001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.util.GetterUtil;
018    import com.liferay.portal.kernel.util.ParamUtil;
019    import com.liferay.portal.kernel.util.Validator;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.model.CompanyConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.pwd.PwdEncryptor;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    
027    import javax.servlet.http.HttpServletRequest;
028    import javax.servlet.http.HttpServletResponse;
029    
030    /**
031     * @author Minhchau Dang
032     */
033    public class ParameterAutoLogin implements AutoLogin {
034    
035            public String[] login(
036                            HttpServletRequest request, HttpServletResponse response)
037                    throws AutoLoginException {
038    
039                    try {
040                            String login = ParamUtil.getString(request, getLoginParam());
041    
042                            if (Validator.isNull(login)) {
043                                    return null;
044                            }
045    
046                            String password = ParamUtil.getString(request, getPasswordParam());
047    
048                            if (Validator.isNull(password)) {
049                                    return null;
050                            }
051    
052                            Company company = PortalUtil.getCompany(request);
053    
054                            String authType = company.getAuthType();
055    
056                            long userId = 0;
057    
058                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
059                                    userId = UserLocalServiceUtil.getUserIdByEmailAddress(
060                                            company.getCompanyId(), login);
061                            }
062                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
063                                    userId = UserLocalServiceUtil.getUserIdByScreenName(
064                                            company.getCompanyId(), login);
065                            }
066                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
067                                    userId = GetterUtil.getLong(login);
068                            }
069                            else {
070                                    return null;
071                            }
072    
073                            if (userId > 0) {
074                                    User user = UserLocalServiceUtil.getUserById(userId);
075    
076                                    String userPassword = user.getPassword();
077    
078                                    if (!user.isPasswordEncrypted()) {
079                                            userPassword = PwdEncryptor.encrypt(userPassword);
080                                    }
081    
082                                    String encPassword = PwdEncryptor.encrypt(password);
083    
084                                    if (!userPassword.equals(password) &&
085                                            !userPassword.equals(encPassword)) {
086    
087                                            return null;
088                                    }
089                            }
090    
091                            String[] credentials = new String[] {
092                                    String.valueOf(userId), password, Boolean.FALSE.toString()
093                            };
094    
095                            return credentials;
096                    }
097                    catch (Exception e) {
098                            throw new AutoLoginException(e);
099                    }
100            }
101    
102            protected String getLoginParam() {
103                    return _LOGIN_PARAM;
104            }
105    
106            protected String getPasswordParam() {
107                    return _PASSWORD_PARAM;
108            }
109    
110            private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
111    
112            private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
113    
114    }