Changeset 32451 for main/trunk

Show
Ignore:
Timestamp:
13.09.2018 14:15:25 (12 months ago)
Author:
kjdon
Message:

changed param names to use _PARAM so easier to identify them. changed soem hard coded text into static string variables

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r32413 r32451  
    4747    //Error codes 
    4848    protected static final int NO_ERROR = 0; 
    49     protected static final int ERROR_NOT_LOGGED_IN = -2; 
    50     protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -3; 
    51     protected static final int ERROR_COULD_NOT_GET_USER_INFO = -4; 
    52     protected static final int ERROR_USERNAME_NOT_SPECIFIED = -5; 
    53     protected static final int ERROR_USER_NOT_FOUND = -6; 
    54     protected static final int ERROR_SQL_EXCEPTION = -7; 
    55     protected static final int ERROR_INVALID_USERNAME = -8; 
     49    protected static final int ERROR_NOT_LOGGED_IN = -1; 
     50    protected static final int ERROR_ADMIN_NOT_LOGGED_IN = -2; 
     51    protected static final int ERROR_COULD_NOT_GET_USER_INFO = -3; 
     52    protected static final int ERROR_USERNAME_NOT_SPECIFIED = -4; 
     53    protected static final int ERROR_USER_NOT_FOUND = -5; 
     54    protected static final int ERROR_USER_NOT_AUTHORISED = -6; 
     55    protected static final int ERROR_INVALID_USERNAME = -7; 
     56    protected static final int ERROR_USER_ALREADY_EXISTS = -8; 
    5657    protected static final int ERROR_PASSWORD_NOT_ENTERED = -9; 
    5758    protected static final int ERROR_PASSWORD_TOO_SHORT = -10; 
     
    5960    protected static final int ERROR_PASSWORD_USES_ILLEGAL_CHARACTERS = -12; 
    6061    protected static final int ERROR_INCORRECT_PASSWORD = -13; 
    61     protected static final int ERROR_USER_ALREADY_EXISTS = -14; 
    62     protected static final int ERROR_ADDING_USER = -15; 
    63     protected static final int ERROR_REMOVING_USER = -16; 
    64     protected static final int ERROR_CAPTCHA_FAILED = -17; 
    65     protected static final int ERROR_CAPTCHA_MISSING = -18; 
    66     protected static final int ERROR_NOT_AUTHORISED = -19; 
    67     protected static final int ERROR_MISSING_PARAMS = -20; 
    68   protected static final int ERROR_SOMETHING_WRONG = -21; 
     62    protected static final int ERROR_ADDING_USER = -14; 
     63    protected static final int ERROR_REMOVING_USER = -15; 
     64    protected static final int ERROR_CAPTCHA_FAILED = -16; 
     65    protected static final int ERROR_CAPTCHA_MISSING = -17; 
     66  protected static final int ERROR_CONNECTION_FAILED = -18; 
     67  protected static final int ERROR_MISSING_PARAMS = -19; 
     68  protected static final int ERROR_SOMETHING_WRONG = -20; 
    6969   
    7070    protected static final HashMap<Integer, String> _errorKeyMap; 
     
    7878        errorKeyMap.put(ERROR_USERNAME_NOT_SPECIFIED, "auth.error.username_not_specified"); 
    7979        errorKeyMap.put(ERROR_USER_NOT_FOUND, "auth.error.user_not_found"); 
    80         errorKeyMap.put(ERROR_SQL_EXCEPTION, "auth.error.sql_exception"); 
     80        errorKeyMap.put(ERROR_USER_NOT_AUTHORISED, "auth.error.not_authorised"); 
    8181        errorKeyMap.put(ERROR_INVALID_USERNAME, "auth.error.invalid_username"); 
     82        errorKeyMap.put(ERROR_USER_ALREADY_EXISTS, "auth.error.user_already_exists"); 
    8283        errorKeyMap.put(ERROR_PASSWORD_NOT_ENTERED, "auth.error.no_password"); 
    8384        errorKeyMap.put(ERROR_PASSWORD_TOO_SHORT, "auth.error.password_too_short"); 
     
    8586        errorKeyMap.put(ERROR_PASSWORD_USES_ILLEGAL_CHARACTERS, "auth.error.password_illegal_chars"); 
    8687        errorKeyMap.put(ERROR_INCORRECT_PASSWORD, "auth.error.incorrect_password"); 
    87         errorKeyMap.put(ERROR_USER_ALREADY_EXISTS, "auth.error.user_already_exists"); 
    8888        errorKeyMap.put(ERROR_ADDING_USER, "auth.error.add_user_error"); 
    8989        errorKeyMap.put(ERROR_REMOVING_USER, "auth.error.remove_user_error"); 
    9090        errorKeyMap.put(ERROR_CAPTCHA_FAILED, "auth.error.captcha_failed"); 
    9191        errorKeyMap.put(ERROR_CAPTCHA_MISSING, "auth.error.captcha_missing"); 
    92         errorKeyMap.put(ERROR_NOT_AUTHORISED, "auth.error.not_authorised"); 
     92        errorKeyMap.put(ERROR_CONNECTION_FAILED, "auth.error.connection_failed"); 
     93         
    9394        errorKeyMap.put(ERROR_MISSING_PARAMS, "auth.error.missing_params"); // ??? 
    9495        errorKeyMap.put(ERROR_SOMETHING_WRONG, "auth.error.something_wrong"); 
     
    155156   protected static final String SECRET_KEY = "secret_key"; 
    156157  protected static final String OPERATIONS = "operations"; 
    157 protected static final String OPERATION = "operation"; 
     158  protected static final String OPERATION = "operation"; 
     159  protected static final String USERNAME = "username"; 
     160  protected static final String PASSWORD = "password"; 
     161  protected static final String COLLECTION = "collection"; 
     162  protected static final String GROUPS = "groups"; 
     163  protected static final String STATUS = "status"; 
     164  protected static final String RECAPTCHA_KEY = "recaptcha_key"; 
     165  protected static final String COMMENT = "comment"; 
     166  protected static final String EMAIL = "email"; 
    158167   
    159   protected static final String USERNAME = "username"; 
    160   protected static final String PREV_USERNAME = "prevUsername"; 
    161   protected static final String NEW_USERNAME = "newUsername"; 
    162   protected static final String PASSWORD = "password"; 
    163   protected static final String OLD_PASSWORD = "oldPassword"; 
    164   protected static final String NEW_PASSWORD = "newPassword"; 
    165  
    166   protected static final String GROUPS = "groups"; 
    167   protected static final String ENABLED = "enabled"; 
    168   protected static final String COMMENT = "comment"; 
    169   protected static final String STATUS = "status"; 
    170   protected static final String EMAIL = "email"; 
    171   protected static final String NEW_EMAIL = "newEmail"; 
    172   protected static final String ACCOUNT_STATUS = "accountstatus"; 
    173   protected static final String EDIT_ENABLED = "editEnabled"; 
     168  // cgi params 
     169  protected static final String USERNAME_PARAM = "username"; 
     170  protected static final String PREV_USERNAME_PARAM = "prevUsername"; 
     171  protected static final String NEW_USERNAME_PARAM = "newUsername"; 
     172  protected static final String PASSWORD_PARAM = "password"; 
     173  protected static final String OLD_PASSWORD_PARAM = "oldPassword"; 
     174  protected static final String NEW_PASSWORD_PARAM = "newPassword"; 
     175  protected static final String GROUPS_PARAM = "groups"; 
     176  protected static final String ENABLED_PARAM = "enabled"; 
     177  protected static final String COMMENT_PARAM = "comment"; 
     178  protected static final String STATUS_PARAM = "status"; 
     179  protected static final String EMAIL_PARAM = "email"; 
     180  protected static final String NEW_EMAIL_PARAM = "newEmail"; 
     181  protected static final String ACCOUNT_STATUS_PARAM = "accountstatus"; 
     182  protected static final String EDIT_ENABLED_PARAM = "editEnabled"; 
     183  protected static final String AUTHPAGE_PARAM = "authpage"; 
     184  protected static final String RECAPTCHA_RESPONSE_PARAM = "g-recaptcha-response"; 
    174185   
    175186    protected String _recaptchaSiteKey = null; 
     
    267278          _recaptchaOpList = null; 
    268279        } 
    269            
     280 
     281        // while all of our params are "not saved" for the session, a few of them are also sensitive, so should not be listed in the page response XML 
     282        this.sensitive_params.add(PASSWORD_PARAM); 
     283        this.sensitive_params.add(NEW_PASSWORD_PARAM); 
     284        this.sensitive_params.add(OLD_PASSWORD_PARAM); 
     285        this.sensitive_params.add(RECAPTCHA_RESPONSE_PARAM); 
     286 
     287 
     288         
    270289        return true; 
    271290    } 
     
    345364        HashMap<String, Serializable> params = GSXML.extractParams(paramList, true); 
    346365 
    347         String username = (String) params.get(USERNAME); 
    348         String editMode = (String) params.get(ENABLED); 
     366        String username = (String) params.get(USERNAME_PARAM); 
     367        String editMode = (String) params.get(ENABLED_PARAM); 
    349368 
    350369        if (!editMode.toLowerCase().equals("true") && !editMode.toLowerCase().equals("false")) 
     
    381400         
    382401        // If we're not editing a collection then the user doesn't need to be in a particular group 
    383         String collection = system.hasAttribute("collection") ? system.getAttribute("collection") : ""; 
     402        String collection = system.hasAttribute(COLLECTION) ? system.getAttribute(COLLECTION) : ""; 
    384403                 
    385404         
     
    451470        HashMap<String, Serializable> params = GSXML.extractParams(paramList, true); 
    452471 
    453         String username = (String) params.get(USERNAME); 
     472        String username = (String) params.get(USERNAME_PARAM); 
    454473 
    455474        if (username == null) 
     
    476495        result.appendChild(userInfoList); 
    477496 
    478         Element usernameField = GSXML.createParameter(result_doc, USERNAME, userInfo.username); 
    479         Element passwordField = GSXML.createParameter(result_doc, PASSWORD, userInfo.password); 
    480         Element groupsField = GSXML.createParameter(result_doc, GROUPS, userInfo.groups); 
    481         Element accountStatusField = GSXML.createParameter(result_doc, ACCOUNT_STATUS, userInfo.accountstatus); 
    482         Element commentField = GSXML.createParameter(result_doc, COMMENT, userInfo.comment); 
     497        Element usernameField = GSXML.createParameter(result_doc, USERNAME_PARAM, userInfo.username); 
     498        Element passwordField = GSXML.createParameter(result_doc, PASSWORD_PARAM, userInfo.password); 
     499        Element groupsField = GSXML.createParameter(result_doc, GROUPS_PARAM, userInfo.groups); 
     500        Element accountStatusField = GSXML.createParameter(result_doc, ACCOUNT_STATUS_PARAM, userInfo.accountstatus); 
     501        Element commentField = GSXML.createParameter(result_doc, COMMENT_PARAM, userInfo.comment); 
    483502 
    484503        if (editEnabled != null) 
    485504        { 
    486             Element editEnabledElem = GSXML.createParameter(result_doc, EDIT_ENABLED, editEnabled); 
     505            Element editEnabledElem = GSXML.createParameter(result_doc, EDIT_ENABLED_PARAM, editEnabled); 
    487506            userInfoList.appendChild(editEnabledElem); 
    488507        } 
     
    528547        } 
    529548        HashMap<String, Serializable> paramMap = GSXML.extractParams(param_list, false); 
    530         String op = (String) paramMap.get("authpage"); 
     549        String op = (String) paramMap.get(AUTHPAGE_PARAM); 
    531550        serviceNode.setAttribute(OPERATION, op); 
    532551 
     
    546565            serviceNode.setAttribute(OPERATION, LOGIN); 
    547566            if (_recaptchaOpList != null && _recaptchaOpList.contains(LOGIN)) { 
    548               serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     567              serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    549568            } 
    550569            GSXML.addError(result, getErrorTextString(ERROR_NOT_LOGGED_IN, lang)); 
     
    557576            serviceNode.setAttribute(OPERATION, LOGIN); 
    558577            if (_recaptchaOpList != null && _recaptchaOpList.contains(LOGIN)) { 
    559               serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     578              serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    560579            } 
    561580            GSXML.addError(result, getErrorTextString(ERROR_ADMIN_NOT_LOGGED_IN, lang)); 
     
    564583 
    565584        if (_recaptchaOpList != null && _recaptchaOpList.contains(op)) { 
    566           serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     585          serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    567586        } 
    568587         
     
    581600        if (op.equals(PERFORM_ADD)) 
    582601        { 
    583             String newUsername = (String) paramMap.get(USERNAME); 
    584             String newPassword = (String) paramMap.get(PASSWORD); 
    585             String newGroups = (String) paramMap.get(GROUPS); 
    586             String newStatus = (String) paramMap.get(STATUS); 
    587             String newComment = (String) paramMap.get(COMMENT); 
    588             String newEmail = (String) paramMap.get(EMAIL); 
     602            String newUsername = (String) paramMap.get(USERNAME_PARAM); 
     603            String newPassword = (String) paramMap.get(PASSWORD_PARAM); 
     604            String newGroups = (String) paramMap.get(GROUPS_PARAM); 
     605            String newStatus = (String) paramMap.get(STATUS_PARAM); 
     606            String newComment = (String) paramMap.get(COMMENT_PARAM); 
     607            String newEmail = (String) paramMap.get(EMAIL_PARAM); 
    589608 
    590609            if (_recaptchaOpList != null && _recaptchaOpList.contains(ADD_USER)) {     
    591               serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     610              serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    592611            } 
    593612            //Check the given user name 
     
    635654        if (op.equals(PERFORM_REGISTER)) 
    636655        { 
    637             String newUsername = (String) paramMap.get(USERNAME); 
    638             String newPassword = (String) paramMap.get(PASSWORD); 
    639             String newEmail = (String) paramMap.get(EMAIL); 
     656            String newUsername = (String) paramMap.get(USERNAME_PARAM); 
     657            String newPassword = (String) paramMap.get(PASSWORD_PARAM); 
     658            String newEmail = (String) paramMap.get(EMAIL_PARAM); 
    640659 
    641660            //Check the given details 
     
    650669                newPassword = hashPassword(newPassword); 
    651670                if (_recaptchaOpList != null && _recaptchaOpList.contains(REGISTER)) { 
    652                   String user_response = (String) paramMap.get("g-recaptcha-response"); 
     671                  String user_response = (String) paramMap.get(RECAPTCHA_RESPONSE_PARAM); 
    653672                  if ((error= verifyRecaptcha(_recaptchaSecretKey, user_response)) == NO_ERROR) { 
    654673                error = addUser(newUsername, newPassword, "", "true", "", newEmail); 
     
    662681                serviceNode.setAttribute(OPERATION, REGISTER); 
    663682                if (_recaptchaOpList != null && _recaptchaOpList.contains(REGISTER)) { 
    664                   serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     683                  serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    665684                } 
    666685                GSXML.addError(result, getErrorTextString(error, lang)); 
     
    677696            parent_op = ACCOUNT_SETTINGS; 
    678697          } 
    679           String previousUsername = (String) paramMap.get(PREV_USERNAME); 
    680           String newUsername = (String) paramMap.get(NEW_USERNAME); 
     698          String previousUsername = (String) paramMap.get(PREV_USERNAME_PARAM); 
     699          String newUsername = (String) paramMap.get(NEW_USERNAME_PARAM); 
    681700          int error; 
    682701          // Has the user name been changed? Make sure it doesn't already exist and is a valid username 
     
    707726          String newPassword; 
    708727          if (op.equals(PERFORM_EDIT)) { 
    709             newPassword = (String) paramMap.get(PASSWORD); 
     728            newPassword = (String) paramMap.get(PASSWORD_PARAM); 
    710729          } else { 
    711             newPassword = (String) paramMap.get(NEW_PASSWORD); 
     730            newPassword = (String) paramMap.get(NEW_PASSWORD_PARAM); 
    712731          } 
    713732          if (newPassword == null) { 
     
    719738              // check that they entered their old password correctly 
    720739              String prevPassword = retrieveDataForUser(previousUsername, PASSWORD); 
    721               String oldPassword = (String) paramMap.get(OLD_PASSWORD); 
     740              String oldPassword = (String) paramMap.get(OLD_PASSWORD_PARAM); 
    722741              oldPassword = hashPassword(oldPassword); 
    723742              if (oldPassword == null || !oldPassword.equals(prevPassword)) { 
     
    743762          // are we using recaptcha for AccountSettings or EditUser? 
    744763          if (_recaptchaOpList != null && _recaptchaOpList.contains(parent_op)) { 
    745             String user_response = (String) paramMap.get("g-recaptcha-response"); 
     764            String user_response = (String) paramMap.get(RECAPTCHA_RESPONSE_PARAM); 
    746765            if ((error= verifyRecaptcha(_recaptchaSecretKey, user_response)) != NO_ERROR) { 
    747766              addUserInformationToNode(previousUsername, serviceNode); 
    748767              serviceNode.setAttribute(OPERATION, parent_op); 
    749               serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     768              serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    750769              GSXML.addError(result, getErrorTextString(error, lang)); 
    751770              return result; 
     
    756775          String status = null; 
    757776          String comment = null; 
    758           String email = (String) paramMap.get(NEW_EMAIL); 
     777          String email = (String) paramMap.get(NEW_EMAIL_PARAM); 
    759778          if (op.equals(PERFORM_EDIT)) { 
    760             groups = (String) paramMap.get(GROUPS); 
    761             status = (String) paramMap.get(STATUS); 
    762             comment = (String) paramMap.get(COMMENT); 
     779            groups = (String) paramMap.get(GROUPS_PARAM); 
     780            status = (String) paramMap.get(STATUS_PARAM); 
     781            comment = (String) paramMap.get(COMMENT_PARAM); 
    763782 
    764783          } else { 
     
    789808              serviceNode.setAttribute(OPERATION, parent_op); 
    790809              if (_recaptchaOpList != null && _recaptchaOpList.contains(parent_op)) { 
    791             serviceNode.setAttribute("recaptcha_key", _recaptchaSiteKey); 
     810            serviceNode.setAttribute(RECAPTCHA_KEY, _recaptchaSiteKey); 
    792811              } 
    793812              GSXML.addError(result, getTextString("auth.success.account_settings", lang)); 
     
    811830        { 
    812831            serviceNode.setAttribute(OPERATION, PERFORM_CHANGE_PASSWORD); 
    813             String user_name = (String) paramMap.get(USERNAME); 
    814             String oldPassword = (String) paramMap.get(OLD_PASSWORD); 
    815             String newPassword = (String) paramMap.get(NEW_PASSWORD); 
     832            String user_name = (String) paramMap.get(USERNAME_PARAM); 
     833            String oldPassword = (String) paramMap.get(OLD_PASSWORD_PARAM); 
     834            String newPassword = (String) paramMap.get(NEW_PASSWORD_PARAM); 
    816835            if (user_name == null || oldPassword == null || newPassword == null) 
    817836            { 
     
    850869        if (op.equals(EDIT_USER)) 
    851870        { 
    852             String editUsername = (String) paramMap.get(USERNAME); 
     871            String editUsername = (String) paramMap.get(USERNAME_PARAM); 
    853872            int error = addUserInformationToNode(editUsername, serviceNode); 
    854873            if (error != NO_ERROR) 
     
    860879        if (op.equals(ACCOUNT_SETTINGS)) 
    861880        { 
    862             String editUsername = (String) paramMap.get(USERNAME); 
     881            String editUsername = (String) paramMap.get(USERNAME_PARAM); 
    863882 
    864883            if (editUsername == null) 
     
    872891            { 
    873892                serviceNode.setAttribute(OPERATION, LOGIN); 
    874                 GSXML.addError(result, getErrorTextString(ERROR_NOT_AUTHORISED, lang)); 
     893                GSXML.addError(result, getErrorTextString(ERROR_USER_NOT_AUTHORISED, lang)); 
    875894                return result; 
    876895            } 
     
    884903        if (op.equals(PERFORM_RESET_PASSWORD)) 
    885904        { 
    886             String passwordResetUser = (String) paramMap.get(USERNAME); 
     905            String passwordResetUser = (String) paramMap.get(USERNAME_PARAM); 
    887906 
    888907            String newPassword = UUID.randomUUID().toString(); 
     
    898917        if (op.equals(PERFORM_DELETE_USER)) 
    899918        { 
    900             String usernameToDelete = (String) paramMap.get(USERNAME); 
     919            String usernameToDelete = (String) paramMap.get(USERNAME_PARAM); 
    901920            int error = removeUser(usernameToDelete); 
    902921            if (error != NO_ERROR) 
     
    10111030    }catch(Exception e){ 
    10121031      e.printStackTrace(); 
    1013       return ERROR_CAPTCHA_FAILED; 
     1032      return ERROR_CONNECTION_FAILED; 
    10141033    } 
    10151034