001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.util.GetterUtil;
018    import com.liferay.portal.kernel.util.ParamUtil;
019    import com.liferay.portal.kernel.util.Validator;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.model.CompanyConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    
027    import java.util.Properties;
028    
029    import javax.servlet.http.HttpServletRequest;
030    import javax.servlet.http.HttpServletResponse;
031    
032    /**
033     * @author Minhchau Dang
034     * @author Tomas Polesovsky
035     */
036    public class ParameterAutoLogin extends BaseAutoLogin implements AuthVerifier {
037    
038            @Override
039            public String getAuthType() {
040                    return ParameterAutoLogin.class.getSimpleName();
041            }
042    
043            @Override
044            public AuthVerifierResult verify(
045                            AccessControlContext accessControlContext, Properties properties)
046                    throws AuthException {
047    
048                    try {
049                            AuthVerifierResult authVerifierResult = new AuthVerifierResult();
050    
051                            String[] credentials = login(
052                                    accessControlContext.getRequest(),
053                                    accessControlContext.getResponse());
054    
055                            if (credentials != null) {
056                                    authVerifierResult.setPassword(credentials[1]);
057                                    authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
058                                    authVerifierResult.setUserId(Long.valueOf(credentials[0]));
059                            }
060    
061                            return authVerifierResult;
062                    }
063                    catch (AutoLoginException ale) {
064                            throw new AuthException(ale);
065                    }
066            }
067    
068            @Override
069            protected String[] doLogin(
070                            HttpServletRequest request, HttpServletResponse response)
071                    throws Exception {
072    
073                    String login = ParamUtil.getString(request, getLoginParam());
074    
075                    if (Validator.isNull(login)) {
076                            return null;
077                    }
078    
079                    String password = ParamUtil.getString(request, getPasswordParam());
080    
081                    if (Validator.isNull(password)) {
082                            return null;
083                    }
084    
085                    Company company = PortalUtil.getCompany(request);
086    
087                    String authType = company.getAuthType();
088    
089                    long userId = 0;
090    
091                    if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
092                            userId = UserLocalServiceUtil.getUserIdByEmailAddress(
093                                    company.getCompanyId(), login);
094                    }
095                    else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
096                            userId = UserLocalServiceUtil.getUserIdByScreenName(
097                                    company.getCompanyId(), login);
098                    }
099                    else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
100                            userId = GetterUtil.getLong(login);
101                    }
102                    else {
103                            return null;
104                    }
105    
106                    if (userId > 0) {
107                            User user = UserLocalServiceUtil.getUserById(userId);
108    
109                            String userPassword = user.getPassword();
110    
111                            if (!user.isPasswordEncrypted()) {
112                                    userPassword = PasswordEncryptorUtil.encrypt(userPassword);
113                            }
114    
115                            String encPassword = PasswordEncryptorUtil.encrypt(
116                                    password, userPassword);
117    
118                            if (!userPassword.equals(password) &&
119                                    !userPassword.equals(encPassword)) {
120    
121                                    return null;
122                            }
123                    }
124    
125                    String[] credentials = new String[] {
126                            String.valueOf(userId), password, Boolean.FALSE.toString()
127                    };
128    
129                    return credentials;
130            }
131    
132            protected String getLoginParam() {
133                    return _LOGIN_PARAM;
134            }
135    
136            protected String getPasswordParam() {
137                    return _PASSWORD_PARAM;
138            }
139    
140            private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
141    
142            private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
143    
144    }