Changeset 32369 for main/trunk
- Timestamp:
- 2018-08-23T13:57:26+12:00 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java
r28966 r32369 11 11 import java.util.regex.Pattern; 12 12 13 import net.tanesha.recaptcha.ReCaptchaImpl; 14 import net.tanesha.recaptcha.ReCaptchaResponse; 13 // for verifying recaptcha 14 import java.io.BufferedReader; 15 import java.io.DataOutputStream; 16 import java.io.IOException; 17 import java.io.InputStreamReader; 18 import java.io.StringReader; 19 import java.net.URL; 20 import javax.net.ssl.HttpsURLConnection; 21 // https://developer.android.com/reference/org/json/JSONObject.html 22 // https://developer.android.com/reference/org/json/JSONArray.html 23 import org.json.JSONArray; 24 import org.json.JSONException; 25 import org.json.JSONObject; 15 26 16 27 import org.apache.commons.codec.digest.DigestUtils; … … 36 47 //Error codes 37 48 protected static final int NO_ERROR = 0; 38 protected static final int ERROR_REQUEST_HAS_NO_PARAM_LIST = -1;39 49 protected static final int ERROR_NOT_LOGGED_IN = -2; 40 50 protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -3; 41 51 protected static final int ERROR_COULD_NOT_GET_USER_INFO = -4; 42 52 protected static final int ERROR_USERNAME_NOT_SPECIFIED = -5; 43 protected static final int ERROR_ REQUESTED_USER_NOT_FOUND = -6;53 protected static final int ERROR_USER_NOT_FOUND = -6; 44 54 protected static final int ERROR_SQL_EXCEPTION = -7; 45 55 protected static final int ERROR_INVALID_USERNAME = -8; … … 52 62 protected static final int ERROR_ADDING_USER = -15; 53 63 protected static final int ERROR_REMOVING_USER = -16; 54 protected static final int ERROR_CAPTCHA_ DOES_NOT_MATCH= -17;64 protected static final int ERROR_CAPTCHA_FAILED = -17; 55 65 protected static final int ERROR_CAPTCHA_MISSING = -18; 56 66 protected static final int ERROR_NOT_AUTHORISED = -19; 57 58 protected static final HashMap<Integer, String> _errorMessageMap; 67 protected static final int ERROR_MISSING_PARAMS = -20; 68 69 protected static final HashMap<Integer, String> _errorKeyMap; 59 70 static 60 71 { 61 //Corresponding error messages 62 HashMap<Integer, String> errorMessageMap = new HashMap<Integer, String>(); 63 errorMessageMap.put(ERROR_REQUEST_HAS_NO_PARAM_LIST, "The list of parameters for this request was empty."); 64 errorMessageMap.put(ERROR_NOT_LOGGED_IN, "You must be logged in to access this page."); 65 errorMessageMap.put(ERROR_ADMIN_NOT_LOGGED_IN, "You must be logged in as an administrator to access this page."); 66 errorMessageMap.put(ERROR_COULD_NOT_GET_USER_INFO, "There was a error getting the user information."); 67 errorMessageMap.put(ERROR_USERNAME_NOT_SPECIFIED, "No username was specified."); 68 errorMessageMap.put(ERROR_REQUESTED_USER_NOT_FOUND, "The requested user was not found in the database."); 69 errorMessageMap.put(ERROR_SQL_EXCEPTION, "There was an SQL exception while accessing the database."); 70 errorMessageMap.put(ERROR_INVALID_USERNAME, "The username specified was invalid."); 71 errorMessageMap.put(ERROR_PASSWORD_NOT_ENTERED, "No password was entered."); 72 errorMessageMap.put(ERROR_PASSWORD_TOO_SHORT, "The password you entered was too short (minimum of 3 characters)."); 73 errorMessageMap.put(ERROR_PASSWORD_TOO_LONG, "The password you entered was too long (maximum of 64 characters)."); 74 errorMessageMap.put(ERROR_PASSWORD_USES_ILLEGAL_CHARACTERS, "The password you entered contains illegal characters."); 75 errorMessageMap.put(ERROR_INCORRECT_PASSWORD, "The password specified was incorrect."); 76 errorMessageMap.put(ERROR_USER_ALREADY_EXISTS, "This user already exists and therefore cannot be added."); 77 errorMessageMap.put(ERROR_ADDING_USER, "There was an error adding this user to the database."); 78 errorMessageMap.put(ERROR_REMOVING_USER, "There was an error removing this user from the database."); 79 errorMessageMap.put(ERROR_CAPTCHA_DOES_NOT_MATCH, "The words you entered did not match the image, please try again."); 80 errorMessageMap.put(ERROR_CAPTCHA_MISSING, "The information from the captcha is missing."); 81 errorMessageMap.put(ERROR_NOT_AUTHORISED, "You are not authorised to access this page."); 82 83 _errorMessageMap = errorMessageMap; 72 //Corresponding error message keys for looking up in ServiceRack dictionary 73 HashMap<Integer, String> errorKeyMap = new HashMap<Integer, String>(); 74 errorKeyMap.put(ERROR_NOT_LOGGED_IN, "auth.error.not_logged_in"); 75 errorKeyMap.put(ERROR_ADMIN_NOT_LOGGED_IN, "auth.error.admin_not_logged_in"); 76 errorKeyMap.put(ERROR_COULD_NOT_GET_USER_INFO, "auth.error.could_not_get_user_info"); 77 errorKeyMap.put(ERROR_USERNAME_NOT_SPECIFIED, "auth.error.username_not_specified"); 78 errorKeyMap.put(ERROR_USER_NOT_FOUND, "auth.error.user_not_found"); 79 errorKeyMap.put(ERROR_SQL_EXCEPTION, "auth.error.sql_exception"); 80 errorKeyMap.put(ERROR_INVALID_USERNAME, "auth.error.invalid_username"); 81 errorKeyMap.put(ERROR_PASSWORD_NOT_ENTERED, "auth.error.no_password"); 82 errorKeyMap.put(ERROR_PASSWORD_TOO_SHORT, "auth.error.password_too_short"); 83 errorKeyMap.put(ERROR_PASSWORD_TOO_LONG, "auth.error.password_too_long"); 84 errorKeyMap.put(ERROR_PASSWORD_USES_ILLEGAL_CHARACTERS, "auth.error.password_illegal_chars"); 85 errorKeyMap.put(ERROR_INCORRECT_PASSWORD, "auth.error.incorrect_password"); 86 errorKeyMap.put(ERROR_USER_ALREADY_EXISTS, "auth.error.user_already_exists"); 87 errorKeyMap.put(ERROR_ADDING_USER, "auth.error.add_user_error"); 88 errorKeyMap.put(ERROR_REMOVING_USER, "auth.error.remove_user_error"); 89 errorKeyMap.put(ERROR_CAPTCHA_FAILED, "auth.error.captcha_failed"); 90 errorKeyMap.put(ERROR_CAPTCHA_MISSING, "auth.error.captcha_missing"); 91 errorKeyMap.put(ERROR_NOT_AUTHORISED, "auth.error.not_authorised"); 92 errorKeyMap.put(ERROR_MISSING_PARAMS, "auth.error.missing_params"); // ??? 93 _errorKeyMap = errorKeyMap; 84 94 } 85 95 … … 123 133 124 134 //Other operations 125 protected static final String REGISTER = "Register"; 126 protected static final String PERFORM_REGISTER = "PerformRegister"; 135 protected static final String REGISTER = "Register"; // displays the register page 136 protected static final String PERFORM_REGISTER = "PerformRegister"; // performs the registration action 127 137 protected static final String LOGIN = "Login"; 128 138 protected static final String BLANK = "Info"; // a dummy page just for showing an error message 129 139 //the services on offer 130 140 protected static final String AUTHENTICATION_SERVICE = "Authentication"; … … 135 145 protected static boolean _derbyWrapperDoneForcedShutdown = false; 136 146 137 protected String _recaptcha PrivateKey = null;138 protected String _recaptcha PublicKey = null;147 protected String _recaptchaSiteKey = null; 148 protected String _recaptchaSecretKey = null; 139 149 140 150 /** constructor */ … … 198 208 { 199 209 Element currentElem = (Element) recaptchaElems.item(i); 200 if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals(" public_key"))210 if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals("site_key")) 201 211 { 202 212 if (currentElem.getAttribute(GSXML.VALUE_ATT) != null) 203 213 { 204 _recaptcha PublicKey = currentElem.getAttribute(GSXML.VALUE_ATT);205 } 206 } 207 else if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals(" private_key"))214 _recaptchaSiteKey = currentElem.getAttribute(GSXML.VALUE_ATT); 215 } 216 } 217 else if (currentElem.getAttribute(GSXML.NAME_ATT) != null && currentElem.getAttribute(GSXML.NAME_ATT).equals("secret_key")) 208 218 { 209 219 if (currentElem.getAttribute(GSXML.VALUE_ATT) != null) 210 220 { 211 _recaptcha PrivateKey = currentElem.getAttribute(GSXML.VALUE_ATT);221 _recaptchaSecretKey = currentElem.getAttribute(GSXML.VALUE_ATT); 212 222 } 213 223 } … … 269 279 return getTextString(service_id + ".description", lang); 270 280 } 271 281 protected String getErrorTextString(int error_code, String lang) { 282 return getTextString(_errorKeyMap.get(error_code), lang); 283 284 } 272 285 protected Element processChangeUserEditMode(Element request) 273 286 { … … 282 295 if (paramList == null) 283 296 { 284 GSXML.addError(result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));285 297 logger.error("ChangeUserEditMode request has no param list!!"); 298 return result; 286 299 } 287 300 … … 384 397 result.setAttribute(GSXML.TYPE_ATT, GSXML.REQUEST_TYPE_PROCESS); 385 398 399 String lang = request.getAttribute(GSXML.LANG_ATT); 386 400 Element paramList = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 387 401 if (paramList == null) 388 402 { 389 GSXML.addError(result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));390 403 logger.error("GetUserInformation request has no param list"); 404 return result; 391 405 } 392 406 … … 397 411 if (username == null) 398 412 { 399 GSXML.addError(result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));413 GSXML.addError(result, getErrorTextString(ERROR_USERNAME_NOT_SPECIFIED, lang)); 400 414 return result; 401 415 } … … 410 424 if (terms.size() == 0) 411 425 { 412 GSXML.addError(result, _errorMessageMap.get(ERROR_REQUESTED_USER_NOT_FOUND));426 GSXML.addError(result, getErrorTextString(ERROR_USER_NOT_FOUND, lang)); 413 427 return result; 414 428 } … … 461 475 462 476 // Get the parameters of the request 477 String lang = request.getAttribute(GSXML.LANG_ATT); 463 478 Element param_list = (Element) GSXML.getChildByTagName(request, GSXML.PARAM_ELEM + GSXML.LIST_MODIFIER); 464 479 if (param_list == null) 465 480 { 466 481 serviceNode.setAttribute("operation", LOGIN); 467 GSXML.addError(result, _errorMessageMap.get(ERROR_REQUEST_HAS_NO_PARAM_LIST));482 logger.error("Authentication request has no param list"); 468 483 return result; // Return the empty result 469 484 } … … 476 491 477 492 Element userInformation = (Element) GSXML.getChildByTagName(request, GSXML.USER_INFORMATION_ELEM); 478 if (userInformation == null && _userOpList.contains(op))479 {480 serviceNode.setAttribute("operation", LOGIN);481 GSXML.addError(result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));482 return result;483 }484 485 493 if (userInformation != null) 486 494 { … … 489 497 } 490 498 491 if (username == null && _userOpList.contains(op)) 492 { 499 if ((userInformation == null || username == null) && _userOpList.contains(op)) 500 { 501 // its an operation that requires the user to be logged on - direct them to login page 493 502 serviceNode.setAttribute("operation", LOGIN); 494 GSXML.addError(result, _errorMessageMap.get(ERROR_NOT_LOGGED_IN));503 GSXML.addError(result, getErrorTextString(ERROR_NOT_LOGGED_IN, lang)); 495 504 return result; 496 505 } … … 498 507 if (_adminOpList.contains(op) && (groups == null || !groups.matches(".*\\badministrator\\b.*"))) 499 508 { 509 // actually, the user needs to be an admin user and they are not 500 510 serviceNode.setAttribute("operation", LOGIN); 501 GSXML.addError(result, _errorMessageMap.get(ERROR_ADMIN_NOT_LOGGED_IN));511 GSXML.addError(result, getErrorTextString(ERROR_ADMIN_NOT_LOGGED_IN, lang)); 502 512 return result; 503 513 } … … 505 515 if (op.equals(LIST_USERS)) 506 516 { 507 int error = addUserInformationToNode(null, serviceNode); 508 if (error != NO_ERROR) 509 { 510 GSXML.addError(result, _errorMessageMap.get(error)); 511 } 512 } 513 else if (op.equals(PERFORM_ADD)) 517 int error = addUserInformationToNode(null, serviceNode); 518 if (error != NO_ERROR) 519 { 520 serviceNode.setAttribute("operation", BLANK); 521 GSXML.addError(result, getErrorTextString(error, lang)); 522 } 523 return result; 524 525 } 526 527 if (op.equals(PERFORM_ADD)) 514 528 { 515 529 String newUsername = (String) paramMap.get("username"); … … 524 538 if ((error = checkUsername(newUsername)) != NO_ERROR) 525 539 { 526 GSXML.addError(result, _errorMessageMap.get(error));540 GSXML.addError(result, getErrorTextString(error, lang)); 527 541 return result; 528 542 } … … 531 545 if ((error = checkPassword(newPassword)) != NO_ERROR) 532 546 { 533 GSXML.addError(result, _errorMessageMap.get(error));547 GSXML.addError(result, getErrorTextString(error, lang)); 534 548 return result; 535 549 } … … 541 555 { 542 556 serviceNode.setAttribute("operation", ADD_USER); 543 GSXML.addError(result, _errorMessageMap.get(error));557 GSXML.addError(result, getErrorTextString(error, lang)); 544 558 } 545 559 else … … 548 562 serviceNode.setAttribute("operation", LIST_USERS); 549 563 } 550 } 551 else if (op.equals(PERFORM_REGISTER)) 564 return result; 565 } 566 567 if (op.equals(PERFORM_REGISTER)) 552 568 { 553 569 String newUsername = (String) paramMap.get("username"); … … 559 575 if ((error = checkUsername(newUsername)) != NO_ERROR) 560 576 { 561 GSXML.addError(result, _errorMessageMap.get(error));577 GSXML.addError(result, getErrorTextString(error, lang)); 562 578 return result; 563 579 } … … 566 582 if ((error = checkPassword(newPassword)) != NO_ERROR) 567 583 { 568 GSXML.addError(result, _errorMessageMap.get(error));584 GSXML.addError(result, getErrorTextString(error, lang)); 569 585 return result; 570 586 } … … 572 588 newPassword = hashPassword(newPassword); 573 589 574 if (_recaptchaPrivateKey != null && _recaptchaPrivateKey.length() > 0) 575 { 576 ReCaptchaImpl reCaptcha = new ReCaptchaImpl(); 577 reCaptcha.setPrivateKey(_recaptchaPrivateKey); 578 579 try 580 { 581 //If this line throws an exception then we'll assume the user has a firewall that is too restrictive 582 //(or that they're not connected to the Internet) to allow access to google services. 583 //In this situation we won't use the recaptcha test. 584 reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), "", ""); 585 586 String challenge = (String) paramMap.get("recaptcha_challenge_field"); 587 String uResponse = (String) paramMap.get("recaptcha_response_field"); 588 589 if (challenge == null || uResponse == null) 590 { 591 serviceNode.setAttribute("operation", REGISTER); 592 GSXML.addError(result, _errorMessageMap.get(ERROR_CAPTCHA_MISSING)); 593 return result; 594 } 595 596 ReCaptchaResponse reCaptchaResponse = reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), challenge, uResponse); 597 598 if (!reCaptchaResponse.isValid()) 599 { 600 serviceNode.setAttribute("operation", REGISTER); 601 GSXML.addError(result, _errorMessageMap.get(ERROR_CAPTCHA_DOES_NOT_MATCH)); 602 return result; 603 } 604 } 605 catch (Exception ex) 606 { 607 } 590 // check the recaptcha 591 if (_recaptchaSiteKey != null && _recaptchaSecretKey.length() > 0) { 592 593 String user_response = (String) paramMap.get("g-recaptcha-response"); 594 int recaptcha_error = verifyRecaptcha(_recaptchaSecretKey, user_response); 595 if (recaptcha_error != NO_ERROR) { 596 serviceNode.setAttribute("operation", REGISTER); 597 GSXML.addError(result, getErrorTextString(recaptcha_error, lang)); 598 return result; 599 } 608 600 } 609 601 … … 612 604 { 613 605 serviceNode.setAttribute("operation", REGISTER); 614 GSXML.addError(result, _errorMessageMap.get(error)); 615 } 616 } 606 GSXML.addError(result, getErrorTextString(error, lang)); 607 } 608 return result; 609 } 610 617 611 else if (op.equals(PERFORM_EDIT)) 618 612 { … … 629 623 if ((error = checkUsername(newUsername)) != NO_ERROR) 630 624 { 631 GSXML.addError(result, _errorMessageMap.get(error));625 GSXML.addError(result, getErrorTextString(error, lang)); 632 626 return result; 633 627 } … … 642 636 if ((error = checkPassword(newPassword)) != NO_ERROR) 643 637 { 644 GSXML.addError(result, _errorMessageMap.get(error));638 GSXML.addError(result, getErrorTextString(error, lang)); 645 639 return result; 646 640 } … … 660 654 { 661 655 serviceNode.setAttribute("operation", EDIT_USER); 662 GSXML.addError(result, _errorMessageMap.get(error));656 GSXML.addError(result, getErrorTextString(error, lang)); 663 657 } 664 658 return result; … … 669 663 { 670 664 serviceNode.setAttribute("operation", EDIT_USER); 671 GSXML.addError(result, _errorMessageMap.get(error));665 GSXML.addError(result, getErrorTextString(error, lang)); 672 666 } 673 667 else … … 677 671 } 678 672 } 673 // this operation is done by a user when editing their own details. Should not return userNode info. 679 674 else if (op.equals(PERFORM_ACCOUNT_EDIT)) 680 675 { … … 690 685 addUserInformationToNode(previousUsername, serviceNode); 691 686 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 692 GSXML.addError(result, _errorMessageMap.get(ERROR_USER_ALREADY_EXISTS));687 GSXML.addError(result, getErrorTextString(ERROR_USER_ALREADY_EXISTS, lang)); 693 688 return result; 694 689 } … … 704 699 addUserInformationToNode(previousUsername, serviceNode); 705 700 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 706 GSXML.addError(result, _errorMessageMap.get(ERROR_INCORRECT_PASSWORD), "Incorrect Password");701 GSXML.addError(result, getErrorTextString(ERROR_INCORRECT_PASSWORD, lang), "INCORRECT_PASSWORD"); 707 702 return result; 708 703 } … … 712 707 if ((error = checkPassword(newPassword)) != NO_ERROR) 713 708 { 714 GSXML.addError(result, _errorMessageMap.get(error)); 709 addUserInformationToNode(previousUsername, serviceNode); 710 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 711 GSXML.addError(result, getErrorTextString(error, lang)); 715 712 return result; 716 713 } … … 727 724 if ((error = checkUsername(newUsername)) != NO_ERROR) 728 725 { 729 GSXML.addError(result, _errorMessageMap.get(error)); 726 addUserInformationToNode(previousUsername, serviceNode); 727 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 728 GSXML.addError(result, getErrorTextString(error, lang)); 730 729 return result; 731 730 } … … 738 737 if (error != NO_ERROR) 739 738 { 740 if (error == ERROR_USERNAME_NOT_SPECIFIED) 741 { 742 addUserInformationToNode(null, serviceNode); 743 serviceNode.setAttribute("operation", LIST_USERS); 744 } 745 else 746 { 747 addUserInformationToNode(previousUsername, serviceNode); 748 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 749 GSXML.addError(result, _errorMessageMap.get(error)); 750 } 751 return result; 739 addUserInformationToNode(previousUsername, serviceNode); 740 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 741 GSXML.addError(result, getErrorTextString(error, lang)); 742 return result; 752 743 } 753 744 … … 755 746 if (error != NO_ERROR) 756 747 { 757 GSXML.addError(result, _errorMessageMap.get(error)); 758 } 759 760 addUserInformationToNode(null, serviceNode); 761 serviceNode.setAttribute("operation", LIST_USERS); 748 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 749 GSXML.addError(result, getErrorTextString(error, lang)); 750 } 751 752 addUserInformationToNode(newUsername, serviceNode); 753 serviceNode.setAttribute("operation", ACCOUNT_SETTINGS); 754 GSXML.addError(result, getTextString("auth.success.account_settings", lang)); 755 762 756 } 763 757 else if (op.equals(PERFORM_RETRIEVE_PASSWORD)) … … 773 767 if (user_name == null || oldPassword == null || newPassword == null) 774 768 { 775 GSXML.addError(result, _errorMessageMap.get("missing compulsory parameters: username, oldPassword, or newPassword"));769 GSXML.addError(result, getErrorTextString(ERROR_MISSING_PARAMS, lang)); 776 770 return result; 777 771 } … … 781 775 { 782 776 addUserInformationToNode(user_name, serviceNode); 783 GSXML.addError(result, _errorMessageMap.get(ERROR_INCORRECT_PASSWORD), "Incorrect Password");777 GSXML.addError(result, getErrorTextString(ERROR_INCORRECT_PASSWORD, lang), "INCORRECT_PASSWORD"); 784 778 return result; 785 779 } … … 789 783 if ((error = checkPassword(newPassword)) != NO_ERROR) 790 784 { 791 GSXML.addError(result, _errorMessageMap.get(error));785 GSXML.addError(result, getErrorTextString(error, lang)); 792 786 return result; 793 787 } … … 800 794 if (info != "succeed") 801 795 {//see DerbyWrapper.modifyUserInfo 802 GSXML.addError(result, _errorMessageMap.get(info));796 GSXML.addError(result, info); 803 797 return result; 804 798 } … … 810 804 if (error != NO_ERROR) 811 805 { 812 GSXML.addError(result, _errorMessageMap.get(error));806 GSXML.addError(result, getErrorTextString(error, lang)); 813 807 } 814 808 } … … 820 814 { 821 815 serviceNode.setAttribute("operation", ""); 822 GSXML.addError(result, _errorMessageMap.get(ERROR_USERNAME_NOT_SPECIFIED));816 GSXML.addError(result, getErrorTextString(ERROR_USERNAME_NOT_SPECIFIED, lang)); 823 817 return result; 824 818 } … … 827 821 { 828 822 serviceNode.setAttribute("operation", LOGIN); 829 GSXML.addError(result, _errorMessageMap.get(ERROR_NOT_AUTHORISED));823 GSXML.addError(result, getErrorTextString(ERROR_NOT_AUTHORISED, lang)); 830 824 return result; 831 825 } … … 833 827 if (error != NO_ERROR) 834 828 { 835 GSXML.addError(result, _errorMessageMap.get(error));829 GSXML.addError(result, getErrorTextString(error, lang)); 836 830 } 837 831 } … … 851 845 else if (op.equals(REGISTER)) 852 846 { 853 if (_recaptchaPrivateKey != null && _recaptchaPrivateKey.length() > 0)854 {855 try856 {857 ReCaptchaImpl reCaptcha = new ReCaptchaImpl();858 reCaptcha.setPrivateKey(_recaptchaPrivateKey);859 reCaptcha.checkAnswer(request.getAttribute("remoteAddress"), "", "");860 }861 catch (Exception ex)862 {863 return result;864 }865 }866 867 if (_recaptchaPublicKey != null && _recaptchaPrivateKey != null)868 {869 Element recaptchaElem = result_doc.createElement("recaptcha");870 recaptchaElem.setAttribute("publicKey", _recaptchaPublicKey);871 recaptchaElem.setAttribute("privateKey", _recaptchaPrivateKey);872 result.appendChild(recaptchaElem);873 }874 847 } 875 848 else if (op.equals(PERFORM_DELETE_USER)) … … 879 852 if (error != NO_ERROR) 880 853 { 881 GSXML.addError(result, _errorMessageMap.get(error));854 GSXML.addError(result, getErrorTextString(error, lang)); 882 855 } 883 856 addUserInformationToNode(null, serviceNode); … … 933 906 } 934 907 908 public int verifyRecaptcha(String secret_key, String user_response) { 909 910 if (user_response == null || user_response.length() == 0) { 911 return ERROR_CAPTCHA_MISSING; 912 } 913 914 try{ 915 916 URL obj = new URL("https://www.google.com/recaptcha/api/siteverify"); 917 HttpsURLConnection con = (HttpsURLConnection) obj.openConnection(); 918 919 // add reuqest header 920 con.setRequestMethod("POST"); 921 con.setRequestProperty("User-Agent", "Mozilla/5.0"); 922 con.setRequestProperty("Accept-Language", "en-US,en;q=0.5"); 923 924 String postParams = "secret=" + secret_key + "&response=" 925 + user_response; 926 927 // Send post request 928 con.setDoOutput(true); 929 DataOutputStream wr = new DataOutputStream(con.getOutputStream()); 930 wr.writeBytes(postParams); 931 wr.flush(); 932 wr.close(); 933 934 int responseCode = con.getResponseCode(); 935 //System.out.println("\nSending 'POST' request to URL : https://www.google.com/recaptcha/api/siteverify");// + url); 936 //System.out.println("Post parameters : " + postParams); 937 //System.out.println("Response Code : " + responseCode); 938 939 BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream())); 940 String inputLine; 941 StringBuffer response = new StringBuffer(); 942 943 while ((inputLine = in.readLine()) != null) { 944 response.append(inputLine); 945 } 946 in.close(); 947 948 // print result 949 //System.out.println(response.toString()); 950 951 JSONObject json_obj = new JSONObject(response.toString()); 952 boolean res = json_obj.getBoolean("success"); 953 if (res) { 954 return NO_ERROR; 955 } else { 956 return ERROR_CAPTCHA_FAILED; 957 } 958 }catch(Exception e){ 959 e.printStackTrace(); 960 return ERROR_CAPTCHA_FAILED; 961 } 962 963 } 935 964 // This method can also be used for printing out the password in hex (in case 936 965 // the password used the UTF-8 Charset), or the hex values in any unicode string. … … 1164 1193 } 1165 1194 1195 1166 1196 // main() method - calls hashPassword() on any String argument, printing this to stdout 1167 1197 // This main() is invoked by gliserver.pl perl code to encrypt passwords identically to Java code.
Note:
See TracChangeset
for help on using the changeset viewer.
