Context Navigation

source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java@ 25271

Last change on this file since 25271 was 25271, checked in by sjm84, 12 years ago
Making the web address relative, also a removed an import
File size: 26.3 KB

Rev	Line
[14295]	1	package org.greenstone.gsdl3.service;
	2
	3	import org.greenstone.gsdl3.util.GSXML;
	4	import org.greenstone.gsdl3.util.DerbyWrapper;
	5	import org.greenstone.gsdl3.util.UserQueryResult;
	6	import org.greenstone.gsdl3.util.UserTermInfo;
	7
	8	import org.w3c.dom.Element;
	9
[25258]	10	import java.util.ArrayList;
[25124]	11	import java.util.HashMap;
[25258]	12	import java.util.UUID;
[14295]	13	import java.util.Vector;
[25258]	14	import java.security.MessageDigest;
[14295]	15	import java.sql.SQLException;
	16	import java.util.regex.Pattern;
	17	import java.io.File;
	18
[25258]	19	import net.tanesha.recaptcha.ReCaptchaImpl;
	20	import net.tanesha.recaptcha.ReCaptchaResponse;
	21
[24978]	22	public class Authentication extends ServiceRack
	23	{
[25258]	24	//Error codes
	25	protected static final int NO_ERROR = 0;
	26	protected static final int ERROR_REQUEST_HAS_NO_PARAM_LIST = -1;
	27	protected static final int ERROR_NOT_LOGGED_IN = -2;
	28	protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -3;
	29	protected static final int ERROR_COULD_NOT_GET_USER_INFO = -4;
	30	protected static final int ERROR_USERNAME_NOT_SPECIFIED = -5;
	31	protected static final int ERROR_REQUESTED_USER_NOT_FOUND = -6;
	32	protected static final int ERROR_SQL_EXCEPTION = -7;
	33	protected static final int ERROR_INVALID_USERNAME = -8;
	34	protected static final int ERROR_INVALID_PASSWORD = -9;
	35	protected static final int ERROR_INCORRECT_PASSWORD = -10;
	36	protected static final int ERROR_USER_ALREADY_EXISTS = -11;
	37	protected static final int ERROR_ADDING_USER = -12;
	38	protected static final int ERROR_REMOVING_USER = -13;
	39	protected static final int ERROR_CAPTCHA_DOES_NOT_MATCH = -14;
	40	protected static final int ERROR_CAPTCHA_MISSING = -15;
	41	protected static final int ERROR_NOT_AUTHORISED = -16;
	42
	43	protected static final HashMap<Integer, String> _errorMessageMap;
	44	static
	45	{
	46	//Corresponding error messages
	47	HashMap<Integer, String> errorMessageMap = new HashMap<Integer, String>();
	48	errorMessageMap.put(ERROR_REQUEST_HAS_NO_PARAM_LIST, "The list of parameters for this request was empty.");
	49	errorMessageMap.put(ERROR_NOT_LOGGED_IN, "You must be logged in to access this page.");
	50	errorMessageMap.put(ERROR_ADMIN_NOT_LOGGED_IN, "You must be logged in as an administrator to access this page.");
	51	errorMessageMap.put(ERROR_COULD_NOT_GET_USER_INFO, "There was a error getting the user information.");
	52	errorMessageMap.put(ERROR_USERNAME_NOT_SPECIFIED, "No username was specified.");
	53	errorMessageMap.put(ERROR_REQUESTED_USER_NOT_FOUND, "The requested user was not found in the database.");
	54	errorMessageMap.put(ERROR_SQL_EXCEPTION, "There was an SQL exception while accessing the database.");
	55	errorMessageMap.put(ERROR_INVALID_USERNAME, "The username specified was invalid.");
	56	errorMessageMap.put(ERROR_INVALID_PASSWORD, "The password specified was invalid.");
	57	errorMessageMap.put(ERROR_INCORRECT_PASSWORD, "The password specified was incorrect.");
	58	errorMessageMap.put(ERROR_USER_ALREADY_EXISTS, "This user already exists and therefore cannot be added.");
	59	errorMessageMap.put(ERROR_ADDING_USER, "There was an error adding this user to the database.");
	60	errorMessageMap.put(ERROR_REMOVING_USER, "There was an error removing this user from the database.");
	61	errorMessageMap.put(ERROR_CAPTCHA_DOES_NOT_MATCH, "The words you entered did not match the image, please try again.");
	62	errorMessageMap.put(ERROR_CAPTCHA_MISSING, "The information from the captcha is missing.");
	63	errorMessageMap.put(ERROR_NOT_AUTHORISED, "You are not authorised to access this page.");
	64
	65	_errorMessageMap = errorMessageMap;
	66	}
	67
	68	//Admin-required operations
	69	protected static final String LIST_USERS = "ListUsers";
	70	protected static final String PERFORM_ADD = "PerformAdd";
	71	protected static final String PERFORM_EDIT = "PerformEdit";
	72	protected static final String ADD_USER = "AddUser";
	73	protected static final String EDIT_USER = "EditUser";
	74	protected static final String PERFORM_DELETE_USER = "PerformDeleteUser";
	75
	76	protected static final ArrayList<String> _adminOpList;
	77	static
	78	{
	79	ArrayList<String> opList = new ArrayList<String>();
	80	opList.add(LIST_USERS);
	81	opList.add(PERFORM_ADD);
	82	opList.add(PERFORM_EDIT);
	83	opList.add(EDIT_USER);
	84	opList.add(PERFORM_DELETE_USER);
	85
	86	_adminOpList = opList;
	87	}
	88
	89	//User-required operations
	90	protected static final String ACCOUNT_SETTINGS = "AccountSettings";
	91	protected static final String PERFORM_ACCOUNT_EDIT = "PerformAccEdit";
	92	protected static final String PERFORM_RESET_PASSWORD = "PerformResetPassword";
	93	protected static final ArrayList<String> _userOpList;
	94	static
	95	{
	96	ArrayList<String> opList = new ArrayList<String>();
	97	opList.add(ACCOUNT_SETTINGS);
	98	opList.add(PERFORM_ACCOUNT_EDIT);
	99	opList.add(PERFORM_RESET_PASSWORD);
	100	opList.addAll(_adminOpList);
	101	_userOpList = opList;
	102	}
	103
	104	//Other operations
	105	protected static final String REGISTER = "Register";
	106	protected static final String PERFORM_REGISTER = "PerformRegister";
	107	protected static final String LOGIN = "Login";
	108
[17452]	109	//the services on offer
[24978]	110	protected static final String AUTHENTICATION_SERVICE = "Authentication";
[25124]	111	protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation";
[14295]	112
[25258]	113	protected DerbyWrapper _derbyWrapper = null;
	114
[17452]	115	/** constructor */
	116	public Authentication()
[24978]	117	{
	118	}
[14295]	119
[24978]	120	public boolean configure(Element info, Element extra_info)
[17452]	121	{
	122	logger.info("Configuring Authentication...");
	123	this.config_info = info;
[14295]	124
[17452]	125	// set up Authentication service info - for now just has name and type
[24978]	126	Element authentication_service = this.doc.createElement(GSXML.SERVICE_ELEM);
	127	authentication_service.setAttribute(GSXML.TYPE_ATT, "authen");
[17452]	128	authentication_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
	129	this.short_service_info.appendChild(authentication_service);
[14295]	130
[25124]	131	// set up Authentication service info - for now just has name and type
	132	Element getUserInformation_service = this.doc.createElement(GSXML.SERVICE_ELEM);
	133	getUserInformation_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
	134	getUserInformation_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
	135	this.short_service_info.appendChild(getUserInformation_service);
	136
[17452]	137	return true;
	138	}
[14295]	139
[24978]	140	protected Element getServiceDescription(String service_id, String lang, String subset)
[17452]	141	{
	142
[24978]	143	Element authen_service = this.doc.createElement(GSXML.SERVICE_ELEM);
[17452]	144
[24978]	145	if (service_id.equals(AUTHENTICATION_SERVICE))
	146	{
	147	authen_service.setAttribute(GSXML.TYPE_ATT, "authen");
[17452]	148	authen_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
[24978]	149	}
[25124]	150	else if (service_id.equals(GET_USER_INFORMATION_SERVICE))
	151	{
	152	authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
	153	authen_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
	154	}
[24978]	155	else
	156	{
[17452]	157	return null;
	158	}
	159
[25124]	160	if (service_id.equals(AUTHENTICATION_SERVICE) && (subset == null \|\| subset.equals(GSXML.DISPLAY_TEXT_ELEM + GSXML.LIST_MODIFIER)))
[24978]	161	{
	162	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_NAME, getServiceName(service_id, lang)));
[17452]	163	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_DESCRIPTION, getServiceDescription(service_id, lang)));
	164	}
[24978]	165	return authen_service;
[14295]	166	}
[17452]	167
[24978]	168	protected String getServiceName(String service_id, String lang)
	169	{
	170	return getTextString(service_id + ".name", lang);
[14295]	171	}
	172
[24978]	173	protected String getServiceSubmit(String service_id, String lang)
	174	{
	175	return getTextString(service_id + ".submit", lang);
[17452]	176	}
[14295]	177
[24978]	178	protected String getServiceDescription(String service_id, String lang)
	179	{
	180	return getTextString(service_id + ".description", lang);
[17452]	181	}
[14295]	182
[24978]	183	protected void addCustomParams(String service, Element param_list, String lang)
	184	{
[17452]	185	}
[14295]	186
[24978]	187	protected void createParameter(String name, Element param_list, String lang)
	188	{
[17452]	189	}
[14295]	190
[25124]	191	protected Element processGetUserInformation(Element request)
	192	{
	193	// Create a new (empty) result message
	194	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
	195
	196	result.setAttribute(GSXML.FROM_ATT, GET_USER_INFORMATION_SERVICE);
	197	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
	198
	199	Element paramList = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
	200	if (paramList == null)
	201	{
[25258]	202	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
	203	return result;
[25124]	204	}
	205
	206	HashMap params = GSXML.extractParams(paramList, true);
	207
	208	String username = (String) params.get("username");
	209
	210	if (username == null)
	211	{
[25258]	212	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
[25124]	213	return result;
	214	}
	215
	216	DerbyWrapper dbWrapper = new DerbyWrapper();
	217
	218	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
	219	dbWrapper.connectDatabase(usersDB_dir, true);
	220
	221	UserQueryResult userQueryResult;
	222	try
	223	{
	224	userQueryResult = dbWrapper.findUser(username);
	225	Vector<UserTermInfo> terms = userQueryResult.getUserTerms();
	226
	227	if (terms.size() == 0)
	228	{
[25258]	229	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUESTED_USER_NOT_FOUND));
[25124]	230	return result;
	231	}
	232
	233	UserTermInfo userInfo = terms.get(0);
	234	Element userInfoList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
	235	result.appendChild(userInfoList);
	236
[25258]	237	Element usernameField = GSXML.createParameter(this.doc, "username", userInfo.username);
	238	Element passwordField = GSXML.createParameter(this.doc, "password", userInfo.password);
	239	Element groupsField = GSXML.createParameter(this.doc, "groups", userInfo.groups);
	240	Element accountStatusField = GSXML.createParameter(this.doc, "accountstatus", userInfo.accountstatus);
	241	Element commentField = GSXML.createParameter(this.doc, "comment", userInfo.comment);
[25124]	242
	243	userInfoList.appendChild(usernameField);
	244	userInfoList.appendChild(passwordField);
	245	userInfoList.appendChild(groupsField);
	246	userInfoList.appendChild(accountStatusField);
	247	userInfoList.appendChild(commentField);
	248	}
[25258]	249	catch (SQLException ex)
[25124]	250	{
[25258]	251	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_SQL_EXCEPTION));
[25124]	252	ex.printStackTrace();
	253	}
	254
	255	return result;
	256	}
	257
[25258]	258	protected Element processAuthentication(Element request)
[24978]	259	{
[25258]	260	checkAdminUserExists();
[14295]	261
[17452]	262	// Create a new (empty) result message
	263	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
	264	result.setAttribute(GSXML.FROM_ATT, AUTHENTICATION_SERVICE);
	265	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
[14295]	266
[25258]	267	// Create an Authentication node put into the result
	268	Element authenNode = this.doc.createElement(GSXML.AUTHEN_NODE_ELEM);
	269	result.appendChild(authenNode);
	270	result.appendChild(getCollectList(this.site_home + File.separatorChar + "collect"));
	271
	272	// Create a service node added into the Authentication node
	273	Element serviceNode = this.doc.createElement(GSXML.SERVICE_ELEM);
	274	authenNode.appendChild(serviceNode);
	275
[17452]	276	// Get the parameters of the request
[24978]	277	Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
	278	if (param_list == null)
	279	{
[25258]	280	serviceNode.setAttribute("operation", LOGIN);
	281	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
[24978]	282	return result; // Return the empty result
[17452]	283	}
[25258]	284	HashMap paramMap = GSXML.extractParams(param_list, false);
	285	String op = (String) paramMap.get("authpage");
	286	serviceNode.setAttribute("operation", op);
[14295]	287
[25258]	288	String username = null;
	289	String groups = null;
[14295]	290
[25258]	291	Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM);
	292	if (userInformation == null && _userOpList.contains(op))
	293	{
	294	serviceNode.setAttribute("operation", LOGIN);
	295	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
	296	return result;
	297	}
[14295]	298
[25258]	299	if (userInformation != null)
	300	{
	301	username = userInformation.getAttribute(GSXML.USERNAME_ATT);
	302	groups = userInformation.getAttribute(GSXML.GROUPS_ATT);
	303	}
[17452]	304
[25258]	305	if (username == null && _userOpList.contains(op))
	306	{
	307	serviceNode.setAttribute("operation", LOGIN);
	308	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
	309	return result;
	310	}
[24978]	311
[25258]	312	if (_adminOpList.contains(op) && (groups == null \|\| !groups.matches(".\\badministrator\\b.")))
[24978]	313	{
[25258]	314	serviceNode.setAttribute("operation", LOGIN);
	315	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_ADMIN_NOT_LOGGED_IN));
	316	return result;
	317	}
[17452]	318
[25258]	319	if (op.equals(LIST_USERS))
	320	{
	321	int error = addUserInformationToNode(null, serviceNode);
	322	if (error != NO_ERROR)
[24978]	323	{
[25258]	324	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[24978]	325	}
[25258]	326	}
	327	else if (op.equals(PERFORM_ADD))
	328	{
	329	String newUsername = (String) paramMap.get("username");
	330	String newPassword = (String) paramMap.get("password");
	331	String newGroups = (String) paramMap.get("groups");
	332	String newStatus = (String) paramMap.get("status");
	333	String newComment = (String) paramMap.get("comment");
	334	String newEmail = (String) paramMap.get("email");
	335
	336	int error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
	337	if (error != NO_ERROR)
[24978]	338	{
[25258]	339	serviceNode.setAttribute("operation", ADD_USER);
	340	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[24978]	341	}
[25258]	342	else
[24978]	343	{
[25258]	344	addUserInformationToNode(null, serviceNode);
	345	serviceNode.setAttribute("operation", LIST_USERS);
[24978]	346	}
[25258]	347	}
	348	else if (op.equals(PERFORM_REGISTER))
	349	{
	350	String newUsername = (String) paramMap.get("username");
	351	String newPassword = (String) paramMap.get("password");
	352	String newEmail = (String) paramMap.get("email");
	353
	354	ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
	355	reCaptcha.setPrivateKey("6LckI88SAAAAAGnGy1PwuXYZzIMXZYoPxN51bWWG"); //TODO: MOVE TO SITECONFIG.XML FILE
	356
	357	String challenge = (String) paramMap.get("recaptcha_challenge_field");
	358	String uResponse = (String) paramMap.get("recaptcha_response_field");
	359
	360	if (challenge == null \|\| uResponse == null)
[24978]	361	{
[25258]	362	serviceNode.setAttribute("operation", REGISTER);
	363	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_MISSING));
	364	return result;
[24978]	365	}
[25258]	366
	367	ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), challenge, uResponse);
	368
	369	if (!reCaptchaResponse.isValid())
[24978]	370	{
[25258]	371	serviceNode.setAttribute("operation", REGISTER);
	372	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_DOES_NOT_MATCH));
	373	return result;
[24978]	374	}
[25258]	375
	376	int error = addUser(newUsername, newPassword, "", "true", "", newEmail);
	377	if (error != NO_ERROR)
[24978]	378	{
[25258]	379	serviceNode.setAttribute("operation", REGISTER);
	380	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[24978]	381	}
[25258]	382	}
	383	else if (op.equals(PERFORM_EDIT))
	384	{
	385	String previousUsername = (String) paramMap.get("prevUsername");
	386	String newUsername = (String) paramMap.get("newUsername");
	387	String newPassword = (String) paramMap.get("password");
	388	String newGroups = (String) paramMap.get("groups");
	389	String newStatus = (String) paramMap.get("status");
	390	String newComment = (String) paramMap.get("comment");
	391	String newEmail = (String) paramMap.get("email");
	392
	393	if (newPassword == null)
[24978]	394	{
[25258]	395	newPassword = retrieveDataForUser(previousUsername, "password");
[24978]	396	}
[25258]	397
	398	int error = removeUser(previousUsername);
	399	if (error != NO_ERROR)
[24978]	400	{
[25258]	401	if (error == ERROR_USERNAME_NOT_SPECIFIED)
	402	{
	403	addUserInformationToNode(null, serviceNode);
	404	serviceNode.setAttribute("operation", LIST_USERS);
	405	}
	406	else
	407	{
	408	serviceNode.setAttribute("operation", EDIT_USER);
	409	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
	410	}
	411	return result;
[24978]	412	}
[25258]	413	error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
	414	if (error != NO_ERROR)
[24978]	415	{
[25258]	416	serviceNode.setAttribute("operation", EDIT_USER);
	417	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[24978]	418	}
[25258]	419	else
[24978]	420	{
[25258]	421	addUserInformationToNode(null, serviceNode);
	422	serviceNode.setAttribute("operation", LIST_USERS);
[24978]	423	}
[25258]	424	}
	425	else if (op.equals(PERFORM_ACCOUNT_EDIT))
	426	{
	427	String previousUsername = (String) paramMap.get("prevUsername");
	428	String newUsername = (String) paramMap.get("newUsername");
	429	String oldPassword = (String) paramMap.get("oldPassword");
	430	String newPassword = (String) paramMap.get("newPassword");
	431	String newEmail = (String) paramMap.get("newEmail");
	432
	433	//Make sure the user name does not already exist
	434	if (!previousUsername.equals(newUsername) && checkUserExists(newUsername))
[24978]	435	{
[25258]	436	addUserInformationToNode(previousUsername, serviceNode);
	437	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
	438	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USER_ALREADY_EXISTS));
	439	return result;
[24978]	440	}
[17452]	441
[25258]	442	String prevPassword = retrieveDataForUser(previousUsername, "password");
[14295]	443
[25258]	444	if (newPassword != null)
	445	{
	446	oldPassword = hashPassword(oldPassword);
[17452]	447
[25258]	448	if (oldPassword == null \|\| !oldPassword.equals(prevPassword))
[24978]	449	{
[25258]	450	addUserInformationToNode(previousUsername, serviceNode);
	451	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
	452	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_INCORRECT_PASSWORD));
[17452]	453	return result;
	454	}
	455	}
[25258]	456	else
	457	{
	458	newPassword = prevPassword;
	459	}
[17452]	460
[25258]	461	String prevGroups = retrieveDataForUser(previousUsername, "groups");
	462	String prevStatus = retrieveDataForUser(previousUsername, "status");
	463	String prevComment = retrieveDataForUser(previousUsername, "comment");
	464
	465	int error = removeUser(previousUsername);
	466	if (error != NO_ERROR)
[24978]	467	{
[25258]	468	if (error == ERROR_USERNAME_NOT_SPECIFIED)
[24978]	469	{
[25258]	470	addUserInformationToNode(null, serviceNode);
	471	serviceNode.setAttribute("operation", LIST_USERS);
[17452]	472	}
[24978]	473	else
	474	{
[25258]	475	addUserInformationToNode(previousUsername, serviceNode);
	476	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
	477	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[17452]	478	}
[25258]	479	return result;
[14295]	480	}
[17452]	481
[25258]	482	error = addUser(newUsername, newPassword, prevGroups, prevStatus, prevComment, newEmail);
	483	if (error != NO_ERROR)
[24978]	484	{
[25258]	485	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[14295]	486	}
[25258]	487
	488	addUserInformationToNode(null, serviceNode);
	489	serviceNode.setAttribute("operation", LIST_USERS);
[14295]	490	}
[25258]	491	else if (op.equals(EDIT_USER))
[24978]	492	{
[25258]	493	String editUsername = (String) paramMap.get("username");
	494	int error = addUserInformationToNode(editUsername, serviceNode);
	495	if (error != NO_ERROR)
[24978]	496	{
[25258]	497	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
	498	}
	499	}
	500	else if (op.equals(ACCOUNT_SETTINGS))
	501	{
	502	String editUsername = (String) paramMap.get("username");
	503
	504	if(editUsername == null)
	505	{
	506	serviceNode.setAttribute("operation", "");
	507	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
[17452]	508	return result;
	509	}
[25258]	510
	511	if(!editUsername.equals(username))
[24978]	512	{
[25258]	513	serviceNode.setAttribute("operation", LOGIN);
	514	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_AUTHORISED));
[17452]	515	return result;
	516	}
[25258]	517	int error = addUserInformationToNode(editUsername, serviceNode);
	518	if (error != NO_ERROR)
[24978]	519	{
[25258]	520	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[17452]	521	}
[14295]	522	}
[25258]	523	else if (op.equals(PERFORM_RESET_PASSWORD))
[24978]	524	{
[25258]	525	String passwordResetUser = (String) paramMap.get("username");
	526
	527	String newPassword = UUID.randomUUID().toString();
	528	newPassword = newPassword.substring(0, newPassword.indexOf("-"));
	529
	530	String email = retrieveDataForUser(passwordResetUser, "email");
	531	String from = "[email protected]";
	532	String host = request.getAttribute("remoteAddress");
	533
[25270]	534	//TODO: FINISH THIS
[25258]	535	}
	536	else if (op.equals(PERFORM_DELETE_USER))
	537	{
	538	String usernameToDelete = (String) paramMap.get("username");
	539	int error = removeUser(usernameToDelete);
	540	if (error != NO_ERROR)
[24978]	541	{
[25258]	542	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
[17452]	543	}
[25258]	544	addUserInformationToNode(null, serviceNode);
	545	serviceNode.setAttribute("operation", LIST_USERS);
	546	}
[17452]	547
[25258]	548	return result;
	549	}
[17452]	550
[25258]	551	public static String hashPassword(String password)
	552	{
	553	String hashedPassword = null;
	554	try
	555	{
	556	MessageDigest digest = MessageDigest.getInstance("SHA-1");
	557	digest.reset();
	558	hashedPassword = new String(digest.digest(password.getBytes("UTF-8")));
[14295]	559	}
[25258]	560	catch (Exception ex)
	561	{
	562	ex.printStackTrace();
	563	}
	564	return hashedPassword;
	565	}
[14295]	566
[25258]	567	private void checkAdminUserExists()
	568	{
	569	if (_derbyWrapper == null)
[24978]	570	{
[25258]	571	openDatabase();
	572	}
[17452]	573
[25258]	574	UserQueryResult userQueryResult = _derbyWrapper.findUser(null, null);
	575	closeDatabase();
[17452]	576
[25258]	577	if (userQueryResult != null)
	578	{
	579	Vector userInfo = userQueryResult.users;
[17452]	580
[25258]	581	boolean adminFound = false;
	582	for (int i = 0; i < userQueryResult.getSize(); i++)
[24978]	583	{
[25258]	584	if (((UserTermInfo) userInfo.get(i)).groups != null && ((UserTermInfo) userInfo.get(i)).groups.matches(".\\badministrator\\b."))
[24978]	585	{
[25258]	586	adminFound = true;
[17452]	587	}
	588	}
	589
[25258]	590	if (!adminFound)
[24978]	591	{
[25258]	592	addUser("admin", "admin", "administrator", "true", "Change the password for this account as soon as possible", "");
[17452]	593	}
[14295]	594	}
	595
[25258]	596	closeDatabase();
	597	}
	598
	599	private boolean openDatabase()
	600	{
	601	_derbyWrapper = new DerbyWrapper();
	602
	603	// check the usersDb database, if it isn't existing, check the etc dir, create the etc dir if it isn't existing, then create the user database and add a "admin" user
	604	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
	605	File usersDB_file = new File(usersDB_dir);
	606	if (!usersDB_file.exists())
[24978]	607	{
[25258]	608	String etc_dir = this.site_home + File.separatorChar + "etc";
	609	File etc_file = new File(etc_dir);
	610	if (!etc_file.exists())
[24978]	611	{
[25258]	612	boolean success = etc_file.mkdir();
	613	if (!success)
	614	{
	615	logger.error("Couldn't create the etc dir under " + this.site_home + ".");
	616	return false;
	617	}
[17452]	618	}
[25258]	619	_derbyWrapper.connectDatabase(usersDB_dir, true);
	620	_derbyWrapper.createDatabase();
	621	}
	622	else
	623	{
	624	_derbyWrapper.connectDatabase(usersDB_dir, false);
	625	}
	626	return true;
	627	}
[14295]	628
[25258]	629	private void closeDatabase()
	630	{
	631	if (_derbyWrapper != null)
	632	{
	633	_derbyWrapper.closeDatabase();
	634	_derbyWrapper = null;
	635	}
	636	}
[17452]	637
[25258]	638	private int addUserInformationToNode(String username, Element serviceNode)
	639	{
	640	if (_derbyWrapper == null)
	641	{
	642	openDatabase();
	643	}
[17452]	644
[25258]	645	UserQueryResult userQueryResult = _derbyWrapper.findUser(username, null);
	646	closeDatabase();
[17452]	647
[25258]	648	if (userQueryResult != null)
	649	{
	650	Element user_node = getUserNode(userQueryResult);
	651	serviceNode.appendChild(user_node);
	652	closeDatabase();
	653	return NO_ERROR;
	654	}
[17452]	655
[25258]	656	closeDatabase();
	657	return ERROR_COULD_NOT_GET_USER_INFO;
	658	}
[17452]	659
[25258]	660	private int removeUser(String username)
	661	{
	662	if (username == null)
	663	{
	664	return ERROR_USERNAME_NOT_SPECIFIED;
	665	}
[17452]	666
[25258]	667	if (_derbyWrapper == null)
	668	{
	669	openDatabase();
	670	}
	671
	672	boolean success = _derbyWrapper.deleteUser(username);
	673	closeDatabase();
	674
	675	if (success)
	676	{
	677	return NO_ERROR;
	678	}
	679
	680	return ERROR_REMOVING_USER;
	681	}
	682
	683	private int addUser(String newUsername, String newPassword, String newGroups, String newStatus, String newComment, String newEmail)
	684	{
	685	if (_derbyWrapper == null)
	686	{
	687	openDatabase();
	688	}
	689
	690	//Check the given user name
	691	if ((newUsername == null) \|\| (newUsername.length() < 2) \|\| (newUsername.length() > 30) \|\| (!(Pattern.matches("[a-zA-Z0-9//_//.]+", newUsername))))
	692	{
	693	closeDatabase();
	694	return ERROR_INVALID_USERNAME;
	695	}
	696
	697	//Check the given password
	698	if ((newPassword == null) \|\| (newPassword.length() < 3) \|\| (newPassword.length() > 8) \|\| (!(Pattern.matches("[\\p{ASCII}]+", newPassword))))
	699	{
	700	closeDatabase();
	701	return ERROR_INVALID_PASSWORD;
	702	}
	703
	704	newPassword = hashPassword(newPassword);
	705
	706	newGroups = newGroups.replaceAll(" ", "");
	707
	708	//Check if the user already exists
	709	UserQueryResult userQueryResult = _derbyWrapper.findUser(newUsername, null);
	710	if (userQueryResult != null)
	711	{
	712	return ERROR_USER_ALREADY_EXISTS;
	713	}
	714	else
	715	{
	716	System.err.println("ADDING " + newUsername + " " + newPassword);
	717	boolean success = _derbyWrapper.addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
	718	if (!success)
[24978]	719	{
[25258]	720	closeDatabase();
	721	return ERROR_ADDING_USER;
[17452]	722	}
[25258]	723	}
	724	closeDatabase();
	725	return NO_ERROR;
	726	}
[17452]	727
[25258]	728	private boolean checkUserExists(String username)
	729	{
	730	if (_derbyWrapper == null)
	731	{
	732	openDatabase();
	733	}
	734
	735	try
	736	{
	737	UserQueryResult result = _derbyWrapper.findUser(username);
	738
	739	if (result != null)
[24978]	740	{
[25258]	741	return true;
[24978]	742	}
	743	else
	744	{
[25258]	745	return false;
[17452]	746	}
[25258]	747
[14295]	748	}
[25258]	749	catch (Exception ex)
	750	{
	751	return false;
	752	}
	753	finally
	754	{
	755	closeDatabase();
	756	}
	757	}
[17452]	758
[25258]	759	private String retrieveDataForUser(String username, String dataType)
	760	{
	761	if (_derbyWrapper == null)
[24978]	762	{
[25258]	763	openDatabase();
	764	}
	765
	766	String password = null;
	767
	768	try
	769	{
	770	UserQueryResult result = _derbyWrapper.findUser(username);
	771	Vector userInfo = result.users;
	772
	773	for (int i = 0; i < result.getSize(); i++)
[24978]	774	{
[25258]	775	if (dataType.equals("password"))
[24978]	776	{
[25258]	777	return ((UserTermInfo) userInfo.get(i)).password;
[24978]	778	}
[25258]	779	else if (dataType.equals("groups"))
[24978]	780	{
[25258]	781	return ((UserTermInfo) userInfo.get(i)).groups;
[17452]	782	}
[25258]	783	else if (dataType.equals("status"))
	784	{
	785	return ((UserTermInfo) userInfo.get(i)).accountstatus;
	786	}
	787	else if (dataType.equals("comment"))
	788	{
	789	return ((UserTermInfo) userInfo.get(i)).comment;
	790	}
	791	else if (dataType.equals("email"))
	792	{
	793	return ((UserTermInfo) userInfo.get(i)).email;
	794	}
[24978]	795	}
[14295]	796	}
[25258]	797	catch (Exception ex)
	798	{
	799	ex.printStackTrace();
	800	}
[14295]	801
[25258]	802	closeDatabase();
	803	return password;
[14295]	804	}
	805
[24978]	806	private Element getUserNode(UserQueryResult userQueryResult)
	807	{
	808	Element user_list_node = this.doc.createElement(GSXML.USER_NODE_ELEM + "List");
[14295]	809
[25258]	810	Vector userInfo = userQueryResult.users;
[14295]	811
[24978]	812	for (int i = 0; i < userQueryResult.getSize(); i++)
	813	{
	814	Element user_node = this.doc.createElement(GSXML.USER_NODE_ELEM);
[25258]	815	String username = ((UserTermInfo) userInfo.get(i)).username;
	816	String groups = ((UserTermInfo) userInfo.get(i)).groups;
	817	String accountstatus = ((UserTermInfo) userInfo.get(i)).accountstatus;
	818	String comment = ((UserTermInfo) userInfo.get(i)).comment;
	819	String email = ((UserTermInfo) userInfo.get(i)).email;
	820	user_node.setAttribute("username", username);
	821	user_node.setAttribute("groups", groups);
	822	user_node.setAttribute("status", accountstatus);
	823	user_node.setAttribute("comment", comment);
	824	user_node.setAttribute("email", email);
[14295]	825
[17452]	826	user_list_node.appendChild(user_node);
[14295]	827	}
[24978]	828	return user_list_node;
[14295]	829	}
	830
[24978]	831	private Element getCollectList(String collect)
	832	{
	833	Element collect_list_node = this.doc.createElement(GSXML.COLLECTION_ELEM + "List");
	834	File[] collect_dir = (new File(collect)).listFiles();
	835	if (collect_dir != null && collect_dir.length > 0)
	836	{
	837	for (int i = 0; i < collect_dir.length; i++)
	838	{
	839	if (collect_dir[i].isDirectory() && (!collect_dir[i].getName().startsWith(".svn")))
	840	{
[17452]	841	Element collect_node = this.doc.createElement(GSXML.COLLECTION_ELEM);
[24978]	842	collect_node.setAttribute("name", collect_dir[i].getName());
[17452]	843	collect_list_node.appendChild(collect_node);
	844	}
	845	}
[14402]	846	}
[17452]	847	return collect_list_node;
[14402]	848	}
[14295]	849	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: