- Timestamp:
- Oct 25, 2010, 3:28:44 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/grails-app/controllers/dbnp/authentication/RegisterController.groovy
r976 r985 1 /* Copyright 2009-2010 the original author or authors. 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 1 15 package dbnp.authentication 2 16 3 import grails.plugins.springsecurity.Secured 4 import grails.plugins.springsecurity.ui.* 17 import groovy.text.SimpleTemplateEngine 18 19 import org.codehaus.groovy.grails.commons.ApplicationHolder as AH 20 import org.codehaus.groovy.grails.plugins.springsecurity.NullSaltSource 5 21 import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils 6 import org.codehaus.groovy.grails.plugins.springsecurity.ui.RegistrationCode7 22 8 class RegisterController extends grails.plugins.springsecurity.ui.RegisterController { 23 /** 24 * @author <a href='mailto:burt@burtbeckwith.com'>Burt Beckwith</a> 25 */ 26 class RegisterController { 9 27 10 // The registration should be done using the UserRegistration controller 11 @Secured(['ROLE_ADMIN']) 12 def index = { 13 throw new Exception( "Method should not be called!" ) 14 } 28 def springSecurityService 29 def mailService 30 31 static defaultAction = 'index' 15 32 33 def saltSource 34 35 def index = { 36 [command: new RegisterCommand()] 37 } 38 39 def forgotPassword = { 40 41 if (!request.post) { 42 // show the form 43 return 44 } 45 46 String username = params.username 47 if (!username) { 48 flash.error = message(code: 'spring.security.ui.forgotPassword.username.missing') 49 return 50 } 51 52 def user = SecUser.findByUsername(username) 53 if (!user) { 54 flash.error = message(code: 'spring.security.ui.forgotPassword.user.notFound') 55 return 56 } 57 58 def registrationCode = new RegistrationCode(username: user.username).save() 59 60 String url = generateLink('resetPassword', [t: registrationCode.token]) 61 62 def conf = SpringSecurityUtils.securityConfig 63 def body = g.render(template:'/email/passwordReset', model: [user: user, url: url]) 64 65 mailService.sendMail { 66 to user.email 67 from conf.ui.forgotPassword.emailFrom 68 subject conf.ui.forgotPassword.emailSubject 69 html body.toString() 70 } 71 72 [emailSent: true] 73 } 74 75 def resetPassword = { ResetPasswordCommand command -> 76 77 String token = params.t 78 79 def registrationCode = token ? RegistrationCode.findByToken(token) : null 80 if (!registrationCode) { 81 flash.error = message(code: 'spring.security.ui.resetPassword.badCode') 82 redirect uri: SpringSecurityUtils.securityConfig.successHandler.defaultTargetUrl 83 return 84 } 85 86 if (!request.post) { 87 return [token: token, command: new ResetPasswordCommand()] 88 } 89 90 command.username = registrationCode.username 91 command.validate() 92 93 if (command.hasErrors()) { 94 return [token: token, command: command] 95 } 96 97 String salt = registrationCode.username 98 RegistrationCode.withTransaction { status -> 99 def user = SecUser.findByUsername(registrationCode.username) 100 user.password = springSecurityService.encodePassword(command.password, salt) 101 user.save() 102 registrationCode.delete() 103 } 104 105 springSecurityService.reauthenticate registrationCode.username 106 107 flash.message = message(code: 'spring.security.ui.resetPassword.success') 108 109 def conf = SpringSecurityUtils.securityConfig 110 String postResetUrl = conf.ui.register.postResetUrl ?: conf.successHandler.defaultTargetUrl 111 redirect uri: postResetUrl 112 } 113 114 protected String generateLink(String action, linkParams) { 115 createLink(base: "$request.scheme://$request.serverName:$request.serverPort$request.contextPath", 116 controller: 'register', action: action, 117 params: linkParams) 118 119 } 120 121 protected String evaluate(s, binding) { 122 new SimpleTemplateEngine().createTemplate(s).make(binding) 123 } 124 125 static final passwordValidator = { String password, command -> 126 if (command.username && command.username.equals(password)) { 127 return 'command.password.error.username' 128 } 129 130 if (!password || password.length() < 8 || password.length() > 64 || 131 (!password.matches('^.*\\p{Alpha}.*$') || 132 !password.matches('^.*\\p{Digit}.*$') || 133 !password.matches('^.*[!@#$%^&].*$'))) { 134 return 'command.password.error.strength' 135 } 136 } 137 138 static final password2Validator = { value, command -> 139 if (command.password != command.password2) { 140 return 'command.password2.error.mismatch' 141 } 142 } 16 143 } 144 145 class RegisterCommand { 146 147 String username 148 String email 149 String password 150 String password2 151 152 static constraints = { 153 username blank: false, validator: { value, command -> 154 if (value) { 155 def User = AH.application.getDomainClass( 156 SpringSecurityUtils.securityConfig.userLookup.userDomainClassName).clazz 157 if (User.findByUsername(value)) { 158 return 'registerCommand.username.unique' 159 } 160 } 161 } 162 email blank: false, email: true 163 password blank: false, minSize: 8, maxSize: 64, validator: RegisterController.passwordValidator 164 password2 validator: RegisterController.password2Validator 165 } 166 } 167 168 class ResetPasswordCommand { 169 String username 170 String password 171 String password2 172 173 static constraints = { 174 password blank: false, minSize: 8, maxSize: 64, validator: RegisterController.passwordValidator 175 password2 validator: RegisterController.password2Validator 176 } 177 }
Note: See TracChangeset
for help on using the changeset viewer.
