001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.exception.SystemException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.LocaleUtil;
021    import com.liferay.portal.kernel.util.ParamUtil;
022    import com.liferay.portal.kernel.util.PropsKeys;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.Validator;
025    import com.liferay.portal.kernel.util.WebKeys;
026    import com.liferay.portal.model.CompanyConstants;
027    import com.liferay.portal.model.User;
028    import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
029    import com.liferay.portal.service.ServiceContext;
030    import com.liferay.portal.service.UserLocalServiceUtil;
031    import com.liferay.portal.servlet.filters.sso.opensso.OpenSSOUtil;
032    import com.liferay.portal.theme.ThemeDisplay;
033    import com.liferay.portal.util.PortalUtil;
034    import com.liferay.portal.util.PrefsPropsUtil;
035    import com.liferay.portal.util.PropsValues;
036    import com.liferay.util.PwdGenerator;
037    
038    import java.util.Calendar;
039    import java.util.Locale;
040    import java.util.Map;
041    
042    import javax.servlet.http.HttpServletRequest;
043    import javax.servlet.http.HttpServletResponse;
044    
045    /**
046     * @author Brian Wing Shun Chan
047     * @author Prashant Dighe
048     */
049    public class OpenSSOAutoLogin extends BaseAutoLogin {
050    
051            protected User addUser(
052                            long companyId, String firstName, String lastName,
053                            String emailAddress, String screenName, Locale locale)
054                    throws Exception {
055    
056                    long creatorUserId = 0;
057                    boolean autoPassword = false;
058                    String password1 = PwdGenerator.getPassword();
059                    String password2 = password1;
060                    boolean autoScreenName = false;
061                    long facebookId = 0;
062                    String openId = StringPool.BLANK;
063                    String middleName = StringPool.BLANK;
064                    int prefixId = 0;
065                    int suffixId = 0;
066                    boolean male = true;
067                    int birthdayMonth = Calendar.JANUARY;
068                    int birthdayDay = 1;
069                    int birthdayYear = 1970;
070                    String jobTitle = StringPool.BLANK;
071                    long[] groupIds = null;
072                    long[] organizationIds = null;
073                    long[] roleIds = null;
074                    long[] userGroupIds = null;
075                    boolean sendEmail = false;
076                    ServiceContext serviceContext = new ServiceContext();
077    
078                    return UserLocalServiceUtil.addUser(
079                            creatorUserId, companyId, autoPassword, password1, password2,
080                            autoScreenName, screenName, emailAddress, facebookId, openId,
081                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
082                            birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
083                            organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
084            }
085    
086            @Override
087            protected String[] doLogin(
088                            HttpServletRequest request, HttpServletResponse response)
089                    throws Exception {
090    
091                    long companyId = PortalUtil.getCompanyId(request);
092    
093                    if (!PrefsPropsUtil.getBoolean(
094                                    companyId, PropsKeys.OPEN_SSO_AUTH_ENABLED,
095                                    PropsValues.OPEN_SSO_AUTH_ENABLED)) {
096    
097                            return null;
098                    }
099    
100                    String serviceUrl = PrefsPropsUtil.getString(
101                            companyId, PropsKeys.OPEN_SSO_SERVICE_URL);
102    
103                    if (!OpenSSOUtil.isAuthenticated(request, serviceUrl)) {
104                            return null;
105                    }
106    
107                    boolean ldapImportEnabled = PrefsPropsUtil.getBoolean(
108                            companyId, PropsKeys.OPEN_SSO_LDAP_IMPORT_ENABLED,
109                            PropsValues.OPEN_SSO_LDAP_IMPORT_ENABLED);
110                    String screenNameAttr = PrefsPropsUtil.getString(
111                            companyId, PropsKeys.OPEN_SSO_SCREEN_NAME_ATTR,
112                            PropsValues.OPEN_SSO_SCREEN_NAME_ATTR);
113                    String emailAddressAttr = PrefsPropsUtil.getString(
114                            companyId, PropsKeys.OPEN_SSO_EMAIL_ADDRESS_ATTR,
115                            PropsValues.OPEN_SSO_EMAIL_ADDRESS_ATTR);
116                    String firstNameAttr = PrefsPropsUtil.getString(
117                            companyId, PropsKeys.OPEN_SSO_FIRST_NAME_ATTR,
118                            PropsValues.OPEN_SSO_FIRST_NAME_ATTR);
119                    String lastNameAttr = PrefsPropsUtil.getString(
120                            companyId, PropsKeys.OPEN_SSO_LAST_NAME_ATTR,
121                            PropsValues.OPEN_SSO_LAST_NAME_ATTR);
122    
123                    Map<String, String> nameValues = OpenSSOUtil.getAttributes(
124                            request, serviceUrl);
125    
126                    String screenName = nameValues.get(screenNameAttr);
127                    String emailAddress = nameValues.get(emailAddressAttr);
128                    String firstName = nameValues.get(firstNameAttr);
129                    String lastName = nameValues.get(lastNameAttr);
130    
131                    if (_log.isDebugEnabled()) {
132                            _log.debug(
133                                    "Validating user information for " + firstName + " " +
134                                            lastName + " with screen name " + screenName +
135                                            " and email address " + emailAddress);
136                    }
137    
138                    User user = null;
139    
140                    if (PrefsPropsUtil.getBoolean(
141                                    companyId, PropsKeys.USERS_SCREEN_NAME_ALWAYS_AUTOGENERATE)) {
142    
143                            user = UserLocalServiceUtil.fetchUserByEmailAddress(
144                                    companyId, emailAddress);
145    
146                            if (user != null) {
147                                    ScreenNameGenerator screenNameGenerator =
148                                            ScreenNameGeneratorFactory.getInstance();
149    
150                                    screenName = screenNameGenerator.generate(
151                                            companyId, user.getUserId(), emailAddress);
152                            }
153                    }
154    
155                    if (ldapImportEnabled) {
156                            try {
157                                    String authType = PrefsPropsUtil.getString(
158                                            companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE,
159                                            PropsValues.COMPANY_SECURITY_AUTH_TYPE);
160    
161                                    if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
162                                            user = PortalLDAPImporterUtil.importLDAPUser(
163                                                    companyId, StringPool.BLANK, screenName);
164                                    }
165                                    else {
166                                            user = PortalLDAPImporterUtil.importLDAPUser(
167                                                    companyId, emailAddress, StringPool.BLANK);
168                                    }
169                            }
170                            catch (SystemException se) {
171                            }
172                    }
173                    else {
174                            if (Validator.isNull(emailAddress)) {
175                                    return handleException(
176                                            request, response, new Exception("Email address is null"));
177                            }
178                    }
179    
180                    if (user == null) {
181                            user = UserLocalServiceUtil.fetchUserByScreenName(
182                                    companyId, screenName);
183                    }
184    
185                    if (user == null) {
186                            ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
187                                    WebKeys.THEME_DISPLAY);
188    
189                            Locale locale = LocaleUtil.getDefault();
190    
191                            if (themeDisplay != null) {
192    
193                                    // ThemeDisplay should never be null, but some users complain of
194                                    // this error. Cause is unknown.
195    
196                                    locale = themeDisplay.getLocale();
197                            }
198    
199                            if (_log.isDebugEnabled()) {
200                                    _log.debug("Adding user " + screenName);
201                            }
202    
203                            user = addUser(
204                                    companyId, firstName, lastName, emailAddress, screenName,
205                                    locale);
206                    }
207    
208                    String currentURL = PortalUtil.getCurrentURL(request);
209    
210                    if (currentURL.contains("/portal/login")) {
211                            String redirect = ParamUtil.getString(request, "redirect");
212    
213                            if (Validator.isNotNull(redirect)) {
214                                    redirect = PortalUtil.escapeRedirect(redirect);
215                            }
216                            else {
217                                    redirect = PortalUtil.getPathMain();
218                            }
219    
220                            request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
221                    }
222    
223                    String[] credentials = new String[3];
224    
225                    credentials[0] = String.valueOf(user.getUserId());
226                    credentials[1] = user.getPassword();
227                    credentials[2] = Boolean.TRUE.toString();
228    
229                    return credentials;
230            }
231    
232            private static Log _log = LogFactoryUtil.getLog(OpenSSOAutoLogin.class);
233    
234    }