1
14
15 package com.liferay.portlet.login.util;
16
17 import com.liferay.portal.kernel.exception.SystemException;
18 import com.liferay.portal.kernel.log.Log;
19 import com.liferay.portal.kernel.log.LogFactoryUtil;
20 import com.liferay.portal.kernel.servlet.HttpHeaders;
21 import com.liferay.portal.kernel.servlet.SessionMessages;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.kernel.util.ParamUtil;
24 import com.liferay.portal.kernel.util.StringPool;
25 import com.liferay.portal.kernel.util.Validator;
26 import com.liferay.portal.model.Company;
27 import com.liferay.portal.model.CompanyConstants;
28 import com.liferay.portal.model.User;
29 import com.liferay.portal.security.auth.AuthException;
30 import com.liferay.portal.security.auth.Authenticator;
31 import com.liferay.portal.service.UserLocalServiceUtil;
32 import com.liferay.portal.theme.ThemeDisplay;
33 import com.liferay.portal.util.CookieKeys;
34 import com.liferay.portal.util.PortalUtil;
35 import com.liferay.portal.util.PortletKeys;
36 import com.liferay.portal.util.PropsValues;
37 import com.liferay.portal.util.WebKeys;
38 import com.liferay.portlet.PortletURLImpl;
39 import com.liferay.util.Encryptor;
40
41 import java.util.ArrayList;
42 import java.util.Enumeration;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Map;
46
47 import javax.portlet.ActionRequest;
48 import javax.portlet.PortletMode;
49 import javax.portlet.PortletModeException;
50 import javax.portlet.PortletRequest;
51 import javax.portlet.PortletURL;
52 import javax.portlet.WindowState;
53 import javax.portlet.WindowStateException;
54
55 import javax.servlet.http.Cookie;
56 import javax.servlet.http.HttpServletRequest;
57 import javax.servlet.http.HttpServletResponse;
58 import javax.servlet.http.HttpSession;
59
60
66 public class LoginUtil {
67
68 public static String getLogin(
69 HttpServletRequest request, String paramName, Company company)
70 throws SystemException {
71
72 String login = request.getParameter(paramName);
73
74 if ((login == null) || (login.equals(StringPool.NULL))) {
75 login = GetterUtil.getString(
76 CookieKeys.getCookie(request, CookieKeys.LOGIN));
77
78 if (PropsValues.COMPANY_LOGIN_PREPOPULATE_DOMAIN &&
79 Validator.isNull(login) &&
80 company.getAuthType().equals(CompanyConstants.AUTH_TYPE_EA)) {
81
82 login = "@" + company.getMx();
83 }
84 }
85
86 return login;
87 }
88
89 public static PortletURL getLoginURL(
90 HttpServletRequest request, long plid)
91 throws PortletModeException, WindowStateException {
92
93 PortletURL portletURL = new PortletURLImpl(
94 request, PortletKeys.LOGIN, plid, PortletRequest.RENDER_PHASE);
95
96 portletURL.setWindowState(WindowState.MAXIMIZED);
97 portletURL.setPortletMode(PortletMode.VIEW);
98
99 portletURL.setParameter("saveLastPath", "0");
100 portletURL.setParameter("struts_action", "/login/login");
101
102 return portletURL;
103 }
104
105 public static void login(
106 HttpServletRequest request, HttpServletResponse response,
107 String login, String password, boolean rememberMe, String authType)
108 throws Exception {
109
110 CookieKeys.validateSupportCookie(request);
111
112 HttpSession session = request.getSession();
113
114 long userId = GetterUtil.getLong(login);
115
116 int authResult = Authenticator.FAILURE;
117
118 Company company = PortalUtil.getCompany(request);
119
120 Map<String, String[]> headerMap = new HashMap<String, String[]>();
121
122 Enumeration<String> enu1 = request.getHeaderNames();
123
124 while (enu1.hasMoreElements()) {
125 String name = enu1.nextElement();
126
127 Enumeration<String> enu2 = request.getHeaders(name);
128
129 List<String> headers = new ArrayList<String>();
130
131 while (enu2.hasMoreElements()) {
132 String value = enu2.nextElement();
133
134 headers.add(value);
135 }
136
137 headerMap.put(name, headers.toArray(new String[headers.size()]));
138 }
139
140 Map<String, String[]> parameterMap = request.getParameterMap();
141
142 if (Validator.isNull(authType)) {
143 authType = company.getAuthType();
144 }
145
146 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
147 authResult = UserLocalServiceUtil.authenticateByEmailAddress(
148 company.getCompanyId(), login, password, headerMap,
149 parameterMap);
150
151 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
152 company.getCompanyId(), login);
153 }
154 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
155 authResult = UserLocalServiceUtil.authenticateByScreenName(
156 company.getCompanyId(), login, password, headerMap,
157 parameterMap);
158
159 userId = UserLocalServiceUtil.getUserIdByScreenName(
160 company.getCompanyId(), login);
161 }
162 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
163 authResult = UserLocalServiceUtil.authenticateByUserId(
164 company.getCompanyId(), userId, password, headerMap,
165 parameterMap);
166 }
167
168 if (authResult == Authenticator.SUCCESS) {
169 if (PropsValues.SESSION_ENABLE_PHISHING_PROTECTION) {
170
171
173 String[] protectedAttributeNames =
174 PropsValues.SESSION_PHISHING_PROTECTED_ATTRIBUTES;
175
176 Map<String, Object> protectedAttributes =
177 new HashMap<String, Object>();
178
179 for (String protectedAttributeName : protectedAttributeNames) {
180 Object protectedAttributeValue = session.getAttribute(
181 protectedAttributeName);
182
183 if (protectedAttributeValue == null) {
184 continue;
185 }
186
187 protectedAttributes.put(
188 protectedAttributeName, protectedAttributeValue);
189 }
190
191 try {
192 session.invalidate();
193 }
194 catch (IllegalStateException ise) {
195
196
198 if (_log.isWarnEnabled()) {
199 _log.warn(ise.getMessage());
200 }
201 }
202
203 session = request.getSession(true);
204
205 for (String protectedAttributeName : protectedAttributeNames) {
206 Object protectedAttributeValue = protectedAttributes.get(
207 protectedAttributeName);
208
209 if (protectedAttributeValue == null) {
210 continue;
211 }
212
213 session.setAttribute(
214 protectedAttributeName, protectedAttributeValue);
215 }
216 }
217
218
220 String domain = CookieKeys.getDomain(request);
221
222 User user = UserLocalServiceUtil.getUserById(userId);
223
224 String userIdString = String.valueOf(userId);
225
226 session.setAttribute("j_username", userIdString);
227 session.setAttribute("j_password", user.getPassword());
228 session.setAttribute("j_remoteuser", userIdString);
229
230 session.setAttribute(WebKeys.USER_PASSWORD, password);
231
232 Cookie companyIdCookie = new Cookie(
233 CookieKeys.COMPANY_ID, String.valueOf(company.getCompanyId()));
234
235 if (Validator.isNotNull(domain)) {
236 companyIdCookie.setDomain(domain);
237 }
238
239 companyIdCookie.setPath(StringPool.SLASH);
240
241 Cookie idCookie = new Cookie(
242 CookieKeys.ID,
243 UserLocalServiceUtil.encryptUserId(userIdString));
244
245 if (Validator.isNotNull(domain)) {
246 idCookie.setDomain(domain);
247 }
248
249 idCookie.setPath(StringPool.SLASH);
250
251 Cookie passwordCookie = new Cookie(
252 CookieKeys.PASSWORD,
253 Encryptor.encrypt(company.getKeyObj(), password));
254
255 if (Validator.isNotNull(domain)) {
256 passwordCookie.setDomain(domain);
257 }
258
259 passwordCookie.setPath(StringPool.SLASH);
260
261 Cookie rememberMeCookie = new Cookie(
262 CookieKeys.REMEMBER_ME, Boolean.TRUE.toString());
263
264 if (Validator.isNotNull(domain)) {
265 rememberMeCookie.setDomain(domain);
266 }
267
268 rememberMeCookie.setPath(StringPool.SLASH);
269
270 int loginMaxAge = PropsValues.COMPANY_SECURITY_AUTO_LOGIN_MAX_AGE;
271
272 if (PropsValues.SESSION_DISABLED) {
273 rememberMe = true;
274 }
275
276 if (rememberMe) {
277 companyIdCookie.setMaxAge(loginMaxAge);
278 idCookie.setMaxAge(loginMaxAge);
279 passwordCookie.setMaxAge(loginMaxAge);
280 rememberMeCookie.setMaxAge(loginMaxAge);
281 }
282 else {
283
284
290 companyIdCookie.setMaxAge(-1);
291 idCookie.setMaxAge(-1);
292 passwordCookie.setMaxAge(-1);
293 rememberMeCookie.setMaxAge(0);
294 }
295
296 Cookie loginCookie = new Cookie(CookieKeys.LOGIN, login);
297
298 if (Validator.isNotNull(domain)) {
299 loginCookie.setDomain(domain);
300 }
301
302 loginCookie.setMaxAge(loginMaxAge);
303 loginCookie.setPath(StringPool.SLASH);
304
305 Cookie screenNameCookie = new Cookie(
306 CookieKeys.SCREEN_NAME,
307 Encryptor.encrypt(company.getKeyObj(), user.getScreenName()));
308
309 if (Validator.isNotNull(domain)) {
310 screenNameCookie.setDomain(domain);
311 }
312
313 screenNameCookie.setMaxAge(loginMaxAge);
314 screenNameCookie.setPath(StringPool.SLASH);
315
316 boolean secure = request.isSecure();
317
318 if (secure) {
319 Boolean httpsInitial = (Boolean)session.getAttribute(
320 WebKeys.HTTPS_INITIAL);
321
322 if ((httpsInitial == null) || !httpsInitial.booleanValue()) {
323 secure = false;
324 }
325 }
326
327 CookieKeys.addCookie(request, response, companyIdCookie, secure);
328 CookieKeys.addCookie(request, response, idCookie, secure);
329 CookieKeys.addCookie(request, response, passwordCookie, secure);
330 CookieKeys.addCookie(request, response, rememberMeCookie, secure);
331 CookieKeys.addCookie(request, response, loginCookie, secure);
332 CookieKeys.addCookie(request, response, screenNameCookie, secure);
333 }
334 else {
335 throw new AuthException();
336 }
337 }
338
339 public static void sendPassword(ActionRequest actionRequest)
340 throws Exception {
341
342 String toAddress = ParamUtil.getString(actionRequest, "emailAddress");
343
344 sendPassword(actionRequest, null, null, toAddress, null, null);
345 }
346
347 public static void sendPassword(
348 ActionRequest actionRequest, String fromName, String fromAddress,
349 String toAddress, String subject, String body)
350 throws Exception {
351
352 HttpServletRequest request = PortalUtil.getHttpServletRequest(
353 actionRequest);
354
355 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
356 WebKeys.THEME_DISPLAY);
357
358 Company company = themeDisplay.getCompany();
359
360 if (!company.isSendPassword()) {
361 return;
362 }
363
364 String remoteAddr = request.getRemoteAddr();
365 String remoteHost = request.getRemoteHost();
366 String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
367
368 UserLocalServiceUtil.sendPassword(
369 company.getCompanyId(), toAddress, remoteAddr, remoteHost,
370 userAgent, fromName, fromAddress, subject, body);
371
372 SessionMessages.add(actionRequest, "request_processed", toAddress);
373 }
374
375 private static Log _log = LogFactoryUtil.getLog(LoginUtil.class);
376
377 }