001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
018 import com.liferay.portal.kernel.util.GetterUtil;
019 import com.liferay.portal.kernel.util.ParamUtil;
020 import com.liferay.portal.kernel.util.Validator;
021 import com.liferay.portal.model.Company;
022 import com.liferay.portal.model.CompanyConstants;
023 import com.liferay.portal.model.User;
024 import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.PortalUtil;
027
028 import javax.servlet.http.HttpServletRequest;
029 import javax.servlet.http.HttpServletResponse;
030
031
035 @OSGiBeanProperties(
036 portalPropertyPrefix = "auth.verifier.ParameterAutoLogin."
037 )
038 public class ParameterAutoLogin extends BaseAutoLogin {
039
040 @Override
041 protected String[] doLogin(
042 HttpServletRequest request, HttpServletResponse response)
043 throws Exception {
044
045 String login = ParamUtil.getString(request, getLoginParam());
046
047 if (Validator.isNull(login)) {
048 return null;
049 }
050
051 String password = ParamUtil.getString(request, getPasswordParam());
052
053 if (Validator.isNull(password)) {
054 return null;
055 }
056
057 Company company = PortalUtil.getCompany(request);
058
059 String authType = company.getAuthType();
060
061 long userId = 0;
062
063 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
064 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
065 company.getCompanyId(), login);
066 }
067 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
068 userId = UserLocalServiceUtil.getUserIdByScreenName(
069 company.getCompanyId(), login);
070 }
071 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
072 userId = GetterUtil.getLong(login);
073 }
074 else {
075 return null;
076 }
077
078 if (userId > 0) {
079 User user = UserLocalServiceUtil.getUserById(userId);
080
081 String userPassword = user.getPassword();
082
083 if (!user.isPasswordEncrypted()) {
084 userPassword = PasswordEncryptorUtil.encrypt(userPassword);
085 }
086
087 String encPassword = PasswordEncryptorUtil.encrypt(
088 password, userPassword);
089
090 if (!userPassword.equals(password) &&
091 !userPassword.equals(encPassword)) {
092
093 return null;
094 }
095 }
096
097 String[] credentials = new String[] {
098 String.valueOf(userId), password, Boolean.FALSE.toString()
099 };
100
101 return credentials;
102 }
103
104 protected String getLoginParam() {
105 return _LOGIN_PARAM;
106 }
107
108 protected String getPasswordParam() {
109 return _PASSWORD_PARAM;
110 }
111
112 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
113
114 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
115
116 }