diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsCreatePasswordPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsCreatePasswordPage.java index ab8aaba4f..b227a0728 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsCreatePasswordPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsCreatePasswordPage.java @@ -44,6 +44,13 @@ public class UserAccountsCreatePasswordPage extends notifyUser(); } + @Override + protected String alreadyLoggedInMessage(String currentUserEmail) { + return "You may not activate the account for " + userEmail + + " while you are logged in as " + currentUserEmail + + ". Please log out and try again."; + } + @Override protected String passwordChangeNotPendingMessage() { return "The account for " + userEmail + " has already been activated."; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsPasswordBasePage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsPasswordBasePage.java index 4c814f4be..1764c9e7a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsPasswordBasePage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsPasswordBasePage.java @@ -2,8 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.controller.accounts.user; -import static edu.cornell.mannlib.vitro.webapp.controller.accounts.user.UserAccountsUserController.BOGUS_STANDARD_MESSAGE; - import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -11,6 +9,7 @@ import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage; @@ -50,6 +49,8 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage { /** The result of validating a "submit" request. */ private String errorCode = ""; + private boolean loggedIn; + protected UserAccountsPasswordBasePage(VitroRequest vreq) { super(vreq); @@ -112,6 +113,19 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage { bogusMessage = passwordChangeNotPendingMessage(); return; } + + UserAccount currentUser = LoginStatusBean.getCurrentUser(vreq); + if (currentUser != null) { + loggedIn = true; + String currentUserEmail = currentUser.getEmailAddress(); + if (!userEmail.equals(currentUserEmail)) { + log.info("Password request for '" + userEmail + + "' when already logged in as '" + currentUserEmail + + "'"); + bogusMessage = alreadyLoggedInMessage(currentUserEmail); + return; + } + } } public boolean isBogus() { @@ -154,6 +168,16 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage { return new TemplateResponseValues(templateName(), body); } + public String getSuccessMessage() { + if (loggedIn) { + return "Your password has been saved."; + } else { + return "Your password has been saved. Please log in."; + } + } + + protected abstract String alreadyLoggedInMessage(String currentUserEmail); + protected abstract String passwordChangeNotPendingMessage(); protected abstract String templateName(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsResetPasswordPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsResetPasswordPage.java index c5d8a3c03..e9b07ba36 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsResetPasswordPage.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsResetPasswordPage.java @@ -44,6 +44,13 @@ public class UserAccountsResetPasswordPage extends UserAccountsPasswordBasePage notifyUser(); } + @Override + protected String alreadyLoggedInMessage(String currentUserEmail) { + return "You may not reset the password for " + userEmail + + " while you are logged in as " + currentUserEmail + + ". Please log out and try again."; + } + @Override protected String passwordChangeNotPendingMessage() { return "The password for " + userEmail + " has already been reset."; diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java index 4437e35cb..c15933cdc 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java @@ -80,8 +80,7 @@ public class UserAccountsUserController extends FreemarkerHttpServlet { return showHomePage(vreq, page.getBogusMessage()); } else if (page.isSubmit() && page.isValid()) { page.createPassword(); - return showHomePage(vreq, - "Your password has been saved. Please log in."); + return showHomePage(vreq, page.getSuccessMessage()); } else { return page.showPage(); } @@ -95,8 +94,7 @@ public class UserAccountsUserController extends FreemarkerHttpServlet { return showHomePage(vreq, page.getBogusMessage()); } else if (page.isSubmit() && page.isValid()) { page.resetPassword(); - return showHomePage(vreq, - "Your password has been saved. Please log in."); + return showHomePage(vreq, page.getSuccessMessage()); } else { return page.showPage(); }