrincipalException e) { /* It's clean */ } // It's illegal to use as a login name someone else's full name try { otherProfile = getUserDatabase().find( loginName ); if ( otherProfile != null && !profile.equals( otherProfile ) && !loginName.equals( otherProfile.getLoginName() ) ) { Object[] args = { loginName }; session.addMessage( SESSION_MESSAGES, MessageFormat.format( rb.getString("security.error.illegalloginname"), args ) ); } } catch ( NoSuchPrincipalException e) { /* It's clean */ } } /** * A helper method for returning all of the known WikiNames in this system. * * @return An Array of Principals * @throws WikiSecurityException If for reason the names cannot be fetched */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -