<%@ page contentType="text/html; charset=UTF-8" %>
<%--
-
- Copyright (C) 2004-2008 Jive Software, 2017-2025 Ignite Realtime Foundation. All rights reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--%>
<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager,
org.jivesoftware.openfire.session.ClientSession,
org.jivesoftware.openfire.user.User"
errorPage="error.jsp"
%>
<%@ page import="org.jivesoftware.openfire.user.UserManager" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
<%@ page import="org.jivesoftware.util.StringUtils" %>
<%@ page import="org.jivesoftware.util.CookieUtils" %>
<%@ page import="org.xmpp.packet.JID" %>
<%@ page import="org.xmpp.packet.StreamError" %>
<%@ page import="java.net.URLEncoder" %>
<%@ page import="java.nio.charset.StandardCharsets" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<% webManager.init(request, response, session, application, out ); %>
<% // Get parameters //
boolean cancel = request.getParameter("cancel") != null;
boolean delete = request.getParameter("delete") != null;
String username = ParamUtils.getParameter(request,"username");
Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
String csrfParam = ParamUtils.getParameter(request, "csrf");
if (delete) {
if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
delete = false;
}
}
csrfParam = StringUtils.randomString(15);
CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
pageContext.setAttribute("csrf", csrfParam);
// Handle a cancel
if (cancel) {
response.sendRedirect("user-properties.jsp?username=" + URLEncoder.encode(username, StandardCharsets.UTF_8));
return;
}
// Load the user object
User user = webManager.getUserManager().getUser(username);
// Handle a user delete:
if (delete) {
// Delete the user
webManager.getUserManager().deleteUser(user);
if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
// Log the event
JID userAddress = new JID(username, webManager.getServerInfo().getXMPPDomain(), null);
webManager.logEvent("deleted user "+username, "full jid was "+userAddress);
}
// Close the user's connection
final StreamError error = new StreamError(StreamError.Condition.not_authorized);
for (ClientSession sess : webManager.getSessionManager().getSessions(XMPPServer.getInstance().createJID(user.getUsername(), null)))
{
sess.close(error);
}
// Deleted your own user account, force login
if (username.equals(webManager.getAuthToken().getUsername())){
session.removeAttribute("jive.admin.authToken");
response.sendRedirect("login.jsp");
}
else {
// Done, so redirect
response.sendRedirect("user-summary.jsp?deletesuccess=true");
}
return;
}
%>
<fmt:message key="user.delete.title"/>
<% if (UserManager.getUserProvider().isReadOnly()) { %>
<% } %>
<%= StringUtils.escapeHTMLTags(JID.unescapeNode(user.getUsername())) %>
<% // Disable the form if a read-only user provider.
if (UserManager.getUserProvider().isReadOnly()) { %>
<% } %>