001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
018    import com.liferay.portal.kernel.util.GetterUtil;
019    import com.liferay.portal.kernel.util.ParamUtil;
020    import com.liferay.portal.kernel.util.Validator;
021    import com.liferay.portal.model.Company;
022    import com.liferay.portal.model.CompanyConstants;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.PortalUtil;
027    
028    import javax.servlet.http.HttpServletRequest;
029    import javax.servlet.http.HttpServletResponse;
030    
031    /**
032     * @author Minhchau Dang
033     * @author Tomas Polesovsky
034     */
035    @OSGiBeanProperties(
036            portalPropertyPrefix = "auth.verifier.ParameterAutoLogin."
037    )
038    public class ParameterAutoLogin extends BaseAutoLogin {
039    
040            @Override
041            protected String[] doLogin(
042                            HttpServletRequest request, HttpServletResponse response)
043                    throws Exception {
044    
045                    String login = ParamUtil.getString(request, getLoginParam());
046    
047                    if (Validator.isNull(login)) {
048                            return null;
049                    }
050    
051                    String password = ParamUtil.getString(request, getPasswordParam());
052    
053                    if (Validator.isNull(password)) {
054                            return null;
055                    }
056    
057                    Company company = PortalUtil.getCompany(request);
058    
059                    String authType = company.getAuthType();
060    
061                    long userId = 0;
062    
063                    if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
064                            userId = UserLocalServiceUtil.getUserIdByEmailAddress(
065                                    company.getCompanyId(), login);
066                    }
067                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
068                            userId = UserLocalServiceUtil.getUserIdByScreenName(
069                                    company.getCompanyId(), login);
070                    }
071                    else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
072                            userId = GetterUtil.getLong(login);
073                    }
074                    else {
075                            return null;
076                    }
077    
078                    if (userId > 0) {
079                            User user = UserLocalServiceUtil.getUserById(userId);
080    
081                            String userPassword = user.getPassword();
082    
083                            if (!user.isPasswordEncrypted()) {
084                                    userPassword = PasswordEncryptorUtil.encrypt(userPassword);
085                            }
086    
087                            String encPassword = PasswordEncryptorUtil.encrypt(
088                                    password, userPassword);
089    
090                            if (!userPassword.equals(password) &&
091                                    !userPassword.equals(encPassword)) {
092    
093                                    return null;
094                            }
095                    }
096    
097                    String[] credentials = new String[] {
098                            String.valueOf(userId), password, Boolean.FALSE.toString()
099                    };
100    
101                    return credentials;
102            }
103    
104            protected String getLoginParam() {
105                    return _LOGIN_PARAM;
106            }
107    
108            protected String getPasswordParam() {
109                    return _PASSWORD_PARAM;
110            }
111    
112            private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
113    
114            private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
115    
116    }