1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.security.auth;
21  
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.ParamUtil;
24  import com.liferay.portal.kernel.util.Validator;
25  import com.liferay.portal.model.Company;
26  import com.liferay.portal.model.CompanyConstants;
27  import com.liferay.portal.model.User;
28  import com.liferay.portal.security.pwd.PwdEncryptor;
29  import com.liferay.portal.service.UserLocalServiceUtil;
30  import com.liferay.portal.util.PortalUtil;
31  
32  import javax.servlet.http.HttpServletRequest;
33  import javax.servlet.http.HttpServletResponse;
34  
35  /**
36   * <a href="ParameterAutoLogin.java.html"><b><i>View Source</i></b></a>
37   *
38   * @author Minhchau Dang
39   *
40   */
41  public class ParameterAutoLogin implements AutoLogin {
42  
43      public String[] login(
44              HttpServletRequest request, HttpServletResponse response)
45          throws AutoLoginException {
46  
47          try {
48              String login = ParamUtil.getString(request, getLoginParam());
49  
50              if (Validator.isNull(login)) {
51                  return null;
52              }
53  
54              String password = ParamUtil.getString(request, getPasswordParam());
55  
56              if (Validator.isNull(password)) {
57                  return null;
58              }
59  
60              Company company = PortalUtil.getCompany(request);
61  
62              String authType = company.getAuthType();
63  
64              long userId = 0;
65  
66              if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
67                  userId = UserLocalServiceUtil.getUserIdByEmailAddress(
68                      company.getCompanyId(), login);
69              }
70              else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
71                  userId = UserLocalServiceUtil.getUserIdByScreenName(
72                      company.getCompanyId(), login);
73              }
74              else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
75                  userId = GetterUtil.getLong(login);
76              }
77              else {
78                  return null;
79              }
80  
81              if (userId > 0) {
82                  User user = UserLocalServiceUtil.getUserById(userId);
83  
84                  String userPassword = user.getPassword();
85  
86                  if (!user.isPasswordEncrypted()) {
87                      userPassword = PwdEncryptor.encrypt(userPassword);
88                  }
89  
90                  String encPassword = PwdEncryptor.encrypt(password);
91  
92                  if (!userPassword.equals(password) &&
93                      !userPassword.equals(encPassword)) {
94  
95                      return null;
96                  }
97              }
98  
99              String[] credentials = new String[] {
100                 String.valueOf(userId), password, Boolean.FALSE.toString()
101             };
102 
103             return credentials;
104         }
105         catch (Exception e) {
106             throw new AutoLoginException(e);
107         }
108     }
109 
110     protected String getLoginParam() {
111         return _LOGIN_PARAM;
112     }
113 
114     protected String getPasswordParam() {
115         return _PASSWORD_PARAM;
116     }
117 
118     private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
119 
120     private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
121 
122 }