litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2846 A user may not create or change a password if he is currently logged in to another account. If he is already logged in to his own account, the completion message will not say "Please log in."

Browse source
This commit is contained in:
j2blake 2011-09-13 20:26:14 +00:00
parent 2f9bb4d460
commit 32186e4351
4 changed files with 42 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsCreatePasswordPage.java
View file

@ -44,6 +44,13 @@ public class UserAccountsCreatePasswordPage extends
notifyUser(); notifyUser();
} }
@Override
protected String alreadyLoggedInMessage(String currentUserEmail) {
return "You may not activate the account for " + userEmail
+ " while you are logged in as " + currentUserEmail
+ ". Please log out and try again.";
}
@Override @Override
protected String passwordChangeNotPendingMessage() { protected String passwordChangeNotPendingMessage() {
return "The account for " + userEmail + " has already been activated."; return "The account for " + userEmail + " has already been activated.";

28
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsPasswordBasePage.java
View file

@ -2,8 +2,6 @@
package edu.cornell.mannlib.vitro.webapp.controller.accounts.user; package edu.cornell.mannlib.vitro.webapp.controller.accounts.user;
import static edu.cornell.mannlib.vitro.webapp.controller.accounts.user.UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -11,6 +9,7 @@ import java.util.Map;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount; import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage; import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
@ -50,6 +49,8 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage {
/** The result of validating a "submit" request. */ /** The result of validating a "submit" request. */
private String errorCode = ""; private String errorCode = "";
private boolean loggedIn;
protected UserAccountsPasswordBasePage(VitroRequest vreq) { protected UserAccountsPasswordBasePage(VitroRequest vreq) {
super(vreq); super(vreq);
@ -112,6 +113,19 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage {
bogusMessage = passwordChangeNotPendingMessage(); bogusMessage = passwordChangeNotPendingMessage();
return; return;
} }
UserAccount currentUser = LoginStatusBean.getCurrentUser(vreq);
if (currentUser != null) {
loggedIn = true;
String currentUserEmail = currentUser.getEmailAddress();
if (!userEmail.equals(currentUserEmail)) {
log.info("Password request for '" + userEmail
+ "' when already logged in as '" + currentUserEmail
+ "'");
bogusMessage = alreadyLoggedInMessage(currentUserEmail);
return;
}
}
} }
public boolean isBogus() { public boolean isBogus() {
@ -154,6 +168,16 @@ public abstract class UserAccountsPasswordBasePage extends UserAccountsPage {
return new TemplateResponseValues(templateName(), body); return new TemplateResponseValues(templateName(), body);
} }
public String getSuccessMessage() {
if (loggedIn) {
return "Your password has been saved.";
} else {
return "Your password has been saved. Please log in.";
}
}
protected abstract String alreadyLoggedInMessage(String currentUserEmail);
protected abstract String passwordChangeNotPendingMessage(); protected abstract String passwordChangeNotPendingMessage();
protected abstract String templateName(); protected abstract String templateName();

7
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsResetPasswordPage.java
View file

@ -44,6 +44,13 @@ public class UserAccountsResetPasswordPage extends UserAccountsPasswordBasePage
notifyUser(); notifyUser();
} }
@Override
protected String alreadyLoggedInMessage(String currentUserEmail) {
return "You may not reset the password for " + userEmail
+ " while you are logged in as " + currentUserEmail
+ ". Please log out and try again.";
}
@Override @Override
protected String passwordChangeNotPendingMessage() { protected String passwordChangeNotPendingMessage() {
return "The password for " + userEmail + " has already been reset."; return "The password for " + userEmail + " has already been reset.";

6
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsUserController.java
View file

@ -80,8 +80,7 @@ public class UserAccountsUserController extends FreemarkerHttpServlet {
return showHomePage(vreq, page.getBogusMessage()); return showHomePage(vreq, page.getBogusMessage());
} else if (page.isSubmit() && page.isValid()) { } else if (page.isSubmit() && page.isValid()) {
page.createPassword(); page.createPassword();
return showHomePage(vreq, return showHomePage(vreq, page.getSuccessMessage());
"Your password has been saved. Please log in.");
} else { } else {
return page.showPage(); return page.showPage();
} }
@ -95,8 +94,7 @@ public class UserAccountsUserController extends FreemarkerHttpServlet {
return showHomePage(vreq, page.getBogusMessage()); return showHomePage(vreq, page.getBogusMessage());
} else if (page.isSubmit() && page.isValid()) { } else if (page.isSubmit() && page.isValid()) {
page.resetPassword(); page.resetPassword();
return showHomePage(vreq, return showHomePage(vreq, page.getSuccessMessage());
"Your password has been saved. Please log in.");
} else { } else {
return page.showPage(); return page.showPage();
} }