1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package com.xpn.xwiki.api

File User.java

 

Coverage histogram

../../../../img/srcFileCovDistChart7.png
64% of files have more coverage

Code metrics

8
33
6
1
186
90
14
0.42
5.5
6
2.33

Classes

Class Line # Actions
User 46 33 0% 14 14
0.7021276470.2%
 

Contributing tests

This file is covered by 2 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.api;
21   
22    import java.text.MessageFormat;
23   
24    import org.slf4j.Logger;
25    import org.slf4j.LoggerFactory;
26    import org.xwiki.model.EntityType;
27    import org.xwiki.model.reference.DocumentReferenceResolver;
28    import org.xwiki.model.reference.EntityReference;
29   
30    import com.xpn.xwiki.XWikiContext;
31    import com.xpn.xwiki.XWikiException;
32    import com.xpn.xwiki.doc.XWikiDocument;
33    import com.xpn.xwiki.objects.BaseObject;
34    import com.xpn.xwiki.objects.classes.PasswordClass;
35    import com.xpn.xwiki.user.api.XWikiUser;
36    import com.xpn.xwiki.util.Programming;
37    import com.xpn.xwiki.web.Utils;
38   
39    /**
40    * Scriptable API for easy handling of users. For the moment this API is very limited, containing only one method. In
41    * the future it should be extended to provide useful methods for working with users.
42    *
43    * @version $Id: 593416a5ddfc1503f45443c739d08efd5e65f0ca $
44    * @since Platform-1.0
45    */
 
46    public class User extends Api
47    {
48    /** Logging helper object. */
49    protected static final Logger LOGGER = LoggerFactory.getLogger(User.class);
50   
51    /** User class reference. */
52    private static final EntityReference USERCLASS_REFERENCE = new EntityReference("XWikiUsers", EntityType.DOCUMENT,
53    new EntityReference("XWiki", EntityType.SPACE));
54   
55    /** Reference resolver. */
56    private static final DocumentReferenceResolver<String> REFERENCE_RESOLVER = Utils.getComponent(
57    DocumentReferenceResolver.TYPE_STRING, "currentmixed");
58   
59    /** The wrapped XWikiUser object. */
60    private XWikiUser user;
61   
62    /**
63    * Constructs a wrapper for the given protected XWikiUser object.
64    *
65    * @param user The XWikiUser object that should be wrapper.
66    * @param context The current {@link XWikiContext context}.
67    */
 
68  8 toggle public User(XWikiUser user, XWikiContext context)
69    {
70  8 super(context);
71  8 this.user = user;
72    }
73   
74    /**
75    * Expose the wrapped XWikiUser object. Requires programming rights.
76    *
77    * @return The wrapped XWikiUser object, or <tt>null</tt> if the user does not have programming rights.
78    */
 
79  0 toggle @Programming
80    public XWikiUser getUser()
81    {
82  0 if (hasProgrammingRights()) {
83  0 return this.user;
84    }
85  0 return null;
86    }
87   
88    /**
89    * Check if the user belongs to a group or not. This method only check direct membership (no recursive checking) in
90    * the current wiki.
91    *
92    * @param groupName The group to check.
93    * @return <tt>true</tt> if the user does belong to the specified group, false otherwise or if an exception occurs.
94    */
 
95  4 toggle public boolean isUserInGroup(String groupName)
96    {
97  4 boolean result = false;
98  4 try {
99  4 if (this.user == null) {
100  1 LOGGER.warn("Invalid null user");
101    } else {
102  3 result = this.user.isUserInGroup(groupName, getXWikiContext());
103    }
104    } catch (Exception ex) {
105  0 LOGGER.warn(new MessageFormat("Unhandled exception while checking if user {0}"
106    + " belongs to group {1}").format(new java.lang.Object[] { this.user, groupName }), ex);
107    }
108  4 return result;
109    }
110   
111    /**
112    * <p>
113    * See if the user is global (i.e. registered in the main wiki) or local to a virtual wiki.
114    * </p>
115    * <p>
116    * This method is not public, as the underlying implementation is not fully functional
117    * </p>
118    *
119    * @return <tt>true</tt> if the user is global, false otherwise or if an exception occurs.
120    */
 
121  0 toggle protected boolean isMain()
122    {
123  0 return this.user.isMain();
124    }
125   
126    /**
127    * API to retrieve the e-mail address of this user. This e-mail address is taken from the user profile. If the user
128    * hasn't changed his profile, then this is the e-mail address he filled in the registration form.
129    *
130    * @return The e-mail address from the user profile, or <tt>null</tt> if there is an error retrieving the email.
131    * @since 1.1.3
132    * @since 1.2.2
133    * @since 1.3M2
134    */
 
135  2 toggle public String getEmail()
136    {
137  2 XWikiDocument userDoc;
138  2 try {
139  2 userDoc = getXWikiContext().getWiki().getDocument(this.user.getUser(), getXWikiContext());
140  1 BaseObject obj = userDoc.getObject("XWiki.XWikiUsers");
141  1 return obj.getStringValue("email");
142    } catch (Exception e) {
143    // APIs should never throw errors, as velocity cannot catch them, and scripts should be
144    // as robust as possible. Instead, the code using this should know that null means there
145    // was an error, if it really needs to report these exceptions.
146  1 return null;
147    }
148    }
149   
150    /**
151    * Check if the password passed as argument is the user password. This method is used when a user wants to change
152    * its password. To make sure that it wouldn't be used to perform brute force attacks, we ensure that this is only
153    * used to check the current user password on its profile page.
154    *
155    * @param password Password submitted.
156    * @return true if password is really the user password.
157    * @throws XWikiException error if authorization denied.
158    */
 
159  2 toggle public boolean checkPassword(String password) throws XWikiException
160    {
161  2 EntityReference userReference = REFERENCE_RESOLVER.resolve(this.user.getUser());
162  2 EntityReference docReference = getXWikiContext().getDoc().getDocumentReference();
163  2 if (userReference.equals(getXWikiContext().getUserReference()) && userReference.equals(docReference)) {
164  2 try {
165  2 boolean result = false;
166   
167  2 XWikiDocument userDoc = getXWikiContext().getWiki().getDocument(userReference, getXWikiContext());
168  2 BaseObject obj = userDoc.getXObject(USERCLASS_REFERENCE);
169    // We only allow empty password from users having a XWikiUsers object.
170  2 if (obj != null) {
171  2 final String stored = obj.getStringValue("password");
172  2 result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored);
173    }
174   
175  2 return result;
176    } catch (Throwable e) {
177  0 LOGGER.error("Failed to check password", e);
178  0 return false;
179    }
180    } else {
181  0 throw new XWikiException(XWikiException.MODULE_XWIKI_ACCESS, XWikiException.ERROR_XWIKI_ACCESS_DENIED,
182    "You cannot use this method for checking another user password.", null);
183    }
184    }
185   
186    }