@RequestMapping(method = RequestMethod.GET)
public ModelAndView show(
@ModelAttribute("form") EditRegisterRequest form,
@PathVariable String nick,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new AccessViolationException("Not authorized");
}
if (!tmpl.getNick().equals(nick)) {
throw new AccessViolationException("Not authorized");
}
User user = tmpl.getCurrentUser();
UserInfo userInfo = userDao.getUserInfoClass(user);
ModelAndView mv = new ModelAndView("edit-reg");
form.setEmail(user.getEmail());
form.setUrl(userInfo.getUrl());
form.setTown(userInfo.getTown());
form.setName(user.getName());
form.setInfo(StringEscapeUtils.unescapeHtml(userDao.getUserInfo(user)));
response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
return mv;
}
@RequestMapping(method = RequestMethod.POST)
public ModelAndView edit(
HttpServletRequest request,
@Valid @ModelAttribute("form") EditRegisterRequest form,
Errors errors)
throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new AccessViolationException("Not authorized");
}
String nick = tmpl.getNick();
String password = Strings.emptyToNull(form.getPassword());
if (password != null && password.equalsIgnoreCase(nick)) {
errors.reject(null, "пароль не может совпадать с логином");
}
InternetAddress mail = null;
if (!Strings.isNullOrEmpty(form.getEmail())) {
try {
mail = new InternetAddress(form.getEmail());
} catch (AddressException e) {
errors.rejectValue("email", null, "Некорректный e-mail: " + e.getMessage());
}
}
String url = null;
if (!Strings.isNullOrEmpty(form.getUrl())) {
url = URLUtil.fixURL(form.getUrl());
}
String name = Strings.emptyToNull(form.getName());
if (name != null) {
name = StringUtil.escapeHtml(name);
}
String town = null;
if (!Strings.isNullOrEmpty(form.getTown())) {
town = StringUtil.escapeHtml(form.getTown());
}
String info = null;
if (!Strings.isNullOrEmpty(form.getInfo())) {
info = StringUtil.escapeHtml(form.getInfo());
}
ipBlockDao.checkBlockIP(request.getRemoteAddr(), errors, tmpl.getCurrentUser());
boolean emailChanged = false;
User user = userDao.getUser(nick);
if (Strings.isNullOrEmpty(form.getOldpass())) {
errors.rejectValue("oldpass", null, "Для изменения регистрации нужен ваш пароль");
} else if (!user.matchPassword(form.getOldpass())) {
errors.rejectValue("oldpass", null, "Неверный пароль");
}
user.checkAnonymous();
String newEmail = null;
if (mail != null) {
if (user.getEmail() != null && user.getEmail().equals(form.getEmail())) {
newEmail = null;
} else {
if (userDao.getByEmail(mail.getAddress(), false) != null) {
errors.rejectValue("email", null, "такой email уже используется");
}
newEmail = mail.getAddress();
emailChanged = true;
}
}
if (!errors.hasErrors()) {
userDao.updateUser(user, name, url, newEmail, town, password, info);
if (emailChanged) {
emailService.sendEmail(user.getNick(), mail.getAddress(), false);
}
} else {
return new ModelAndView("edit-reg");
}
if (emailChanged) {
String msg =
"Обновление регистрации прошло успешно. Ожидайте письма с кодом активации смены email.";
return new ModelAndView("action-done", "message", msg);
} else {
return new ModelAndView(new RedirectView("/people/" + nick + "/profile"));
}
}