rhbz1066756 - Enable password change from dashboard.

zanata · Mar 28, 2014 · edaab42 · edaab42
1 parent b75777f
commit edaab42
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 12 deletions.
diff --git a/zanata-war/src/main/java/org/zanata/action/UserSettingsAction.java b/zanata-war/src/main/java/org/zanata/action/UserSettingsAction.java
@@ -33,12 +33,16 @@
 import org.jboss.seam.annotations.Scope;
 import org.jboss.seam.faces.FacesMessages;
 import org.jboss.seam.faces.Renderer;
+import org.jboss.seam.security.RunAsOperation;
+import org.jboss.seam.security.management.IdentityManager;
 import org.jboss.seam.security.management.JpaIdentityStore;
 import org.zanata.dao.PersonDAO;
 import org.zanata.model.HAccount;
 import org.zanata.model.HPerson;
 import org.zanata.service.impl.EmailChangeService;
 
+import javax.validation.constraints.Size;
+
 /**
  * This is an action class that should eventually replace the
  * {@link org.zanata.action.ProfileAction} class as the UI controller for user
@@ -62,6 +66,9 @@ public class UserSettingsAction {
     @In
     private PersonDAO personDAO;
 
+    @In
+    private IdentityManager identityManager;
+
     @In(value = JpaIdentityStore.AUTHENTICATED_USER)
     HAccount authenticatedAccount;
 
@@ -70,6 +77,15 @@ public class UserSettingsAction {
     @Email
     @NotEmpty
     private String emailAddress;
+
+    @Getter
+    @Setter
+    @Size(min = 6, max = 20)
+    private String newPassword;
+
+    @Getter
+    @Setter
+    private String oldPassword;
 
     @Create
     public void onCreate() {
@@ -103,4 +119,28 @@ protected boolean isEmailAddressValid(String email) {
         return person == null
                 || person.getAccount().equals(authenticatedAccount);
     }
+
+    public void changePassword() {
+        if (isPasswordSet()
+                && !identityManager.authenticate(
+                authenticatedAccount.getUsername(), oldPassword)) {
+            FacesMessages.instance().addToControl("oldPassword",
+                    "Old password is incorrect, please check and try again.");
+            return;
+        }
+
+        new RunAsOperation() {
+            public void execute() {
+                identityManager.changePassword(
+                        authenticatedAccount.getUsername(), newPassword);
+            }
+        }.addRole("admin").run();
+
+        FacesMessages.instance().add(
+                "Your password has been successfully changed.");
+    }
+
+    public boolean isPasswordSet() {
+        return authenticatedAccount.getPasswordHash() != null;
+    }
 }
diff --git a/zanata-war/src/main/webapp/dashboard/settings.xhtml b/zanata-war/src/main/webapp/dashboard/settings.xhtml
@@ -32,18 +32,34 @@
             onclick="updateEmail(); return false;"/>
         </h:form>
         <hr/>
-        <h3 class="heading--secondary">Change Password</h3>
-        <form action="" class="l--constrain-large">
-          <div class="form__item">
-            <label for="oldpassword">Old Password</label>
-            <input type="password" id="oldpassword"/>
-          </div>
-          <div class="form__item l--push-bottom-1">
-            <label for="oldpassword">New Password</label>
-            <input type="password" id="oldpassword"/>
-          </div>
-          <input type="submit" value="Update password" class="button"/>
-        </form>
+        <s:fragment rendered="#{applicationConfiguration.internalAuth}">
+          <h3 class="heading--secondary">
+            <h:outputText rendered="#{not userSettingsAction.passwordSet}" value="Set Password"/>
+            <h:outputText rendered="#{userSettingsAction.passwordSet}" value="Change Password"/>
+          </h3>
+          <h:form id="passwordChangeForm" styleClass="l--constrain-large">
+            <s:fragment rendered="#{userSettingsAction.passwordSet}">
+              <div class="form__item">
+                <h:outputLabel for="oldPassword">Old Password</h:outputLabel>
+                <s:decorate id="oldPasswordField" template=" ../WEB-INF/layout/field.xhtml" enclose="false">
+                  <h:inputSecret id="oldPassword" value="#{userSettingsAction.oldPassword}"
+                    maxlength="255"/>
+                </s:decorate>
+              </div>
+            </s:fragment>
+            <div class="form__item l--push-bottom-1">
+              <h:outputLabel for="newPassword">New Password</h:outputLabel>
+              <s:decorate id="newPasswordField" template=" ../WEB-INF/layout/field.xhtml" enclose="false">
+                <h:inputSecret id="newPassword" value="#{userSettingsAction.newPassword}"
+                  maxlength="255"/>
+              </s:decorate>
+            </div>
+            <a4j:jsFunction name="changePassword" action="#{userSettingsAction.changePassword()}"
+              render="passwordChangeForm" execute="@form"/>
+            <input type="submit" value="Update password" class="button"
+              onclick="changePassword(); return false"/>
+          </h:form>
+        </s:fragment>
         <hr/>
         <h3 class="heading--secondary">Connected Accounts</h3>
         <form action="" class="l--constrain-large">