1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.kernel.log.Log;
18  import com.liferay.portal.kernel.log.LogFactoryUtil;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.kernel.util.KeyValuePair;
21  import com.liferay.portal.kernel.util.StringPool;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.portal.model.Company;
24  import com.liferay.portal.model.User;
25  import com.liferay.portal.service.UserLocalServiceUtil;
26  import com.liferay.portal.util.CookieKeys;
27  import com.liferay.portal.util.PortalUtil;
28  
29  import javax.servlet.http.Cookie;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  
33  /**
34   * <a href="RememberMeAutoLogin.java.html"><b><i>View Source</i></b></a>
35   *
36   * @author Brian Wing Shun Chan
37   */
38  public class RememberMeAutoLogin implements AutoLogin {
39  
40      public String[] login(
41              HttpServletRequest request, HttpServletResponse response)
42          throws AutoLoginException {
43  
44          try {
45              String[] credentials = null;
46  
47              String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
48              String autoPassword = CookieKeys.getCookie(
49                  request, CookieKeys.PASSWORD);
50              String rememberMe = CookieKeys.getCookie(
51                  request, CookieKeys.REMEMBER_ME);
52  
53              // LEP-5188
54  
55              if (!PortalUtil.getPathContext().equals(request.getContextPath())) {
56                  rememberMe = Boolean.TRUE.toString();
57              }
58  
59              if (Validator.isNotNull(autoUserId) &&
60                  Validator.isNotNull(autoPassword) &&
61                  Validator.isNotNull(rememberMe)) {
62  
63                  Company company = PortalUtil.getCompany(request);
64  
65                  KeyValuePair kvp = null;
66  
67                  if (company.isAutoLogin()) {
68                      kvp = UserLocalServiceUtil.decryptUserId(
69                          company.getCompanyId(), autoUserId, autoPassword);
70  
71                      credentials = new String[3];
72  
73                      credentials[0] = kvp.getKey();
74                      credentials[1] = kvp.getValue();
75                      credentials[2] = Boolean.FALSE.toString();
76                  }
77              }
78  
79              // LPS-11218
80  
81              if (credentials != null) {
82                  Company company = PortalUtil.getCompany(request);
83  
84                  User defaultUser = UserLocalServiceUtil.getDefaultUser(
85                      company.getCompanyId());
86  
87                  long userId = GetterUtil.getLong(credentials[0]);
88  
89                  if (defaultUser.getUserId() == userId) {
90                      credentials = null;
91  
92                      removeCookies(request, response);
93                  }
94              }
95  
96              return credentials;
97          }
98          catch (Exception e) {
99              _log.warn(e, e);
100 
101             removeCookies(request, response);
102 
103             throw new AutoLoginException(e);
104         }
105     }
106 
107     protected void removeCookies(
108         HttpServletRequest request, HttpServletResponse response) {
109 
110         Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
111 
112         cookie.setMaxAge(0);
113         cookie.setPath(StringPool.SLASH);
114 
115         CookieKeys.addCookie(request, response, cookie);
116 
117         cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
118 
119         cookie.setMaxAge(0);
120         cookie.setPath(StringPool.SLASH);
121 
122         CookieKeys.addCookie(request, response, cookie);
123     }
124 
125     private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
126 
127 }