1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.auth;
16  
17  import com.liferay.portal.kernel.util.GetterUtil;
18  import com.liferay.portal.kernel.util.ParamUtil;
19  import com.liferay.portal.kernel.util.Validator;
20  import com.liferay.portal.model.Company;
21  import com.liferay.portal.model.CompanyConstants;
22  import com.liferay.portal.model.User;
23  import com.liferay.portal.security.pwd.PwdEncryptor;
24  import com.liferay.portal.service.UserLocalServiceUtil;
25  import com.liferay.portal.util.PortalUtil;
26  
27  import javax.servlet.http.HttpServletRequest;
28  import javax.servlet.http.HttpServletResponse;
29  
30  /**
31   * <a href="ParameterAutoLogin.java.html"><b><i>View Source</i></b></a>
32   *
33   * @author Minhchau Dang
34   */
35  public class ParameterAutoLogin implements AutoLogin {
36  
37      public String[] login(
38              HttpServletRequest request, HttpServletResponse response)
39          throws AutoLoginException {
40  
41          try {
42              String login = ParamUtil.getString(request, getLoginParam());
43  
44              if (Validator.isNull(login)) {
45                  return null;
46              }
47  
48              String password = ParamUtil.getString(request, getPasswordParam());
49  
50              if (Validator.isNull(password)) {
51                  return null;
52              }
53  
54              Company company = PortalUtil.getCompany(request);
55  
56              String authType = company.getAuthType();
57  
58              long userId = 0;
59  
60              if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
61                  userId = UserLocalServiceUtil.getUserIdByEmailAddress(
62                      company.getCompanyId(), login);
63              }
64              else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
65                  userId = UserLocalServiceUtil.getUserIdByScreenName(
66                      company.getCompanyId(), login);
67              }
68              else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
69                  userId = GetterUtil.getLong(login);
70              }
71              else {
72                  return null;
73              }
74  
75              if (userId > 0) {
76                  User user = UserLocalServiceUtil.getUserById(userId);
77  
78                  String userPassword = user.getPassword();
79  
80                  if (!user.isPasswordEncrypted()) {
81                      userPassword = PwdEncryptor.encrypt(userPassword);
82                  }
83  
84                  String encPassword = PwdEncryptor.encrypt(password);
85  
86                  if (!userPassword.equals(password) &&
87                      !userPassword.equals(encPassword)) {
88  
89                      return null;
90                  }
91              }
92  
93              String[] credentials = new String[] {
94                  String.valueOf(userId), password, Boolean.FALSE.toString()
95              };
96  
97              return credentials;
98          }
99          catch (Exception e) {
100             throw new AutoLoginException(e);
101         }
102     }
103 
104     protected String getLoginParam() {
105         return _LOGIN_PARAM;
106     }
107 
108     protected String getPasswordParam() {
109         return _PASSWORD_PARAM;
110     }
111 
112     private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
113 
114     private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
115 
116 }