user-lockout.jsp 9.25 KB
Newer Older
1 2 3 4
<%--
  -	$Revision$
  -	$Date$
  -
5
  - Copyright (C) 2005-2008 Jive Software. All rights reserved.
6
  -
7 8 9 10 11 12 13 14 15 16 17
  - Licensed under the Apache License, Version 2.0 (the "License");
  - you may not use this file except in compliance with the License.
  - You may obtain a copy of the License at
  -
  -     http://www.apache.org/licenses/LICENSE-2.0
  -
  - Unless required by applicable law or agreed to in writing, software
  - distributed under the License is distributed on an "AS IS" BASIS,
  - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  - See the License for the specific language governing permissions and
  - limitations under the License.
18 19
--%>

20
<%@ page import="org.jivesoftware.openfire.lockout.LockOutFlag"
21 22
    errorPage="error.jsp"
%>
23 24 25
<%@ page import="org.jivesoftware.openfire.lockout.LockOutManager" %>
<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
<%@ page import="org.jivesoftware.openfire.session.ClientSession" %>
26
<%@ page import="org.jivesoftware.util.ParamUtils" %>
Sven Tantau's avatar
Sven Tantau committed
27
<%@ page import="org.jivesoftware.util.StringUtils" %>
28 29 30 31 32
<%@ page import="org.xmpp.packet.JID" %>
<%@ page import="org.xmpp.packet.StreamError" %>
<%@ page import="java.net.URLEncoder" %>
<%@ page import="java.util.Date" %>

33 34
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
35 36 37 38 39 40 41 42 43

<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager" />
<% webManager.init(request, response, session, application, out ); %>

<%  // Get parameters //
    boolean cancel = request.getParameter("cancel") != null;
    boolean unlock = request.getParameter("unlock") != null;
    boolean lock = request.getParameter("lock") != null;
    String username = ParamUtils.getParameter(request,"username");
44
    String usernameUrlEncoded = URLEncoder.encode(username, "UTF-8");
45 46 47 48 49 50 51 52 53 54 55
    Integer startdelay = ParamUtils.getIntParameter(request,"startdelay",-1); // -1 is immediate, -2 custom
    Integer duration = ParamUtils.getIntParameter(request,"duration",-1); // -1 is infinite, -2 custom
    if (startdelay == -2) {
        startdelay = ParamUtils.getIntParameter(request,"startdelay_custom", -1);
    }
    if (duration == -2) {
        duration = ParamUtils.getIntParameter(request,"duration_custom", -1);   
    }

    // Handle a cancel
    if (cancel) {
56
        response.sendRedirect("user-properties.jsp?username=" + usernameUrlEncoded);
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
        return;
    }

    // Handle a user lockout:
    if (lock) {
        Date startTime = null;
        if (startdelay != -1) {
            startTime = new Date(new Date().getTime() + startdelay*60000);
        }
        Date endTime = null;
        if (duration != -1) {
            if (startTime != null) {
                endTime = new Date(startTime.getTime() + duration*60000);
            }
            else {
                endTime = new Date(new Date().getTime() + duration*60000);
            }
        }
        // Lock out the user
        webManager.getLockOutManager().disableAccount(username, startTime, endTime);
77 78 79 80
        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
            // Log the event
            webManager.logEvent("locked out user "+username, "start time = "+startTime+", end time = "+endTime);
        }
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96
        // Close the user's connection if the lockout is immedate
        if (webManager.getLockOutManager().isAccountDisabled(username)) {
            final StreamError error = new StreamError(StreamError.Condition.not_authorized);
            for (ClientSession sess : webManager.getSessionManager().getSessions(username) )
            {
                sess.deliverRawText(error.toXML());
                sess.close();
            }
            // Disabled your own user account, force login
            if (username.equals(webManager.getAuthToken().getUsername())){
                session.removeAttribute("jive.admin.authToken");
                response.sendRedirect("login.jsp");
                return;
            }
        }
        // Done, so redirect
97
        response.sendRedirect("user-properties.jsp?username=" + usernameUrlEncoded + "&locksuccess=1");
98 99 100 101 102 103 104
        return;
    }

    // Handle a user unlock:
    if (unlock) {
        // Unlock the user's account
        webManager.getLockOutManager().enableAccount(username);
105 106 107 108
        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
            // Log the event
            webManager.logEvent("unlocked user "+username, null);
        }
109
        // Done, so redirect
110
        response.sendRedirect("user-properties.jsp?username=" + usernameUrlEncoded + "&unlocksuccess=1");
111 112 113
        return;
    }

114 115
    pageContext.setAttribute( "usernameHtmlEscaped", StringUtils.escapeHTMLTags(JID.unescapeNode(username)) );
    pageContext.setAttribute( "usernameUrlEncoded", usernameUrlEncoded );
116 117 118 119 120 121
%>

<html>
    <head>
        <title><fmt:message key="user.lockout.title"/></title>
        <meta name="subPageID" content="user-lockout"/>
122
        <meta name="extraParams" content="username=${usernameUrlEncoded}"/>
123 124 125 126 127 128 129 130 131 132
    </head>
    <body>

<% if (LockOutManager.getLockOutProvider().isReadOnly()) { %>
<div class="error">
    <fmt:message key="user.read_only"/>
</div>
<% } %>

<%
133 134 135
    LockOutFlag flag = LockOutManager.getInstance().getDisabledStatus(username);
    if (flag != null) {
        // User is locked out
136 137 138 139
%>

<p>
<fmt:message key="user.lockout.locked">
140
    <fmt:param value="<b><a href=\"user-properties.jsp?username=${usernameUrlEncoded}\">${usernameHtmlEscaped}</a></b>"/>
141 142 143 144 145 146 147
</fmt:message>
<% if (flag.getStartTime() != null) { %><fmt:message key="user.lockout.locked2"><fmt:param value="<%= flag.getStartTime().toString() %>"/></fmt:message> <% } %>
<% if (flag.getStartTime() != null && flag.getEndTime() != null) { %> <fmt:message key="user.lockout.lockedand" /> <% } %> 
<% if (flag.getEndTime() != null) { %><fmt:message key="user.lockout.locked3"><fmt:param value="<%= flag.getEndTime().toString() %>"/></fmt:message> <% } %>
</p>

<form action="user-lockout.jsp">
148
    <input type="hidden" name="username" value="${usernameHtmlEscaped}">
149 150 151 152 153 154
    <input type="submit" name="unlock" value="<fmt:message key="user.lockout.unlock" />">
    <input type="submit" name="cancel" value="<fmt:message key="global.cancel" />">
</form>

<%
    }
155 156
    else {
        // User is not locked out
157 158 159 160
%>

<p>
<fmt:message key="user.lockout.info" />
161
<b><a href="user-properties.jsp?username=${usernameUrlEncoded}">${usernameHtmlEscaped}</a></b>
162 163 164
<fmt:message key="user.lockout.info1" />
</p>

165
<c:if test="${webManager.user.username == param.username}">
166 167 168 169 170 171
    <p class="jive-warning-text">
    <fmt:message key="user.lockout.warning" /> <b><fmt:message key="user.lockout.warning2" /></b> <fmt:message key="user.lockout.warning3" />
    </p>
</c:if>

<form action="user-lockout.jsp">
172
    <% if (LockOutManager.getLockOutProvider().isDelayedStartSupported()) { %>
173 174 175 176 177
    <b><fmt:message key="user.lockout.time.startdelay" /></b><br />
    <input type="radio" name="startdelay" value="-1" checked="checked" /> <fmt:message key="user.lockout.time.immediate" /><br />
    <input type="radio" name="startdelay" value="60" /> <fmt:message key="user.lockout.time.in" /> <fmt:message key="user.lockout.time.1hour" /><br />
    <input type="radio" name="startdelay" value="1440" /> <fmt:message key="user.lockout.time.in" /> <fmt:message key="user.lockout.time.1day" /><br />
    <input type="radio" name="startdelay" value="10080" /> <fmt:message key="user.lockout.time.in" /> <fmt:message key="user.lockout.time.1week" /><br />
Wolf's avatar
Wolf committed
178
    <input type="radio" name="startdelay" value="-2" /> <fmt:message key="user.lockout.time.in" /> <input type="text" size="5" maxlength="10" name="startdelay_custom" /> <fmt:message key="user.lockout.time.minutes"/><br />
179
    <br />
180 181
    <% } %>
    <% if (LockOutManager.getLockOutProvider().isTimeoutSupported()) { %>
182 183 184 185 186 187 188
    <b><fmt:message key="user.lockout.time.duration" /></b><br />
    <input type="radio" name="duration" value="-1" checked="checked" /> <fmt:message key="user.lockout.time.forever" /><br />
    <input type="radio" name="duration" value="60" /> <fmt:message key="user.lockout.time.for" /> <fmt:message key="user.lockout.time.1hour" /><br />
    <input type="radio" name="duration" value="1440" /> <fmt:message key="user.lockout.time.for" /> <fmt:message key="user.lockout.time.1day" /><br />
    <input type="radio" name="duration" value="10080" /> <fmt:message key="user.lockout.time.for" /> <fmt:message key="user.lockout.time.1week" /><br />
    <input type="radio" name="duration" value="-2" /> <fmt:message key="user.lockout.time.for" /> <input type="text" size="5" maxlength="10" name="duration_custom" /> <fmt:message key="user.lockout.time.minutes"/><br />
    <br />
189
    <% } %>
Sven Tantau's avatar
Sven Tantau committed
190
    <input type="hidden" name="username" value="<%= StringUtils.escapeForXML(username) %>">
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
    <input type="submit" name="lock" value="<fmt:message key="user.lockout.lock" />">
    <input type="submit" name="cancel" value="<fmt:message key="global.cancel" />">
</form>

<%
    }
%>

<%  // Disable the form if a read-only user provider.
    if (LockOutManager.getLockOutProvider().isReadOnly()) { %>

<script language="Javascript" type="text/javascript">
  function disable() {
    var limit = document.forms[0].elements.length;
    for (i=0;i<limit;i++) {
      document.forms[0].elements[i].disabled = true;
    }
  }
  disable();
</script>
    <% } %>

    </body>
</html>