Context Navigation

source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java@ 25271

Last change on this file since 25271 was 25271, checked in by sjm84, 12 years ago
Making the web address relative, also a removed an import
File size: 26.3 KB

Line
1	package org.greenstone.gsdl3.service;
2
3	import org.greenstone.gsdl3.util.GSXML;
4	import org.greenstone.gsdl3.util.DerbyWrapper;
5	import org.greenstone.gsdl3.util.UserQueryResult;
6	import org.greenstone.gsdl3.util.UserTermInfo;
7
8	import org.w3c.dom.Element;
9
10	import java.util.ArrayList;
11	import java.util.HashMap;
12	import java.util.UUID;
13	import java.util.Vector;
14	import java.security.MessageDigest;
15	import java.sql.SQLException;
16	import java.util.regex.Pattern;
17	import java.io.File;
18
19	import net.tanesha.recaptcha.ReCaptchaImpl;
20	import net.tanesha.recaptcha.ReCaptchaResponse;
21
22	public class Authentication extends ServiceRack
23	{
24	//Error codes
25	protected static final int NO_ERROR = 0;
26	protected static final int ERROR_REQUEST_HAS_NO_PARAM_LIST = -1;
27	protected static final int ERROR_NOT_LOGGED_IN = -2;
28	protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -3;
29	protected static final int ERROR_COULD_NOT_GET_USER_INFO = -4;
30	protected static final int ERROR_USERNAME_NOT_SPECIFIED = -5;
31	protected static final int ERROR_REQUESTED_USER_NOT_FOUND = -6;
32	protected static final int ERROR_SQL_EXCEPTION = -7;
33	protected static final int ERROR_INVALID_USERNAME = -8;
34	protected static final int ERROR_INVALID_PASSWORD = -9;
35	protected static final int ERROR_INCORRECT_PASSWORD = -10;
36	protected static final int ERROR_USER_ALREADY_EXISTS = -11;
37	protected static final int ERROR_ADDING_USER = -12;
38	protected static final int ERROR_REMOVING_USER = -13;
39	protected static final int ERROR_CAPTCHA_DOES_NOT_MATCH = -14;
40	protected static final int ERROR_CAPTCHA_MISSING = -15;
41	protected static final int ERROR_NOT_AUTHORISED = -16;
42
43	protected static final HashMap<Integer, String> _errorMessageMap;
44	static
45	{
46	//Corresponding error messages
47	HashMap<Integer, String> errorMessageMap = new HashMap<Integer, String>();
48	errorMessageMap.put(ERROR_REQUEST_HAS_NO_PARAM_LIST, "The list of parameters for this request was empty.");
49	errorMessageMap.put(ERROR_NOT_LOGGED_IN, "You must be logged in to access this page.");
50	errorMessageMap.put(ERROR_ADMIN_NOT_LOGGED_IN, "You must be logged in as an administrator to access this page.");
51	errorMessageMap.put(ERROR_COULD_NOT_GET_USER_INFO, "There was a error getting the user information.");
52	errorMessageMap.put(ERROR_USERNAME_NOT_SPECIFIED, "No username was specified.");
53	errorMessageMap.put(ERROR_REQUESTED_USER_NOT_FOUND, "The requested user was not found in the database.");
54	errorMessageMap.put(ERROR_SQL_EXCEPTION, "There was an SQL exception while accessing the database.");
55	errorMessageMap.put(ERROR_INVALID_USERNAME, "The username specified was invalid.");
56	errorMessageMap.put(ERROR_INVALID_PASSWORD, "The password specified was invalid.");
57	errorMessageMap.put(ERROR_INCORRECT_PASSWORD, "The password specified was incorrect.");
58	errorMessageMap.put(ERROR_USER_ALREADY_EXISTS, "This user already exists and therefore cannot be added.");
59	errorMessageMap.put(ERROR_ADDING_USER, "There was an error adding this user to the database.");
60	errorMessageMap.put(ERROR_REMOVING_USER, "There was an error removing this user from the database.");
61	errorMessageMap.put(ERROR_CAPTCHA_DOES_NOT_MATCH, "The words you entered did not match the image, please try again.");
62	errorMessageMap.put(ERROR_CAPTCHA_MISSING, "The information from the captcha is missing.");
63	errorMessageMap.put(ERROR_NOT_AUTHORISED, "You are not authorised to access this page.");
64
65	_errorMessageMap = errorMessageMap;
66	}
67
68	//Admin-required operations
69	protected static final String LIST_USERS = "ListUsers";
70	protected static final String PERFORM_ADD = "PerformAdd";
71	protected static final String PERFORM_EDIT = "PerformEdit";
72	protected static final String ADD_USER = "AddUser";
73	protected static final String EDIT_USER = "EditUser";
74	protected static final String PERFORM_DELETE_USER = "PerformDeleteUser";
75
76	protected static final ArrayList<String> _adminOpList;
77	static
78	{
79	ArrayList<String> opList = new ArrayList<String>();
80	opList.add(LIST_USERS);
81	opList.add(PERFORM_ADD);
82	opList.add(PERFORM_EDIT);
83	opList.add(EDIT_USER);
84	opList.add(PERFORM_DELETE_USER);
85
86	_adminOpList = opList;
87	}
88
89	//User-required operations
90	protected static final String ACCOUNT_SETTINGS = "AccountSettings";
91	protected static final String PERFORM_ACCOUNT_EDIT = "PerformAccEdit";
92	protected static final String PERFORM_RESET_PASSWORD = "PerformResetPassword";
93	protected static final ArrayList<String> _userOpList;
94	static
95	{
96	ArrayList<String> opList = new ArrayList<String>();
97	opList.add(ACCOUNT_SETTINGS);
98	opList.add(PERFORM_ACCOUNT_EDIT);
99	opList.add(PERFORM_RESET_PASSWORD);
100	opList.addAll(_adminOpList);
101	_userOpList = opList;
102	}
103
104	//Other operations
105	protected static final String REGISTER = "Register";
106	protected static final String PERFORM_REGISTER = "PerformRegister";
107	protected static final String LOGIN = "Login";
108
109	//the services on offer
110	protected static final String AUTHENTICATION_SERVICE = "Authentication";
111	protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation";
112
113	protected DerbyWrapper _derbyWrapper = null;
114
115	/** constructor */
116	public Authentication()
117	{
118	}
119
120	public boolean configure(Element info, Element extra_info)
121	{
122	logger.info("Configuring Authentication...");
123	this.config_info = info;
124
125	// set up Authentication service info - for now just has name and type
126	Element authentication_service = this.doc.createElement(GSXML.SERVICE_ELEM);
127	authentication_service.setAttribute(GSXML.TYPE_ATT, "authen");
128	authentication_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
129	this.short_service_info.appendChild(authentication_service);
130
131	// set up Authentication service info - for now just has name and type
132	Element getUserInformation_service = this.doc.createElement(GSXML.SERVICE_ELEM);
133	getUserInformation_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
134	getUserInformation_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
135	this.short_service_info.appendChild(getUserInformation_service);
136
137	return true;
138	}
139
140	protected Element getServiceDescription(String service_id, String lang, String subset)
141	{
142
143	Element authen_service = this.doc.createElement(GSXML.SERVICE_ELEM);
144
145	if (service_id.equals(AUTHENTICATION_SERVICE))
146	{
147	authen_service.setAttribute(GSXML.TYPE_ATT, "authen");
148	authen_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
149	}
150	else if (service_id.equals(GET_USER_INFORMATION_SERVICE))
151	{
152	authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
153	authen_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
154	}
155	else
156	{
157	return null;
158	}
159
160	if (service_id.equals(AUTHENTICATION_SERVICE) && (subset == null \|\| subset.equals(GSXML.DISPLAY_TEXT_ELEM + GSXML.LIST_MODIFIER)))
161	{
162	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_NAME, getServiceName(service_id, lang)));
163	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_DESCRIPTION, getServiceDescription(service_id, lang)));
164	}
165	return authen_service;
166	}
167
168	protected String getServiceName(String service_id, String lang)
169	{
170	return getTextString(service_id + ".name", lang);
171	}
172
173	protected String getServiceSubmit(String service_id, String lang)
174	{
175	return getTextString(service_id + ".submit", lang);
176	}
177
178	protected String getServiceDescription(String service_id, String lang)
179	{
180	return getTextString(service_id + ".description", lang);
181	}
182
183	protected void addCustomParams(String service, Element param_list, String lang)
184	{
185	}
186
187	protected void createParameter(String name, Element param_list, String lang)
188	{
189	}
190
191	protected Element processGetUserInformation(Element request)
192	{
193	// Create a new (empty) result message
194	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
195
196	result.setAttribute(GSXML.FROM_ATT, GET_USER_INFORMATION_SERVICE);
197	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
198
199	Element paramList = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
200	if (paramList == null)
201	{
202	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
203	return result;
204	}
205
206	HashMap params = GSXML.extractParams(paramList, true);
207
208	String username = (String) params.get("username");
209
210	if (username == null)
211	{
212	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
213	return result;
214	}
215
216	DerbyWrapper dbWrapper = new DerbyWrapper();
217
218	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
219	dbWrapper.connectDatabase(usersDB_dir, true);
220
221	UserQueryResult userQueryResult;
222	try
223	{
224	userQueryResult = dbWrapper.findUser(username);
225	Vector<UserTermInfo> terms = userQueryResult.getUserTerms();
226
227	if (terms.size() == 0)
228	{
229	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUESTED_USER_NOT_FOUND));
230	return result;
231	}
232
233	UserTermInfo userInfo = terms.get(0);
234	Element userInfoList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
235	result.appendChild(userInfoList);
236
237	Element usernameField = GSXML.createParameter(this.doc, "username", userInfo.username);
238	Element passwordField = GSXML.createParameter(this.doc, "password", userInfo.password);
239	Element groupsField = GSXML.createParameter(this.doc, "groups", userInfo.groups);
240	Element accountStatusField = GSXML.createParameter(this.doc, "accountstatus", userInfo.accountstatus);
241	Element commentField = GSXML.createParameter(this.doc, "comment", userInfo.comment);
242
243	userInfoList.appendChild(usernameField);
244	userInfoList.appendChild(passwordField);
245	userInfoList.appendChild(groupsField);
246	userInfoList.appendChild(accountStatusField);
247	userInfoList.appendChild(commentField);
248	}
249	catch (SQLException ex)
250	{
251	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_SQL_EXCEPTION));
252	ex.printStackTrace();
253	}
254
255	return result;
256	}
257
258	protected Element processAuthentication(Element request)
259	{
260	checkAdminUserExists();
261
262	// Create a new (empty) result message
263	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
264	result.setAttribute(GSXML.FROM_ATT, AUTHENTICATION_SERVICE);
265	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
266
267	// Create an Authentication node put into the result
268	Element authenNode = this.doc.createElement(GSXML.AUTHEN_NODE_ELEM);
269	result.appendChild(authenNode);
270	result.appendChild(getCollectList(this.site_home + File.separatorChar + "collect"));
271
272	// Create a service node added into the Authentication node
273	Element serviceNode = this.doc.createElement(GSXML.SERVICE_ELEM);
274	authenNode.appendChild(serviceNode);
275
276	// Get the parameters of the request
277	Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
278	if (param_list == null)
279	{
280	serviceNode.setAttribute("operation", LOGIN);
281	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
282	return result; // Return the empty result
283	}
284	HashMap paramMap = GSXML.extractParams(param_list, false);
285	String op = (String) paramMap.get("authpage");
286	serviceNode.setAttribute("operation", op);
287
288	String username = null;
289	String groups = null;
290
291	Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM);
292	if (userInformation == null && _userOpList.contains(op))
293	{
294	serviceNode.setAttribute("operation", LOGIN);
295	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
296	return result;
297	}
298
299	if (userInformation != null)
300	{
301	username = userInformation.getAttribute(GSXML.USERNAME_ATT);
302	groups = userInformation.getAttribute(GSXML.GROUPS_ATT);
303	}
304
305	if (username == null && _userOpList.contains(op))
306	{
307	serviceNode.setAttribute("operation", LOGIN);
308	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
309	return result;
310	}
311
312	if (_adminOpList.contains(op) && (groups == null \|\| !groups.matches(".\\badministrator\\b.")))
313	{
314	serviceNode.setAttribute("operation", LOGIN);
315	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_ADMIN_NOT_LOGGED_IN));
316	return result;
317	}
318
319	if (op.equals(LIST_USERS))
320	{
321	int error = addUserInformationToNode(null, serviceNode);
322	if (error != NO_ERROR)
323	{
324	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
325	}
326	}
327	else if (op.equals(PERFORM_ADD))
328	{
329	String newUsername = (String) paramMap.get("username");
330	String newPassword = (String) paramMap.get("password");
331	String newGroups = (String) paramMap.get("groups");
332	String newStatus = (String) paramMap.get("status");
333	String newComment = (String) paramMap.get("comment");
334	String newEmail = (String) paramMap.get("email");
335
336	int error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
337	if (error != NO_ERROR)
338	{
339	serviceNode.setAttribute("operation", ADD_USER);
340	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
341	}
342	else
343	{
344	addUserInformationToNode(null, serviceNode);
345	serviceNode.setAttribute("operation", LIST_USERS);
346	}
347	}
348	else if (op.equals(PERFORM_REGISTER))
349	{
350	String newUsername = (String) paramMap.get("username");
351	String newPassword = (String) paramMap.get("password");
352	String newEmail = (String) paramMap.get("email");
353
354	ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
355	reCaptcha.setPrivateKey("6LckI88SAAAAAGnGy1PwuXYZzIMXZYoPxN51bWWG"); //TODO: MOVE TO SITECONFIG.XML FILE
356
357	String challenge = (String) paramMap.get("recaptcha_challenge_field");
358	String uResponse = (String) paramMap.get("recaptcha_response_field");
359
360	if (challenge == null \|\| uResponse == null)
361	{
362	serviceNode.setAttribute("operation", REGISTER);
363	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_MISSING));
364	return result;
365	}
366
367	ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), challenge, uResponse);
368
369	if (!reCaptchaResponse.isValid())
370	{
371	serviceNode.setAttribute("operation", REGISTER);
372	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_DOES_NOT_MATCH));
373	return result;
374	}
375
376	int error = addUser(newUsername, newPassword, "", "true", "", newEmail);
377	if (error != NO_ERROR)
378	{
379	serviceNode.setAttribute("operation", REGISTER);
380	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
381	}
382	}
383	else if (op.equals(PERFORM_EDIT))
384	{
385	String previousUsername = (String) paramMap.get("prevUsername");
386	String newUsername = (String) paramMap.get("newUsername");
387	String newPassword = (String) paramMap.get("password");
388	String newGroups = (String) paramMap.get("groups");
389	String newStatus = (String) paramMap.get("status");
390	String newComment = (String) paramMap.get("comment");
391	String newEmail = (String) paramMap.get("email");
392
393	if (newPassword == null)
394	{
395	newPassword = retrieveDataForUser(previousUsername, "password");
396	}
397
398	int error = removeUser(previousUsername);
399	if (error != NO_ERROR)
400	{
401	if (error == ERROR_USERNAME_NOT_SPECIFIED)
402	{
403	addUserInformationToNode(null, serviceNode);
404	serviceNode.setAttribute("operation", LIST_USERS);
405	}
406	else
407	{
408	serviceNode.setAttribute("operation", EDIT_USER);
409	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
410	}
411	return result;
412	}
413	error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
414	if (error != NO_ERROR)
415	{
416	serviceNode.setAttribute("operation", EDIT_USER);
417	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
418	}
419	else
420	{
421	addUserInformationToNode(null, serviceNode);
422	serviceNode.setAttribute("operation", LIST_USERS);
423	}
424	}
425	else if (op.equals(PERFORM_ACCOUNT_EDIT))
426	{
427	String previousUsername = (String) paramMap.get("prevUsername");
428	String newUsername = (String) paramMap.get("newUsername");
429	String oldPassword = (String) paramMap.get("oldPassword");
430	String newPassword = (String) paramMap.get("newPassword");
431	String newEmail = (String) paramMap.get("newEmail");
432
433	//Make sure the user name does not already exist
434	if (!previousUsername.equals(newUsername) && checkUserExists(newUsername))
435	{
436	addUserInformationToNode(previousUsername, serviceNode);
437	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
438	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USER_ALREADY_EXISTS));
439	return result;
440	}
441
442	String prevPassword = retrieveDataForUser(previousUsername, "password");
443
444	if (newPassword != null)
445	{
446	oldPassword = hashPassword(oldPassword);
447
448	if (oldPassword == null \|\| !oldPassword.equals(prevPassword))
449	{
450	addUserInformationToNode(previousUsername, serviceNode);
451	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
452	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_INCORRECT_PASSWORD));
453	return result;
454	}
455	}
456	else
457	{
458	newPassword = prevPassword;
459	}
460
461	String prevGroups = retrieveDataForUser(previousUsername, "groups");
462	String prevStatus = retrieveDataForUser(previousUsername, "status");
463	String prevComment = retrieveDataForUser(previousUsername, "comment");
464
465	int error = removeUser(previousUsername);
466	if (error != NO_ERROR)
467	{
468	if (error == ERROR_USERNAME_NOT_SPECIFIED)
469	{
470	addUserInformationToNode(null, serviceNode);
471	serviceNode.setAttribute("operation", LIST_USERS);
472	}
473	else
474	{
475	addUserInformationToNode(previousUsername, serviceNode);
476	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
477	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
478	}
479	return result;
480	}
481
482	error = addUser(newUsername, newPassword, prevGroups, prevStatus, prevComment, newEmail);
483	if (error != NO_ERROR)
484	{
485	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
486	}
487
488	addUserInformationToNode(null, serviceNode);
489	serviceNode.setAttribute("operation", LIST_USERS);
490	}
491	else if (op.equals(EDIT_USER))
492	{
493	String editUsername = (String) paramMap.get("username");
494	int error = addUserInformationToNode(editUsername, serviceNode);
495	if (error != NO_ERROR)
496	{
497	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
498	}
499	}
500	else if (op.equals(ACCOUNT_SETTINGS))
501	{
502	String editUsername = (String) paramMap.get("username");
503
504	if(editUsername == null)
505	{
506	serviceNode.setAttribute("operation", "");
507	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
508	return result;
509	}
510
511	if(!editUsername.equals(username))
512	{
513	serviceNode.setAttribute("operation", LOGIN);
514	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_AUTHORISED));
515	return result;
516	}
517	int error = addUserInformationToNode(editUsername, serviceNode);
518	if (error != NO_ERROR)
519	{
520	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
521	}
522	}
523	else if (op.equals(PERFORM_RESET_PASSWORD))
524	{
525	String passwordResetUser = (String) paramMap.get("username");
526
527	String newPassword = UUID.randomUUID().toString();
528	newPassword = newPassword.substring(0, newPassword.indexOf("-"));
529
530	String email = retrieveDataForUser(passwordResetUser, "email");
531	String from = "[email protected]";
532	String host = request.getAttribute("remoteAddress");
533
534	//TODO: FINISH THIS
535	}
536	else if (op.equals(PERFORM_DELETE_USER))
537	{
538	String usernameToDelete = (String) paramMap.get("username");
539	int error = removeUser(usernameToDelete);
540	if (error != NO_ERROR)
541	{
542	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
543	}
544	addUserInformationToNode(null, serviceNode);
545	serviceNode.setAttribute("operation", LIST_USERS);
546	}
547
548	return result;
549	}
550
551	public static String hashPassword(String password)
552	{
553	String hashedPassword = null;
554	try
555	{
556	MessageDigest digest = MessageDigest.getInstance("SHA-1");
557	digest.reset();
558	hashedPassword = new String(digest.digest(password.getBytes("UTF-8")));
559	}
560	catch (Exception ex)
561	{
562	ex.printStackTrace();
563	}
564	return hashedPassword;
565	}
566
567	private void checkAdminUserExists()
568	{
569	if (_derbyWrapper == null)
570	{
571	openDatabase();
572	}
573
574	UserQueryResult userQueryResult = _derbyWrapper.findUser(null, null);
575	closeDatabase();
576
577	if (userQueryResult != null)
578	{
579	Vector userInfo = userQueryResult.users;
580
581	boolean adminFound = false;
582	for (int i = 0; i < userQueryResult.getSize(); i++)
583	{
584	if (((UserTermInfo) userInfo.get(i)).groups != null && ((UserTermInfo) userInfo.get(i)).groups.matches(".\\badministrator\\b."))
585	{
586	adminFound = true;
587	}
588	}
589
590	if (!adminFound)
591	{
592	addUser("admin", "admin", "administrator", "true", "Change the password for this account as soon as possible", "");
593	}
594	}
595
596	closeDatabase();
597	}
598
599	private boolean openDatabase()
600	{
601	_derbyWrapper = new DerbyWrapper();
602
603	// check the usersDb database, if it isn't existing, check the etc dir, create the etc dir if it isn't existing, then create the user database and add a "admin" user
604	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
605	File usersDB_file = new File(usersDB_dir);
606	if (!usersDB_file.exists())
607	{
608	String etc_dir = this.site_home + File.separatorChar + "etc";
609	File etc_file = new File(etc_dir);
610	if (!etc_file.exists())
611	{
612	boolean success = etc_file.mkdir();
613	if (!success)
614	{
615	logger.error("Couldn't create the etc dir under " + this.site_home + ".");
616	return false;
617	}
618	}
619	_derbyWrapper.connectDatabase(usersDB_dir, true);
620	_derbyWrapper.createDatabase();
621	}
622	else
623	{
624	_derbyWrapper.connectDatabase(usersDB_dir, false);
625	}
626	return true;
627	}
628
629	private void closeDatabase()
630	{
631	if (_derbyWrapper != null)
632	{
633	_derbyWrapper.closeDatabase();
634	_derbyWrapper = null;
635	}
636	}
637
638	private int addUserInformationToNode(String username, Element serviceNode)
639	{
640	if (_derbyWrapper == null)
641	{
642	openDatabase();
643	}
644
645	UserQueryResult userQueryResult = _derbyWrapper.findUser(username, null);
646	closeDatabase();
647
648	if (userQueryResult != null)
649	{
650	Element user_node = getUserNode(userQueryResult);
651	serviceNode.appendChild(user_node);
652	closeDatabase();
653	return NO_ERROR;
654	}
655
656	closeDatabase();
657	return ERROR_COULD_NOT_GET_USER_INFO;
658	}
659
660	private int removeUser(String username)
661	{
662	if (username == null)
663	{
664	return ERROR_USERNAME_NOT_SPECIFIED;
665	}
666
667	if (_derbyWrapper == null)
668	{
669	openDatabase();
670	}
671
672	boolean success = _derbyWrapper.deleteUser(username);
673	closeDatabase();
674
675	if (success)
676	{
677	return NO_ERROR;
678	}
679
680	return ERROR_REMOVING_USER;
681	}
682
683	private int addUser(String newUsername, String newPassword, String newGroups, String newStatus, String newComment, String newEmail)
684	{
685	if (_derbyWrapper == null)
686	{
687	openDatabase();
688	}
689
690	//Check the given user name
691	if ((newUsername == null) \|\| (newUsername.length() < 2) \|\| (newUsername.length() > 30) \|\| (!(Pattern.matches("[a-zA-Z0-9//_//.]+", newUsername))))
692	{
693	closeDatabase();
694	return ERROR_INVALID_USERNAME;
695	}
696
697	//Check the given password
698	if ((newPassword == null) \|\| (newPassword.length() < 3) \|\| (newPassword.length() > 8) \|\| (!(Pattern.matches("[\\p{ASCII}]+", newPassword))))
699	{
700	closeDatabase();
701	return ERROR_INVALID_PASSWORD;
702	}
703
704	newPassword = hashPassword(newPassword);
705
706	newGroups = newGroups.replaceAll(" ", "");
707
708	//Check if the user already exists
709	UserQueryResult userQueryResult = _derbyWrapper.findUser(newUsername, null);
710	if (userQueryResult != null)
711	{
712	return ERROR_USER_ALREADY_EXISTS;
713	}
714	else
715	{
716	System.err.println("ADDING " + newUsername + " " + newPassword);
717	boolean success = _derbyWrapper.addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
718	if (!success)
719	{
720	closeDatabase();
721	return ERROR_ADDING_USER;
722	}
723	}
724	closeDatabase();
725	return NO_ERROR;
726	}
727
728	private boolean checkUserExists(String username)
729	{
730	if (_derbyWrapper == null)
731	{
732	openDatabase();
733	}
734
735	try
736	{
737	UserQueryResult result = _derbyWrapper.findUser(username);
738
739	if (result != null)
740	{
741	return true;
742	}
743	else
744	{
745	return false;
746	}
747
748	}
749	catch (Exception ex)
750	{
751	return false;
752	}
753	finally
754	{
755	closeDatabase();
756	}
757	}
758
759	private String retrieveDataForUser(String username, String dataType)
760	{
761	if (_derbyWrapper == null)
762	{
763	openDatabase();
764	}
765
766	String password = null;
767
768	try
769	{
770	UserQueryResult result = _derbyWrapper.findUser(username);
771	Vector userInfo = result.users;
772
773	for (int i = 0; i < result.getSize(); i++)
774	{
775	if (dataType.equals("password"))
776	{
777	return ((UserTermInfo) userInfo.get(i)).password;
778	}
779	else if (dataType.equals("groups"))
780	{
781	return ((UserTermInfo) userInfo.get(i)).groups;
782	}
783	else if (dataType.equals("status"))
784	{
785	return ((UserTermInfo) userInfo.get(i)).accountstatus;
786	}
787	else if (dataType.equals("comment"))
788	{
789	return ((UserTermInfo) userInfo.get(i)).comment;
790	}
791	else if (dataType.equals("email"))
792	{
793	return ((UserTermInfo) userInfo.get(i)).email;
794	}
795	}
796	}
797	catch (Exception ex)
798	{
799	ex.printStackTrace();
800	}
801
802	closeDatabase();
803	return password;
804	}
805
806	private Element getUserNode(UserQueryResult userQueryResult)
807	{
808	Element user_list_node = this.doc.createElement(GSXML.USER_NODE_ELEM + "List");
809
810	Vector userInfo = userQueryResult.users;
811
812	for (int i = 0; i < userQueryResult.getSize(); i++)
813	{
814	Element user_node = this.doc.createElement(GSXML.USER_NODE_ELEM);
815	String username = ((UserTermInfo) userInfo.get(i)).username;
816	String groups = ((UserTermInfo) userInfo.get(i)).groups;
817	String accountstatus = ((UserTermInfo) userInfo.get(i)).accountstatus;
818	String comment = ((UserTermInfo) userInfo.get(i)).comment;
819	String email = ((UserTermInfo) userInfo.get(i)).email;
820	user_node.setAttribute("username", username);
821	user_node.setAttribute("groups", groups);
822	user_node.setAttribute("status", accountstatus);
823	user_node.setAttribute("comment", comment);
824	user_node.setAttribute("email", email);
825
826	user_list_node.appendChild(user_node);
827	}
828	return user_list_node;
829	}
830
831	private Element getCollectList(String collect)
832	{
833	Element collect_list_node = this.doc.createElement(GSXML.COLLECTION_ELEM + "List");
834	File[] collect_dir = (new File(collect)).listFiles();
835	if (collect_dir != null && collect_dir.length > 0)
836	{
837	for (int i = 0; i < collect_dir.length; i++)
838	{
839	if (collect_dir[i].isDirectory() && (!collect_dir[i].getName().startsWith(".svn")))
840	{
841	Element collect_node = this.doc.createElement(GSXML.COLLECTION_ELEM);
842	collect_node.setAttribute("name", collect_dir[i].getName());
843	collect_list_node.appendChild(collect_node);
844	}
845	}
846	}
847	return collect_list_node;
848	}
849	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: