CCM NG: Todays progress on admin and login applications

git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3978 8810af33-2d31-482b-a856-94f89814c4df

ccm-core/src/main/java/com/arsdigita/kernel/security/SecurityConfig.java

@@ -41,7 +41,7 @@ public final class SecurityConfig {
         new String[]{".jpg", ".gif", ".png", ".pdf"});
 
     @Setting
-    private Boolean autoRegistrationEnabled = false;
+    private Boolean autoRegistrationEnabled = true;
 
     @Setting
     private Boolean passwordRecoveryEnabled = true;

ccm-core/src/main/java/com/arsdigita/ui/admin/usersgroupsroles/UserAdmin.java

@@ -770,12 +770,12 @@ public class UserAdmin extends BoxPanel {
                 "ui.admin.new_user_form.password_options.send_password.label",
                 ADMIN_BUNDLE)));
         passwordOptionsGroup.addOption(sendPasswordOption);
-        newUserForm.add(passwordOptionsGroup);
+        form.add(passwordOptionsGroup);
 
         final SaveCancelSection saveCancelSection = new SaveCancelSection();
-        newUserForm.add(saveCancelSection);
+        form.add(saveCancelSection);
 
-        newUserForm.addValidationListener(e -> {
+        form.addValidationListener(e -> {
             final PageState state = e.getPageState();
 
             if (saveCancelSection.getSaveButton().isSelected(state)) {
@@ -868,7 +868,7 @@ public class UserAdmin extends BoxPanel {
             }
         });
 
-        return newUserForm;
+        return form;
     }
 
     @Override

ccm-core/src/main/java/com/arsdigita/ui/login/UserNewForm.java

@@ -33,14 +33,19 @@ import com.arsdigita.bebop.parameters.NotEmptyValidationListener;
 import com.arsdigita.bebop.parameters.StringLengthValidationListener;
 import com.arsdigita.globalization.GlobalizedMessage;
 import com.arsdigita.kernel.security.SecurityConfig;
+import com.arsdigita.web.RedirectSignal;
+import com.arsdigita.web.URL;
 
 import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.security.ChallengeManager;
+import org.libreccm.security.Shiro;
 import org.libreccm.security.User;
 import org.libreccm.security.UserManager;
 import org.libreccm.security.UserRepository;
 
+import java.util.concurrent.Callable;
+
 import javax.mail.MessagingException;
 
 import static com.arsdigita.ui.login.LoginConstants.*;
@@ -176,6 +181,16 @@ public class UserNewForm extends Form {
     }
 
     private void addListeners() {
+        addSubmissionListener(e -> {
+            final PageState state = e.getPageState();
+
+            if (saveCancelSection.getCancelButton().isSelected(state)) {
+                throw new RedirectSignal(URL.there(state.getRequest(),
+                                                   LOGIN_PAGE_URL),
+                                         false);
+            }
+        });
+
         addValidationListener(e -> {
             final PageState state = e.getPageState();
 
@@ -234,40 +249,46 @@ public class UserNewForm extends Form {
                 final FormData data = e.getFormData();
 
                 final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-                final UserRepository userRepository = cdiUtil.findBean(
-                    UserRepository.class);
-                final UserManager userManager = cdiUtil.findBean(
-                    UserManager.class);
 
-                final String givenNameData = (String) data.get(GIVEN_NAME);
+                final Shiro shiro = cdiUtil.findBean(Shiro.class);
-                final String familyNameData = (String) data
+                shiro.getSystemUser().execute(() -> {
-                    .get(FAMILY_NAME);
+                    final UserRepository userRepository = cdiUtil.findBean(
-                final String username = (String) data.get(USERNAME);
+                        UserRepository.class);
-                final String emailAddress = (String) data.get(EMAIL);
+                    final UserManager userManager = cdiUtil.findBean(
-                final String passwordData = (String) data.get(PASSWORD);
+                        UserManager.class);
-                final User user = userManager.createUser(givenNameData,
-                                                         familyNameData,
-                                                         username,
-                                                         emailAddress,
-                                                         passwordData);
-                user.setBanned(true);
-                userRepository.save(user);
 
-                //challenge erzeugen
+                    final String givenNameData = (String) data.get(
-                final ChallengeManager challengeManager = cdiUtil.findBean(
+                        GIVEN_NAME);
-                    ChallengeManager.class);
+                    final String familyNameData = (String) data
-                try {
+                        .get(FAMILY_NAME);
-                    challengeManager.sendAccountActivation(user);
+                    final String username = (String) data.get(USERNAME);
-                } catch (MessagingException ex) {
+                    final String emailAddress = (String) data.get(EMAIL);
-                    throw new FormProcessException(
+                    final String passwordData = (String) data.get(PASSWORD);
-                        "Failed to send account activation challenge.",
+                    final User user = userManager.createUser(givenNameData,
-                        new GlobalizedMessage(
+                                                             familyNameData,
-                            "login.form_new_user.error.creating_challenge_failed",
+                                                             username,
-                            LOGIN_BUNDLE), ex);
+                                                             emailAddress,
-                }
+                                                             passwordData);
+                    user.setBanned(true);
+                    userRepository.save(user);
 
-                formPanel.setVisible(state, false);
+                    //challenge erzeugen
-                finishedMessagePanel.setVisible(state, true);
+                    final ChallengeManager challengeManager = cdiUtil
+                        .findBean(ChallengeManager.class);
+                    try {
+                        challengeManager.sendAccountActivation(user);
+                    } catch (MessagingException ex) {
+                        throw new FormProcessException(
+                            "Failed to send account activation challenge.",
+                            new GlobalizedMessage(
+                                "login.form_new_user.error.creating_challenge_failed",
+                                LOGIN_BUNDLE), ex);
+                    }
+
+                    formPanel.setVisible(state, false);
+                    finishedMessagePanel.setVisible(state, true);
+                    return null;
+                });
             }
         });
     }

ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java

@@ -30,6 +30,7 @@ import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  * The {@code CategoryManager} provides several helper methods for managing
@@ -72,6 +73,7 @@ public class CategoryManager {
      * @param category The category to which the object should be assigned. Can
      *                 never be {@code null}.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void addObjectToCategory(final CcmObject object,
                                     final Category category) {
         if (object == null) {
@@ -118,6 +120,7 @@ public class CategoryManager {
      *                                              object is <em>not</em>
      * assigned to the provided category.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void removeObjectFromCategory(final CcmObject object,
                                          final Category category)
         throws ObjectNotAssignedToCategoryException {

ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java

@@ -24,6 +24,7 @@ import org.libreccm.web.CcmApplication;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
+import javax.transaction.Transactional;
 
 /**
  * Provides several methods when managing the relations between {@link Domain}s
@@ -84,6 +85,7 @@ public class DomainManager {
      * @param domain The {@code Domain} to which owners the
      * {@code CcmApplication is added}.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void addDomainOwner(final CcmApplication application,
                                final Domain domain) {
         final DomainOwnership ownership = new DomainOwnership();

ccm-core/src/main/java/org/libreccm/configuration/ApplicationConfigurationManager.java

@@ -34,6 +34,7 @@ import java.lang.reflect.Field;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
+import javax.transaction.Transactional;
 
 /**
  *
@@ -163,6 +164,7 @@ public class ApplicationConfigurationManager {
      * @param valueType     The type of the value of the setting.
      * @param value         The value to set.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     private <T> void setSettingValue(final Object configuration,
                                      final CcmApplication instance,
                                      final String settingName,

ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java

@@ -35,6 +35,7 @@ import java.util.StringJoiner;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
+import javax.transaction.Transactional;
 
 /**
  * Maps between configuration classes and the values stored in the registry.
@@ -278,6 +279,7 @@ public class ConfigurationManager {
      * @param valueType     The type of the value of the setting.
      * @param value         The value to set.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     private <T> void setSettingValue(final Object configuration,
                                      final String settingName,
                                      final Class<T> valueType,

ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java

@@ -36,6 +36,7 @@ import java.util.Optional;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
+import javax.transaction.Transactional;
 
 /**
  * Manages settings in the registry. Normally there should be no need to use
@@ -248,6 +249,7 @@ public class SettingManager {
      *
      * @param setting The setting to save.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void saveSetting(final AbstractSetting<?> setting) {
         if (setting.getObjectId() == 0) {
             entityManager.persist(setting);

ccm-core/src/main/java/org/libreccm/security/CcmShiroRealm.java

@@ -30,15 +30,7 @@ import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.libreccm.cdi.utils.CdiUtil;
 
-import java.util.Iterator;
 import java.util.List;
-import java.util.Set;
-
-import javax.enterprise.context.spi.CreationalContext;
-import javax.enterprise.inject.spi.Bean;
-import javax.enterprise.inject.spi.BeanManager;
-import javax.enterprise.inject.spi.CDI;
-import javax.naming.InitialContext;
 
 /**
  * Implementation of Shiro's {@link AuthorizingRealm} to provide Shiro with the

ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java

@@ -347,7 +347,7 @@ public class ChallengeManager {
 
         final Mail mail = new Mail(user.getPrimaryEmailAddress().getAddress(),
                                    kernelConfig.getSystemEmailAddress(),
-                                   "email verification");
+                                   subject);
         mail.setBody(text);
         mail.send();
     }

ccm-core/src/main/java/org/libreccm/security/GroupManager.java

@@ -25,6 +25,7 @@ import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  * Manager class providing methods for adding and removing members to and from
@@ -88,6 +89,7 @@ public class GroupManager {
      * @param member The user to remove from the group.
      * @param group The group from which the user is removed.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void removeMemberFromGroup(final User member, final Group group) {
         if (member == null) {
             throw new IllegalArgumentException(

ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java

@@ -29,6 +29,7 @@ import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 import org.apache.commons.lang.RandomStringUtils;
 
@@ -58,6 +59,7 @@ public class OneTimeAuthManager {
      *
      * @return The one time auth token.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public OneTimeAuthToken createForUser(
         final User user, final OneTimeAuthTokenPurpose purpose) {
         if (user == null || purpose == null) {
@@ -73,7 +75,7 @@ public class OneTimeAuthManager {
         token.setUser(user);
         token.setPurpose(purpose);
 
-        final String tokenStr = RandomStringUtils.randomAscii(config.
+        final String tokenStr = RandomStringUtils.randomAlphanumeric(config.
             getTokenLength());
         token.setToken(tokenStr);
 
@@ -197,6 +199,7 @@ public class OneTimeAuthManager {
      *
      * @param token The token to invalidate.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void invalidate(final OneTimeAuthToken token) {
         if (token == null) {
             throw new IllegalArgumentException("Can't invalidate a token null");

ccm-core/src/main/java/org/libreccm/security/OneTimeAuthTokenCleaner.java

@@ -32,6 +32,7 @@ import javax.inject.Inject;
 import javax.inject.Singleton;
 import javax.persistence.EntityManager;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  * This EJB uses the {@link TimerService} to run a cleanup task periodically to 
@@ -67,6 +68,7 @@ public class OneTimeAuthTokenCleaner {
     }
 
     @Timeout
+    @Transactional(Transactional.TxType.REQUIRED)
     public void cleanupTokens() {
         final TypedQuery<OneTimeAuthToken> query = entityManager.createQuery(
             "SELECT t FROM OneTimeAuthToken t", OneTimeAuthToken.class);

ccm-core/src/main/java/org/libreccm/security/PermissionManager.java

@@ -28,6 +28,7 @@ import javax.persistence.TypedQuery;
 import org.libreccm.core.CcmObject;
 
 import javax.enterprise.context.RequestScoped;
+import javax.transaction.Transactional;
 
 /**
  * Manager class for granting and revoking permissions.
@@ -56,6 +57,7 @@ public class PermissionManager {
      * @param grantee The role to which the privilege is granted.
      * @param object The object on which the privilege is granted.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void grantPrivilege(final String privilege,
                                final Role grantee,
                                final CcmObject object) {
@@ -91,6 +93,7 @@ public class PermissionManager {
      * @param privilege The privilege to grant.
      * @param grantee The role to which the privilege is granted.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void grantPrivilege(final String privilege,
                                final Role grantee) {
         if (privilege == null || privilege.isEmpty()) {
@@ -121,6 +124,7 @@ public class PermissionManager {
      * @param grantee The role to which the privilege was granted.
      * @param object The object on which the privilege was granted.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void revokePrivilege(final String privilege,
                                 final Role grantee,
                                 final CcmObject object) {
@@ -159,6 +163,7 @@ public class PermissionManager {
      * @param privilege The privilege granted by the permission to revoke.
      * @param grantee The role to which the privilege was granted.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void revokePrivilege(final String privilege,
                                 final Role grantee) {
         if (privilege == null || privilege.isEmpty()) {
@@ -193,6 +198,7 @@ public class PermissionManager {
      * @param source
      * @param target 
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void copyPermissions(final CcmObject source,
                                 final CcmObject target) {
         if (source == null) {

ccm-core/src/main/java/org/libreccm/security/RoleManager.java

@@ -25,6 +25,7 @@ import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
+import javax.transaction.Transactional;
 
 /**
  * Manager for roles providing methods for assigning the role the {@link Party}
@@ -52,6 +53,7 @@ public class RoleManager {
      * @param role  The role to assign.
      * @param party The party which to which to role is assigned.
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void assignRoleToParty(final Role role, final Party party) {
         if (role == null) {
             throw new IllegalArgumentException("Can't add party to null role");
@@ -85,6 +87,7 @@ public class RoleManager {
      * @param role
      * @param party
      */
+    @Transactional(Transactional.TxType.REQUIRED)
     public void removeRoleFromParty(final Role role, final Party party) {
         if (role == null) {
             throw new IllegalArgumentException("Can't add party to null role");

ccm-core/src/main/resources/com/arsdigita/bebop/parameters/ParameterResources.properties

@@ -0,0 +1,10 @@
+bebop.parameters.parameter_is_required=This parameter is required
+parameter_not_unique=This parameter is not unique
+string_in_range=This parameter is not between {0} and {1} characters long
+type_check={0} must be of type {1} but got {2} of type {3}
+parameter.only.letters.digits=This parameter can only contain letters and/or digits
+file_empty_or_not_found=is empty or was not found.
+file_too_large=is too large
+uri_parameter_is_invalid=This parameter must be a URI formatted according to RFC2396
+bebop.parameters.parameter_not_empty=This field must not be empty.
+bebop.parameters.must_be_valid_part_of_url=Parameter  must contain only alpha-numeric, hyphen, or underscore characters!

ccm-core/src/main/resources/com/arsdigita/bebop/parameters/ParameterResources_de.properties

@@ -0,0 +1,10 @@
+bebop.parameters.parameter_is_required=Dieser Parameter ist erforderlich
+parameter_not_unique=Dieser Parameter ist nicht einzigartig
+string_in_range=Dieser Parameter ist nicht zwischen {0} und {1} Zeichen lang
+type_check={0} muss vom Typ {1} sein, ist aber  {2} vom Typ {3}
+parameter.only.letters.digits=Dieser Parameter darf nur Buchstaben und/oder Zahlen enthalten 
+file_empty_or_not_found=ist leer oder wurde nicht gefunden.
+file_too_large=ist zu gro\u00df
+uri_parameter_is_invalid=Dieser Parameter muss ein URI sein, das entsprechend RFC2396 formatiert wird
+bebop.parameters.parameter_not_empty=Dieser Eintrag darf nicht leer sein!
+bebop.parameters.must_be_valid_part_of_url=Dieser Parameter darf nur aus Buchstaben, Zahlen, Bindestrich und Unterstrich bestehen.

ccm-core/src/main/resources/com/arsdigita/bebop/parameters/ParameterResources_en.properties

@@ -0,0 +1,10 @@
+bebop.parameters.parameter_is_required=This parameter is required
+parameter_not_unique=This parameter is not unique
+string_in_range=This parameter is not between {0} and {1} characters long
+type_check={0} must be of type {1} but got {2} of type {3}
+parameter.only.letters.digits=This parameter can only contain letters and/or digits
+file_empty_or_not_found=is empty or was not found.
+file_too_large=is too large
+uri_parameter_is_invalid=This parameter must be a URI formatted according to RFC2396
+bebop.parameters.parameter_not_empty=This field must not be empty.
+bebop.parameters.must_be_valid_part_of_url=Parameter  must contain only alpha-numeric, hyphen, or underscore characters!

ccm-core/src/main/resources/com/arsdigita/bebop/parameters/ParameterResources_es.properties

@@ -0,0 +1,5 @@
+bebop.parameters.parameter_is_required=Este par\u00e1metro es requerido
+string_in_range=Este par\u00e1metro no tiene entre {0} y {1} caracteres
+type_check={0} tiene que ser de clase {1} pero el objecto {2} es de clase {3}
+bebop.parameters.parameter_not_empty=This field must not be empty.
+bebop.parameters.must_be_valid_part_of_url=Parameter  must contain only alpha-numeric, hyphen, or underscore characters!

ccm-core/src/main/resources/com/arsdigita/bebop/parameters/ParameterResources_fr.properties

@@ -0,0 +1,6 @@
+bebop.parameters.parameter_is_required=Ce param\u00e8tre est obligatoire
+string_in_range=La longueur de ce param\u00e8tre n'est pas comprise entre  {0} et {1}
+type_check={0} doit \u00eatre de type {1} mais poss\u00e8de {2} de type {3}
+parameter.only.letters.digits=Ce param\u00e8tre ne doit contenir que des lettres ou des chiffres
+bebop.parameters.parameter_not_empty=This field must not be empty.
+bebop.parameters.must_be_valid_part_of_url=Parameter  must contain only alpha-numeric, hyphen, or underscore characters!

ccm-core/src/main/resources/com/arsdigita/ui/login/LoginResources.properties

@@ -99,3 +99,5 @@ login.form.account_activation.email.hint=Please provide the email address you pr
 login.form.reset_password.auth_token.label=One time authentication token
 login.form.reset_password.auth_token.hint=Please provide the one time authentication token which you received (usually per email)
 login.form.account_activation.success=Your account has been activated.
+login.form.new_user.error.passwords_do_not_match=Password and confirmation do not match.
+login.form_new_user.error.creating_challenge_failed=Failed to send registration confirmation. Please contact the administrator.

ccm-core/src/main/resources/com/arsdigita/ui/login/LoginResources_de.properties

@@ -99,3 +99,5 @@ login.form.account_activation.email.hint=Bitte geben Sie die E-Mail-Adresse an,
 login.form.reset_password.auth_token.label=Einmalpasswort
 login.form.reset_password.auth_token.hint=Bitte geben Sie das Einmalpasswort, dass Sie erhalten haben an (\u00fcberlicherweise per E-Mail).
 login.form.account_activation.success=Ihr Benutzerkonto wurde aktiviert.
+login.form.new_user.error.passwords_do_not_match=Passwort und Best\u00e4tigung sind nicht gleich
+login.form_new_user.error.creating_challenge_failed=Fehler beim Senden der Anmeldebest\u00e4tigung. Bitte kontaktieren Sie den Systemadministrator.

ccm-core/src/main/resources/com/arsdigita/ui/login/LoginResources_en.properties

@@ -99,3 +99,5 @@ login.form.account_activation.email.hint=Please provide the email address you pr
 login.form.reset_password.auth_token.label=One time authentication token
 login.form.reset_password.auth_token.hint=Please provide the one time authentication token which you received (usually per email)
 login.form.account_activation.success=Your account has been activated.
+login.form.new_user.error.passwords_do_not_match=Password and confirmation do not match.
+login.form_new_user.error.creating_challenge_failed=Failed to send registration confirmation. Please contact the administrator.

ccm-core/src/main/resources/com/arsdigita/ui/login/LoginResources_fr.properties

@@ -99,3 +99,5 @@ login.form.account_activation.email.hint=Please provide the email address you pr
 login.form.reset_password.auth_token.label=One time authentication token
 login.form.reset_password.auth_token.hint=Please provide the one time authentication token which you received (usually per email)
 login.form.account_activation.success=Your account has been activated.
+login.form.new_user.error.passwords_do_not_match=Password and confirmation do not match.
+login.form_new_user.error.creating_challenge_failed=Failed to send registration confirmation. Please contact the administrator.