1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.captcha;
21  
22  import com.liferay.portal.kernel.captcha.Captcha;
23  import com.liferay.portal.kernel.captcha.CaptchaTextException;
24  import com.liferay.portal.kernel.configuration.Configuration;
25  import com.liferay.portal.kernel.configuration.ConfigurationFactoryUtil;
26  import com.liferay.portal.kernel.log.Log;
27  import com.liferay.portal.kernel.log.LogFactoryUtil;
28  import com.liferay.portal.kernel.util.ContentTypes;
29  import com.liferay.portal.kernel.util.ParamUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.util.PortalUtil;
32  import com.liferay.portal.util.PropsFiles;
33  import com.liferay.portal.util.PropsValues;
34  import com.liferay.portal.util.WebKeys;
35  
36  import java.io.IOException;
37  
38  import javax.portlet.PortletRequest;
39  import javax.portlet.PortletResponse;
40  import javax.portlet.PortletSession;
41  
42  import javax.servlet.http.HttpServletRequest;
43  import javax.servlet.http.HttpServletResponse;
44  import javax.servlet.http.HttpSession;
45  
46  import nl.captcha.servlet.CaptchaProducer;
47  import nl.captcha.util.Helper;
48  
49  /**
50   * <a href="CaptchaImpl.java.html"><b><i>View Source</i></b></a>
51   *
52   * @author Brian Wing Shun Chan
53   *
54   */
55  public class CaptchaImpl implements Captcha {
56  
57      private CaptchaImpl() {
58          _configuration = ConfigurationFactoryUtil.getConfiguration(
59              CaptchaImpl.class.getClassLoader(), PropsFiles.CAPTCHA);
60          _captchaProducer = (CaptchaProducer)Helper.ThingFactory.loadImpl(
61              Helper.ThingFactory.CPROD, _configuration.getProperties());
62      }
63  
64      public void check(HttpServletRequest request)
65          throws CaptchaTextException {
66  
67          if (!isEnabled(request)) {
68              return;
69          }
70  
71          HttpSession session = request.getSession();
72  
73          String captchaText = (String)session.getAttribute(WebKeys.CAPTCHA_TEXT);
74  
75          if (captchaText == null) {
76              if (_log.isErrorEnabled()) {
77                  _log.error(
78                      "Captcha text is null. User " + request.getRemoteUser() +
79                          " may be trying to circumvent the captcha.");
80              }
81  
82              throw new CaptchaTextException();
83          }
84  
85          if (!captchaText.equals(ParamUtil.getString(request, "captchaText"))) {
86              throw new CaptchaTextException();
87          }
88  
89          if (_log.isDebugEnabled()) {
90              _log.debug("Captcha text is valid");
91          }
92  
93          session.removeAttribute(WebKeys.CAPTCHA_TEXT);
94  
95          if ((PropsValues.CAPTCHA_MAX_CHALLENGES > 0) &&
96              (Validator.isNotNull(request.getRemoteUser()))) {
97  
98              Integer count = (Integer)session.getAttribute(
99                  WebKeys.CAPTCHA_COUNT);
100 
101             if (count == null) {
102                 count = new Integer(1);
103             }
104             else {
105                 count = new Integer(count.intValue() + 1);
106             }
107 
108             session.setAttribute(WebKeys.CAPTCHA_COUNT, count);
109         }
110     }
111 
112     public void check(PortletRequest portletRequest)
113         throws CaptchaTextException {
114 
115         if (!isEnabled(portletRequest)) {
116             return;
117         }
118 
119         PortletSession portletSession = portletRequest.getPortletSession();
120 
121         String captchaText = (String)portletSession.getAttribute(
122             WebKeys.CAPTCHA_TEXT);
123 
124         if (captchaText == null) {
125             if (_log.isErrorEnabled()) {
126                 _log.error(
127                     "Captcha text is null. User " +
128                         portletRequest.getRemoteUser() +
129                             " may be trying to circumvent the captcha.");
130             }
131 
132             throw new CaptchaTextException();
133         }
134 
135         if (!captchaText.equals(
136                 ParamUtil.getString(portletRequest, "captchaText"))) {
137 
138             throw new CaptchaTextException();
139         }
140 
141         if (_log.isDebugEnabled()) {
142             _log.debug("Captcha text is valid");
143         }
144 
145         portletSession.removeAttribute(WebKeys.CAPTCHA_TEXT);
146 
147         if ((PropsValues.CAPTCHA_MAX_CHALLENGES > 0) &&
148             (Validator.isNotNull(portletRequest.getRemoteUser()))) {
149 
150             Integer count = (Integer)portletSession.getAttribute(
151                 WebKeys.CAPTCHA_COUNT);
152 
153             if (count == null) {
154                 count = new Integer(1);
155             }
156             else {
157                 count = new Integer(count.intValue() + 1);
158             }
159 
160             portletSession.setAttribute(WebKeys.CAPTCHA_COUNT, count);
161         }
162     }
163 
164     public boolean isEnabled(HttpServletRequest request) {
165         if (PropsValues.CAPTCHA_MAX_CHALLENGES > 0) {
166             HttpSession session = request.getSession();
167 
168             Integer count = (Integer)session.getAttribute(
169                 WebKeys.CAPTCHA_COUNT);
170 
171             if ((count != null) &&
172                 (PropsValues.CAPTCHA_MAX_CHALLENGES <= count.intValue())) {
173 
174                 return false;
175             }
176             else {
177                 return true;
178             }
179         }
180         else if (PropsValues.CAPTCHA_MAX_CHALLENGES < 0) {
181             return false;
182         }
183         else {
184             return true;
185         }
186     }
187 
188     public boolean isEnabled(PortletRequest portletRequest) {
189         if (PropsValues.CAPTCHA_MAX_CHALLENGES > 0) {
190             PortletSession portletSession = portletRequest.getPortletSession();
191 
192             Integer count = (Integer)portletSession.getAttribute(
193                 WebKeys.CAPTCHA_COUNT);
194 
195             if ((count != null) &&
196                 (PropsValues.CAPTCHA_MAX_CHALLENGES <= count.intValue())) {
197 
198                 return false;
199             }
200             else {
201                 return true;
202             }
203         }
204         else if (PropsValues.CAPTCHA_MAX_CHALLENGES < 0) {
205             return false;
206         }
207         else {
208             return true;
209         }
210     }
211 
212     public void serveImage(
213             HttpServletRequest request, HttpServletResponse response)
214         throws IOException {
215 
216         HttpSession session = request.getSession();
217 
218         String captchaText = _captchaProducer.createText();
219 
220         session.setAttribute(WebKeys.CAPTCHA_TEXT, captchaText);
221 
222         response.setContentType(ContentTypes.IMAGE_JPEG);
223 
224         _captchaProducer.createImage(response.getOutputStream(), captchaText);
225     }
226 
227     public void serveImage(
228             PortletRequest portletRequest, PortletResponse portletResponse)
229         throws IOException {
230 
231         PortletSession portletSession = portletRequest.getPortletSession();
232 
233         String captchaText = _captchaProducer.createText();
234 
235         portletSession.setAttribute(WebKeys.CAPTCHA_TEXT, captchaText);
236 
237         HttpServletResponse response = PortalUtil.getHttpServletResponse(
238             portletResponse);
239 
240         response.setContentType(ContentTypes.IMAGE_JPEG);
241 
242         _captchaProducer.createImage(response.getOutputStream(), captchaText);
243     }
244 
245     private static Log _log = LogFactoryUtil.getLog(CaptchaImpl.class);
246 
247     private Configuration _configuration;
248     private CaptchaProducer _captchaProducer;
249 
250 }