001: /*
002: * $Header: /cvsroot/mvnforum/mvnforum/src/com/mvnforum/auth/OnlineUserFactoryImpl.java,v 1.46 2008/01/24 11:50:38 minhnn Exp $
003: * $Author: minhnn $
004: * $Revision: 1.46 $
005: * $Date: 2008/01/24 11:50:38 $
006: *
007: * ====================================================================
008: *
009: * Copyright (C) 2002-2007 by MyVietnam.net
010: *
011: * All copyright notices regarding mvnForum MUST remain
012: * intact in the scripts and in the outputted HTML.
013: * The "powered by" text/logo with a link back to
014: * http://www.mvnForum.com and http://www.MyVietnam.net in
015: * the footer of the pages MUST remain visible when the pages
016: * are viewed on the internet or intranet.
017: *
018: * This program is free software; you can redistribute it and/or modify
019: * it under the terms of the GNU General Public License as published by
020: * the Free Software Foundation; either version 2 of the License, or
021: * any later version.
022: *
023: * This program is distributed in the hope that it will be useful,
024: * but WITHOUT ANY WARRANTY; without even the implied warranty of
025: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
026: * GNU General Public License for more details.
027: *
028: * You should have received a copy of the GNU General Public License
029: * along with this program; if not, write to the Free Software
030: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
031: *
032: * Support can be obtained from support forums at:
033: * http://www.mvnForum.com/mvnforum/index
034: *
035: * Correspondence and Marketing Questions can be sent to:
036: * info at MyVietnam net
037: *
038: * @author: Minh Nguyen
039: * @author: Mai Nguyen
040: */
041: package com.mvnforum.auth;
042:
043: import java.sql.Timestamp;
044:
045: import javax.servlet.http.HttpServletRequest;
046: import javax.servlet.http.HttpServletResponse;
047:
048: import com.mvnforum.*;
049: import com.mvnforum.db.*;
050:
051: import net.myvietnam.mvncore.exception.*;
052: import net.myvietnam.mvncore.security.Encoder;
053: import net.myvietnam.mvncore.service.MvnCoreServiceFactory;
054: import net.myvietnam.mvncore.util.DateUtil;
055: import net.myvietnam.mvncore.web.GenericRequest;
056: import net.myvietnam.mvncore.web.GenericResponse;
057: import net.myvietnam.mvncore.web.impl.GenericRequestServletImpl;
058: import org.apache.commons.logging.Log;
059: import org.apache.commons.logging.LogFactory;
060:
061: public class OnlineUserFactoryImpl implements OnlineUserFactory {
062:
063: private static Log log = LogFactory
064: .getLog(OnlineUserFactoryImpl.class);
065:
066: public OnlineUserFactoryImpl() {
067: }
068:
069: public OnlineUser getAuthenticatedUser(HttpServletRequest request,
070: HttpServletResponse response, String loginName,
071: String password, boolean isEncodedPassword)
072: throws AuthenticationException, DatabaseException {
073:
074: GenericRequest req = new GenericRequestServletImpl(request);
075:
076: return getAuthenticatedUser(req, null, loginName, password,
077: isEncodedPassword);
078: }
079:
080: public OnlineUser getAuthenticatedUser(GenericRequest request,
081: GenericResponse response, String loginName,
082: String password, boolean isEncodedPassword)
083: throws AuthenticationException, DatabaseException {
084:
085: int memberID = 0;
086: double timeZone = 0;
087: boolean invisible = false;
088: String localeName = "";
089: Timestamp lastLogon = null;
090: String lastLogonIP = null;
091: int postsPerPage = 10;
092:
093: try {
094: memberID = MemberCache.getInstance()
095: .getMemberIDFromMemberName(loginName);
096: } catch (ObjectNotFoundException e) {
097: throw new AuthenticationException(
098: NotLoginException.WRONG_NAME);
099: } catch (Exception e) {
100: log.error("Unexpected error validating user", e);
101: /** @todo find a better one than NotLoginException.NOT_LOGIN */
102: throw new AuthenticationException(
103: NotLoginException.NOT_LOGIN);
104: }
105:
106: try {
107: MemberBean memberBean = DAOFactory.getMemberDAO()
108: .getMember(memberID);
109:
110: if (memberBean.getMemberStatus() != MemberBean.MEMBER_STATUS_ENABLE) {
111: if (memberID != MVNForumConstant.MEMBER_ID_OF_ADMIN) {// Admin cannot be disabled
112: throw new AuthenticationException(
113: NotLoginException.ACCOUNT_DISABLED);
114: }
115: }
116: boolean enablePortlet = MvnCoreServiceFactory
117: .getMvnCoreService().getEnvironmentService()
118: .isPortlet();
119: if (enablePortlet == false) {
120:
121: if (DAOFactory
122: .getMemberDAO()
123: .getActivateCode(memberID)
124: .equals(
125: MemberBean.MEMBER_ACTIVATECODE_ACTIVATED) == false) {
126: // not activated
127: if (MVNForumConfig.getRequireActivation()) {
128: if (memberID != MVNForumConstant.MEMBER_ID_OF_ADMIN) {// Admin dont have to activate to login
129: throw new AuthenticationException(
130: NotLoginException.NOT_ACTIVATED);
131: }
132: }
133: }
134:
135: if (validatePassword(loginName, password,
136: isEncodedPassword) == false) {
137: if ((MVNForumConfig.getEnablePasswordlessAuth() == false)
138: || (password.length() > 0)) {
139: throw new AuthenticationException(
140: NotLoginException.WRONG_PASSWORD);
141: }
142: }
143:
144: // now we have checked the authentication, then we update the lastlogon date
145: Timestamp now = DateUtil.getCurrentGMTTimestamp();
146:
147: DAOFactory.getMemberDAO().updateLastLogon(memberID,
148: now, request.getRemoteAddr());
149: }
150: timeZone = memberBean.getMemberTimeZone();
151: localeName = memberBean.getMemberLanguage();
152: lastLogon = memberBean.getMemberLastLogon();
153: postsPerPage = memberBean.getMemberPostsPerPage();
154: lastLogonIP = memberBean.getMemberLastIP();
155: invisible = memberBean.isInvisible();
156: Timestamp creationDate = memberBean.getMemberCreationDate();
157: Timestamp expireDate = memberBean
158: .getMemberPasswordExpireDate();
159:
160: // check password is expired or not
161: boolean passwordExpired = false;
162: if (MVNForumConfig.getMaxPasswordDays() == 0) {
163: passwordExpired = false;
164: } else {
165: if (expireDate == null) {
166: expireDate = creationDate;
167: passwordExpired = true;
168: }
169: if (expireDate.after(creationDate)) {
170: if (DateUtil.getCurrentGMTTimestamp().after(
171: expireDate)) {
172: passwordExpired = true;
173: }
174: }
175: }
176: // next, get the correct name from database
177: // Eg: if in database the MemberName is "Admin", and user enter "admin"
178: // We will convert "admin" to "Admin"
179: String memberName = memberBean.getMemberName();
180:
181: OnlineUserImpl authenticatedUser = new OnlineUserImpl(
182: request, false/*isGuest*/);
183:
184: authenticatedUser.setMemberID(memberID);
185: authenticatedUser.setPasswordExpired(passwordExpired);
186: authenticatedUser.setMemberName(memberName);
187: authenticatedUser.setInvisible(invisible);
188: authenticatedUser.setTimeZone(timeZone);
189:
190: //NOTE: This MUST be the only way to get permission for a member,
191: // so we prevent getPermission for one user and set for other user
192: MVNForumPermission permission = MVNForumPermissionFactory
193: .getAuthenticatedPermission(memberBean);
194: authenticatedUser.setPermission(permission);
195: authenticatedUser.setLocaleName(localeName);
196: authenticatedUser.setLastLogonTimestamp(lastLogon);
197: authenticatedUser.setLastLogonIP(lastLogonIP);
198: authenticatedUser
199: .setGender(memberBean.getMemberGender() != 0);
200: authenticatedUser.setPostsPerPage(postsPerPage);
201:
202: return authenticatedUser;
203: } catch (ObjectNotFoundException e) {
204: throw new AuthenticationException(
205: NotLoginException.WRONG_NAME);//we dont want this line to happen
206: } catch (DatabaseException e) {
207: MvnCoreServiceFactory.getMvnCoreService()
208: .getEnvironmentService().setShouldRun(false,
209: "Assertion in OnlineUserFactoryImpl.");
210: log.error("Unexpected error validating user", e);
211: throw new AuthenticationException(
212: NotLoginException.NOT_LOGIN);//we dont want this line to happen
213: }
214: }
215:
216: public OnlineUser getAnonymousUser(HttpServletRequest req)
217: throws DatabaseException {
218:
219: GenericRequest request = new GenericRequestServletImpl(req);
220: return this .getAnonymousUser(request);
221: }
222:
223: public OnlineUser getAnonymousUser(GenericRequest request)
224: throws DatabaseException {
225:
226: int memberID = MVNForumConstant.MEMBER_ID_OF_GUEST;
227: String memberName = MVNForumConfig.getDefaultGuestName();
228: double timeZone = MVNForumConfig.getDefaultGuestTimeZone();
229: String localeName = "";
230: Timestamp lastLogon = null;
231: String lastLogonIP = null;
232: int postsPerPage = MVNForumConfig.getRowsPerPage();
233:
234: try {
235: MemberBean memberBean = DAOFactory.getMemberDAO()
236: .getMember(memberID);
237: if (memberBean.getMemberStatus() != MemberBean.MEMBER_STATUS_ENABLE) {
238: //@todo: for now, Guest is always enabled
239: }
240: memberName = memberBean.getMemberName();
241: timeZone = memberBean.getMemberTimeZone();
242: localeName = memberBean.getMemberLanguage();
243: lastLogon = memberBean.getMemberLastLogon();
244: postsPerPage = memberBean.getMemberPostsPerPage();
245: lastLogonIP = memberBean.getMemberLastIP();
246:
247: //@todo: Should we update LastLogon? I think we should, so we know when we had last guest visiting the site.
248: Timestamp now = DateUtil.getCurrentGMTTimestamp();
249: //@todo should we remember these information for the Guest
250: DAOFactory.getMemberDAO().updateLastLogon(memberID, now,
251: request.getRemoteAddr());
252:
253: OnlineUserImpl anonymousUser = new OnlineUserImpl(request,
254: true/*isGuest*/);
255: anonymousUser.setMemberID(memberID);
256: anonymousUser.setMemberName(memberName);
257: anonymousUser.setTimeZone(timeZone);
258: MVNForumPermission permission = MVNForumPermissionFactory
259: .getAnonymousPermission();
260: anonymousUser.setPermission(permission);
261: anonymousUser.setLocaleName(localeName);
262: anonymousUser.setLastLogonTimestamp(lastLogon);
263: anonymousUser.setLastLogonIP(lastLogonIP);
264: //no gender; anonymousUser.setGender(memberBean.getMemberGender() != 0);
265: anonymousUser.setPostsPerPage(postsPerPage);
266: return anonymousUser;
267: } catch (ObjectNotFoundException e) {
268: OnlineUserImpl anonymousUser = new OnlineUserImpl(request,
269: true/*isGuest*/);
270: //anonymousUser.setMemberID(MVNForumConstant.MEMBER_ID_OF_GUEST);
271: //anonymousUser.setMemberName(MVNForumConfig.getDefaultGuestName());
272: MVNForumPermission permission = MVNForumPermissionFactory
273: .getAnonymousPermission();
274: anonymousUser.setPermission(permission);
275: anonymousUser.setLocaleName("");
276: anonymousUser.setLastLogonTimestamp(new Timestamp(0));
277: anonymousUser.setPostsPerPage(postsPerPage);
278: anonymousUser.setTimeZone(timeZone);
279: return anonymousUser;
280: } catch (DatabaseException e) {
281: OnlineUserImpl anonymousUser = new OnlineUserImpl(request,
282: true/*isGuest*/);
283: //anonymousUser.setMemberID(MVNForumConstant.MEMBER_ID_OF_GUEST);
284: //anonymousUser.setMemberName(MVNForumConfig.getDefaultGuestName());
285: MVNForumPermission permission = MVNForumPermissionFactory
286: .getAnonymousPermission();
287: anonymousUser.setPermission(permission);
288: anonymousUser.setLocaleName("");
289: anonymousUser.setLastLogonTimestamp(new Timestamp(0));
290: anonymousUser.setPostsPerPage(postsPerPage);
291: anonymousUser.setTimeZone(timeZone);
292: return anonymousUser;
293: }
294: }
295:
296: public void postLogin(HttpServletRequest request,
297: HttpServletResponse response, OnlineUser onlineUser)
298: throws DatabaseException {
299:
300: // We create default Message Folder for this user
301: int folderOption = 0;
302: int folderType = 0;
303: int folderStatus = 0;
304: Timestamp now = DateUtil.getCurrentGMTTimestamp();
305: try {
306: try {
307: DAOFactory.getMessageFolderDAO().create(
308: MVNForumConstant.MESSAGE_FOLDER_INBOX,
309: onlineUser.getMemberID(), 0/*folderOrder*/,
310: folderStatus, folderOption, folderType, now,
311: now);
312: } catch (DuplicateKeyException ex) {
313: // Already existed, just go ahead
314: }
315:
316: try {
317: DAOFactory.getMessageFolderDAO().create(
318: MVNForumConstant.MESSAGE_FOLDER_DRAFT,
319: onlineUser.getMemberID(), 1/*folderOrder*/,
320: folderStatus, folderOption, folderType, now,
321: now);
322: } catch (DuplicateKeyException ex) {
323: // Already existed, just go ahead
324: }
325:
326: try {
327: DAOFactory.getMessageFolderDAO().create(
328: MVNForumConstant.MESSAGE_FOLDER_SENT,
329: onlineUser.getMemberID(), 2/*folderOrder*/,
330: folderStatus, folderOption, folderType, now,
331: now);
332: } catch (DuplicateKeyException ex) {
333: // Already existed, just go ahead
334: }
335:
336: try {
337: DAOFactory.getMessageFolderDAO().create(
338: MVNForumConstant.MESSAGE_FOLDER_TRASH,
339: onlineUser.getMemberID(), 3/*folderOrder*/,
340: folderStatus, folderOption, folderType, now,
341: now);
342: } catch (DuplicateKeyException ex) {
343: // Already existed, just go ahead
344: }
345: } catch (CreateException ce) {
346: throw new DatabaseException(
347: "Cannot created Message Folder.");
348: } catch (ForeignKeyNotFoundException fe) {
349: throw new DatabaseException(
350: "Cannot created Message Folder because the foreign key is not existed.");
351: }
352: }
353:
354: public void logout(HttpServletRequest request,
355: HttpServletResponse response) {
356: //do nothing
357: }
358:
359: public void logout(GenericRequest request, GenericResponse response) {
360: //do nothing
361: }
362:
363: public String getEncodedPassword(String loginName, String password) {
364: return Encoder.getMD5_Base64(password);
365: }
366:
367: public boolean validatePassword(String loginName, String password,
368: boolean isEncodedPassword) throws AuthenticationException {
369:
370: try {
371: int memberId = DAOFactory.getMemberDAO()
372: .getMemberIDFromMemberName(loginName);
373: if ((memberId == 0)
374: || (memberId == MVNForumConstant.MEMBER_ID_OF_GUEST)) {
375: return true;
376: }
377:
378: String encodedPassword;
379: if (isEncodedPassword) {
380: encodedPassword = password;
381: } else {
382: encodedPassword = getEncodedPassword(loginName,
383: password);
384: }
385:
386: if (isEncodedPassword
387: && password
388: .equals(OnlineUserManager.PASSWORD_OF_METHOD_REALM)) {
389: if (MVNForumConfig.getEnableLoginInfoInRealm()) {
390: return true;
391: }
392: }
393: if (isEncodedPassword
394: && password
395: .equals(OnlineUserManager.PASSWORD_OF_METHOD_CUSTOMIZATION)) {
396: if (MVNForumConfig.getEnableLoginInfoInCustomization()) {
397: return true;
398: }
399: }
400: return encodedPassword.equals(DAOFactory.getMemberDAO()
401: .getPassword(memberId));
402: } catch (ObjectNotFoundException e) {
403: throw new AuthenticationException(
404: NotLoginException.WRONG_NAME);
405: } catch (Exception e) {
406: /** @todo find a better one than NotLoginException.NOT_LOGIN */
407: throw new AuthenticationException(
408: NotLoginException.NOT_LOGIN);
409: }
410: }
411:
412: public void ensureCorrectPassword(String loginName,
413: String password, boolean isEncodedPassword)
414: throws AuthenticationException {
415:
416: boolean isCorrectPassword = validatePassword(loginName,
417: password, isEncodedPassword);
418: if (isCorrectPassword == false) {
419: throw new AuthenticationException(
420: NotLoginException.WRONG_PASSWORD);
421: }
422: }
423: }
|