001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.KeyValuePair;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.User;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.CookieKeys;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin implements AutoLogin {
037    
038            public String[] login(
039                            HttpServletRequest request, HttpServletResponse response)
040                    throws AutoLoginException {
041    
042                    try {
043                            String[] credentials = null;
044    
045                            String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
046                            String autoPassword = CookieKeys.getCookie(
047                                    request, CookieKeys.PASSWORD);
048                            String rememberMe = CookieKeys.getCookie(
049                                    request, CookieKeys.REMEMBER_ME);
050    
051                            // LEP-5188
052    
053                            String proxyPath = PortalUtil.getPathProxy();
054                            String contextPath = PortalUtil.getPathContext();
055    
056                            if (proxyPath.equals(contextPath)) {
057                                    if (Validator.isNotNull(request.getContextPath())) {
058                                            rememberMe = Boolean.TRUE.toString();
059                                    }
060                            }
061                            else {
062                                    if (!contextPath.equals(request.getContextPath())) {
063                                            rememberMe = Boolean.TRUE.toString();
064                                    }
065                            }
066    
067                            if (Validator.isNotNull(autoUserId) &&
068                                    Validator.isNotNull(autoPassword) &&
069                                    Validator.isNotNull(rememberMe)) {
070    
071                                    Company company = PortalUtil.getCompany(request);
072    
073                                    KeyValuePair kvp = null;
074    
075                                    if (company.isAutoLogin()) {
076                                            kvp = UserLocalServiceUtil.decryptUserId(
077                                                    company.getCompanyId(), autoUserId, autoPassword);
078    
079                                            credentials = new String[3];
080    
081                                            credentials[0] = kvp.getKey();
082                                            credentials[1] = kvp.getValue();
083                                            credentials[2] = Boolean.FALSE.toString();
084                                    }
085                            }
086    
087                            // LPS-11218
088    
089                            if (credentials != null) {
090                                    Company company = PortalUtil.getCompany(request);
091    
092                                    User defaultUser = UserLocalServiceUtil.getDefaultUser(
093                                            company.getCompanyId());
094    
095                                    long userId = GetterUtil.getLong(credentials[0]);
096    
097                                    if (defaultUser.getUserId() == userId) {
098                                            credentials = null;
099    
100                                            removeCookies(request, response);
101                                    }
102                            }
103    
104                            return credentials;
105                    }
106                    catch (Exception e) {
107                            _log.warn(e, e);
108    
109                            removeCookies(request, response);
110    
111                            throw new AutoLoginException(e);
112                    }
113            }
114    
115            protected void removeCookies(
116                    HttpServletRequest request, HttpServletResponse response) {
117    
118                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
119    
120                    cookie.setMaxAge(0);
121                    cookie.setPath(StringPool.SLASH);
122    
123                    CookieKeys.addCookie(request, response, cookie);
124    
125                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
126    
127                    cookie.setMaxAge(0);
128                    cookie.setPath(StringPool.SLASH);
129    
130                    CookieKeys.addCookie(request, response, cookie);
131            }
132    
133            private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
134    
135    }