001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.util.GetterUtil;
018    import com.liferay.portal.kernel.util.ParamUtil;
019    import com.liferay.portal.kernel.util.Validator;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.model.CompanyConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.pwd.PwdEncryptor;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    
027    import javax.servlet.http.HttpServletRequest;
028    import javax.servlet.http.HttpServletResponse;
029    
030    /**
031     * @author Minhchau Dang
032     */
033    public class ParameterAutoLogin implements AutoLogin {
034    
035            @Override
036            public String[] login(
037                            HttpServletRequest request, HttpServletResponse response)
038                    throws AutoLoginException {
039    
040                    try {
041                            String login = ParamUtil.getString(request, getLoginParam());
042    
043                            if (Validator.isNull(login)) {
044                                    return null;
045                            }
046    
047                            String password = ParamUtil.getString(request, getPasswordParam());
048    
049                            if (Validator.isNull(password)) {
050                                    return null;
051                            }
052    
053                            Company company = PortalUtil.getCompany(request);
054    
055                            String authType = company.getAuthType();
056    
057                            long userId = 0;
058    
059                            if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
060                                    userId = UserLocalServiceUtil.getUserIdByEmailAddress(
061                                            company.getCompanyId(), login);
062                            }
063                            else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
064                                    userId = UserLocalServiceUtil.getUserIdByScreenName(
065                                            company.getCompanyId(), login);
066                            }
067                            else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
068                                    userId = GetterUtil.getLong(login);
069                            }
070                            else {
071                                    return null;
072                            }
073    
074                            if (userId > 0) {
075                                    User user = UserLocalServiceUtil.getUserById(userId);
076    
077                                    String userPassword = user.getPassword();
078    
079                                    if (!user.isPasswordEncrypted()) {
080                                            userPassword = PwdEncryptor.encrypt(userPassword);
081                                    }
082    
083                                    String encPassword = PwdEncryptor.encrypt(password);
084    
085                                    if (!userPassword.equals(password) &&
086                                            !userPassword.equals(encPassword)) {
087    
088                                            return null;
089                                    }
090                            }
091    
092                            String[] credentials = new String[] {
093                                    String.valueOf(userId), password, Boolean.FALSE.toString()
094                            };
095    
096                            return credentials;
097                    }
098                    catch (Exception e) {
099                            throw new AutoLoginException(e);
100                    }
101            }
102    
103            protected String getLoginParam() {
104                    return _LOGIN_PARAM;
105            }
106    
107            protected String getPasswordParam() {
108                    return _PASSWORD_PARAM;
109            }
110    
111            private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
112    
113            private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
114    
115    }