001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.util.GetterUtil;
018    import com.liferay.portal.kernel.util.ParamUtil;
019    import com.liferay.portal.kernel.util.Validator;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.model.CompanyConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.pwd.PwdEncryptor;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    
027    import java.util.Properties;
028    
029    import javax.servlet.http.HttpServletRequest;
030    import javax.servlet.http.HttpServletResponse;
031    
032    /**
033     * @author Minhchau Dang
034     * @author Tomas Polesovsky
035     */
036    public class ParameterAutoLogin implements AuthVerifier, AutoLogin {
037    
038            public String getAuthType() {
039                    return ParameterAutoLogin.class.getSimpleName();
040            }
041    
042            public String[] login(
043                            HttpServletRequest request, HttpServletResponse response)
044                    throws AutoLoginException {
045    
046                    try {
047                            String login = ParamUtil.getString(request, getLoginParam());
048    
049                            if (Validator.isNull(login)) {
050                                    return null;
051                            }
052    
053                            String password = ParamUtil.getString(request, getPasswordParam());
054    
055                            if (Validator.isNull(password)) {
056                                    return null;
057                            }
058    
059                            Company company = PortalUtil.getCompany(request);
060    
061                            String authType = company.getAuthType();
062    
063                            long userId = 0;
064    
065                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
066                                    userId = UserLocalServiceUtil.getUserIdByEmailAddress(
067                                            company.getCompanyId(), login);
068                            }
069                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
070                                    userId = UserLocalServiceUtil.getUserIdByScreenName(
071                                            company.getCompanyId(), login);
072                            }
073                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
074                                    userId = GetterUtil.getLong(login);
075                            }
076                            else {
077                                    return null;
078                            }
079    
080                            if (userId > 0) {
081                                    User user = UserLocalServiceUtil.getUserById(userId);
082    
083                                    String userPassword = user.getPassword();
084    
085                                    if (!user.isPasswordEncrypted()) {
086                                            userPassword = PwdEncryptor.encrypt(userPassword);
087                                    }
088    
089                                    String encPassword = PwdEncryptor.encrypt(password);
090    
091                                    if (!userPassword.equals(password) &&
092                                            !userPassword.equals(encPassword)) {
093    
094                                            return null;
095                                    }
096                            }
097    
098                            String[] credentials = new String[] {
099                                    String.valueOf(userId), password, Boolean.FALSE.toString()
100                            };
101    
102                            return credentials;
103                    }
104                    catch (Exception e) {
105                            throw new AutoLoginException(e);
106                    }
107            }
108    
109            public AuthVerifierResult verify(
110                            AccessControlContext accessControlContext, Properties properties)
111                    throws AuthException {
112    
113                    try {
114                            AuthVerifierResult authVerifierResult = new AuthVerifierResult();
115    
116                            String[] credentials = login(
117                                    accessControlContext.getRequest(),
118                                    accessControlContext.getResponse());
119    
120                            if (credentials != null) {
121                                    authVerifierResult.setPassword(credentials[1]);
122                                    authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
123                                    authVerifierResult.setUserId(Long.valueOf(credentials[0]));
124                            }
125    
126                            return authVerifierResult;
127                    }
128                    catch (AutoLoginException ale) {
129                            throw new AuthException(ale);
130                    }
131            }
132    
133            protected String getLoginParam() {
134                    return _LOGIN_PARAM;
135            }
136    
137            protected String getPasswordParam() {
138                    return _PASSWORD_PARAM;
139            }
140    
141            private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
142    
143            private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
144    
145    }