1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
|
23 | |
|
24 | |
|
25 | |
|
26 | |
|
27 | |
|
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
|
33 | |
|
34 | |
|
35 | |
|
36 | |
|
37 | |
|
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | |
|
44 | |
|
45 | |
package org.melati.login; |
46 | |
|
47 | |
import javax.servlet.http.Cookie; |
48 | |
import javax.servlet.http.HttpSession; |
49 | |
|
50 | |
import org.melati.Melati; |
51 | |
import org.melati.poem.AccessPoemException; |
52 | |
import org.melati.poem.Field; |
53 | |
import org.melati.poem.PoemThread; |
54 | |
import org.melati.poem.User; |
55 | |
import org.melati.poem.UserTable; |
56 | |
import org.melati.servlet.Form; |
57 | |
import org.melati.servlet.TemplateServlet; |
58 | |
import org.melati.template.ServletTemplateContext; |
59 | |
import org.melati.util.HttpServletRequestParameters; |
60 | |
import org.melati.util.MD5Util; |
61 | |
import org.melati.util.UTF8URLEncoder; |
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
|
67 | |
public class LoginHandler { |
68 | |
|
69 | 1 | static int ONEYEARINSECONDS = 60 * 60 * 24 * 365; |
70 | |
|
71 | |
protected TemplateServlet servlet; |
72 | |
|
73 | |
|
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | 1 | public LoginHandler(TemplateServlet servlet) { |
79 | 1 | this.servlet = servlet; |
80 | 1 | } |
81 | |
|
82 | |
protected String loginTemplate(String name) { |
83 | |
|
84 | |
|
85 | |
|
86 | |
|
87 | |
|
88 | |
|
89 | |
|
90 | 36 | return "org/melati/login/" + name; |
91 | |
} |
92 | |
|
93 | |
protected String loginPageTemplate() { |
94 | 18 | return loginTemplate("Login"); |
95 | |
} |
96 | |
|
97 | |
protected String usernameUnknownTemplate() { |
98 | 1 | return loginTemplate("LoginFailure"); |
99 | |
} |
100 | |
|
101 | |
protected String passwordIncorrectTemplate() { |
102 | 1 | return loginTemplate("LoginFailure"); |
103 | |
} |
104 | |
|
105 | |
protected String loginSuccessTemplate () { |
106 | 16 | return loginTemplate("LoginSuccess"); |
107 | |
} |
108 | |
|
109 | |
|
110 | |
|
111 | |
|
112 | |
|
113 | |
|
114 | |
public void setupContext(ServletTemplateContext context) { |
115 | 36 | HttpSession session = context.getSession(); |
116 | |
|
117 | 36 | AccessPoemException triggeringException = null; |
118 | 36 | if (session != null) triggeringException = |
119 | 36 | (AccessPoemException)session.getAttribute(Login.TRIGGERING_EXCEPTION); |
120 | |
|
121 | 36 | if (triggeringException != null) |
122 | 8 | context.put("triggeringException", triggeringException); |
123 | |
|
124 | 36 | String username = context.getFormField("field_login"); |
125 | 36 | String password = context.getFormField("field_password"); |
126 | 36 | UserTable<User> users = PoemThread.database().getUserTable(); |
127 | |
|
128 | 36 | context.put("login", new Field<String>(username, users.getLoginColumn())); |
129 | 36 | context.put("password", new Field<String>(password, users.getPasswordColumn())); |
130 | |
|
131 | 36 | context.put("loginUnknown", Boolean.FALSE); |
132 | 36 | context.put("passwordWrong", Boolean.FALSE); |
133 | 36 | } |
134 | |
|
135 | |
|
136 | |
|
137 | |
|
138 | |
|
139 | |
|
140 | |
|
141 | |
|
142 | |
|
143 | |
|
144 | |
public String loginSuccessfullyAs (Melati melati, |
145 | |
ServletTemplateContext templateContext, |
146 | |
User user) { |
147 | |
|
148 | |
|
149 | |
|
150 | |
|
151 | |
|
152 | |
|
153 | |
|
154 | 16 | if (Form.getFieldNulled(templateContext,"rememberme") != null) { |
155 | 16 | String ldb = melati.getPoemContext().getLogicalDatabase(); |
156 | 16 | melati.getResponse().addCookie(makeCookie(ldb, user.getLogin_unsafe())); |
157 | 32 | melati.getResponse().addCookie(makeCookie(ldb+user.getLogin_unsafe(), |
158 | 16 | MD5Util.encode(user.getPassword_unsafe()))); |
159 | |
} |
160 | |
|
161 | 16 | HttpSession session = templateContext.getSession(); |
162 | |
|
163 | 16 | HttpServletRequestParameters triggeringParams = |
164 | 16 | (HttpServletRequestParameters)session.getAttribute( |
165 | |
Login.TRIGGERING_REQUEST_PARAMETERS); |
166 | |
|
167 | 16 | if (triggeringParams != null) { |
168 | 2 | session.setAttribute(HttpSessionAccessHandler.OVERLAY_PARAMETERS, |
169 | |
triggeringParams); |
170 | 2 | session.removeAttribute(Login.TRIGGERING_REQUEST_PARAMETERS); |
171 | 2 | session.removeAttribute(Login.TRIGGERING_EXCEPTION); |
172 | 4 | templateContext.put("continuationURL", |
173 | 2 | triggeringParams.continuationURL()); |
174 | |
} else { |
175 | 14 | if (Form.getFieldNulled(templateContext,"continuationURL") |
176 | |
!= null) { |
177 | 12 | templateContext.put("continuationURL", |
178 | 6 | templateContext.getFormField("continuationURL")); |
179 | |
} |
180 | |
} |
181 | |
|
182 | 16 | session.setAttribute(HttpSessionAccessHandler.USER, user); |
183 | |
|
184 | 16 | return loginSuccessTemplate(); |
185 | |
} |
186 | |
|
187 | |
|
188 | |
|
189 | |
|
190 | |
|
191 | |
private Cookie makeCookie(String key, String value) { |
192 | 32 | Cookie c = new Cookie(UTF8URLEncoder.encode(key), UTF8URLEncoder.encode(value)); |
193 | |
|
194 | 32 | c.setPath("/"); |
195 | 32 | c.setMaxAge(ONEYEARINSECONDS); |
196 | 32 | c.setComment("This cookie is used to automatically log you back into " + |
197 | |
"this site when you return."); |
198 | 32 | return c; |
199 | |
} |
200 | |
|
201 | |
|
202 | |
|
203 | |
|
204 | |
|
205 | |
|
206 | |
|
207 | |
|
208 | |
|
209 | |
public String doTemplateRequest(Melati melati, |
210 | |
ServletTemplateContext templateContext) |
211 | |
throws Exception { |
212 | |
|
213 | 36 | setupContext(templateContext); |
214 | |
|
215 | 36 | String username = templateContext.getFormField("field_login"); |
216 | 36 | String password = templateContext.getFormField("field_password"); |
217 | |
|
218 | 36 | if (username == null) |
219 | 18 | return loginPageTemplate(); |
220 | |
|
221 | 18 | User user = (User)PoemThread.database().getUserTable().getLoginColumn(). |
222 | 18 | firstWhereEq(username); |
223 | 18 | if (user == null) { |
224 | 1 | templateContext.put("loginUnknown", Boolean.TRUE); |
225 | 1 | return usernameUnknownTemplate(); |
226 | |
} |
227 | |
|
228 | 17 | if (!user.getPassword_unsafe().equals(password)) { |
229 | 1 | templateContext.put("passwordWrong", Boolean.TRUE); |
230 | 1 | return passwordIncorrectTemplate(); |
231 | |
} |
232 | |
|
233 | 16 | return loginSuccessfullyAs(melati, templateContext, user); |
234 | |
} |
235 | |
} |