<%@ page contentType="text/html; charset=UTF-8" %>
<%--
-
- Copyright (C) 2004-2008 Jive Software, 2017-2025 Ignite Realtime Foundation. All rights reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--%>
<%@ page import="org.jivesoftware.util.ParamUtils,
org.jivesoftware.util.StringUtils,
org.jivesoftware.util.CookieUtils,
org.jivesoftware.openfire.user.*,
java.net.URLEncoder"
errorPage="error.jsp"
%><%@ page import="org.xmpp.packet.JID"%>
<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
<%@ page import="org.jivesoftware.util.StringUtils" %>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>
<%@ page import="java.nio.charset.StandardCharsets" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<%@ taglib prefix="admin" uri="admin" %>
<% webManager.init(request, response, session, application, out ); %>
<% // Get parameters
boolean save = ParamUtils.getBooleanParameter(request,"save");
boolean success = ParamUtils.getBooleanParameter(request,"success");
String username = ParamUtils.getParameter(request,"username");
String name = ParamUtils.getParameter(request,"name");
String email = ParamUtils.getParameter(request,"email");
boolean isAdmin = ParamUtils.getBooleanParameter(request,"isadmin");
Map errors = new HashMap<>();
Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
String csrfParam = ParamUtils.getParameter(request, "csrf");
if (save) {
if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
save = false;
errors.put("csrf", "CSRF Failure");
}
}
csrfParam = StringUtils.randomString(15);
CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
pageContext.setAttribute("csrf", csrfParam);
// Handle a cancel
if (request.getParameter("cancel") != null) {
response.sendRedirect("user-properties.jsp?username=" + URLEncoder.encode(username, StandardCharsets.UTF_8));
return;
}
// Load the user object
User user = webManager.getUserManager().getUser(username);
// Handle a save
if (save) {
// If provider requires email, validate
if (UserManager.getUserProvider().isEmailRequired()) {
if (!StringUtils.isValidEmailAddress(email)) {
errors.put("email","");
}
}
// If provider requires name, validate
if (UserManager.getUserProvider().isNameRequired()) {
if (name == null || name.isEmpty()) {
errors.put("name","");
}
}
if (errors.isEmpty()) {
user.setEmail(email);
user.setName(name);
if (!AdminManager.getAdminProvider().isReadOnly()) {
boolean isCurrentAdmin = AdminManager.getInstance().isUserAdmin(user.getUsername(), false);
if (isCurrentAdmin && !isAdmin) {
AdminManager.getInstance().removeAdminAccount(user.getUsername());
}
else if (!isCurrentAdmin && isAdmin) {
AdminManager.getInstance().addAdminAccount(user.getUsername());
}
}
if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
// Log the event
webManager.logEvent("edited user "+username, "set name = "+name+", email = "+email+", admin = "+isAdmin);
}
// Changes good, so redirect
response.sendRedirect("user-properties.jsp?editsuccess=true&username=" + URLEncoder.encode(username, StandardCharsets.UTF_8));
return;
}
}
pageContext.setAttribute("errors", errors);
pageContext.setAttribute("success", success);
%>
<fmt:message key="user.edit.form.title"/>:
()