Context Navigation

source: main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java@ 25734

Last change on this file since 25734 was 25734, checked in by sjm84, 12 years ago
Adding a fix for reCaptcha not working. Not completely happy with it as it relies on a timeout, but it will do for now
File size: 31.2 KB

Line
1	package org.greenstone.gsdl3.service;
2
3	import java.io.File;
4	import java.io.Serializable;
5	import java.math.BigInteger;
6	import java.security.MessageDigest;
7	import java.sql.SQLException;
8	import java.util.ArrayList;
9	import java.util.HashMap;
10	import java.util.UUID;
11	import java.util.Vector;
12	import java.util.regex.Pattern;
13
14	import net.tanesha.recaptcha.ReCaptchaImpl;
15	import net.tanesha.recaptcha.ReCaptchaResponse;
16
17	import org.greenstone.gsdl3.util.DerbyWrapper;
18	import org.greenstone.gsdl3.util.GSXML;
19	import org.greenstone.gsdl3.util.UserQueryResult;
20	import org.greenstone.gsdl3.util.UserTermInfo;
21	import org.w3c.dom.Element;
22	import org.w3c.dom.NodeList;
23
24	public class Authentication extends ServiceRack
25	{
26	//Error codes
27	protected static final int NO_ERROR = 0;
28	protected static final int ERROR_REQUEST_HAS_NO_PARAM_LIST = -1;
29	protected static final int ERROR_NOT_LOGGED_IN = -2;
30	protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -3;
31	protected static final int ERROR_COULD_NOT_GET_USER_INFO = -4;
32	protected static final int ERROR_USERNAME_NOT_SPECIFIED = -5;
33	protected static final int ERROR_REQUESTED_USER_NOT_FOUND = -6;
34	protected static final int ERROR_SQL_EXCEPTION = -7;
35	protected static final int ERROR_INVALID_USERNAME = -8;
36	protected static final int ERROR_INVALID_PASSWORD = -9;
37	protected static final int ERROR_INCORRECT_PASSWORD = -10;
38	protected static final int ERROR_USER_ALREADY_EXISTS = -11;
39	protected static final int ERROR_ADDING_USER = -12;
40	protected static final int ERROR_REMOVING_USER = -13;
41	protected static final int ERROR_CAPTCHA_DOES_NOT_MATCH = -14;
42	protected static final int ERROR_CAPTCHA_MISSING = -15;
43	protected static final int ERROR_NOT_AUTHORISED = -16;
44
45	protected static final HashMap<Integer, String> _errorMessageMap;
46	static
47	{
48	//Corresponding error messages
49	HashMap<Integer, String> errorMessageMap = new HashMap<Integer, String>();
50	errorMessageMap.put(ERROR_REQUEST_HAS_NO_PARAM_LIST, "The list of parameters for this request was empty.");
51	errorMessageMap.put(ERROR_NOT_LOGGED_IN, "You must be logged in to access this page.");
52	errorMessageMap.put(ERROR_ADMIN_NOT_LOGGED_IN, "You must be logged in as an administrator to access this page.");
53	errorMessageMap.put(ERROR_COULD_NOT_GET_USER_INFO, "There was a error getting the user information.");
54	errorMessageMap.put(ERROR_USERNAME_NOT_SPECIFIED, "No username was specified.");
55	errorMessageMap.put(ERROR_REQUESTED_USER_NOT_FOUND, "The requested user was not found in the database.");
56	errorMessageMap.put(ERROR_SQL_EXCEPTION, "There was an SQL exception while accessing the database.");
57	errorMessageMap.put(ERROR_INVALID_USERNAME, "The username specified was invalid.");
58	errorMessageMap.put(ERROR_INVALID_PASSWORD, "The password specified was invalid.");
59	errorMessageMap.put(ERROR_INCORRECT_PASSWORD, "The password specified was incorrect.");
60	errorMessageMap.put(ERROR_USER_ALREADY_EXISTS, "This user already exists and therefore cannot be added.");
61	errorMessageMap.put(ERROR_ADDING_USER, "There was an error adding this user to the database.");
62	errorMessageMap.put(ERROR_REMOVING_USER, "There was an error removing this user from the database.");
63	errorMessageMap.put(ERROR_CAPTCHA_DOES_NOT_MATCH, "The words you entered did not match the image, please try again.");
64	errorMessageMap.put(ERROR_CAPTCHA_MISSING, "The information from the captcha is missing.");
65	errorMessageMap.put(ERROR_NOT_AUTHORISED, "You are not authorised to access this page.");
66
67	_errorMessageMap = errorMessageMap;
68	}
69
70	//Admin-required operations
71	protected static final String LIST_USERS = "ListUsers";
72	protected static final String PERFORM_ADD = "PerformAdd";
73	protected static final String PERFORM_EDIT = "PerformEdit";
74	protected static final String ADD_USER = "AddUser";
75	protected static final String EDIT_USER = "EditUser";
76	protected static final String PERFORM_DELETE_USER = "PerformDeleteUser";
77
78	protected static final ArrayList<String> _adminOpList;
79	static
80	{
81	ArrayList<String> opList = new ArrayList<String>();
82	opList.add(LIST_USERS);
83	opList.add(PERFORM_ADD);
84	opList.add(PERFORM_EDIT);
85	opList.add(EDIT_USER);
86	opList.add(PERFORM_DELETE_USER);
87
88	_adminOpList = opList;
89	}
90
91	//User-required operations
92	protected static final String ACCOUNT_SETTINGS = "AccountSettings";
93	protected static final String PERFORM_ACCOUNT_EDIT = "PerformAccEdit";
94	protected static final String PERFORM_RESET_PASSWORD = "PerformResetPassword";
95	protected static final ArrayList<String> _userOpList;
96	static
97	{
98	ArrayList<String> opList = new ArrayList<String>();
99	opList.add(ACCOUNT_SETTINGS);
100	opList.add(PERFORM_ACCOUNT_EDIT);
101	opList.add(PERFORM_RESET_PASSWORD);
102	opList.addAll(_adminOpList);
103	_userOpList = opList;
104	}
105
106	//Other operations
107	protected static final String REGISTER = "Register";
108	protected static final String PERFORM_REGISTER = "PerformRegister";
109	protected static final String LOGIN = "Login";
110
111	//the services on offer
112	protected static final String AUTHENTICATION_SERVICE = "Authentication";
113	protected static final String GET_USER_INFORMATION_SERVICE = "GetUserInformation";
114
115	protected DerbyWrapper _derbyWrapper = null;
116
117	protected String _recaptchaPrivateKey = null;
118	protected String _recaptchaPublicKey = null;
119
120	/** constructor */
121	public Authentication()
122	{
123	}
124
125	public boolean configure(Element info, Element extra_info)
126	{
127	logger.info("Configuring Authentication...");
128	this.config_info = info;
129
130	// set up Authentication service info - for now just has name and type
131	Element authentication_service = this.doc.createElement(GSXML.SERVICE_ELEM);
132	authentication_service.setAttribute(GSXML.TYPE_ATT, "authen");
133	authentication_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
134	this.short_service_info.appendChild(authentication_service);
135
136	// set up Authentication service info - for now just has name and type
137	Element getUserInformation_service = this.doc.createElement(GSXML.SERVICE_ELEM);
138	getUserInformation_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
139	getUserInformation_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
140	this.short_service_info.appendChild(getUserInformation_service);
141
142	NodeList recaptchaElems = info.getElementsByTagName("recaptcha");
143
144	for (int i = 0; i < recaptchaElems.getLength(); i++)
145	{
146	Element currentElem = (Element) recaptchaElems.item(i);
147	if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals("public_key"))
148	{
149	if (currentElem.getAttribute(GSXML.VALUE_ATT) != null)
150	{
151	_recaptchaPublicKey = currentElem.getAttribute(GSXML.VALUE_ATT);
152	}
153	}
154	else if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals("private_key"))
155	{
156	if (currentElem.getAttribute(GSXML.VALUE_ATT) != null)
157	{
158	_recaptchaPrivateKey = currentElem.getAttribute(GSXML.VALUE_ATT);
159	}
160	}
161	}
162
163	return true;
164	}
165
166	protected Element getServiceDescription(String service_id, String lang, String subset)
167	{
168
169	Element authen_service = this.doc.createElement(GSXML.SERVICE_ELEM);
170
171	if (service_id.equals(AUTHENTICATION_SERVICE))
172	{
173	authen_service.setAttribute(GSXML.TYPE_ATT, "authen");
174	authen_service.setAttribute(GSXML.NAME_ATT, AUTHENTICATION_SERVICE);
175	}
176	else if (service_id.equals(GET_USER_INFORMATION_SERVICE))
177	{
178	authen_service.setAttribute(GSXML.TYPE_ATT, GSXML.SERVICE_TYPE_PROCESS);
179	authen_service.setAttribute(GSXML.NAME_ATT, GET_USER_INFORMATION_SERVICE);
180	}
181	else
182	{
183	return null;
184	}
185
186	if (service_id.equals(AUTHENTICATION_SERVICE) && (subset == null \|\| subset.equals(GSXML.DISPLAY_TEXT_ELEM + GSXML.LIST_MODIFIER)))
187	{
188	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_NAME, getServiceName(service_id, lang)));
189	authen_service.appendChild(GSXML.createDisplayTextElement(this.doc, GSXML.DISPLAY_TEXT_DESCRIPTION, getServiceDescription(service_id, lang)));
190	}
191	return authen_service;
192	}
193
194	protected String getServiceName(String service_id, String lang)
195	{
196	return getTextString(service_id + ".name", lang);
197	}
198
199	protected String getServiceSubmit(String service_id, String lang)
200	{
201	return getTextString(service_id + ".submit", lang);
202	}
203
204	protected String getServiceDescription(String service_id, String lang)
205	{
206	return getTextString(service_id + ".description", lang);
207	}
208
209	protected void addCustomParams(String service, Element param_list, String lang)
210	{
211	}
212
213	protected void createParameter(String name, Element param_list, String lang)
214	{
215	}
216
217	protected Element processGetUserInformation(Element request)
218	{
219	// Create a new (empty) result message
220	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
221
222	result.setAttribute(GSXML.FROM_ATT, GET_USER_INFORMATION_SERVICE);
223	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
224
225	Element paramList = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
226	if (paramList == null)
227	{
228	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
229	return result;
230	}
231
232	HashMap<String, Serializable> params = GSXML.extractParams(paramList, true);
233
234	String username = (String) params.get("username");
235
236	if (username == null)
237	{
238	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
239	return result;
240	}
241
242	DerbyWrapper dbWrapper = new DerbyWrapper();
243
244	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
245	dbWrapper.connectDatabase(usersDB_dir, true);
246
247	UserQueryResult userQueryResult;
248	try
249	{
250	userQueryResult = dbWrapper.findUser(username);
251	Vector<UserTermInfo> terms = userQueryResult.getUserTerms();
252
253	if (terms.size() == 0)
254	{
255	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUESTED_USER_NOT_FOUND));
256	return result;
257	}
258
259	UserTermInfo userInfo = terms.get(0);
260	Element userInfoList = this.doc.createElement(GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
261	result.appendChild(userInfoList);
262
263	Element usernameField = GSXML.createParameter(this.doc, "username", userInfo.username);
264	Element passwordField = GSXML.createParameter(this.doc, "password", userInfo.password);
265	Element groupsField = GSXML.createParameter(this.doc, "groups", userInfo.groups);
266	Element accountStatusField = GSXML.createParameter(this.doc, "accountstatus", userInfo.accountstatus);
267	Element commentField = GSXML.createParameter(this.doc, "comment", userInfo.comment);
268
269	userInfoList.appendChild(usernameField);
270	userInfoList.appendChild(passwordField);
271	userInfoList.appendChild(groupsField);
272	userInfoList.appendChild(accountStatusField);
273	userInfoList.appendChild(commentField);
274	}
275	catch (SQLException ex)
276	{
277	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_SQL_EXCEPTION));
278	ex.printStackTrace();
279	}
280
281	return result;
282	}
283
284	protected Element processAuthentication(Element request)
285	{
286	checkAdminUserExists();
287
288	// Create a new (empty) result message
289	Element result = this.doc.createElement(GSXML.RESPONSE_ELEM);
290	result.setAttribute(GSXML.FROM_ATT, AUTHENTICATION_SERVICE);
291	result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS);
292
293	// Create an Authentication node put into the result
294	Element authenNode = this.doc.createElement(GSXML.AUTHEN_NODE_ELEM);
295	result.appendChild(authenNode);
296	result.appendChild(getCollectList(this.site_home + File.separatorChar + "collect"));
297
298	// Create a service node added into the Authentication node
299	Element serviceNode = this.doc.createElement(GSXML.SERVICE_ELEM);
300	authenNode.appendChild(serviceNode);
301
302	// Get the parameters of the request
303	Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER);
304	if (param_list == null)
305	{
306	serviceNode.setAttribute("operation", LOGIN);
307	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));
308	return result; // Return the empty result
309	}
310	HashMap<String, Serializable> paramMap = GSXML.extractParams(param_list, false);
311	String op = (String) paramMap.get("authpage");
312	serviceNode.setAttribute("operation", op);
313
314	String username = null;
315	String groups = null;
316
317	Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM);
318	if (userInformation == null && _userOpList.contains(op))
319	{
320	serviceNode.setAttribute("operation", LOGIN);
321	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
322	return result;
323	}
324
325	if (userInformation != null)
326	{
327	username = userInformation.getAttribute(GSXML.USERNAME_ATT);
328	groups = userInformation.getAttribute(GSXML.GROUPS_ATT);
329	}
330
331	if (username == null && _userOpList.contains(op))
332	{
333	serviceNode.setAttribute("operation", LOGIN);
334	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));
335	return result;
336	}
337
338	if (_adminOpList.contains(op) && (groups == null \|\| !groups.matches(".\\badministrator\\b.")))
339	{
340	serviceNode.setAttribute("operation", LOGIN);
341	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_ADMIN_NOT_LOGGED_IN));
342	return result;
343	}
344
345	if (op.equals(LIST_USERS))
346	{
347	int error = addUserInformationToNode(null, serviceNode);
348	if (error != NO_ERROR)
349	{
350	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
351	}
352	}
353	else if (op.equals(PERFORM_ADD))
354	{
355	String newUsername = (String) paramMap.get("username");
356	String newPassword = (String) paramMap.get("password");
357	String newGroups = (String) paramMap.get("groups");
358	String newStatus = (String) paramMap.get("status");
359	String newComment = (String) paramMap.get("comment");
360	String newEmail = (String) paramMap.get("email");
361
362	//Check the given user name
363	int error;
364	if ((error = checkUsername(newUsername)) != NO_ERROR)
365	{
366	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
367	return result;
368	}
369
370	//Check the given password
371	if ((error = checkPassword(newPassword)) != NO_ERROR)
372	{
373	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
374	return result;
375	}
376
377	newPassword = hashPassword(newPassword);
378
379	error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
380	if (error != NO_ERROR)
381	{
382	serviceNode.setAttribute("operation", ADD_USER);
383	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
384	}
385	else
386	{
387	addUserInformationToNode(null, serviceNode);
388	serviceNode.setAttribute("operation", LIST_USERS);
389	}
390	}
391	else if (op.equals(PERFORM_REGISTER))
392	{
393	String newUsername = (String) paramMap.get("username");
394	String newPassword = (String) paramMap.get("password");
395	String newEmail = (String) paramMap.get("email");
396
397	//Check the given user name
398	int error;
399	if ((error = checkUsername(newUsername)) != NO_ERROR)
400	{
401	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
402	return result;
403	}
404
405	//Check the given password
406	if ((error = checkPassword(newPassword)) != NO_ERROR)
407	{
408	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
409	return result;
410	}
411
412	newPassword = hashPassword(newPassword);
413
414	if (_recaptchaPrivateKey != null && _recaptchaPrivateKey.length() > 0)
415	{
416	ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
417	reCaptcha.setPrivateKey(_recaptchaPrivateKey);
418
419	try
420	{
421	//If this line throws an exception then we'll assume the user has a firewall that is too restrictive
422	//(or that they're not connected to the Internet) to allow access to google services.
423	//In this situation we won't use the recaptcha test.
424	reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), "", "");
425
426	String challenge = (String) paramMap.get("recaptcha_challenge_field");
427	String uResponse = (String) paramMap.get("recaptcha_response_field");
428
429	if (challenge == null \|\| uResponse == null)
430	{
431	serviceNode.setAttribute("operation", REGISTER);
432	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_MISSING));
433	return result;
434	}
435
436	ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), challenge, uResponse);
437
438	if (!reCaptchaResponse.isValid())
439	{
440	serviceNode.setAttribute("operation", REGISTER);
441	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_CAPTCHA_DOES_NOT_MATCH));
442	return result;
443	}
444	}
445	catch (Exception ex)
446	{
447	}
448	}
449
450	error = addUser(newUsername, newPassword, "", "true", "", newEmail);
451	if (error != NO_ERROR)
452	{
453	serviceNode.setAttribute("operation", REGISTER);
454	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
455	}
456	}
457	else if (op.equals(PERFORM_EDIT))
458	{
459	String previousUsername = (String) paramMap.get("prevUsername");
460	String newUsername = (String) paramMap.get("newUsername");
461	String newPassword = (String) paramMap.get("password");
462	String newGroups = (String) paramMap.get("groups");
463	String newStatus = (String) paramMap.get("status");
464	String newComment = (String) paramMap.get("comment");
465	String newEmail = (String) paramMap.get("email");
466
467	//Check the given user name
468	int error;
469	if ((error = checkUsername(newUsername)) != NO_ERROR)
470	{
471	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
472	return result;
473	}
474
475	if (newPassword == null)
476	{
477	newPassword = retrieveDataForUser(previousUsername, "password");
478	}
479	else
480	{
481	//Check the given password
482	if ((error = checkPassword(newPassword)) != NO_ERROR)
483	{
484	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
485	return result;
486	}
487
488	newPassword = hashPassword(newPassword);
489	}
490
491	error = removeUser(previousUsername);
492	if (error != NO_ERROR)
493	{
494	if (error == ERROR_USERNAME_NOT_SPECIFIED)
495	{
496	addUserInformationToNode(null, serviceNode);
497	serviceNode.setAttribute("operation", LIST_USERS);
498	}
499	else
500	{
501	serviceNode.setAttribute("operation", EDIT_USER);
502	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
503	}
504	return result;
505	}
506
507	error = addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
508	if (error != NO_ERROR)
509	{
510	serviceNode.setAttribute("operation", EDIT_USER);
511	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
512	}
513	else
514	{
515	addUserInformationToNode(null, serviceNode);
516	serviceNode.setAttribute("operation", LIST_USERS);
517	}
518	}
519	else if (op.equals(PERFORM_ACCOUNT_EDIT))
520	{
521	String previousUsername = (String) paramMap.get("prevUsername");
522	String newUsername = (String) paramMap.get("newUsername");
523	String oldPassword = (String) paramMap.get("oldPassword");
524	String newPassword = (String) paramMap.get("newPassword");
525	String newEmail = (String) paramMap.get("newEmail");
526
527	//Make sure the user name does not already exist
528	if (!previousUsername.equals(newUsername) && checkUserExists(newUsername))
529	{
530	addUserInformationToNode(previousUsername, serviceNode);
531	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
532	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USER_ALREADY_EXISTS));
533	return result;
534	}
535
536	String prevPassword = retrieveDataForUser(previousUsername, "password");
537
538	if (newPassword != null)
539	{
540	oldPassword = hashPassword(oldPassword);
541
542	if (oldPassword == null \|\| !oldPassword.equals(prevPassword))
543	{
544	addUserInformationToNode(previousUsername, serviceNode);
545	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
546	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_INCORRECT_PASSWORD), "Incorrect Password");
547	return result;
548	}
549
550	//Check the given password
551	int error;
552	if ((error = checkPassword(newPassword)) != NO_ERROR)
553	{
554	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
555	return result;
556	}
557
558	newPassword = hashPassword(newPassword);
559	}
560	else
561	{
562	newPassword = prevPassword;
563	}
564
565	//Check the given user name
566	int error;
567	if ((error = checkUsername(newUsername)) != NO_ERROR)
568	{
569	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
570	return result;
571	}
572
573	String prevGroups = retrieveDataForUser(previousUsername, "groups");
574	String prevStatus = retrieveDataForUser(previousUsername, "status");
575	String prevComment = retrieveDataForUser(previousUsername, "comment");
576
577	error = removeUser(previousUsername);
578	if (error != NO_ERROR)
579	{
580	if (error == ERROR_USERNAME_NOT_SPECIFIED)
581	{
582	addUserInformationToNode(null, serviceNode);
583	serviceNode.setAttribute("operation", LIST_USERS);
584	}
585	else
586	{
587	addUserInformationToNode(previousUsername, serviceNode);
588	serviceNode.setAttribute("operation", ACCOUNT_SETTINGS);
589	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
590	}
591	return result;
592	}
593
594	error = addUser(newUsername, newPassword, prevGroups, prevStatus, prevComment, newEmail);
595	if (error != NO_ERROR)
596	{
597	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
598	}
599
600	addUserInformationToNode(null, serviceNode);
601	serviceNode.setAttribute("operation", LIST_USERS);
602	}
603	else if (op.equals(EDIT_USER))
604	{
605	String editUsername = (String) paramMap.get("username");
606	int error = addUserInformationToNode(editUsername, serviceNode);
607	if (error != NO_ERROR)
608	{
609	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
610	}
611	}
612	else if (op.equals(ACCOUNT_SETTINGS))
613	{
614	String editUsername = (String) paramMap.get("username");
615
616	if (editUsername == null)
617	{
618	serviceNode.setAttribute("operation", "");
619	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));
620	return result;
621	}
622
623	if (!editUsername.equals(username))
624	{
625	serviceNode.setAttribute("operation", LOGIN);
626	GSXML.addError(this.doc, result, _errorMessageMap.get(ERROR_NOT_AUTHORISED));
627	return result;
628	}
629	int error = addUserInformationToNode(editUsername, serviceNode);
630	if (error != NO_ERROR)
631	{
632	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
633	}
634	}
635	else if (op.equals(PERFORM_RESET_PASSWORD))
636	{
637	String passwordResetUser = (String) paramMap.get("username");
638
639	String newPassword = UUID.randomUUID().toString();
640	newPassword = newPassword.substring(0, newPassword.indexOf("-"));
641
642	String email = retrieveDataForUser(passwordResetUser, "email");
643	String from = "[email protected]";
644	String host = request.getAttribute("remoteAddress");
645
646	//TODO: FINISH THIS
647	}
648	else if (op.equals(REGISTER))
649	{
650	if (_recaptchaPrivateKey != null && _recaptchaPrivateKey.length() > 0)
651	{
652	try
653	{
654	ReCaptchaImpl reCaptcha = new ReCaptchaImpl();
655	reCaptcha.setPrivateKey(_recaptchaPrivateKey);
656	reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), "", "");
657	}
658	catch (Exception ex)
659	{
660	return result;
661	}
662	}
663
664	if (_recaptchaPublicKey != null && _recaptchaPrivateKey != null)
665	{
666	Element recaptchaElem = this.doc.createElement("recaptcha");
667	recaptchaElem.setAttribute("publicKey", _recaptchaPublicKey);
668	recaptchaElem.setAttribute("privateKey", _recaptchaPrivateKey);
669	result.appendChild(recaptchaElem);
670	}
671	}
672	else if (op.equals(PERFORM_DELETE_USER))
673	{
674	String usernameToDelete = (String) paramMap.get("username");
675	int error = removeUser(usernameToDelete);
676	if (error != NO_ERROR)
677	{
678	GSXML.addError(this.doc, result, _errorMessageMap.get(error));
679	}
680	addUserInformationToNode(null, serviceNode);
681	serviceNode.setAttribute("operation", LIST_USERS);
682	}
683
684	return result;
685	}
686
687	public int checkUsernameAndPassword(String username, String password)
688	{
689	int uResult = checkUsername(username);
690	int pResult = checkPassword(password);
691
692	return (uResult != NO_ERROR ? uResult : (pResult != NO_ERROR ? pResult : NO_ERROR));
693	}
694
695	public int checkUsername(String username)
696	{
697	//Check the given user name
698	if ((username == null) \|\| (username.length() < 2) \|\| (username.length() > 30) \|\| (!(Pattern.matches("[a-zA-Z0-9//_//.]+", username))))
699	{
700	return ERROR_INVALID_USERNAME;
701	}
702	return NO_ERROR;
703	}
704
705	public int checkPassword(String password)
706	{
707	//Check the given password
708	if ((password == null) \|\| (password.length() < 3) \|\| (password.length() > 8) \|\| (!(Pattern.matches("[\\p{ASCII}]+", password))))
709	{
710	return ERROR_INVALID_PASSWORD;
711	}
712	return NO_ERROR;
713	}
714
715	public static String hashPassword(String password)
716	{
717	String hashedPassword = null;
718	try
719	{
720	MessageDigest digest = MessageDigest.getInstance("SHA-1");
721	digest.reset();
722	hashedPassword = new String(digest.digest(password.getBytes("US-ASCII"))); // toHex after using ASCII charset will result in acceptable length of hex string
723	hashedPassword = toHex(hashedPassword); // this conversion is required to avoid the strange error of login failure on some legal password strings
724	}
725	catch (Exception ex)
726	{
727	ex.printStackTrace();
728	}
729	return hashedPassword;
730	}
731
732	// This method can also be used for printing out the password in hex (in case
733	// the password used the UTF-8 Charset), or the hex values in any unicode string.
734	// From http://stackoverflow.com/questions/923863/converting-a-string-to-hexadecimal-in-java
735	public static String toHex(String arg)
736	{
737	try
738	{
739	return String.format("%x", new BigInteger(arg.getBytes("US-ASCII"))); // set to same charset as used by hashPassword
740	}
741	catch (Exception e)
742	{ // UnsupportedEncodingException
743	e.printStackTrace();
744	}
745	return "Unable to print";
746	}
747
748	private void checkAdminUserExists()
749	{
750	if (_derbyWrapper == null)
751	{
752	openDatabase();
753	}
754
755	UserQueryResult userQueryResult = _derbyWrapper.findUser(null, null);
756	closeDatabase();
757
758	if (userQueryResult != null)
759	{
760	Vector userInfo = userQueryResult.users;
761
762	boolean adminFound = false;
763	for (int i = 0; i < userQueryResult.getSize(); i++)
764	{
765	if (((UserTermInfo) userInfo.get(i)).groups != null && ((UserTermInfo) userInfo.get(i)).groups.matches(".\\badministrator\\b."))
766	{
767	adminFound = true;
768	}
769	}
770
771	if (!adminFound)
772	{
773	addUser("admin", "admin", "administrator", "true", "Change the password for this account as soon as possible", "");
774	}
775	}
776
777	closeDatabase();
778	}
779
780	private boolean openDatabase()
781	{
782	_derbyWrapper = new DerbyWrapper();
783
784	// check the usersDb database, if it isn't existing, check the etc dir, create the etc dir if it isn't existing, then create the user database and add a "admin" user
785	String usersDB_dir = this.site_home + File.separatorChar + "etc" + File.separatorChar + "usersDB";
786	File usersDB_file = new File(usersDB_dir);
787	if (!usersDB_file.exists())
788	{
789	String etc_dir = this.site_home + File.separatorChar + "etc";
790	File etc_file = new File(etc_dir);
791	if (!etc_file.exists())
792	{
793	boolean success = etc_file.mkdir();
794	if (!success)
795	{
796	logger.error("Couldn't create the etc dir under " + this.site_home + ".");
797	return false;
798	}
799	}
800	_derbyWrapper.connectDatabase(usersDB_dir, true);
801	_derbyWrapper.createDatabase();
802	}
803	else
804	{
805	_derbyWrapper.connectDatabase(usersDB_dir, false);
806	}
807	return true;
808	}
809
810	private void closeDatabase()
811	{
812	if (_derbyWrapper != null)
813	{
814	_derbyWrapper.closeDatabase();
815	_derbyWrapper = null;
816	}
817	}
818
819	private int addUserInformationToNode(String username, Element serviceNode)
820	{
821	if (_derbyWrapper == null)
822	{
823	openDatabase();
824	}
825
826	UserQueryResult userQueryResult = _derbyWrapper.findUser(username, null);
827	closeDatabase();
828
829	if (userQueryResult != null)
830	{
831	Element user_node = getUserNode(userQueryResult);
832	serviceNode.appendChild(user_node);
833	closeDatabase();
834	return NO_ERROR;
835	}
836
837	closeDatabase();
838	return ERROR_COULD_NOT_GET_USER_INFO;
839	}
840
841	private int removeUser(String username)
842	{
843	if (username == null)
844	{
845	return ERROR_USERNAME_NOT_SPECIFIED;
846	}
847
848	if (_derbyWrapper == null)
849	{
850	openDatabase();
851	}
852
853	boolean success = _derbyWrapper.deleteUser(username);
854	closeDatabase();
855
856	if (success)
857	{
858	return NO_ERROR;
859	}
860
861	return ERROR_REMOVING_USER;
862	}
863
864	private int addUser(String newUsername, String newPassword, String newGroups, String newStatus, String newComment, String newEmail)
865	{
866	if (_derbyWrapper == null)
867	{
868	openDatabase();
869	}
870
871	newGroups = newGroups.replaceAll(" ", "");
872
873	//Check if the user already exists
874	UserQueryResult userQueryResult = _derbyWrapper.findUser(newUsername, null);
875	if (userQueryResult != null)
876	{
877	closeDatabase();
878	return ERROR_USER_ALREADY_EXISTS;
879	}
880	else
881	{
882	System.err.println("ADDING " + newUsername + " " + newPassword);
883	boolean success = _derbyWrapper.addUser(newUsername, newPassword, newGroups, newStatus, newComment, newEmail);
884	if (!success)
885	{
886	closeDatabase();
887	return ERROR_ADDING_USER;
888	}
889	}
890	closeDatabase();
891	return NO_ERROR;
892	}
893
894	private boolean checkUserExists(String username)
895	{
896	if (_derbyWrapper == null)
897	{
898	openDatabase();
899	}
900
901	try
902	{
903	UserQueryResult result = _derbyWrapper.findUser(username);
904
905	if (result != null)
906	{
907	return true;
908	}
909	else
910	{
911	return false;
912	}
913
914	}
915	catch (Exception ex)
916	{
917	return false;
918	}
919	finally
920	{
921	closeDatabase();
922	}
923	}
924
925	private String retrieveDataForUser(String username, String dataType)
926	{
927	if (_derbyWrapper == null)
928	{
929	openDatabase();
930	}
931
932	String password = null;
933
934	try
935	{
936	UserQueryResult result = _derbyWrapper.findUser(username);
937	Vector userInfo = result.users;
938
939	for (int i = 0; i < result.getSize(); i++)
940	{
941	if (dataType.equals("password"))
942	{
943	return ((UserTermInfo) userInfo.get(i)).password;
944	}
945	else if (dataType.equals("groups"))
946	{
947	return ((UserTermInfo) userInfo.get(i)).groups;
948	}
949	else if (dataType.equals("status"))
950	{
951	return ((UserTermInfo) userInfo.get(i)).accountstatus;
952	}
953	else if (dataType.equals("comment"))
954	{
955	return ((UserTermInfo) userInfo.get(i)).comment;
956	}
957	else if (dataType.equals("email"))
958	{
959	return ((UserTermInfo) userInfo.get(i)).email;
960	}
961	}
962	}
963	catch (Exception ex)
964	{
965	ex.printStackTrace();
966	}
967
968	closeDatabase();
969	return password;
970	}
971
972	private Element getUserNode(UserQueryResult userQueryResult)
973	{
974	Element user_list_node = this.doc.createElement(GSXML.USER_NODE_ELEM + "List");
975
976	Vector userInfo = userQueryResult.users;
977
978	for (int i = 0; i < userQueryResult.getSize(); i++)
979	{
980	Element user_node = this.doc.createElement(GSXML.USER_NODE_ELEM);
981	String username = ((UserTermInfo) userInfo.get(i)).username;
982	String groups = ((UserTermInfo) userInfo.get(i)).groups;
983	String accountstatus = ((UserTermInfo) userInfo.get(i)).accountstatus;
984	String comment = ((UserTermInfo) userInfo.get(i)).comment;
985	String email = ((UserTermInfo) userInfo.get(i)).email;
986	user_node.setAttribute("username", username);
987	user_node.setAttribute("groups", groups);
988	user_node.setAttribute("status", accountstatus);
989	user_node.setAttribute("comment", comment);
990	user_node.setAttribute("email", email);
991
992	user_list_node.appendChild(user_node);
993	}
994	return user_list_node;
995	}
996
997	private Element getCollectList(String collect)
998	{
999	Element collect_list_node = this.doc.createElement(GSXML.COLLECTION_ELEM + "List");
1000	File[] collect_dir = (new File(collect)).listFiles();
1001	if (collect_dir != null && collect_dir.length > 0)
1002	{
1003	for (int i = 0; i < collect_dir.length; i++)
1004	{
1005	if (collect_dir[i].isDirectory() && (!collect_dir[i].getName().startsWith(".svn")))
1006	{
1007	Element collect_node = this.doc.createElement(GSXML.COLLECTION_ELEM);
1008	collect_node.setAttribute("name", collect_dir[i].getName());
1009	collect_list_node.appendChild(collect_node);
1010	}
1011	}
1012	}
1013	return collect_list_node;
1014	}
1015	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: