/**
* Licensed to Apereo under one or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding copyright ownership. Apereo
* licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain a copy of the License at the
* following location:
*
* <p>http://www.apache.org/licenses/LICENSE-2.0
*
* <p>Unless required by applicable law or agreed to in writing, software distributed under the
* License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apereo.portal.portlets.account.selfedit;
import org.apache.commons.lang.StringUtils;
import org.apereo.portal.persondir.ILocalAccountDao;
import org.apereo.portal.persondir.ILocalAccountPerson;
import org.apereo.portal.security.IPortalPasswordService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.binding.message.MessageBuilder;
import org.springframework.binding.message.MessageContext;
import org.springframework.stereotype.Component;
/**
* This class validates {@link AccountPasswordForm} objects through the magic of Webflow:
* http://docs.spring.io/spring-webflow/docs/current/reference/html/views.html#view-validation-programmatic-validator
*
*/
@Component("accountPasswordFormValidator")
public class AccountPasswordFormValidator {
private ILocalAccountDao accountDao;
@Autowired(required = true)
public void setLocalAccountDao(ILocalAccountDao accountDao) {
this.accountDao = accountDao;
}
private IPortalPasswordService passwordService;
@Autowired(required = true)
public void setPortalPasswordService(IPortalPasswordService passwordService) {
this.passwordService = passwordService;
}
/*
* NB: This validation method correctly matches a state defined in the
* edit-account flow, but there doesn't appear currently to be a way to
* enter it.
*/
public void validateEnterPassword(AccountPasswordForm form, MessageContext context) {
// ensure that a current account password was entered
if (StringUtils.isBlank(form.getCurrentPassword())) {
context.addMessage(
new MessageBuilder()
.error()
.source("currentPassword")
.code("please.enter.current.password")
.defaultText("Please enter your current password")
.build());
}
// check to see if the provided password matches the current account
// password
else {
ILocalAccountPerson account = accountDao.getPerson(form.getUserId());
if (!passwordService.validatePassword(
form.getCurrentPassword(), account.getPassword())) {
context.addMessage(
new MessageBuilder()
.error()
.source("currentPassword")
.code("current.password.doesnt.match")
.defaultText(
"Provided password does not match the current account password")
.build());
}
}
// ensure a new account password was entered
if (StringUtils.isBlank(form.getNewPassword())) {
context.addMessage(
new MessageBuilder()
.error()
.source("newPassword")
.code("please.enter.new.password")
.defaultText("Please enter a new password")
.build());
}
// ensure a new account password confirmation was entered
if (StringUtils.isBlank(form.getConfirmNewPassword())) {
context.addMessage(
new MessageBuilder()
.error()
.source("confirmNewPassword")
.code("please.enter.confirm.password")
.defaultText("Please confirm your new password")
.build());
}
// ensure the new password and new password confirmation match
if (StringUtils.isNotBlank(form.getNewPassword())
&& StringUtils.isNotBlank(form.getConfirmNewPassword())
&& !form.getNewPassword().equals(form.getConfirmNewPassword())) {
context.addMessage(
new MessageBuilder()
.error()
.source("confirmPassword")
.code("passwords.must.match")
.defaultText("Passwords must match")
.build());
}
}
}