Slingshot Change Password page and implementation.

Repository API for change password. Fixes to webscript framework to ensure that webscript POSTed Content is only read once from the underlying inputstream - it was previously possible for a Java backed WebScript to read content during executeImpl() and the same inputstream content would be further processed again when the template parameters for the output were generated. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10461 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-31 17:39:05 +00:00 · 2008-08-21 10:55:11 +00:00
parent 5bde469d0c
commit 0103b7ca03
4 changed files with 156 additions and 9 deletions
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml
@@ -0,0 +1,10 @@
 <webscript>
   <shortname>Update User Password</shortname>
   <description>
      Update the password of a current user - can only be executed for the current user or by an admin to update any user.
   </description>
   <url>/api/person/changepassword/{userName}</url>
   <format default="json"/>
   <authentication>user</authentication>
   <transaction>required</transaction>
 </webscript>
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl
@@ -0,0 +1,3 @@
 {
   success : "${success?string}"
 }
--- a/config/alfresco/web-scripts-application-context.xml
+++ b/config/alfresco/web-scripts-application-context.xml
@@ -77,8 +77,6 @@
   <!--  Web Script Repository (Server-Tier) Container -->
   <!--                                                -->
   <bean id="webscripts.repo.imageresolver" class="org.alfresco.repo.web.scripts.RepositoryImageResolver" />
   <bean id="webscripts.repo.templateprocessor" class="org.alfresco.repo.web.scripts.RepositoryTemplateProcessor">
@@ -115,12 +113,11 @@
   <bean id="webscripts.registry.prototype" parent="webscripts.registry" singleton="false"/>
   <!--                            -->
   <!--  Web Script Authenticators -->
   <!--                            -->
   <!--  HTTP Basic Authenticator (Servlet based) -->
   <bean id="webscripts.authenticator.basic" class="org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory">
      <property name="authenticationService" ref="AuthenticationService" />
@@ -136,6 +133,7 @@
   <bean id="webscripts.authenticator.facebook" class="org.alfresco.repo.web.scripts.facebook.FacebookAuthenticatorFactory" />
   <!--            -->
   <!--  API Beans -->
   <!--            -->
@@ -223,6 +221,8 @@
      <property name="store"><value>sitestore</value></property>
   </bean>
   <!--                            -->
   <!-- Activity Feed Web Scripts  -->
   <!--                            -->
@@ -276,7 +276,9 @@
          </list>
      </property>
   </bean>
-   
+
   <!--                         -->
   <!-- Invite Service REST API -->
   <!--                         -->
@@ -329,10 +331,12 @@
      <property name="personService" ref="PersonService"/>
      <property name="serviceRegistry" ref="ServiceRegistry"/>
   </bean>
-   
+
-   <!--                                                     -->
+
-   <!-- Java-backed Web Scripts for Person Service REST API -->
+
-   <!--                                                     -->
+   <!--                         -->
   <!-- Person Service REST API -->
   <!--                         -->
   <!--                                                                                                       -->
   <!-- person.put Web Script - updates a person with the given person properties                             -->
@@ -345,6 +349,18 @@
      <property name="authenticationComponent" ref="AuthenticationComponent"/>
   </bean>
   <!--                                                                                                       -->
   <!-- changepassword.post Web Script - updates a user password                                              -->
   <!--                                                                                                       -->
   <bean id="webscript.org.alfresco.repository.person.changepassword.post"
         class="org.alfresco.repo.web.scripts.person.ChangePasswordPost"
         parent="webscript">
      <property name="authenticationService" ref="AuthenticationService"/>
   </bean>
   <!--  Switch on debugger by setting log4j.logger.org.alfresco.repo.web.scripts.AlfrescoRhinoScriptDebugger to DEBUG -->
   <bean id="rhinoScriptDebugger" class="org.alfresco.repo.web.scripts.AlfrescoRhinoScriptDebugger" init-method="start"/>
--- a/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
+++ b/source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java
@@ -0,0 +1,118 @@
 /*
 * Copyright (C) 2005-2007 Alfresco Software Limited.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * As a special exception to the terms and conditions of version 2.0 of 
 * the GPL, you may redistribute this Program in connection with Free/Libre 
 * and Open Source Software ("FLOSS") applications as described in Alfresco's 
 * FLOSS exception.  You should have recieved a copy of the text describing 
 * the FLOSS exception, and it is also available here: 
 * http://www.alfresco.com/legal/licensing
 */
 package org.alfresco.repo.web.scripts.person;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.util.Content;
 import org.alfresco.web.scripts.DeclarativeWebScript;
 import org.alfresco.web.scripts.Status;
 import org.alfresco.web.scripts.WebScriptException;
 import org.alfresco.web.scripts.WebScriptRequest;
 import org.json.JSONException;
 import org.json.JSONObject;
 /**
 * Webscript implementation for the POST method for 'changepassword' API.
 * 
 * @author Kevin Roast
 */
 public class ChangePasswordPost extends DeclarativeWebScript
 {
    private AuthenticationService authenticationService;
    /**
     * @param authenticationService    the AuthenticationService to set
     */
    public void setAuthenticationService(AuthenticationService authenticationService)
    {
        this.authenticationService = authenticationService;
    }
    /* (non-Javadoc)
     * @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.Status)
     */
    @Override
    protected Map<String, Object> executeImpl(WebScriptRequest req, Status status)
    {
        // Extract user name from the URL - cannot be null or webscript desc would not match
        String userName = req.getExtensionPath();
        // Extract old and new password details from JSON POST
        Content c = req.getContent();
        if (c == null)
        {
            throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
                    "Missing POST body.");
        }
        JSONObject json;
        try
        {
            json = new JSONObject(c.getContent());
            String oldPassword = json.getString("oldpw");
            String newPassword = json.getString("newpw");
            if (oldPassword == null || oldPassword.length() == 0)
            {
                throw new WebScriptException(Status.STATUS_BAD_REQUEST,
                "Old password 'oldpw' is a required POST parameter.");
            }
            if (newPassword == null || newPassword.length() == 0)
            {
                throw new WebScriptException(Status.STATUS_BAD_REQUEST,
                "New password 'newpw' is a required POST parameter.");
            }
            // update the password
            authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
        }
        catch (AuthenticationException err)
        {
            throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
                    "Do not have appropriate auth or wrong auth details provided.");
        }
        catch (JSONException jErr)
        {
            throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
                    "Unable to parse JSON POST body: " + jErr.getMessage());
        }
        catch (IOException ioErr)
        {
            throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
                    "Unable to retrieve POST body: " + ioErr.getMessage());
        }
        Map<String, Object> model = new HashMap<String, Object>(1, 1.0f);
        model.put("success", Boolean.TRUE);
        return model;
    }
 }