org.patientview.patientview.logon.PasswordChangeAction.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.patientview.patientview.logon.PasswordChangeAction.java

Introduction

Here is the source code for org.patientview.patientview.logon.PasswordChangeAction.java

Source

/*
 * PatientView
 *
 * Copyright (c) Worth Solutions Limited 2004-2013
 *
 * This file is part of PatientView.
 *
 * PatientView is free software: you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation, either version 3 of the License,
 * or (at your option) any later version.
 * PatientView is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
 * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License along with PatientView in a file
 * titled COPYING. If not, see <http://www.gnu.org/licenses/>.
 *
 * @package PatientView
 * @link http://www.patientview.org
 * @author PatientView <info@patientview.org>
 * @copyright Copyright (c) 2004-2013, Worth Solutions Limited
 * @license http://www.gnu.org/licenses/gpl-3.0.html The GNU General Public License V3.0
 */

package org.patientview.patientview.logon;

import org.patientview.patientview.model.User;
import org.patientview.patientview.logging.AddLog;
import org.patientview.patientview.user.EmailVerificationUtils;
import org.patientview.patientview.user.UserUtils;
import org.patientview.utils.LegacySpringUtils;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.springframework.util.StringUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;

public class PasswordChangeAction extends Action {

    public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request,
            HttpServletResponse response) throws Exception {

        /**
         *  This allows to change their email address, and forces them to change their password.
         *
         *  Note: this is used upon first login for users to complete their account and when patients change
         *  their password.
         *
         *  Note: there is also struts validation, see validation.xml
         */

        // receive data from submitted form
        User user = LegacySpringUtils.getUserManager().getLoggedInUser();
        String suppliedOldPassword = BeanUtils.getProperty(form, "oldpassword");
        String actualOldPassword = user.getPassword();
        String hashedSuppliedOldPassword = LogonUtils.hashPassword(suppliedOldPassword);
        String emailAddress = BeanUtils.getProperty(form, "emailAddress");
        String emailAddressAgain = BeanUtils.getProperty(form, "emailAddressAgain");

        boolean errorFound = false;
        boolean sendVerificationEmail = true;

        // check the supplied current password matches what we have in the db
        if (!hashedSuppliedOldPassword.equals(actualOldPassword)) {
            request.setAttribute("passwordError", "Incorrect current password");
            errorFound = true;
        }

        // if both email boxes empty -> fine, and no validation email sent (this
        if (!StringUtils.hasLength(emailAddress) && !StringUtils.hasLength(emailAddressAgain)) {
            sendVerificationEmail = false;

        } else if (!emailAddress.equals(emailAddressAgain)) {
            // emails supplied, they must match
            request.setAttribute("emailError", "Email addresses don't match");
            errorFound = true;

        } else {
            // update the user's email with that supplied
            user.setEmail(emailAddress);
        }

        if (errorFound) {
            return mapping.findForward("input");
        } else {

            // ok so it worked, update the password, set the user not see this screen again, and save the email
            // change if it was made.
            user.setPassword(LogonUtils.hashPassword(BeanUtils.getProperty(form, "passwordPwd")));
            user.setFirstlogon(false);
            user.setUpdated(new Date());
            LegacySpringUtils.getUserManager().save(user);

            // db logging
            AddLog.addLog(user.getUsername(), AddLog.PASSWORD_CHANGE, user.getUsername(),
                    UserUtils.retrieveUsersRealNhsnoBestGuess(user.getUsername()),
                    UserUtils.retrieveUsersRealUnitcodeBestGuess(user.getUsername()), "");

            // email verification - only required if the user has supplied an email address
            // (regardless of if it is the same as the one used to create by the admin)
            if (sendVerificationEmail) {
                EmailVerificationUtils.createEmailVerification(user.getUsername(), user.getEmail(), request);
                request.setAttribute("verificationMailSent", true);
            }
            request.setAttribute("passwordMsg", "Password was updated successfully.");
            return mapping.findForward("success");
        }
    }
}