001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.util.GetterUtil;
018 import com.liferay.portal.kernel.util.ParamUtil;
019 import com.liferay.portal.kernel.util.Validator;
020 import com.liferay.portal.model.Company;
021 import com.liferay.portal.model.CompanyConstants;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.pwd.PasswordEncryptorUtil;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026
027 import java.util.Properties;
028
029 import javax.servlet.http.HttpServletRequest;
030 import javax.servlet.http.HttpServletResponse;
031
032
036 public class ParameterAutoLogin extends BaseAutoLogin implements AuthVerifier {
037
038 @Override
039 public String getAuthType() {
040 return ParameterAutoLogin.class.getSimpleName();
041 }
042
043 @Override
044 public AuthVerifierResult verify(
045 AccessControlContext accessControlContext, Properties properties)
046 throws AuthException {
047
048 try {
049 AuthVerifierResult authVerifierResult = new AuthVerifierResult();
050
051 String[] credentials = login(
052 accessControlContext.getRequest(),
053 accessControlContext.getResponse());
054
055 if (credentials != null) {
056 authVerifierResult.setPassword(credentials[1]);
057 authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
058 authVerifierResult.setUserId(Long.valueOf(credentials[0]));
059 }
060
061 return authVerifierResult;
062 }
063 catch (AutoLoginException ale) {
064 throw new AuthException(ale);
065 }
066 }
067
068 @Override
069 protected String[] doLogin(
070 HttpServletRequest request, HttpServletResponse response)
071 throws Exception {
072
073 String login = ParamUtil.getString(request, getLoginParam());
074
075 if (Validator.isNull(login)) {
076 return null;
077 }
078
079 String password = ParamUtil.getString(request, getPasswordParam());
080
081 if (Validator.isNull(password)) {
082 return null;
083 }
084
085 Company company = PortalUtil.getCompany(request);
086
087 String authType = company.getAuthType();
088
089 long userId = 0;
090
091 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
092 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
093 company.getCompanyId(), login);
094 }
095 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
096 userId = UserLocalServiceUtil.getUserIdByScreenName(
097 company.getCompanyId(), login);
098 }
099 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
100 userId = GetterUtil.getLong(login);
101 }
102 else {
103 return null;
104 }
105
106 if (userId > 0) {
107 User user = UserLocalServiceUtil.getUserById(userId);
108
109 String userPassword = user.getPassword();
110
111 if (!user.isPasswordEncrypted()) {
112 userPassword = PasswordEncryptorUtil.encrypt(userPassword);
113 }
114
115 String encPassword = PasswordEncryptorUtil.encrypt(
116 password, userPassword);
117
118 if (!userPassword.equals(password) &&
119 !userPassword.equals(encPassword)) {
120
121 return null;
122 }
123 }
124
125 String[] credentials = new String[] {
126 String.valueOf(userId), password, Boolean.FALSE.toString()
127 };
128
129 return credentials;
130 }
131
132 protected String getLoginParam() {
133 return _LOGIN_PARAM;
134 }
135
136 protected String getPasswordParam() {
137 return _PASSWORD_PARAM;
138 }
139
140 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
141
142 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
143
144 }