001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.CookieKeys;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.KeyValuePair;
022    import com.liferay.portal.kernel.util.StringPool;
023    import com.liferay.portal.kernel.util.Validator;
024    import com.liferay.portal.model.Company;
025    import com.liferay.portal.model.User;
026    import com.liferay.portal.service.UserLocalServiceUtil;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin extends BaseAutoLogin {
037    
038            @Override
039            protected String[] doHandleException(
040                            HttpServletRequest request, HttpServletResponse response,
041                            Exception e)
042                    throws AutoLoginException {
043    
044                    if (_log.isWarnEnabled()) {
045                            _log.warn(e, e);
046                    }
047    
048                    removeCookies(request, response);
049    
050                    throw new AutoLoginException(e);
051            }
052    
053            @Override
054            protected String[] doLogin(
055                            HttpServletRequest request, HttpServletResponse response)
056                    throws Exception {
057    
058                    String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID, false);
059                    String autoPassword = CookieKeys.getCookie(
060                            request, CookieKeys.PASSWORD, false);
061                    String rememberMe = CookieKeys.getCookie(
062                            request, CookieKeys.REMEMBER_ME, false);
063    
064                    // LEP-5188
065    
066                    String proxyPath = PortalUtil.getPathProxy();
067                    String contextPath = PortalUtil.getPathContext();
068    
069                    if (proxyPath.equals(contextPath)) {
070                            if (Validator.isNotNull(request.getContextPath())) {
071                                    rememberMe = Boolean.TRUE.toString();
072                            }
073                    }
074                    else {
075                            if (!contextPath.equals(request.getContextPath())) {
076                                    rememberMe = Boolean.TRUE.toString();
077                            }
078                    }
079    
080                    String[] credentials = null;
081    
082                    if (Validator.isNotNull(autoUserId) &&
083                            Validator.isNotNull(autoPassword) &&
084                            Validator.isNotNull(rememberMe)) {
085    
086                            Company company = PortalUtil.getCompany(request);
087    
088                            KeyValuePair kvp = null;
089    
090                            if (company.isAutoLogin()) {
091                                    kvp = UserLocalServiceUtil.decryptUserId(
092                                            company.getCompanyId(), autoUserId, autoPassword);
093    
094                                    credentials = new String[3];
095    
096                                    credentials[0] = kvp.getKey();
097                                    credentials[1] = kvp.getValue();
098                                    credentials[2] = Boolean.FALSE.toString();
099                            }
100                    }
101    
102                    // LPS-11218
103    
104                    if (credentials != null) {
105                            Company company = PortalUtil.getCompany(request);
106    
107                            User defaultUser = UserLocalServiceUtil.getDefaultUser(
108                                    company.getCompanyId());
109    
110                            long userId = GetterUtil.getLong(credentials[0]);
111    
112                            if (defaultUser.getUserId() == userId) {
113                                    removeCookies(request, response);
114    
115                                    return null;
116                            }
117                    }
118    
119                    return credentials;
120            }
121    
122            protected void removeCookies(
123                    HttpServletRequest request, HttpServletResponse response) {
124    
125                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
126    
127                    cookie.setMaxAge(0);
128                    cookie.setPath(StringPool.SLASH);
129    
130                    CookieKeys.addCookie(request, response, cookie);
131    
132                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
133    
134                    cookie.setMaxAge(0);
135                    cookie.setPath(StringPool.SLASH);
136    
137                    CookieKeys.addCookie(request, response, cookie);
138            }
139    
140            private static final Log _log = LogFactoryUtil.getLog(
141                    RememberMeAutoLogin.class);
142    
143    }