/** * The contents of this file are subject to the license and copyright * detailed in the LICENSE and NOTICE files at the root of the source * tree and available online at * * http://www.dspace.org/license/ */ package org.dspace.eperson; import org.apache.log4j.Logger; import org.dspace.authorize.AuthorizeException; import org.dspace.core.*; import org.dspace.eperson.service.AccountService; import org.dspace.eperson.service.EPersonService; import org.dspace.eperson.service.RegistrationDataService; import org.springframework.beans.factory.annotation.Autowired; import javax.mail.MessagingException; import java.io.IOException; import java.sql.SQLException; import java.util.Locale; /** * * Methods for handling registration by email and forgotten passwords. When * someone registers as a user, or forgets their password, the * sendRegistrationInfo or sendForgotPasswordInfo methods can be used to send an * email to the user. The email contains a special token, a long string which is * randomly generated and thus hard to guess. When the user presents the token * back to the system, the AccountManager can use the token to determine the * identity of the eperson. * * *NEW* now ignores expiration dates so that tokens never expire * * @author Peter Breton * @version $Revision$ */ public class AccountServiceImpl implements AccountService { /** log4j log */ private static Logger log = Logger.getLogger(AccountServiceImpl.class); @Autowired(required = true) protected EPersonService ePersonService; @Autowired(required = true) protected RegistrationDataService registrationDataService; protected AccountServiceImpl() { } /** * Email registration info to the given email address. * * Potential error conditions: Cannot create registration data in database * (throws SQLException) Error sending email (throws MessagingException) * Error reading email template (throws IOException) Authorization error * (throws AuthorizeException) * * @param context * DSpace context * @param email * Email address to send the registration email to */ @Override public void sendRegistrationInfo(Context context, String email) throws SQLException, IOException, MessagingException, AuthorizeException { sendInfo(context, email, true, true); } /** * Email forgot password info to the given email address. * * Potential error conditions: No EPerson with that email (returns null) * Cannot create registration data in database (throws SQLException) Error * sending email (throws MessagingException) Error reading email template * (throws IOException) Authorization error (throws AuthorizeException) * * @param context * DSpace context * @param email * Email address to send the forgot-password email to */ @Override public void sendForgotPasswordInfo(Context context, String email) throws SQLException, IOException, MessagingException, AuthorizeException { sendInfo(context, email, false, true); } /** *

* Return the EPerson corresponding to token, where token was emailed to the * person by either the sendRegistrationInfo or sendForgotPasswordInfo * methods. *

* *

* If the token is not found return null. *

* * @param context * DSpace context * @param token * Account token * @return The EPerson corresponding to token, or null. * @exception SQLException * If the token or eperson cannot be retrieved from the * database. */ @Override public EPerson getEPerson(Context context, String token) throws SQLException, AuthorizeException { String email = getEmail(context, token); if (email == null) { return null; } return ePersonService.findByEmail(context, email); } /** * Return the e-mail address referred to by a token, or null if email * address can't be found ignores expiration of token * * @param context * DSpace context * @param token * Account token * @return The email address corresponding to token, or null. */ @Override public String getEmail(Context context, String token) throws SQLException { RegistrationData registrationData = registrationDataService.findByToken(context, token); if (registrationData == null) { return null; } /* * ignore the expiration date on tokens Date expires = * rd.getDateColumn("expires"); if (expires != null) { if ((new * java.util.Date()).after(expires)) return null; } */ return registrationData.getEmail(); } /** * Delete token. * * @param context * DSpace context * @param token * The token to delete * @exception SQLException * If a database error occurs */ @Override public void deleteToken(Context context, String token) throws SQLException { registrationDataService.deleteByToken(context, token); } /* * THIS IS AN INTERNAL METHOD. THE SEND PARAMETER ALLOWS IT TO BE USED FOR * TESTING PURPOSES. * * Send an info to the EPerson with the given email address. If isRegister * is TRUE, this is registration email; otherwise, it is forgot-password * email. If send is TRUE, the email is sent; otherwise it is skipped. * * Potential error conditions: No EPerson with that email (returns null) * Cannot create registration data in database (throws SQLException) Error * sending email (throws MessagingException) Error reading email template * (throws IOException) Authorization error (throws AuthorizeException) * * @param context DSpace context @param email Email address to send the * forgot-password email to @param isRegister If true, this is for * registration; otherwise, it is for forgot-password @param send If true, * send email; otherwise do not send any email */ protected RegistrationData sendInfo(Context context, String email, boolean isRegister, boolean send) throws SQLException, IOException, MessagingException, AuthorizeException { // See if a registration token already exists for this user RegistrationData rd = registrationDataService.findByEmail(context, email); // If it already exists, just re-issue it if (rd == null) { rd = registrationDataService.create(context); rd.setToken(Utils.generateHexKey()); // don't set expiration date any more // rd.setColumn("expires", getDefaultExpirationDate()); rd.setEmail(email); registrationDataService.update(context, rd); // This is a potential problem -- if we create the callback // and then crash, registration will get SNAFU-ed. // So FIRST leave some breadcrumbs if (log.isDebugEnabled()) { log.debug("Created callback " + rd.getID() + " with token " + rd.getToken() + " with email \"" + email + "\""); } } if (send) { sendEmail(context, email, isRegister, rd); } return rd; } /** * Send a DSpace message to the given email address. * * If isRegister is true, this is registration email; * otherwise, it is a forgot-password email. * * @param email * The email address to mail to * @param isRegister * If true, this is registration email; otherwise it is * forgot-password email. * @param rd * The RDBMS row representing the registration data. * @exception MessagingException * If an error occurs while sending email * @exception IOException * If an error occurs while reading the email template. */ protected void sendEmail(Context context, String email, boolean isRegister, RegistrationData rd) throws MessagingException, IOException, SQLException { String base = ConfigurationManager.getProperty("dspace.url"); // Note change from "key=" to "token=" String specialLink = new StringBuffer().append(base).append( base.endsWith("/") ? "" : "/").append( isRegister ? "register" : "forgot").append("?") .append("token=").append(rd.getToken()) .toString(); Locale locale = context.getCurrentLocale(); Email bean = Email.getEmail(I18nUtil.getEmailFilename(locale, isRegister ? "register" : "change_password")); bean.addRecipient(email); bean.addArgument(specialLink); bean.send(); // Breadcrumbs if (log.isInfoEnabled()) { log.info("Sent " + (isRegister ? "registration" : "account") + " information to " + email); } } }