inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slingshot Change Password page and implementation.

Browse Source 
Repository API for change password.
Fixes to webscript framework to ensure that webscript POSTed Content is only read once from the underlying inputstream - it was previously possible for a Java backed WebScript to read content during executeImpl() and the same inputstream content would be further processed again when the template parameters for the output were generated.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10461 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Kevin Roast
2008-08-21 10:55:11 +00:00
parent 5bde469d0c
commit 0103b7ca03
4 changed files with 156 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.desc.xml Normal file
View File

@@ -0,0 +1,10 @@
<webscript>
<shortname>Update User Password</shortname>
<description>
Update the password of a current user - can only be executed for the current user or by an admin to update any user.
</description>
<url>/api/person/changepassword/{userName}</url>
<format default="json"/>
<authentication>user</authentication>
<transaction>required</transaction>
</webscript>

3
config/alfresco/templates/webscripts/org/alfresco/repository/person/changepassword.post.json.ftl Normal file
View File

@@ -0,0 +1,3 @@
{
success : "${success?string}"
}

34
config/alfresco/web-scripts-application-context.xml
View File

@@ -77,8 +77,6 @@
<!-- Web Script Repository (Server-Tier) Container -->
<!-- -->
<bean id="webscripts.repo.imageresolver" class="org.alfresco.repo.web.scripts.RepositoryImageResolver" />
<bean id="webscripts.repo.templateprocessor" class="org.alfresco.repo.web.scripts.RepositoryTemplateProcessor">
@@ -115,12 +113,11 @@
<bean id="webscripts.registry.prototype" parent="webscripts.registry" singleton="false"/>
<!-- -->
<!-- Web Script Authenticators -->
<!-- -->
<!-- HTTP Basic Authenticator (Servlet based) -->
<bean id="webscripts.authenticator.basic" class="org.alfresco.repo.web.scripts.servlet.BasicHttpAuthenticatorFactory">
<property name="authenticationService" ref="AuthenticationService" />
@@ -136,6 +133,7 @@
<bean id="webscripts.authenticator.facebook" class="org.alfresco.repo.web.scripts.facebook.FacebookAuthenticatorFactory" />
<!-- -->
<!-- API Beans -->
<!-- -->
@@ -223,6 +221,8 @@
<property name="store"><value>sitestore</value></property>
</bean>
<!-- -->
<!-- Activity Feed Web Scripts -->
<!-- -->
@@ -276,7 +276,9 @@
</list>
</property>
</bean>
<!-- -->
<!-- Invite Service REST API -->
<!-- -->
@@ -329,10 +331,12 @@
<property name="personService" ref="PersonService"/>
<property name="serviceRegistry" ref="ServiceRegistry"/>
</bean>
<!-- -->
<!-- Java-backed Web Scripts for Person Service REST API -->
<!-- -->
<!-- -->
<!-- Person Service REST API -->
<!-- -->
<!-- -->
<!-- person.put Web Script - updates a person with the given person properties -->
@@ -345,6 +349,18 @@
<property name="authenticationComponent" ref="AuthenticationComponent"/>
</bean>
<!-- -->
<!-- changepassword.post Web Script - updates a user password -->
<!-- -->
<bean id="webscript.org.alfresco.repository.person.changepassword.post"
class="org.alfresco.repo.web.scripts.person.ChangePasswordPost"
parent="webscript">
<property name="authenticationService" ref="AuthenticationService"/>
</bean>
<!-- Switch on debugger by setting log4j.logger.org.alfresco.repo.web.scripts.AlfrescoRhinoScriptDebugger to DEBUG -->
<bean id="rhinoScriptDebugger" class="org.alfresco.repo.web.scripts.AlfrescoRhinoScriptDebugger" init-method="start"/>

118
source/java/org/alfresco/repo/web/scripts/person/ChangePasswordPost.java Normal file
View File

@@ -0,0 +1,118 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing
*/
package org.alfresco.repo.web.scripts.person;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.service.cmr.security.AuthenticationService;
import org.alfresco.util.Content;
import org.alfresco.web.scripts.DeclarativeWebScript;
import org.alfresco.web.scripts.Status;
import org.alfresco.web.scripts.WebScriptException;
import org.alfresco.web.scripts.WebScriptRequest;
import org.json.JSONException;
import org.json.JSONObject;
/**
* Webscript implementation for the POST method for 'changepassword' API.
*
* @author Kevin Roast
*/
public class ChangePasswordPost extends DeclarativeWebScript
{
private AuthenticationService authenticationService;
/**
* @param authenticationService the AuthenticationService to set
*/
public void setAuthenticationService(AuthenticationService authenticationService)
{
this.authenticationService = authenticationService;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.DeclarativeWebScript#executeImpl(org.alfresco.web.scripts.WebScriptRequest, org.alfresco.web.scripts.Status)
*/
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status)
{
// Extract user name from the URL - cannot be null or webscript desc would not match
String userName = req.getExtensionPath();
// Extract old and new password details from JSON POST
Content c = req.getContent();
if (c == null)
{
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
"Missing POST body.");
}
JSONObject json;
try
{
json = new JSONObject(c.getContent());
String oldPassword = json.getString("oldpw");
String newPassword = json.getString("newpw");
if (oldPassword == null || oldPassword.length() == 0)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"Old password 'oldpw' is a required POST parameter.");
}
if (newPassword == null || newPassword.length() == 0)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST,
"New password 'newpw' is a required POST parameter.");
}
// update the password
authenticationService.updateAuthentication(userName, oldPassword.toCharArray(), newPassword.toCharArray());
}
catch (AuthenticationException err)
{
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
"Do not have appropriate auth or wrong auth details provided.");
}
catch (JSONException jErr)
{
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
"Unable to parse JSON POST body: " + jErr.getMessage());
}
catch (IOException ioErr)
{
throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR,
"Unable to retrieve POST body: " + ioErr.getMessage());
}
Map<String, Object> model = new HashMap<String, Object>(1, 1.0f);
model.put("success", Boolean.TRUE);
return model;
}
}