001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.util.GetterUtil;
018 import com.liferay.portal.kernel.util.ParamUtil;
019 import com.liferay.portal.kernel.util.Validator;
020 import com.liferay.portal.model.Company;
021 import com.liferay.portal.model.CompanyConstants;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.pwd.PwdEncryptor;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026
027 import javax.servlet.http.HttpServletRequest;
028 import javax.servlet.http.HttpServletResponse;
029
030
033 public class ParameterAutoLogin implements AutoLogin {
034
035 @Override
036 public String[] login(
037 HttpServletRequest request, HttpServletResponse response)
038 throws AutoLoginException {
039
040 try {
041 String login = ParamUtil.getString(request, getLoginParam());
042
043 if (Validator.isNull(login)) {
044 return null;
045 }
046
047 String password = ParamUtil.getString(request, getPasswordParam());
048
049 if (Validator.isNull(password)) {
050 return null;
051 }
052
053 Company company = PortalUtil.getCompany(request);
054
055 String authType = company.getAuthType();
056
057 long userId = 0;
058
059 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
060 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
061 company.getCompanyId(), login);
062 }
063 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
064 userId = UserLocalServiceUtil.getUserIdByScreenName(
065 company.getCompanyId(), login);
066 }
067 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
068 userId = GetterUtil.getLong(login);
069 }
070 else {
071 return null;
072 }
073
074 if (userId > 0) {
075 User user = UserLocalServiceUtil.getUserById(userId);
076
077 String userPassword = user.getPassword();
078
079 if (!user.isPasswordEncrypted()) {
080 userPassword = PwdEncryptor.encrypt(userPassword);
081 }
082
083 String encPassword = PwdEncryptor.encrypt(password);
084
085 if (!userPassword.equals(password) &&
086 !userPassword.equals(encPassword)) {
087
088 return null;
089 }
090 }
091
092 String[] credentials = new String[] {
093 String.valueOf(userId), password, Boolean.FALSE.toString()
094 };
095
096 return credentials;
097 }
098 catch (Exception e) {
099 throw new AutoLoginException(e);
100 }
101 }
102
103 protected String getLoginParam() {
104 return _LOGIN_PARAM;
105 }
106
107 protected String getPasswordParam() {
108 return _PASSWORD_PARAM;
109 }
110
111 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
112
113 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
114
115 }