1
22
23 package com.liferay.portal.action;
24
25 import com.liferay.portal.CookieNotSupportedException;
26 import com.liferay.portal.NoSuchUserException;
27 import com.liferay.portal.PasswordExpiredException;
28 import com.liferay.portal.PortalException;
29 import com.liferay.portal.SendPasswordException;
30 import com.liferay.portal.SystemException;
31 import com.liferay.portal.UserEmailAddressException;
32 import com.liferay.portal.UserIdException;
33 import com.liferay.portal.UserLockoutException;
34 import com.liferay.portal.UserPasswordException;
35 import com.liferay.portal.UserScreenNameException;
36 import com.liferay.portal.captcha.CaptchaTextException;
37 import com.liferay.portal.captcha.CaptchaUtil;
38 import com.liferay.portal.kernel.servlet.HttpHeaders;
39 import com.liferay.portal.kernel.servlet.SessionErrors;
40 import com.liferay.portal.kernel.servlet.SessionMessages;
41 import com.liferay.portal.kernel.util.Constants;
42 import com.liferay.portal.kernel.util.GetterUtil;
43 import com.liferay.portal.kernel.util.ParamUtil;
44 import com.liferay.portal.kernel.util.StringPool;
45 import com.liferay.portal.kernel.util.Validator;
46 import com.liferay.portal.model.Company;
47 import com.liferay.portal.model.CompanyConstants;
48 import com.liferay.portal.model.User;
49 import com.liferay.portal.security.auth.AuthException;
50 import com.liferay.portal.security.auth.Authenticator;
51 import com.liferay.portal.service.UserLocalServiceUtil;
52 import com.liferay.portal.struts.LastPath;
53 import com.liferay.portal.theme.ThemeDisplay;
54 import com.liferay.portal.util.CookieKeys;
55 import com.liferay.portal.util.PortalUtil;
56 import com.liferay.portal.util.PropsValues;
57 import com.liferay.portal.util.WebKeys;
58 import com.liferay.util.Encryptor;
59 import com.liferay.util.servlet.SessionParameters;
60
61 import java.util.ArrayList;
62 import java.util.Enumeration;
63 import java.util.HashMap;
64 import java.util.List;
65 import java.util.Map;
66
67 import javax.servlet.http.Cookie;
68 import javax.servlet.http.HttpServletRequest;
69 import javax.servlet.http.HttpServletResponse;
70 import javax.servlet.http.HttpSession;
71
72 import org.apache.commons.logging.Log;
73 import org.apache.commons.logging.LogFactory;
74 import org.apache.struts.action.Action;
75 import org.apache.struts.action.ActionForm;
76 import org.apache.struts.action.ActionForward;
77 import org.apache.struts.action.ActionMapping;
78
79
86 public class LoginAction extends Action {
87
88 public static String getLogin(
89 HttpServletRequest request, String paramName, Company company)
90 throws PortalException, SystemException {
91
92 String login = request.getParameter(paramName);
93
94 if ((login == null) || (login.equals(StringPool.NULL))) {
95 login = GetterUtil.getString(
96 CookieKeys.getCookie(request, CookieKeys.LOGIN));
97
98 if (PropsValues.COMPANY_LOGIN_PREPOPULATE_DOMAIN &&
99 Validator.isNull(login) &&
100 company.getAuthType().equals(CompanyConstants.AUTH_TYPE_EA)) {
101
102 login = "@" + company.getMx();
103 }
104 }
105
106 return login;
107 }
108
109 public static void login(
110 HttpServletRequest request, HttpServletResponse response,
111 String login, String password, boolean rememberMe)
112 throws Exception {
113
114 CookieKeys.validateSupportCookie(request);
115
116 HttpSession session = request.getSession();
117
118 long userId = GetterUtil.getLong(login);
119
120 int authResult = Authenticator.FAILURE;
121
122 Company company = PortalUtil.getCompany(request);
123
124 Map<String, String[]> headerMap = new HashMap<String, String[]>();
125
126 Enumeration<String> enu1 = request.getHeaderNames();
127
128 while (enu1.hasMoreElements()) {
129 String name = enu1.nextElement();
130
131 Enumeration<String> enu2 = request.getHeaders(name);
132
133 List<String> headers = new ArrayList<String>();
134
135 while (enu2.hasMoreElements()) {
136 String value = enu2.nextElement();
137
138 headers.add(value);
139 }
140
141 headerMap.put(name, headers.toArray(new String[headers.size()]));
142 }
143
144 Map<String, String[]> parameterMap = request.getParameterMap();
145
146 if (company.getAuthType().equals(CompanyConstants.AUTH_TYPE_EA)) {
147 authResult = UserLocalServiceUtil.authenticateByEmailAddress(
148 company.getCompanyId(), login, password, headerMap,
149 parameterMap);
150
151 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
152 company.getCompanyId(), login);
153 }
154 else if (company.getAuthType().equals(CompanyConstants.AUTH_TYPE_SN)) {
155 authResult = UserLocalServiceUtil.authenticateByScreenName(
156 company.getCompanyId(), login, password, headerMap,
157 parameterMap);
158
159 userId = UserLocalServiceUtil.getUserIdByScreenName(
160 company.getCompanyId(), login);
161 }
162 else if (company.getAuthType().equals(CompanyConstants.AUTH_TYPE_ID)) {
163 authResult = UserLocalServiceUtil.authenticateByUserId(
164 company.getCompanyId(), userId, password, headerMap,
165 parameterMap);
166 }
167
168 if (authResult == Authenticator.SUCCESS) {
169 if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
170
171
173 Boolean httpsInitial = (Boolean)session.getAttribute(
174 WebKeys.HTTPS_INITIAL);
175
176 LastPath lastPath = (LastPath)session.getAttribute(
177 WebKeys.LAST_PATH);
178
179 try {
180 session.invalidate();
181 }
182 catch (IllegalStateException ise) {
183
184
186 if (_log.isWarnEnabled()) {
187 _log.warn(ise.getMessage());
188 }
189 }
190
191 session = request.getSession(true);
192
193 if (httpsInitial != null) {
194 session.setAttribute(WebKeys.HTTPS_INITIAL, httpsInitial);
195 }
196
197 if (lastPath != null) {
198 session.setAttribute(WebKeys.LAST_PATH, lastPath);
199 }
200 }
201
202
204 String domain = CookieKeys.getDomain(request);
205
206 User user = UserLocalServiceUtil.getUserById(userId);
207
208 String userIdString = String.valueOf(userId);
209
210 session.setAttribute("j_username", userIdString);
211 session.setAttribute("j_password", user.getPassword());
212 session.setAttribute("j_remoteuser", userIdString);
213
214 session.setAttribute(WebKeys.USER_PASSWORD, password);
215
216 Cookie companyIdCookie = new Cookie(
217 CookieKeys.COMPANY_ID, String.valueOf(company.getCompanyId()));
218
219 if (Validator.isNotNull(domain)) {
220 companyIdCookie.setDomain(domain);
221 }
222
223 companyIdCookie.setPath(StringPool.SLASH);
224
225 Cookie idCookie = new Cookie(
226 CookieKeys.ID,
227 UserLocalServiceUtil.encryptUserId(userIdString));
228
229 if (Validator.isNotNull(domain)) {
230 idCookie.setDomain(domain);
231 }
232
233 idCookie.setPath(StringPool.SLASH);
234
235 Cookie passwordCookie = new Cookie(
236 CookieKeys.PASSWORD,
237 Encryptor.encrypt(company.getKeyObj(), password));
238
239 if (Validator.isNotNull(domain)) {
240 passwordCookie.setDomain(domain);
241 }
242
243 passwordCookie.setPath(StringPool.SLASH);
244
245 Cookie rememberMeCookie = new Cookie(
246 CookieKeys.REMEMBER_ME, Boolean.TRUE.toString());
247
248 if (Validator.isNotNull(domain)) {
249 rememberMeCookie.setDomain(domain);
250 }
251
252 rememberMeCookie.setPath(StringPool.SLASH);
253
254 int loginMaxAge = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE;
255
256 if (PropsValues.SESSION_DISABLED) {
257 rememberMe = true;
258 }
259
260 if (rememberMe) {
261 companyIdCookie.setMaxAge(loginMaxAge);
262 idCookie.setMaxAge(loginMaxAge);
263 passwordCookie.setMaxAge(loginMaxAge);
264 rememberMeCookie.setMaxAge(loginMaxAge);
265 }
266 else {
267
268
274 companyIdCookie.setMaxAge(-1);
275 idCookie.setMaxAge(-1);
276 passwordCookie.setMaxAge(-1);
277 rememberMeCookie.setMaxAge(0);
278 }
279
280 Cookie loginCookie = new Cookie(CookieKeys.LOGIN, login);
281
282 if (Validator.isNotNull(domain)) {
283 loginCookie.setDomain(domain);
284 }
285
286 loginCookie.setMaxAge(loginMaxAge);
287 loginCookie.setPath(StringPool.SLASH);
288
289 Cookie screenNameCookie = new Cookie(
290 CookieKeys.SCREEN_NAME,
291 Encryptor.encrypt(company.getKeyObj(), user.getScreenName()));
292
293 if (Validator.isNotNull(domain)) {
294 screenNameCookie.setDomain(domain);
295 }
296
297 screenNameCookie.setMaxAge(loginMaxAge);
298 screenNameCookie.setPath(StringPool.SLASH);
299
300 CookieKeys.addCookie(response, companyIdCookie);
301 CookieKeys.addCookie(response, idCookie);
302 CookieKeys.addCookie(response, passwordCookie);
303 CookieKeys.addCookie(response, rememberMeCookie);
304 CookieKeys.addCookie(response, loginCookie);
305 CookieKeys.addCookie(response, screenNameCookie);
306 }
307 else {
308 throw new AuthException();
309 }
310 }
311
312 public ActionForward execute(
313 ActionMapping mapping, ActionForm form, HttpServletRequest request,
314 HttpServletResponse response)
315 throws Exception {
316
317 if (PropsValues.COMPANY_SECURITY_AUTH_REQUIRES_HTTPS &&
318 !request.isSecure()) {
319
320 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
321 WebKeys.THEME_DISPLAY);
322
323 StringBuilder sb = new StringBuilder();
324
325 sb.append(PortalUtil.getPortalURL(request, true));
326 sb.append(themeDisplay.getURLSignIn());
327
328 response.sendRedirect(sb.toString());
329
330 return null;
331 }
332
333 HttpSession session = request.getSession();
334
335 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
336 WebKeys.THEME_DISPLAY);
337
338 if (session.getAttribute("j_username") != null &&
339 session.getAttribute("j_password") != null) {
340
341 if (PropsValues.PORTAL_JAAS_ENABLE) {
342 return mapping.findForward("/portal/touch_protected.jsp");
343 }
344 else {
345 response.sendRedirect(themeDisplay.getPathMain());
346
347 return null;
348 }
349 }
350
351 String cmd = ParamUtil.getString(request, Constants.CMD);
352
353 if (cmd.equals("already-registered")) {
354 try {
355 login(request, response);
356
357 if (PropsValues.PORTAL_JAAS_ENABLE) {
358 return mapping.findForward("/portal/touch_protected.jsp");
359 }
360 else {
361 String redirect = ParamUtil.getString(request, "redirect");
362
363 if (Validator.isNotNull(redirect)) {
364 response.sendRedirect(redirect);
365 }
366 else {
367 response.sendRedirect(themeDisplay.getPathMain());
368 }
369
370 return null;
371 }
372 }
373 catch (Exception e) {
374 if (e instanceof AuthException) {
375 Throwable cause = e.getCause();
376
377 if (cause instanceof PasswordExpiredException ||
378 cause instanceof UserLockoutException) {
379
380 SessionErrors.add(request, cause.getClass().getName());
381 }
382 else {
383 SessionErrors.add(request, e.getClass().getName());
384 }
385
386 return mapping.findForward("portal.login");
387 }
388 else if (e instanceof CookieNotSupportedException ||
389 e instanceof NoSuchUserException ||
390 e instanceof PasswordExpiredException ||
391 e instanceof UserEmailAddressException ||
392 e instanceof UserIdException ||
393 e instanceof UserLockoutException ||
394 e instanceof UserPasswordException ||
395 e instanceof UserScreenNameException) {
396
397 SessionErrors.add(request, e.getClass().getName());
398
399 return mapping.findForward("portal.login");
400 }
401 else {
402 PortalUtil.sendError(e, request, response);
403
404 return null;
405 }
406 }
407 }
408 else if (cmd.equals("forgot-password")) {
409 try {
410 sendPassword(request);
411
412 return mapping.findForward("portal.login");
413 }
414 catch (Exception e) {
415 if (e instanceof CaptchaTextException ||
416 e instanceof NoSuchUserException ||
417 e instanceof SendPasswordException ||
418 e instanceof UserEmailAddressException) {
419
420 SessionErrors.add(request, e.getClass().getName());
421
422 return mapping.findForward("portal.login");
423 }
424 else {
425 PortalUtil.sendError(e, request, response);
426
427 return null;
428 }
429 }
430 }
431 else {
432 String authLoginURL = PortalUtil.getCommunityLoginURL(themeDisplay);
433
434 if (Validator.isNull(authLoginURL)) {
435 authLoginURL = PropsValues.AUTH_LOGIN_URL;
436 }
437
438 if (Validator.isNotNull(authLoginURL)) {
439 response.sendRedirect(authLoginURL);
440
441 return null;
442 }
443 else {
444 return mapping.findForward("portal.login");
445 }
446 }
447 }
448
449 protected void login(
450 HttpServletRequest request, HttpServletResponse response)
451 throws Exception {
452
453 String login = ParamUtil.getString(request, "login").toLowerCase();
454 String password = ParamUtil.getString(
455 request, SessionParameters.get(request, "password"));
456 boolean rememberMe = ParamUtil.getBoolean(request, "rememberMe");
457
458 login(request, response, login, password, rememberMe);
459 }
460
461 protected void sendPassword(HttpServletRequest request) throws Exception {
462 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
463 WebKeys.THEME_DISPLAY);
464
465 Company company = themeDisplay.getCompany();
466
467 if (!company.isSendPassword()) {
468 return;
469 }
470
471 if (PropsValues.CAPTCHA_CHECK_PORTAL_SEND_PASSWORD) {
472 CaptchaUtil.check(request);
473 }
474
475 String emailAddress = ParamUtil.getString(request, "emailAddress");
476
477 String remoteAddr = request.getRemoteAddr();
478 String remoteHost = request.getRemoteHost();
479 String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
480
481 UserLocalServiceUtil.sendPassword(
482 PortalUtil.getCompanyId(request), emailAddress, remoteAddr,
483 remoteHost, userAgent);
484
485 SessionMessages.add(request, "request_processed", emailAddress);
486 }
487
488 private static Log _log = LogFactory.getLog(LoginAction.class);
489
490 }