in jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java [315:394]
public void validateProfile( final Context context, final UserProfile profile ) {
final Session session = context.getWikiSession();
final InputValidator validator = new InputValidator( SESSION_MESSAGES, context );
final ResourceBundle rb = Preferences.getBundle( context, InternationalizationManager.CORE_BUNDLE );
// Query the SpamFilter first
final FilterManager fm = m_engine.getManager( FilterManager.class );
final List< PageFilter > ls = fm.getFilterList();
for( final PageFilter pf : ls ) {
if( pf instanceof SpamFilter ) {
if( !( ( SpamFilter )pf ).isValidUserProfile( context, profile ) ) {
session.addMessage( SESSION_MESSAGES, "Invalid userprofile" );
return;
}
break;
}
}
// If container-managed auth and user not logged in, throw an error
if ( m_engine.getManager( AuthenticationManager.class ).isContainerAuthenticated()
&& !context.getWikiSession().isAuthenticated() ) {
session.addMessage( SESSION_MESSAGES, rb.getString("security.error.createprofilebeforelogin") );
}
validator.validateNotNull( profile.getLoginName(), rb.getString("security.user.loginname") );
validator.validateNotNull( profile.getFullname(), rb.getString("security.user.fullname") );
validator.validate( profile.getEmail(), rb.getString("security.user.email"), InputValidator.EMAIL );
if( !m_engine.getManager( AuthenticationManager.class ).isContainerAuthenticated() ) {
// passwords must match and can't be null
final String password = profile.getPassword();
if( password == null ) {
session.addMessage( SESSION_MESSAGES, rb.getString( "security.error.blankpassword" ) );
} else {
final HttpServletRequest request = context.getHttpRequest();
final String password0 = ( request == null ) ? null : request.getParameter( "password0" );
final String password2 = ( request == null ) ? null : request.getParameter( "password2" );
if( !password.equals( password2 ) ) {
session.addMessage( SESSION_MESSAGES, rb.getString( "security.error.passwordnomatch" ) );
}
if( !profile.isNew() && !getUserDatabase().validatePassword( profile.getLoginName(), password0 ) ) {
session.addMessage( SESSION_MESSAGES, rb.getString( "security.error.passwordnomatch" ) );
}
}
}
UserProfile otherProfile;
final String fullName = profile.getFullname();
final String loginName = profile.getLoginName();
final String email = profile.getEmail();
// It's illegal to use as a full name someone else's login name
try {
otherProfile = getUserDatabase().find( fullName );
if( otherProfile != null && !profile.equals( otherProfile ) && !fullName.equals( otherProfile.getFullname() ) ) {
final Object[] args = { fullName };
session.addMessage( SESSION_MESSAGES, MessageFormat.format( rb.getString( "security.error.illegalfullname" ), args ) );
}
} catch( final NoSuchPrincipalException e ) { /* It's clean */ }
// It's illegal to use as a login name someone else's full name
try {
otherProfile = getUserDatabase().find( loginName );
if( otherProfile != null && !profile.equals( otherProfile ) && !loginName.equals( otherProfile.getLoginName() ) ) {
final Object[] args = { loginName };
session.addMessage( SESSION_MESSAGES, MessageFormat.format( rb.getString( "security.error.illegalloginname" ), args ) );
}
} catch( final NoSuchPrincipalException e ) { /* It's clean */ }
// It's illegal to use multiple accounts with the same email
try {
otherProfile = getUserDatabase().findByEmail( email );
if( otherProfile != null && !profile.getUid().equals( otherProfile.getUid() ) // Issue JSPWIKI-1042
&& !profile.equals( otherProfile ) && StringUtils.lowerCase( email )
.equals( StringUtils.lowerCase( otherProfile.getEmail() ) ) ) {
final Object[] args = { email };
session.addMessage( SESSION_MESSAGES, MessageFormat.format( rb.getString( "security.error.email.taken" ), args ) );
}
} catch( final NoSuchPrincipalException e ) { /* It's clean */ }
}