001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.KeyValuePair;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.User;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.CookieKeys;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin implements AutoLogin {
037    
038            @Override
039            public String[] login(
040                            HttpServletRequest request, HttpServletResponse response)
041                    throws AutoLoginException {
042    
043                    try {
044                            String[] credentials = null;
045    
046                            String autoUserId = CookieKeys.getCookie(
047                                    request, CookieKeys.ID, false);
048                            String autoPassword = CookieKeys.getCookie(
049                                    request, CookieKeys.PASSWORD, false);
050                            String rememberMe = CookieKeys.getCookie(
051                                    request, CookieKeys.REMEMBER_ME, false);
052    
053                            // LEP-5188
054    
055                            String proxyPath = PortalUtil.getPathProxy();
056                            String contextPath = PortalUtil.getPathContext();
057    
058                            if (proxyPath.equals(contextPath)) {
059                                    if (Validator.isNotNull(request.getContextPath())) {
060                                            rememberMe = Boolean.TRUE.toString();
061                                    }
062                            }
063                            else {
064                                    if (!contextPath.equals(request.getContextPath())) {
065                                            rememberMe = Boolean.TRUE.toString();
066                                    }
067                            }
068    
069                            if (Validator.isNotNull(autoUserId) &&
070                                    Validator.isNotNull(autoPassword) &&
071                                    Validator.isNotNull(rememberMe)) {
072    
073                                    Company company = PortalUtil.getCompany(request);
074    
075                                    KeyValuePair kvp = null;
076    
077                                    if (company.isAutoLogin()) {
078                                            kvp = UserLocalServiceUtil.decryptUserId(
079                                                    company.getCompanyId(), autoUserId, autoPassword);
080    
081                                            credentials = new String[3];
082    
083                                            credentials[0] = kvp.getKey();
084                                            credentials[1] = kvp.getValue();
085                                            credentials[2] = Boolean.FALSE.toString();
086                                    }
087                            }
088    
089                            // LPS-11218
090    
091                            if (credentials != null) {
092                                    Company company = PortalUtil.getCompany(request);
093    
094                                    User defaultUser = UserLocalServiceUtil.getDefaultUser(
095                                            company.getCompanyId());
096    
097                                    long userId = GetterUtil.getLong(credentials[0]);
098    
099                                    if (defaultUser.getUserId() == userId) {
100                                            credentials = null;
101    
102                                            removeCookies(request, response);
103                                    }
104                            }
105    
106                            return credentials;
107                    }
108                    catch (Exception e) {
109                            _log.warn(e, e);
110    
111                            removeCookies(request, response);
112    
113                            throw new AutoLoginException(e);
114                    }
115            }
116    
117            protected void removeCookies(
118                    HttpServletRequest request, HttpServletResponse response) {
119    
120                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
121    
122                    cookie.setMaxAge(0);
123                    cookie.setPath(StringPool.SLASH);
124    
125                    CookieKeys.addCookie(request, response, cookie);
126    
127                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
128    
129                    cookie.setMaxAge(0);
130                    cookie.setPath(StringPool.SLASH);
131    
132                    CookieKeys.addCookie(request, response, cookie);
133            }
134    
135            private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
136    
137    }