001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.KeyValuePair;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.User;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.CookieKeys;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin implements AutoLogin {
037    
038            public String[] login(
039                            HttpServletRequest request, HttpServletResponse response)
040                    throws AutoLoginException {
041    
042                    try {
043                            String[] credentials = null;
044    
045                            String autoUserId = CookieKeys.getCookie(request, CookieKeys.ID);
046                            String autoPassword = CookieKeys.getCookie(
047                                    request, CookieKeys.PASSWORD);
048                            String rememberMe = CookieKeys.getCookie(
049                                    request, CookieKeys.REMEMBER_ME);
050    
051                            // LEP-5188
052    
053                            if (!PortalUtil.getPathContext().equals(request.getContextPath())) {
054                                    rememberMe = Boolean.TRUE.toString();
055                            }
056    
057                            if (Validator.isNotNull(autoUserId) &&
058                                    Validator.isNotNull(autoPassword) &&
059                                    Validator.isNotNull(rememberMe)) {
060    
061                                    Company company = PortalUtil.getCompany(request);
062    
063                                    KeyValuePair kvp = null;
064    
065                                    if (company.isAutoLogin()) {
066                                            kvp = UserLocalServiceUtil.decryptUserId(
067                                                    company.getCompanyId(), autoUserId, autoPassword);
068    
069                                            credentials = new String[3];
070    
071                                            credentials[0] = kvp.getKey();
072                                            credentials[1] = kvp.getValue();
073                                            credentials[2] = Boolean.FALSE.toString();
074                                    }
075                            }
076    
077                            // LPS-11218
078    
079                            if (credentials != null) {
080                                    Company company = PortalUtil.getCompany(request);
081    
082                                    User defaultUser = UserLocalServiceUtil.getDefaultUser(
083                                            company.getCompanyId());
084    
085                                    long userId = GetterUtil.getLong(credentials[0]);
086    
087                                    if (defaultUser.getUserId() == userId) {
088                                            credentials = null;
089    
090                                            removeCookies(request, response);
091                                    }
092                            }
093    
094                            return credentials;
095                    }
096                    catch (Exception e) {
097                            _log.warn(e, e);
098    
099                            removeCookies(request, response);
100    
101                            throw new AutoLoginException(e);
102                    }
103            }
104    
105            protected void removeCookies(
106                    HttpServletRequest request, HttpServletResponse response) {
107    
108                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
109    
110                    cookie.setMaxAge(0);
111                    cookie.setPath(StringPool.SLASH);
112    
113                    CookieKeys.addCookie(request, response, cookie);
114    
115                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
116    
117                    cookie.setMaxAge(0);
118                    cookie.setPath(StringPool.SLASH);
119    
120                    CookieKeys.addCookie(request, response, cookie);
121            }
122    
123            private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
124    
125    }