updating to last version of 1.4.5

Author: catalry

src/main/java/com/ec/survey/controller/BasicController.java

@@ -135,6 +135,8 @@ public class BasicController implements BeanFactoryAware {
 	public @Value("${ecashost}") String ecashost;	
 	public @Value("${sender}") String sender;
 	public @Value("${captcha.bypass:@null}") String bypassCaptcha;
+	public @Value("${ui.enablepublicsurveys}") String enablepublicsurveys;
+	
 	//OCAS
 	public @Value("${casoss}") String cassOss;
 	protected @Value("${contextpath}") String contextpath;	
@@ -200,6 +202,14 @@ public ModelAndView handleBad2faCredentialsException(Exception e, HttpServletReq
 		return model;
     }
 
+	@ExceptionHandler(com.ec.survey.tools.FrozenCredentialsException.class) 
+    public ModelAndView handleFrozenCredentialsException(Exception e, HttpServletRequest request) {
+		logger.info(e.getLocalizedMessage(), e);
+		ModelAndView model =  new ModelAndView("redirect:/errors/frozen.html");
+		model.addObject("contextpath", contextpath);
+		return model;
+    }
+	
 	@ExceptionHandler(InvalidURLException.class) 
     public ModelAndView handleInvalidURLException(Exception e, HttpServletRequest request) {
 		logger.info(e.getLocalizedMessage(), e);

src/main/java/com/ec/survey/controller/HomeController.java

@@ -671,6 +671,11 @@ public ModelAndView publicsurveysrunner(HttpServletRequest request) throws Excep
 
 	public ModelAndView publicsurveys(HttpServletRequest request) throws Exception {	
 
+		if (!enablepublicsurveys.equalsIgnoreCase("true"))
+		{
+			throw new InvalidURLException();
+		}
+		
 		SurveyFilter filter = sessionService.getSurveyFilter(request, false);
 		filter.setUser(null);		
 		String newPage = request.getParameter("newPage");				
@@ -724,6 +729,11 @@ else if (sortKey.equalsIgnoreCase("popularity"))
 	@RequestMapping(value = "/home/publicsurveysjson", method = {RequestMethod.GET, RequestMethod.HEAD})
 	public @ResponseBody List<Survey> publicsurveysjson(HttpServletRequest request) throws Exception {	
 
+		if (!enablepublicsurveys.equalsIgnoreCase("true"))
+		{
+			throw new InvalidURLException();
+		}
+		
 		int itemsPerPage = 10;
 		int newPage = 1;
 

src/main/java/com/ec/survey/controller/HttpErrorController.java

@@ -57,6 +57,12 @@ public ModelAndView handleException(HttpServletRequest request){
 	@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
 	public ModelAndView handle2fa(HttpServletRequest request){
 		return new ModelAndView("error/2fa","error","exception" );
+	}
+	
+	@RequestMapping(value = "/frozen.html")
+	@ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR)
+	public ModelAndView handlefrozen(HttpServletRequest request){
+		return new ModelAndView("error/frozen","error","exception" );
 	}	
 
 }

src/main/java/com/ec/survey/controller/ManagementController.java

@@ -60,8 +60,7 @@ public class ManagementController extends BasicController {
 	public @Value("${opc.users}") String opcusers;
 	public @Value("${opc.department:@null}") String opcdepartments;
 	public @Value("${opc.template}") String opctemplatesurvey;
-	public @Value("${ui.enablepublicsurveys}") String enablepublicsurveys;
-
+	
 	@InitBinder
 	protected void initBinder(HttpServletRequest request, ServletRequestDataBinder binder) {
         SimpleDateFormat dateFormat = new SimpleDateFormat(ConversionTools.DateFormat);

src/main/java/com/ec/survey/controller/SettingsController.java

@@ -60,8 +60,30 @@ public String root(HttpServletRequest request, Locale locale, Model model) throw
 	}	
 
 	@RequestMapping(value = "/myAccount", method = {RequestMethod.GET, RequestMethod.HEAD})
-	public String myAccount(ModelMap model){
+	public String myAccount(HttpServletRequest request, ModelMap model, Locale locale) throws NotAgreedToTosException, WeakAuthenticationException{
 		model.addAttribute("languages", surveyService.getLanguages());
+		
+		String message = request.getParameter("message");
+		if (message != null)
+		{
+			switch(message)
+			{
+				case "password":
+					model.addAttribute("message", resources.getMessage("info.PasswordChanged", null, "The password has been changed", locale));
+					break;
+				case "email":
+					model.addAttribute("message", resources.getMessage("message.NewEmailAddressSend", null, "The email address will be changed after confirmation", locale));
+					break;
+				case "language":
+					User user = sessionService.getCurrentUser(request);
+					model.addAttribute("message", resources.getMessage("message.LanguageChanged", null, "The language has been changed", new Locale(user.getLanguage())));
+					break;
+				case "pivot":
+					model.addAttribute("message", resources.getMessage("message.LanguageChanged", null, "The language has been changed", locale));
+					break;
+			}
+		}
+		
 		return "settings/myAccount";
 	}
 
@@ -107,10 +129,9 @@ public String changePassword(HttpServletRequest request, ModelMap model, Locale
 		user.setPassword(Tools.hash(newPassword + user.getPasswordSalt()));
 
 		administrationService.updateUser(user);
-		sessionService.setCurrentUser(request, user);
+		sessionService.setCurrentUser(request, user);		
 
-		model.addAttribute("message", resources.getMessage("info.PasswordChanged", null, "The password has been changed", locale));
-		return "settings/myAccount";		
+		return "redirect:/settings/myAccount?message=password";		
 	}
 
 	@RequestMapping(value = "/changeEmail", method = RequestMethod.POST)
@@ -161,8 +182,7 @@ public String changeEmail(HttpServletRequest request, ModelMap model, Locale loc
 			return "settings/myAccount";
 		}
 
-		model.addAttribute("message", resources.getMessage("message.NewEmailAddressSend", null, "The email address will be changed after confirmation", locale));
-		return "settings/myAccount";		
+		return "redirect:/settings/myAccount?message=email";	
 	}
 
 	@RequestMapping(value = "/changeLanguage", method = RequestMethod.POST)
@@ -177,9 +197,8 @@ public String changeLanguage(HttpServletRequest request, HttpServletResponse res
 		sessionService.setCurrentUser(request, user);
 
 		localeResolver.setLocale(request, response, new Locale(user.getLanguage()));
-		model.addAttribute("languages", surveyService.getLanguages());
-		model.addAttribute("message", resources.getMessage("message.LanguageChanged", null, "The language has been changed", new Locale(user.getLanguage())));
-		return "settings/myAccount";
+	
+		return "redirect:/settings/myAccount?message=language";
 	}
 
 	@RequestMapping(value = "/changePivotLanguage", method = RequestMethod.POST)
@@ -192,9 +211,7 @@ public String changePivotLanguage(HttpServletRequest request, ModelMap model, Lo
 		administrationService.updateUser(user);
 
 		sessionService.setCurrentUser(request, user);
-		model.addAttribute("languages", surveyService.getLanguages());
-		model.addAttribute("message", resources.getMessage("message.LanguageChanged", null, "The language has been changed", locale));
-		return "settings/myAccount";
+		return "redirect:/settings/myAccount?message=pivot";
 	}
 
 	@RequestMapping(value = "/shares")

src/main/java/com/ec/survey/controller/SystemController.java

@@ -155,9 +155,148 @@ public ModelAndView system(HttpServletRequest request, Model model) {
 		m.addObject("reportMessageText", settingsService.get(Setting.ReportText));
 		m.addObject("reportRecipients", settingsService.get(Setting.ReportRecipients));
 
+		m.addObject("banUserMessageText", settingsService.get(Setting.FreezeUserTextAdminBan));
+		m.addObject("unbanUserMessageText", settingsService.get(Setting.FreezeUserTextAdminUnban));
+		m.addObject("bannedUserRecipients", settingsService.get(Setting.BannedUserRecipients));
+		
+		m.addObject("bannedUserMessageText", settingsService.get(Setting.FreezeUserTextBan));
+		m.addObject("unbannedUserMessageText", settingsService.get(Setting.FreezeUserTextUnban));
+		
+		m.addObject("trustIndicatorCreatorInternal", settingsService.get(Setting.TrustValueCreatorInternal));
+		m.addObject("trustIndicatorMinimumPassMark", settingsService.get(Setting.TrustValueMinimumPassMark));
+		m.addObject("trustIndicatorPastSurveys", settingsService.get(Setting.TrustValuePastSurveys));
+		m.addObject("trustIndicatorPrivilegedUser", settingsService.get(Setting.TrustValuePrivilegedUser));
+		m.addObject("trustIndicatorNbContributions", settingsService.get(Setting.TrustValueNbContributions));
+		
 		return m;
 	}
 
+	@RequestMapping(value ="/configureBanUsers", method = RequestMethod.POST)
+	public ModelAndView configureBanUsers( HttpServletRequest request, Locale locale) throws Exception {
+		String banUserMessageText = request.getParameter("banUserMessageText");
+		
+		if (banUserMessageText == null || banUserMessageText.length() == 0)
+		{
+			throw new Exception("banUserMessageText must not be empty");
+		}
+		
+		String unbanUserMessageText = request.getParameter("unbanUserMessageText");
+		
+		if (unbanUserMessageText == null || unbanUserMessageText.length() == 0)
+		{
+			throw new Exception("unbanUserMessageText must not be empty");
+		}
+		
+		String bannedUserMessageText = request.getParameter("bannedUserMessageText");
+		
+		if (bannedUserMessageText == null || bannedUserMessageText.length() == 0)
+		{
+			throw new Exception("bannedUserMessageText must not be empty");
+		}
+		
+		String unbannedUserMessageText = request.getParameter("unbannedUserMessageText");
+		
+		if (unbannedUserMessageText == null || unbannedUserMessageText.length() == 0)
+		{
+			throw new Exception("unbannedUserMessageText must not be empty");
+		}
+		
+		String[] emails = request.getParameterValues("messageEmail");
+		String recipients = "";
+		if (emails != null)
+		{
+			for (String email : emails) {
+				if (email.trim().length() > 0)
+				{
+					if (!MailService.isValidEmailAddress(email))
+					{
+						throw new Exception("invalid email address:" + email);
+					}					
+					
+					if (recipients.length() > 0)
+					{
+						recipients += ";";
+					}
+					recipients += email;
+				}
+			}
+		}
+		
+		settingsService.update(Setting.BannedUserRecipients, recipients);
+		settingsService.update(Setting.FreezeUserTextAdminBan, banUserMessageText);
+		settingsService.update(Setting.FreezeUserTextAdminUnban, unbanUserMessageText);
+		settingsService.update(Setting.FreezeUserTextBan, bannedUserMessageText);
+		settingsService.update(Setting.FreezeUserTextUnban, unbannedUserMessageText);
+		
+		return new ModelAndView("redirect:/administration/system");
+	}
+	
+	@RequestMapping(value ="/configureTrustIndicator", method = RequestMethod.POST)
+	public ModelAndView configureTrustIndicator( HttpServletRequest request, Locale locale) throws Exception {
+		String trustIndicatorCreatorInternal = request.getParameter("trustIndicatorCreatorInternal");
+		
+		if (trustIndicatorCreatorInternal == null || trustIndicatorCreatorInternal.length() == 0)
+		{
+			throw new Exception("trustIndicatorCreatorInternal must not be empty");
+		}
+		if (!Tools.isInteger(trustIndicatorCreatorInternal))
+		{
+			throw new Exception("trustIndicatorCreatorInternal must be an integer");
+		}		
+		
+		String trustIndicatorMinimumPassMark = request.getParameter("trustIndicatorMinimumPassMark");
+		
+		if (trustIndicatorMinimumPassMark == null || trustIndicatorMinimumPassMark.length() == 0)
+		{
+			throw new Exception("trustIndicatorMinimumPassMark must not be empty");
+		}
+		if (!Tools.isInteger(trustIndicatorMinimumPassMark))
+		{
+			throw new Exception("trustIndicatorMinimumPassMark must be an integer");
+		}
+		
+		String trustIndicatorPastSurveys = request.getParameter("trustIndicatorPastSurveys");
+		
+		if (trustIndicatorPastSurveys == null || trustIndicatorPastSurveys.length() == 0)
+		{
+			throw new Exception("trustIndicatorPastSurveys must not be empty");
+		}
+		if (!Tools.isInteger(trustIndicatorPastSurveys))
+		{
+			throw new Exception("trustIndicatorPastSurveys must be an integer");
+		}
+		
+		String trustIndicatorPrivilegedUser = request.getParameter("trustIndicatorPrivilegedUser");
+		
+		if (trustIndicatorPrivilegedUser == null || trustIndicatorPrivilegedUser.length() == 0)
+		{
+			throw new Exception("trustIndicatorPrivilegedUser must not be empty");
+		}
+		if (!Tools.isInteger(trustIndicatorPrivilegedUser))
+		{
+			throw new Exception("trustIndicatorPrivilegedUser must be an integer");
+		}
+		
+		String trustIndicatorNbContributions = request.getParameter("trustIndicatorNbContributions");
+		
+		if (trustIndicatorNbContributions == null || trustIndicatorNbContributions.length() == 0)
+		{
+			throw new Exception("trustIndicatorNbContributions must not be empty");
+		}
+		if (!Tools.isInteger(trustIndicatorNbContributions))
+		{
+			throw new Exception("trustIndicatorNbContributions must be an integer");
+		}
+				
+		settingsService.update(Setting.TrustValueCreatorInternal, trustIndicatorCreatorInternal);
+		settingsService.update(Setting.TrustValuePastSurveys, trustIndicatorPastSurveys);
+		settingsService.update(Setting.TrustValuePrivilegedUser, trustIndicatorPrivilegedUser);
+		settingsService.update(Setting.TrustValueMinimumPassMark, trustIndicatorMinimumPassMark);
+		settingsService.update(Setting.TrustValueNbContributions, trustIndicatorNbContributions);
+		
+		return new ModelAndView("redirect:/administration/system");
+	}
+	
 	@RequestMapping(value ="/configureReports", method = RequestMethod.POST)
 	public ModelAndView configureReports( HttpServletRequest request, Locale locale) throws Exception {	
 		String number = request.getParameter("maxNumber");

src/main/java/com/ec/survey/controller/UserController.java

@@ -1,6 +1,7 @@
 package com.ec.survey.controller;
 
 import com.ec.survey.model.Paging;
+import com.ec.survey.model.Setting;
 import com.ec.survey.model.SqlPagination;
 import com.ec.survey.model.UserFilter;
 import com.ec.survey.model.UsersConfiguration;
@@ -79,7 +80,36 @@ public ModelAndView users(HttpServletRequest request, Model model) throws Except
     	if (usersConfiguration == null) usersConfiguration = new UsersConfiguration();
     	m.addObject("usersConfiguration", usersConfiguration);
 
-		return m;
+    	m.addObject("freezeusertext", settingsService.get(Setting.FreezeUserTextBan));
+    	m.addObject("unfreezeusertext", settingsService.get(Setting.FreezeUserTextUnban));
+
+    	return m;
+	}
+	
+	@RequestMapping(value = "/banuser", method = RequestMethod.POST)
+	public ModelAndView banuser(@RequestParam("userId") String userId, @RequestParam("emailText") String emailText, HttpServletRequest request, Model model) throws Exception {	
+		
+		if (userId == null || userId.length() == 0 || emailText == null || emailText.length() == 0)
+		{
+			throw new Exception("invalid input data");
+		}
+			
+		administrationService.banUser(userId, emailText);
+		
+		return new ModelAndView("redirect:/administration/users?frozen=1");	
+	}
+	
+	@RequestMapping(value = "/unbanuser", method = RequestMethod.POST)
+	public ModelAndView unbanuser(@RequestParam("userId") String userId, HttpServletRequest request, Model model) throws Exception {	
+		
+		if (userId == null || userId.length() == 0)
+		{
+			throw new Exception("invalid input data");
+		}
+			
+		administrationService.unbanUser(userId);
+		
+		return new ModelAndView("redirect:/administration/users?unfrozen=1");	
 	}
 
 	@RequestMapping(value = "/createUser", method = RequestMethod.POST)
@@ -100,7 +130,7 @@ public ModelAndView createUser(@RequestParam("add-login") String login, @Request
 			if (Tools.isPasswordWeak(password))
 			{
 				model.addAttribute("error", resources.getMessage("error.PasswordWeak", null, "This password does not fit our password policy. Please choose a password between 8 and 16 characters with at least one digit and one non-alphanumeric characters (e.g. !?$&%...).", locale));
-			} else {			
+			} else {
 				User user = new User();
 				user.setValidated(true);
 				user.setLogin(login);
@@ -114,19 +144,24 @@ public ModelAndView createUser(@RequestParam("add-login") String login, @Request
 				user.setLanguage(language);
 				user.setType(User.SYSTEM);
 
-				if (roles != null && roles.length() > 0)
+				if (!administrationService.checkEmailsNotBanned(user.getAllEmailAddresses()))
 				{
-					String[] ids = roles.split(";");
-					Map<Integer, Role> rolesById = administrationService.getAllRolesAsMap();
-					for (String id : ids) {
-						if (rolesById.containsKey(Integer.parseInt(id)))
-						{
-							user.getRoles().add(rolesById.get(Integer.parseInt(id)));
-						}
-					}				
+					model.addAttribute("error", resources.getMessage("error.EmailBanned", null, "This email adress belongs to a banned user.", locale));
+				} else {
+					if (roles != null && roles.length() > 0)
+					{
+						String[] ids = roles.split(";");
+						Map<Integer, Role> rolesById = administrationService.getAllRolesAsMap();
+						for (String id : ids) {
+							if (rolesById.containsKey(Integer.parseInt(id)))
+							{
+								user.getRoles().add(rolesById.get(Integer.parseInt(id)));
+							}
+						}				
+					}
+					
+					administrationService.createUser(user);
 				}
-				
-				administrationService.createUser(user);
 			}
 		} else {
 			model.addAttribute("error", resources.getMessage("error.LoginExists", null, "This login already exists. Please choose a unique login.", locale));
@@ -201,5 +236,5 @@ public ModelAndView deleteUser(@RequestParam("id") String id, HttpServletRequest
 		}
 		return users(request, model);
 	}
-		
+			
 }