1
14
15 package com.liferay.portlet.login.util;
16
17 import com.liferay.portal.PortalException;
18 import com.liferay.portal.SystemException;
19 import com.liferay.portal.kernel.log.Log;
20 import com.liferay.portal.kernel.log.LogFactoryUtil;
21 import com.liferay.portal.kernel.servlet.HttpHeaders;
22 import com.liferay.portal.kernel.servlet.SessionMessages;
23 import com.liferay.portal.kernel.util.GetterUtil;
24 import com.liferay.portal.kernel.util.ParamUtil;
25 import com.liferay.portal.kernel.util.StringPool;
26 import com.liferay.portal.kernel.util.Validator;
27 import com.liferay.portal.model.Company;
28 import com.liferay.portal.model.CompanyConstants;
29 import com.liferay.portal.model.User;
30 import com.liferay.portal.security.auth.AuthException;
31 import com.liferay.portal.security.auth.Authenticator;
32 import com.liferay.portal.service.UserLocalServiceUtil;
33 import com.liferay.portal.theme.ThemeDisplay;
34 import com.liferay.portal.util.CookieKeys;
35 import com.liferay.portal.util.PortalUtil;
36 import com.liferay.portal.util.PortletKeys;
37 import com.liferay.portal.util.PropsValues;
38 import com.liferay.portal.util.WebKeys;
39 import com.liferay.portlet.PortletURLImpl;
40 import com.liferay.util.Encryptor;
41
42 import java.util.ArrayList;
43 import java.util.Enumeration;
44 import java.util.HashMap;
45 import java.util.List;
46 import java.util.Map;
47
48 import javax.portlet.ActionRequest;
49 import javax.portlet.PortletMode;
50 import javax.portlet.PortletModeException;
51 import javax.portlet.PortletRequest;
52 import javax.portlet.PortletURL;
53 import javax.portlet.WindowState;
54 import javax.portlet.WindowStateException;
55
56 import javax.servlet.http.Cookie;
57 import javax.servlet.http.HttpServletRequest;
58 import javax.servlet.http.HttpServletResponse;
59 import javax.servlet.http.HttpSession;
60
61
67 public class LoginUtil {
68
69 public static long getAuthenticatedUserId(
70 HttpServletRequest request, String login, String password,
71 String authType)
72 throws PortalException, SystemException {
73
74 long userId = GetterUtil.getLong(login);
75
76 Company company = PortalUtil.getCompany(request);
77
78 String requestURI = request.getRequestURI();
79
80 if (requestURI.startsWith("/tunnel-web/liferay") ||
81 requestURI.startsWith("/tunnel-web/secure/liferay")) {
82
83
87 long companyId = company.getCompanyId();
88
89 userId = UserLocalServiceUtil.authenticateForBasic(
90 companyId, CompanyConstants.AUTH_TYPE_EA, login, password);
91
92 if (userId > 0) {
93 return userId;
94 }
95
96 userId = UserLocalServiceUtil.authenticateForBasic(
97 companyId, CompanyConstants.AUTH_TYPE_SN, login, password);
98
99 if (userId > 0) {
100 return userId;
101 }
102
103 userId = UserLocalServiceUtil.authenticateForBasic(
104 companyId, CompanyConstants.AUTH_TYPE_ID, login, password);
105
106 if (userId <= 0) {
107 throw new AuthException();
108 }
109 }
110 else {
111 Map<String, String[]> headerMap = new HashMap<String, String[]>();
112
113 Enumeration<String> enu1 = request.getHeaderNames();
114
115 while (enu1.hasMoreElements()) {
116 String name = enu1.nextElement();
117
118 Enumeration<String> enu2 = request.getHeaders(name);
119
120 List<String> headers = new ArrayList<String>();
121
122 while (enu2.hasMoreElements()) {
123 String value = enu2.nextElement();
124
125 headers.add(value);
126 }
127
128 headerMap.put(
129 name, headers.toArray(new String[headers.size()]));
130 }
131
132 Map<String, String[]> parameterMap = request.getParameterMap();
133
134 if (Validator.isNull(authType)) {
135 authType = company.getAuthType();
136 }
137
138 int authResult = Authenticator.FAILURE;
139
140 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
141 authResult = UserLocalServiceUtil.authenticateByEmailAddress(
142 company.getCompanyId(), login, password, headerMap,
143 parameterMap);
144
145 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
146 company.getCompanyId(), login);
147 }
148 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
149 authResult = UserLocalServiceUtil.authenticateByScreenName(
150 company.getCompanyId(), login, password, headerMap,
151 parameterMap);
152
153 userId = UserLocalServiceUtil.getUserIdByScreenName(
154 company.getCompanyId(), login);
155 }
156 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
157 authResult = UserLocalServiceUtil.authenticateByUserId(
158 company.getCompanyId(), userId, password, headerMap,
159 parameterMap);
160 }
161
162 if (authResult != Authenticator.SUCCESS) {
163 throw new AuthException();
164 }
165 }
166
167 return userId;
168 }
169
170 public static String getLogin(
171 HttpServletRequest request, String paramName, Company company)
172 throws SystemException {
173
174 String login = request.getParameter(paramName);
175
176 if ((login == null) || (login.equals(StringPool.NULL))) {
177 login = GetterUtil.getString(
178 CookieKeys.getCookie(request, CookieKeys.LOGIN));
179
180 if (PropsValues.COMPANY_LOGIN_PREPOPULATE_DOMAIN &&
181 Validator.isNull(login) &&
182 company.getAuthType().equals(CompanyConstants.AUTH_TYPE_EA)) {
183
184 login = "@" + company.getMx();
185 }
186 }
187
188 return login;
189 }
190
191 public static PortletURL getLoginURL(
192 HttpServletRequest request, long plid)
193 throws PortletModeException, WindowStateException {
194
195 PortletURL portletURL = new PortletURLImpl(
196 request, PortletKeys.LOGIN, plid, PortletRequest.RENDER_PHASE);
197
198 portletURL.setWindowState(WindowState.MAXIMIZED);
199 portletURL.setPortletMode(PortletMode.VIEW);
200
201 portletURL.setParameter("saveLastPath", "0");
202 portletURL.setParameter("struts_action", "/login/login");
203
204 return portletURL;
205 }
206
207 public static void login(
208 HttpServletRequest request, HttpServletResponse response,
209 String login, String password, boolean rememberMe, String authType)
210 throws Exception {
211
212 CookieKeys.validateSupportCookie(request);
213
214 HttpSession session = request.getSession();
215
216 Company company = PortalUtil.getCompany(request);
217
218 long userId = getAuthenticatedUserId(
219 request, login, password, authType);
220
221 if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
222
223
225 String[] protectedAttributeNames =
226 PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES;
227
228 Map<String, Object> protectedAttributes =
229 new HashMap<String, Object>();
230
231 for (String protectedAttributeName : protectedAttributeNames) {
232 Object protectedAttributeValue = session.getAttribute(
233 protectedAttributeName);
234
235 if (protectedAttributeValue == null) {
236 continue;
237 }
238
239 protectedAttributes.put(
240 protectedAttributeName, protectedAttributeValue);
241 }
242
243 try {
244 session.invalidate();
245 }
246 catch (IllegalStateException ise) {
247
248
250 if (_log.isWarnEnabled()) {
251 _log.warn(ise.getMessage());
252 }
253 }
254
255 session = request.getSession(true);
256
257 for (String protectedAttributeName : protectedAttributeNames) {
258 Object protectedAttributeValue = protectedAttributes.get(
259 protectedAttributeName);
260
261 if (protectedAttributeValue == null) {
262 continue;
263 }
264
265 session.setAttribute(
266 protectedAttributeName, protectedAttributeValue);
267 }
268 }
269
270
272 String domain = CookieKeys.getDomain(request);
273
274 User user = UserLocalServiceUtil.getUserById(userId);
275
276 String userIdString = String.valueOf(userId);
277
278 session.setAttribute("j_username", userIdString);
279 session.setAttribute("j_password", user.getPassword());
280 session.setAttribute("j_remoteuser", userIdString);
281
282 session.setAttribute(WebKeys.USER_PASSWORD, password);
283
284 Cookie companyIdCookie = new Cookie(
285 CookieKeys.COMPANY_ID, String.valueOf(company.getCompanyId()));
286
287 if (Validator.isNotNull(domain)) {
288 companyIdCookie.setDomain(domain);
289 }
290
291 companyIdCookie.setPath(StringPool.SLASH);
292
293 Cookie idCookie = new Cookie(
294 CookieKeys.ID, UserLocalServiceUtil.encryptUserId(userIdString));
295
296 if (Validator.isNotNull(domain)) {
297 idCookie.setDomain(domain);
298 }
299
300 idCookie.setPath(StringPool.SLASH);
301
302 Cookie passwordCookie = new Cookie(
303 CookieKeys.PASSWORD,
304 Encryptor.encrypt(company.getKeyObj(), password));
305
306 if (Validator.isNotNull(domain)) {
307 passwordCookie.setDomain(domain);
308 }
309
310 passwordCookie.setPath(StringPool.SLASH);
311
312 Cookie rememberMeCookie = new Cookie(
313 CookieKeys.REMEMBER_ME, Boolean.TRUE.toString());
314
315 if (Validator.isNotNull(domain)) {
316 rememberMeCookie.setDomain(domain);
317 }
318
319 rememberMeCookie.setPath(StringPool.SLASH);
320
321 int loginMaxAge = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE;
322
323 if (PropsValues.SESSION_DISABLED) {
324 rememberMe = true;
325 }
326
327 if (rememberMe) {
328 companyIdCookie.setMaxAge(loginMaxAge);
329 idCookie.setMaxAge(loginMaxAge);
330 passwordCookie.setMaxAge(loginMaxAge);
331 rememberMeCookie.setMaxAge(loginMaxAge);
332 }
333 else {
334
335
341 companyIdCookie.setMaxAge(-1);
342 idCookie.setMaxAge(-1);
343 passwordCookie.setMaxAge(-1);
344 rememberMeCookie.setMaxAge(0);
345 }
346
347 Cookie loginCookie = new Cookie(CookieKeys.LOGIN, login);
348
349 if (Validator.isNotNull(domain)) {
350 loginCookie.setDomain(domain);
351 }
352
353 loginCookie.setMaxAge(loginMaxAge);
354 loginCookie.setPath(StringPool.SLASH);
355
356 Cookie screenNameCookie = new Cookie(
357 CookieKeys.SCREEN_NAME,
358 Encryptor.encrypt(company.getKeyObj(), user.getScreenName()));
359
360 if (Validator.isNotNull(domain)) {
361 screenNameCookie.setDomain(domain);
362 }
363
364 screenNameCookie.setMaxAge(loginMaxAge);
365 screenNameCookie.setPath(StringPool.SLASH);
366
367 boolean secure = request.isSecure();
368
369 if (secure) {
370 Boolean httpsInitial = (Boolean)session.getAttribute(
371 WebKeys.HTTPS_INITIAL);
372
373 if ((httpsInitial == null) || !httpsInitial.booleanValue()) {
374 secure = false;
375 }
376 }
377
378 CookieKeys.addCookie(request, response, companyIdCookie, secure);
379 CookieKeys.addCookie(request, response, idCookie, secure);
380 CookieKeys.addCookie(request, response, passwordCookie, secure);
381 CookieKeys.addCookie(request, response, rememberMeCookie, secure);
382 CookieKeys.addCookie(request, response, loginCookie, secure);
383 CookieKeys.addCookie(request, response, screenNameCookie, secure);
384 }
385
386 public static void sendPassword(ActionRequest actionRequest)
387 throws Exception {
388
389 String toAddress = ParamUtil.getString(actionRequest, "emailAddress");
390
391 sendPassword(actionRequest, null, null, toAddress, null, null);
392 }
393
394 public static void sendPassword(
395 ActionRequest actionRequest, String fromName, String fromAddress,
396 String toAddress, String subject, String body)
397 throws Exception {
398
399 HttpServletRequest request = PortalUtil.getHttpServletRequest(
400 actionRequest);
401
402 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
403 WebKeys.THEME_DISPLAY);
404
405 Company company = themeDisplay.getCompany();
406
407 if (!company.isSendPassword()) {
408 return;
409 }
410
411 String remoteAddr = request.getRemoteAddr();
412 String remoteHost = request.getRemoteHost();
413 String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
414
415 UserLocalServiceUtil.sendPassword(
416 company.getCompanyId(), toAddress, remoteAddr, remoteHost,
417 userAgent, fromName, fromAddress, subject, body);
418
419 SessionMessages.add(actionRequest, "request_processed", toAddress);
420 }
421
422 private static Log _log = LogFactoryUtil.getLog(LoginUtil.class);
423
424 }