001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.util.GetterUtil;
018 import com.liferay.portal.kernel.util.ParamUtil;
019 import com.liferay.portal.kernel.util.Validator;
020 import com.liferay.portal.model.Company;
021 import com.liferay.portal.model.CompanyConstants;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.pwd.PwdEncryptor;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026
027 import javax.servlet.http.HttpServletRequest;
028 import javax.servlet.http.HttpServletResponse;
029
030
033 public class ParameterAutoLogin implements AutoLogin {
034
035 public String[] login(
036 HttpServletRequest request, HttpServletResponse response)
037 throws AutoLoginException {
038
039 try {
040 String login = ParamUtil.getString(request, getLoginParam());
041
042 if (Validator.isNull(login)) {
043 return null;
044 }
045
046 String password = ParamUtil.getString(request, getPasswordParam());
047
048 if (Validator.isNull(password)) {
049 return null;
050 }
051
052 Company company = PortalUtil.getCompany(request);
053
054 String authType = company.getAuthType();
055
056 long userId = 0;
057
058 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
059 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
060 company.getCompanyId(), login);
061 }
062 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
063 userId = UserLocalServiceUtil.getUserIdByScreenName(
064 company.getCompanyId(), login);
065 }
066 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
067 userId = GetterUtil.getLong(login);
068 }
069 else {
070 return null;
071 }
072
073 if (userId > 0) {
074 User user = UserLocalServiceUtil.getUserById(userId);
075
076 String userPassword = user.getPassword();
077
078 if (!user.isPasswordEncrypted()) {
079 userPassword = PwdEncryptor.encrypt(userPassword);
080 }
081
082 String encPassword = PwdEncryptor.encrypt(password);
083
084 if (!userPassword.equals(password) &&
085 !userPassword.equals(encPassword)) {
086
087 return null;
088 }
089 }
090
091 String[] credentials = new String[] {
092 String.valueOf(userId), password, Boolean.FALSE.toString()
093 };
094
095 return credentials;
096 }
097 catch (Exception e) {
098 throw new AutoLoginException(e);
099 }
100 }
101
102 protected String getLoginParam() {
103 return _LOGIN_PARAM;
104 }
105
106 protected String getPasswordParam() {
107 return _PASSWORD_PARAM;
108 }
109
110 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
111
112 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
113
114 }