001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.KeyValuePair;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.User;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.CookieKeys;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin implements AutoLogin {
037    
038            public String[] login(
039                            HttpServletRequest request, HttpServletResponse response)
040                    throws AutoLoginException {
041    
042                    try {
043                            String[] credentials = null;
044    
045                            String autoUserId = CookieKeys.getCookie(
046                                    request, CookieKeys.ID, false);
047                            String autoPassword = CookieKeys.getCookie(
048                                    request, CookieKeys.PASSWORD, false);
049                            String rememberMe = CookieKeys.getCookie(
050                                    request, CookieKeys.REMEMBER_ME, false);
051    
052                            // LEP-5188
053    
054                            String proxyPath = PortalUtil.getPathProxy();
055                            String contextPath = PortalUtil.getPathContext();
056    
057                            if (proxyPath.equals(contextPath)) {
058                                    if (Validator.isNotNull(request.getContextPath())) {
059                                            rememberMe = Boolean.TRUE.toString();
060                                    }
061                            }
062                            else {
063                                    if (!contextPath.equals(request.getContextPath())) {
064                                            rememberMe = Boolean.TRUE.toString();
065                                    }
066                            }
067    
068                            if (Validator.isNotNull(autoUserId) &&
069                                    Validator.isNotNull(autoPassword) &&
070                                    Validator.isNotNull(rememberMe)) {
071    
072                                    Company company = PortalUtil.getCompany(request);
073    
074                                    KeyValuePair kvp = null;
075    
076                                    if (company.isAutoLogin()) {
077                                            kvp = UserLocalServiceUtil.decryptUserId(
078                                                    company.getCompanyId(), autoUserId, autoPassword);
079    
080                                            credentials = new String[3];
081    
082                                            credentials[0] = kvp.getKey();
083                                            credentials[1] = kvp.getValue();
084                                            credentials[2] = Boolean.FALSE.toString();
085                                    }
086                            }
087    
088                            // LPS-11218
089    
090                            if (credentials != null) {
091                                    Company company = PortalUtil.getCompany(request);
092    
093                                    User defaultUser = UserLocalServiceUtil.getDefaultUser(
094                                            company.getCompanyId());
095    
096                                    long userId = GetterUtil.getLong(credentials[0]);
097    
098                                    if (defaultUser.getUserId() == userId) {
099                                            credentials = null;
100    
101                                            removeCookies(request, response);
102                                    }
103                            }
104    
105                            return credentials;
106                    }
107                    catch (Exception e) {
108                            _log.warn(e, e);
109    
110                            removeCookies(request, response);
111    
112                            throw new AutoLoginException(e);
113                    }
114            }
115    
116            protected void removeCookies(
117                    HttpServletRequest request, HttpServletResponse response) {
118    
119                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
120    
121                    cookie.setMaxAge(0);
122                    cookie.setPath(StringPool.SLASH);
123    
124                    CookieKeys.addCookie(request, response, cookie);
125    
126                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
127    
128                    cookie.setMaxAge(0);
129                    cookie.setPath(StringPool.SLASH);
130    
131                    CookieKeys.addCookie(request, response, cookie);
132            }
133    
134            private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
135    
136    }