View Javadoc
1   /**
2    * This file Copyright (c) 2011-2017 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.ui.form.field;
35  
36  import info.magnolia.cms.security.SecurityUtil;
37  import info.magnolia.context.Context;
38  import info.magnolia.context.MgnlContext;
39  import info.magnolia.ui.form.field.definition.PasswordFieldDefinition;
40  
41  import javax.inject.Provider;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import com.vaadin.ui.Component;
46  import com.vaadin.v7.data.Property;
47  import com.vaadin.v7.data.Validator.InvalidValueException;
48  import com.vaadin.v7.ui.CustomField;
49  import com.vaadin.v7.ui.Label;
50  import com.vaadin.v7.ui.PasswordField;
51  import com.vaadin.v7.ui.VerticalLayout;
52  
53  /**
54   * Password field that is capable of
55   * <ul>
56   *     <li>Checking if current user password matches the entered one in the current password field (compared using BCrypt).</li>
57   *     <li>Verifying whether passwords entered in the password verification fields matches.</li>
58   * </ul>
59   */
60  public class PasswordFields extends CustomField<String> {
61  
62      private PasswordField passwordField;
63      private PasswordField verificationField;
64      private PasswordField currentPasswordField;
65      private Provider<Context> contextProvider;
66      private PasswordFieldDefinition definition;
67      private VerticalLayout layout;
68  
69      public PasswordFields(Provider<Context> contextProvider, PasswordFieldDefinition definition) {
70          this.contextProvider = contextProvider;
71          this.definition = definition;
72  
73          passwordField = new PasswordField();
74          passwordField.setNullRepresentation("");
75          passwordField.setWidth("100%");
76          if (this.definition.isVerification()) {
77              verificationField = new PasswordField();
78              verificationField.setNullRepresentation("");
79              verificationField.setWidth("100%");
80          }
81          if (this.definition.isVerificationCurrentPassword()) {
82              currentPasswordField = new PasswordField();
83              currentPasswordField.setNullRepresentation("");
84              currentPasswordField.setWidth("100%");
85          }
86  
87          getContent();
88      }
89  
90      /**
91       * Create a {@link CustomField} based on a {@link VerticalLayout}.
92       * The layout is composed by:
93       * - {@link PasswordField}.
94       * if verification:
95       * - {@link Label} (verificationMessage).
96       * - {@link PasswordField}.
97       * @deprecated since 5.5.2 - use {@link #PasswordFields(Provider, PasswordFieldDefinition)} instead.
98       */
99      @Deprecated
100     public PasswordFields(boolean verification, String verificationMessage, String verificationErrorMessage) {
101         this(MgnlContext::getInstance, new PasswordFieldDefinition());
102     }
103 
104     @Override
105     protected Component initContent() {
106         // Init layout
107         layout = new VerticalLayout();
108         if (definition.isVerificationCurrentPassword()) {
109             layout.addComponent(new Label(definition.getVerificationCurrentPasswordMessage()));
110             layout.addComponent(currentPasswordField);
111         }
112         // add inner label to passwordField only when currentPasswordField or verificationField are used because otherwise field label is enough
113         if (definition.isVerification() || definition.isVerificationCurrentPassword()) {
114             layout.addComponent(new Label(definition.getPasswordMessage()));
115         }
116         layout.addComponent(passwordField);
117         if (definition.isVerification()) {
118             layout.addComponent(new Label(definition.getVerificationMessage()));
119             layout.addComponent(verificationField);
120         }
121         return layout;
122     }
123 
124     public VerticalLayout getVerticalLayout() {
125         return this.layout;
126     }
127 
128     /**
129      * Check if both fields are equals.
130      */
131     @Override
132     public void validate() throws InvalidValueException {
133         super.validate();
134         if (StringUtils.isNotBlank(passwordField.getValue())) {
135             if (definition.isVerificationCurrentPassword()) {
136                 if (StringUtils.isBlank(currentPasswordField.getValue()) || !SecurityUtil.matchBCrypted(currentPasswordField.getValue(), contextProvider.get().getUser().getPassword())) {
137                     throw new InvalidValueException(definition.getVerificationCurrentPasswordErrorMessage());
138                 }
139             }
140             if (definition.isVerification()) {
141                 if (StringUtils.isBlank(passwordField.getValue()) || StringUtils.isBlank(verificationField.getValue())) {
142                     throw new InvalidValueException(definition.getVerificationErrorMessage());
143                 }
144                 if (!passwordField.getValue().equals(verificationField.getValue())) {
145                     throw new InvalidValueException(definition.getVerificationErrorMessage());
146                 }
147             }
148         }
149     }
150 
151     @Override
152     public boolean isValid() {
153         if (super.isValid()) {
154             try {
155                 this.validate();
156                 return true;
157             } catch (InvalidValueException ive) {
158                 return false;
159             }
160         } else {
161             return false;
162         }
163     }
164 
165     @Override
166     public Class<String> getType() {
167         return String.class;
168     }
169 
170     @Override
171     public String getValue() {
172         return passwordField.getValue();
173     }
174 
175     @Override
176     public void setValue(String newValue) throws ReadOnlyException {
177         passwordField.setValue(newValue);
178     }
179 
180     @Override
181     @SuppressWarnings("rawtypes")
182     public void setPropertyDataSource(Property newDataSource) {
183         newDataSource.setValue("");
184         passwordField.setPropertyDataSource(newDataSource);
185         if (definition.isVerification() && newDataSource.getValue() != null) {
186             verificationField.setValue(String.valueOf(newDataSource.getValue()));
187         }
188         super.setPropertyDataSource(newDataSource);
189     }
190 
191     @Override
192     public Property<?> getPropertyDataSource() {
193         return passwordField.getPropertyDataSource();
194     }
195 
196     @Override
197     public boolean isEmpty() {
198         // this method is used to evaluate if field contains non empty value for validation of required field
199         // value must be checked against NullRepresentation
200         return getValue() == passwordField.getNullRepresentation();
201     }
202 }