[ChangePassword] Added more logic to client and server
authorJonathan Bueno <jonathan.bueno@openbravo.com>
Mon, 23 Nov 2015 18:24:08 +0100
changeset 28638 0d4f091d1e54
parent 28637 cbb05eb7f006
child 28639 632560abfb78
[ChangePassword] Added more logic to client and server
src/org/openbravo/authentication/AuthenticationExpiryPasswordException.java
src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
src/org/openbravo/base/secureApp/LoginHandler.java
src/org/openbravo/base/secureApp/LoginUtils.java
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/org/openbravo/authentication/AuthenticationExpiryPasswordException.java	Mon Nov 23 18:24:08 2015 +0100
@@ -0,0 +1,31 @@
+/*
+ ************************************************************************************
+ * Copyright (C) 2001-2015 Openbravo S.L.U.
+ * Licensed under the Apache Software License version 2.0
+ * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to  in writing,  software  distributed
+ * under the License is distributed  on  an  "AS IS"  BASIS,  WITHOUT  WARRANTIES  OR
+ * CONDITIONS OF ANY KIND, either  express  or  implied.  See  the  License  for  the
+ * specific language governing permissions and limitations under the License.
+ ************************************************************************************
+ */
+
+package org.openbravo.authentication;
+
+import org.openbravo.base.exception.OBException;
+import org.openbravo.erpCommon.utility.OBError;
+
+public class AuthenticationExpiryPasswordException extends OBException {
+  private static final long serialVersionUID = 1L;
+  private OBError error;
+
+  public AuthenticationExpiryPasswordException(String msg, OBError error) {
+    super(msg);
+    this.error = error;
+  }
+
+  public OBError getOBError() {
+    return error;
+  }
+
+}
--- a/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java	Thu Nov 19 09:33:12 2015 +0100
+++ b/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java	Mon Nov 23 18:24:08 2015 +0100
@@ -13,15 +13,19 @@
 package org.openbravo.authentication.basic;
 
 import java.io.IOException;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Date;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
 import org.openbravo.authentication.AuthenticationException;
+import org.openbravo.authentication.AuthenticationExpiryPasswordException;
 import org.openbravo.authentication.AuthenticationManager;
 import org.openbravo.base.HttpBaseUtils;
 import org.openbravo.base.secureApp.LoginUtils;
@@ -30,6 +34,8 @@
 import org.openbravo.erpCommon.utility.OBError;
 import org.openbravo.erpCommon.utility.Utility;
 
+import com.sun.xml.internal.ws.util.StringUtils;
+
 /**
  * 
  * @author adrianromero
@@ -96,15 +102,25 @@
 
     // Check if password valid date is reached
     String strUPD = LoginUtils.getUpdatePasswordDate(conn, strUser, strPass);
-
-    // Needs to check if password is reached too
-    if (strUPD == null) {
-      log4j.debug("Failed user/password. Username: " + strUser + " - Session ID:" + sessionId);
-      OBError errorMsg = new OBError();
-      errorMsg.setType("Error");
-      errorMsg.setTitle("IDENTIFICATION_FAILURE_TITLE");
-      errorMsg.setMessage("IDENTIFICATION_FAILURE_MSG");
-      throw new AuthenticationException("IDENTIFICATION_FAILURE_TITLE", errorMsg);
+    Date formattedUPD = null;
+    if (!strUPD.isEmpty()) {
+      DateFormat df = new SimpleDateFormat("yyyy-MM-dd");
+      try {
+        formattedUPD = df.parse(strUPD);
+      } catch (ParseException e) {
+        e.printStackTrace();
+      }
+      // Checks if password
+      Calendar currentDate = Calendar.getInstance();
+      Date today = new Date(currentDate.getTimeInMillis());
+      if (formattedUPD.compareTo(today) <= 0) {
+        log4j.debug("Failed user/password. Username: " + strUser + " - Session ID:" + sessionId);
+        OBError errorMsg = new OBError();
+        errorMsg.setType("Error");
+        errorMsg.setTitle("IDENTIFICATION_FAILURE_TITLE");
+        errorMsg.setMessage("IDENTIFICATION_FAILURE_MSG");
+        throw new AuthenticationExpiryPasswordException("IDENTIFICATION_FAILURE_TITLE", errorMsg);
+      }
     }
 
     // Using the Servlet API instead of vars.setSessionValue to avoid breaking code
--- a/src/org/openbravo/base/secureApp/LoginHandler.java	Thu Nov 19 09:33:12 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java	Mon Nov 23 18:24:08 2015 +0100
@@ -22,6 +22,7 @@
 import org.codehaus.jettison.json.JSONException;
 import org.codehaus.jettison.json.JSONObject;
 import org.openbravo.authentication.AuthenticationException;
+import org.openbravo.authentication.AuthenticationExpiryPasswordException;
 import org.openbravo.authentication.AuthenticationManager;
 import org.openbravo.base.HttpBaseServlet;
 import org.openbravo.dal.core.OBContext;
@@ -113,6 +114,17 @@
           } else {
             throw new ServletException("Error"); // FIXME
           }
+        } catch (AuthenticationExpiryPasswordException aepe) {
+
+          final OBError errorMsg = aepe.getOBError();
+
+          if (errorMsg != null) {
+            vars.removeSessionValue("#LoginErrorMsg");
+
+            goToUpdatePassword(res, vars, "Update your password", "Password is expired", "Error",
+                "../security/Login_FS.html", doRedirect);
+
+          }
         }
       }
     } finally {
@@ -420,6 +432,60 @@
     }
   }
 
+  protected final void goToUpdatePassword(HttpServletResponse response, VariablesSecureApp vars,
+      String message, String title, String msgType, String action, boolean doRedirect)
+      throws IOException, ServletException {
+    String msg = (message != null && !message.equals("")) ? message
+        : "Please enter your username and password.";
+
+    if (OBVersion.getInstance().is30() && !doRedirect) {
+      // 3.0 instances show the message in the same login window, return a json object with the info
+      // to print the message
+      try {
+        JSONObject jsonMsg = new JSONObject();
+        jsonMsg.put("showMessage", true);
+        jsonMsg.put("target", action);
+        jsonMsg.put("messageType", msgType);
+        jsonMsg.put("messageTitle", title);
+        jsonMsg.put("messageText", msg);
+
+        if ("Confirmation".equals(msgType)) {
+          jsonMsg.put("command", "FORCE_NAMED_USER");
+        }
+        response.setContentType("application/json;charset=UTF-8");
+        final PrintWriter out = response.getWriter();
+        out.print(jsonMsg.toString());
+        out.close();
+      } catch (JSONException e) {
+        log4j.error("Error setting login msg", e);
+        throw new ServletException(e);
+      }
+    } else {
+      // 2.50 instances show the message in a new window, print that window
+      String discard[] = { "" };
+
+      if (msgType.equals("Error")) {
+        discard[0] = "continueButton";
+      } else {
+        discard[0] = "backButton";
+      }
+
+      final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
+          "org/openbravo/base/secureApp/HtmlErrorLogin", discard).createXmlDocument();
+
+      // pass relevant mesasge to show inside the error page
+      xmlDocument.setParameter("theme", vars.getTheme());
+      xmlDocument.setParameter("messageType", msgType);
+      xmlDocument.setParameter("action", action);
+      xmlDocument.setParameter("messageTitle", title);
+      xmlDocument.setParameter("messageMessage", msg.replaceAll("\\\\n", "<br>"));
+      response.setContentType("text/html");
+      final PrintWriter out = response.getWriter();
+      out.println(xmlDocument.print());
+      out.close();
+    }
+  }
+
   @Override
   public String getServletInfo() {
     return "User-login control Servlet";
--- a/src/org/openbravo/base/secureApp/LoginUtils.java	Thu Nov 19 09:33:12 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginUtils.java	Mon Nov 23 18:24:08 2015 +0100
@@ -21,7 +21,6 @@
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
-import org.apache.log4j.Logger;
 import org.openbravo.base.HttpBaseUtils;
 import org.openbravo.base.exception.OBException;
 import org.openbravo.base.exception.OBSecurityException;