Skip to content

O
Openfire
Commit 875aeaa0 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gaston
Browse files
Options

Decoupled changing of password from registration enablement. JM-125 


git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@1634 b35dd754-fafc-0310-a699-88a17e54d16e
parent 9dd52398
Hide whitespace changes
Inline Side-by-side
Showing with 177 additions and 83 deletions
src/java/org/jivesoftware/messenger/handler/IQRegisterHandler.java
View file @ 875aeaa0
...@@ -63,7 +63,8 @@ import java.util.Iterator; ...@@ -63,7 +63,8 @@ import java.util.Iterator;
*/ */
public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvider { public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvider {
private static boolean enabled; private static boolean registrationEnabled;
private static boolean canChangePassword;
private static Element probeResult; private static Element probeResult;
private UserManager userManager; private UserManager userManager;
...@@ -133,7 +134,9 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid ...@@ -133,7 +134,9 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid
probeResult.add(registrationForm.asXMLElement()); probeResult.add(registrationForm.asXMLElement());
} }
// See if in-band registration should be enabled (default is true). // See if in-band registration should be enabled (default is true).
enabled = JiveGlobals.getBooleanProperty("register.inband", true); registrationEnabled = JiveGlobals.getBooleanProperty("register.inband", true);
// See if users can change their passwords (default is true).
canChangePassword = JiveGlobals.getBooleanProperty("register.password", true);
} }
public IQ handleIQ(IQ packet) throws PacketException, UnauthorizedException { public IQ handleIQ(IQ packet) throws PacketException, UnauthorizedException {
...@@ -151,76 +154,86 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid ...@@ -151,76 +154,86 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid
reply.setError(PacketError.Condition.internal_server_error); reply.setError(PacketError.Condition.internal_server_error);
return reply; return reply;
} }
// If inband registration is not allowed, return an error. if (IQ.Type.get.equals(packet.getType())) {
if (!enabled) { // If inband registration is not allowed, return an error.
reply = IQ.createResultIQ(packet); if (!registrationEnabled) {
reply.setChildElement(packet.getChildElement().createCopy()); reply = IQ.createResultIQ(packet);
reply.setError(PacketError.Condition.forbidden); reply.setChildElement(packet.getChildElement().createCopy());
} reply.setError(PacketError.Condition.forbidden);
else if (IQ.Type.get.equals(packet.getType())) { }
reply = IQ.createResultIQ(packet); else {
if (session.getStatus() == Session.STATUS_AUTHENTICATED) { reply = IQ.createResultIQ(packet);
try { if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
User user = userManager.getUser(session.getUsername()); try {
Element currentRegistration = probeResult.createCopy(); User user = userManager.getUser(session.getUsername());
currentRegistration.addElement("registered"); Element currentRegistration = probeResult.createCopy();
currentRegistration.element("username").setText(user.getUsername()); currentRegistration.addElement("registered");
currentRegistration.element("password").setText(""); currentRegistration.element("username").setText(user.getUsername());
currentRegistration.element("email").setText(user.getEmail()); currentRegistration.element("password").setText("");
currentRegistration.element("name").setText(user.getName()); currentRegistration.element("email").setText(user.getEmail());
currentRegistration.element("name").setText(user.getName());
Element form = currentRegistration.element(QName.get("x", "jabber:x:data")); Element form = currentRegistration.element(QName.get("x", "jabber:x:data"));
Iterator fields = form.elementIterator("field"); Iterator fields = form.elementIterator("field");
Element field; Element field;
while (fields.hasNext()) { while (fields.hasNext()) {
field = (Element) fields.next(); field = (Element) fields.next();
if ("username".equals(field.attributeValue("var"))) { if ("username".equals(field.attributeValue("var"))) {
field.addElement("value").addText(user.getUsername()); field.addElement("value").addText(user.getUsername());
} }
else if ("name".equals(field.attributeValue("var"))) { else if ("name".equals(field.attributeValue("var"))) {
field.addElement("value").addText(user.getName()); field.addElement("value").addText(user.getName());
} }
else if ("email".equals(field.attributeValue("var"))) { else if ("email".equals(field.attributeValue("var"))) {
field.addElement("value").addText(user.getEmail()); field.addElement("value").addText(user.getEmail());
}
} }
reply.setChildElement(currentRegistration);
}
catch (UserNotFoundException e) {
reply.setChildElement(probeResult.createCopy());
} }
reply.setChildElement(currentRegistration);
} }
catch (UserNotFoundException e) { else {
// This is a workaround. Since we don't want to have an incorrect TO attribute
// value we need to clean up the TO attribute. The TO attribute will contain an
// incorrect value since we are setting a fake JID until the user actually
// authenticates with the server.
reply.setTo((JID) null);
reply.setChildElement(probeResult.createCopy()); reply.setChildElement(probeResult.createCopy());
} }
} }
else {
// This is a workaround. Since we don't want to have an incorrect TO attribute
// value we need to clean up the TO attribute. The TO attribute will contain an
// incorrect value since we are setting a fake JID until the user actually
// authenticates with the server.
reply.setTo((JID) null);
reply.setChildElement(probeResult.createCopy());
}
} }
else if (IQ.Type.set.equals(packet.getType())) { else if (IQ.Type.set.equals(packet.getType())) {
try { try {
Element iqElement = packet.getChildElement(); Element iqElement = packet.getChildElement();
if (iqElement.element("remove") != null) { if (iqElement.element("remove") != null) {
if (session.getStatus() == Session.STATUS_AUTHENTICATED) { // If inband registration is not allowed, return an error.
User user = userManager.getUser(session.getUsername()); if (!registrationEnabled) {
// Delete the user
userManager.deleteUser(user);
// Delete the roster of the user
rosterManager.deleteRoster(session.getAddress());
// Delete the user from all the Groups
GroupManager.getInstance().deleteUser(user);
reply = IQ.createResultIQ(packet); reply = IQ.createResultIQ(packet);
session.process(reply); reply.setChildElement(packet.getChildElement().createCopy());
// Close the user's connection reply.setError(PacketError.Condition.forbidden);
session.getConnection().close();
// The reply has been sent so clean up the variable
reply = null;
} }
else { else {
throw new UnauthorizedException(); if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
User user = userManager.getUser(session.getUsername());
// Delete the user
userManager.deleteUser(user);
// Delete the roster of the user
rosterManager.deleteRoster(session.getAddress());
// Delete the user from all the Groups
GroupManager.getInstance().deleteUser(user);
reply = IQ.createResultIQ(packet);
session.process(reply);
// Close the user's connection
session.getConnection().close();
// The reply has been sent so clean up the variable
reply = null;
}
else {
throw new UnauthorizedException();
}
} }
} }
else { else {
...@@ -271,34 +284,70 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid ...@@ -271,34 +284,70 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid
email = " "; email = " ";
} }
// Inform the entity of failed registration if some required information was
// not provided
if (password == null || password.trim().length() == 0) {
reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.not_acceptable);
return reply;
}
if (session.getStatus() == Session.STATUS_AUTHENTICATED) { if (session.getStatus() == Session.STATUS_AUTHENTICATED) {
User user = userManager.getUser(session.getUsername()); // Flag that indicates if the user is *only* changing his password
if (user != null) { boolean onlyPassword = false;
if (user.getUsername().equalsIgnoreCase(username)) { if (iqElement.elements().size() == 2 &&
user.setPassword(password); iqElement.element("username") != null &&
user.setEmail(email); iqElement.element("password") != null) {
newUser = user; onlyPassword = true;
}
// If users are not allowed to change their password, return an error.
if (password != null && !canChangePassword) {
reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.forbidden);
return reply;
}
// If inband registration is not allowed, return an error.
else if (!onlyPassword && !registrationEnabled) {
reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.forbidden);
return reply;
}
else {
User user = userManager.getUser(session.getUsername());
if (user != null) {
if (user.getUsername().equalsIgnoreCase(username)) {
if (password != null && password.trim().length() > 0) {
user.setPassword(password);
}
if (!onlyPassword) {
user.setEmail(email);
}
newUser = user;
}
else {
// An admin can create new accounts when logged in.
newUser = userManager.createUser(username, password, null, email);
}
} }
else { else {
// An admin can create new accounts when logged in. throw new UnauthorizedException();
newUser = userManager.createUser(username, password, null, email);
} }
} }
else {
throw new UnauthorizedException();
}
} }
else { else {
newUser = userManager.createUser(username, password, null, email); // If inband registration is not allowed, return an error.
if (!registrationEnabled) {
reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.forbidden);
return reply;
}
// Inform the entity of failed registration if some required
// information was not provided
else if (password == null || password.trim().length() == 0) {
reply = IQ.createResultIQ(packet);
reply.setChildElement(packet.getChildElement().createCopy());
reply.setError(PacketError.Condition.not_acceptable);
return reply;
}
else {
// Create the new account
newUser = userManager.createUser(username, password, null, email);
}
} }
// Set and save the extra user info (e.g. full name, etc.) // Set and save the extra user info (e.g. full name, etc.)
if (newUser != null && name != null) { if (newUser != null && name != null) {
...@@ -346,14 +395,23 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid ...@@ -346,14 +395,23 @@ public class IQRegisterHandler extends IQHandler implements ServerFeaturesProvid
} }
public boolean isInbandRegEnabled() { public boolean isInbandRegEnabled() {
return enabled; return registrationEnabled;
} }
public void setInbandRegEnabled(boolean allowed) { public void setInbandRegEnabled(boolean allowed) {
enabled = allowed; registrationEnabled = allowed;
JiveGlobals.setProperty("register.inband", enabled ? "true" : "false"); JiveGlobals.setProperty("register.inband", registrationEnabled ? "true" : "false");
}
public boolean canChangePassword() {
return canChangePassword;
} }
public void setCanChangePassword(boolean allowed) {
canChangePassword = allowed;
JiveGlobals.setProperty("register.password", canChangePassword ? "true" : "false");
}
public IQHandlerInfo getInfo() { public IQHandlerInfo getInfo() {
return info; return info;
} }
......
src/web/reg-settings.jsp
View file @ 875aeaa0
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
<% // Get parameters <% // Get parameters
boolean save = request.getParameter("save") != null; boolean save = request.getParameter("save") != null;
boolean inbandEnabled = ParamUtils.getBooleanParameter(request,"inbandEnabled"); boolean inbandEnabled = ParamUtils.getBooleanParameter(request,"inbandEnabled");
boolean canChangePassword = ParamUtils.getBooleanParameter(request,"canChangePassword");
boolean anonLogin = ParamUtils.getBooleanParameter(request,"anonLogin"); boolean anonLogin = ParamUtils.getBooleanParameter(request,"anonLogin");
// Get an IQRegisterHandler: // Get an IQRegisterHandler:
...@@ -45,11 +46,13 @@ ...@@ -45,11 +46,13 @@
if (save) { if (save) {
regHandler.setInbandRegEnabled(inbandEnabled); regHandler.setInbandRegEnabled(inbandEnabled);
regHandler.setCanChangePassword(canChangePassword);
authHandler.setAllowAnonymous(anonLogin); authHandler.setAllowAnonymous(anonLogin);
} }
// Reset the value of page vars: // Reset the value of page vars:
inbandEnabled = regHandler.isInbandRegEnabled(); inbandEnabled = regHandler.isInbandRegEnabled();
canChangePassword = regHandler.canChangePassword();
anonLogin = authHandler.isAllowAnonymous(); anonLogin = authHandler.isAllowAnonymous();
%> %>
...@@ -106,7 +109,40 @@ ...@@ -106,7 +109,40 @@
</div> </div>
</fieldset> </fieldset>
<br><br> <br>
<fieldset>
<legend><fmt:message key="reg.settings.change_password" /></legend>
<div>
<p>
<fmt:message key="reg.settings.change_password_info" />
</p>
<table cellpadding="3" cellspacing="0" border="0" width="100%">
<tbody>
<tr>
<td width="1%">
<input type="radio" name="canChangePassword" value="true" id="rb03"
<%= ((canChangePassword) ? "checked" : "") %>>
</td>
<td width="99%">
<label for="rb03"><b><fmt:message key="reg.settings.enable" /></b> - <fmt:message key="reg.settings.can_change" /></label>
</td>
</tr>
<tr>
<td width="1%">
<input type="radio" name="canChangePassword" value="false" id="rb04"
<%= ((!canChangePassword) ? "checked" : "") %>>
</td>
<td width="99%">
<label for="rb04"><b><fmt:message key="reg.settings.disable" /></b> - <fmt:message key="reg.settings.cannot_change" /></label>
</td>
</tr>
</tbody>
</table>
</div>
</fieldset>
<br>
<fieldset> <fieldset>
<legend><fmt:message key="reg.settings.anonymous_login" /></legend> <legend><fmt:message key="reg.settings.anonymous_login" /></legend>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023