package com.celements.auth; import java.util.Collections; import java.util.List; import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xwiki.component.annotation.Component; import org.xwiki.component.annotation.Requirement; import org.xwiki.context.Execution; import org.xwiki.model.reference.DocumentReference; import org.xwiki.script.service.ScriptService; import com.celements.web.plugin.cmd.PasswordRecoveryAndEmailValidationCommand; import com.celements.web.plugin.cmd.PossibleLoginsCommand; import com.celements.web.plugin.cmd.RemoteUserValidator; import com.celements.web.plugin.cmd.UserNameForUserDataCommand; import com.celements.web.service.IWebUtilsService; import com.celements.web.token.NewCelementsTokenForUserCommand; import com.xpn.xwiki.XWiki; import com.xpn.xwiki.XWikiContext; import com.xpn.xwiki.XWikiException; import com.xpn.xwiki.user.api.XWikiUser; @Component("authentication") public class AuthenticationScriptService implements ScriptService { private static Logger _LOGGER = LoggerFactory.getLogger(AuthenticationScriptService.class); @Requirement private IWebUtilsService webUtilsService; @Requirement private IAuthenticationServiceRole authenticationService; @Requirement private Execution execution; private XWikiContext getContext() { return (XWikiContext) execution.getContext().getProperty("xwikicontext"); } public String getUsernameForUserData(String login) { String possibleLogins = new PossibleLoginsCommand().getPossibleLogins(); String account = ""; try { _LOGGER.debug("executing getUsernameForUserData in plugin"); account = new UserNameForUserDataCommand().getUsernameForUserData(login, possibleLogins, getContext()); } catch (XWikiException exp) { _LOGGER.error("Failed to get usernameForUserData for login [" + login + "] and possibleLogins [" + possibleLogins + "].", exp); } return account; } public String getUsernameForUserData(String login, String possibleLogins) { String account = ""; if (hasProgrammingRights() || hasAdminRights()) { try { _LOGGER.debug("executing getUsernameForUserData in plugin"); account = new UserNameForUserDataCommand().getUsernameForUserData(login, possibleLogins, getContext()); } catch (XWikiException exp) { _LOGGER.error("Failed to get usernameForUserData for login [" + login + "] and possibleLogins [" + possibleLogins + "].", exp); } } else { _LOGGER.debug("missing ProgrammingRights for [" + getContext().get("sdoc") + "]: getUsernameForUserData cannot be executed!"); } return account; } public String getPasswordHash(String encoding, String str) { return authenticationService.getPasswordHash(encoding, str); } public String getPasswordHash(String str) { return getPasswordHash("hash:SHA-512:", str); } public boolean sendNewValidation(String user, String possibleFields) { if ((hasAdminRights() || hasProgrammingRights()) && (user != null) && (user.trim().length() > 0)) { _LOGGER.debug("sendNewValidation for user [" + user + "]."); try { return new PasswordRecoveryAndEmailValidationCommand().sendNewValidation(user, possibleFields); } catch (XWikiException exp) { _LOGGER.error("sendNewValidation: failed.", exp); } } return false; } public void sendNewValidation(String user, String possibleFields, DocumentReference mailContentDocRef) { if ((hasAdminRights() || hasProgrammingRights()) && (user != null) && (user.trim().length() > 0)) { _LOGGER.debug("sendNewValidation for user [" + user + "] using mail [" + mailContentDocRef + "]."); try { new PasswordRecoveryAndEmailValidationCommand().sendNewValidation(user, possibleFields, mailContentDocRef); } catch (XWikiException exp) { _LOGGER.error("sendNewValidation: failed.", exp); } } else { _LOGGER.warn("sendNewValidation: new validation email for user [" + user + "] not sent."); } } public String getNewValidationTokenForUser() { if (hasProgrammingRights() && (getContext().getUser() != null)) { try { DocumentReference accountDocRef = webUtilsService.resolveDocumentReference( getContext().getUser()); return new PasswordRecoveryAndEmailValidationCommand().getNewValidationTokenForUser( accountDocRef); } catch (XWikiException exp) { _LOGGER.error("Failed to create new validation Token for user: " + getContext().getUser(), exp); } } return null; } public String getNewCelementsTokenForUser(Boolean guestPlus) { if (getContext().getUser() != null) { try { return new NewCelementsTokenForUserCommand().getNewCelementsTokenForUserWithAuthentication( getContext().getUser(), guestPlus, getContext()); } catch (XWikiException exp) { _LOGGER.error("Failed to create new validation Token for user: " + getContext().getUser(), exp); } } return null; } public String getNewCelementsTokenForUser(Boolean guestPlus, int minutesValid) { if (getContext().getUser() != null) { try { return new NewCelementsTokenForUserCommand().getNewCelementsTokenForUserWithAuthentication( getContext().getUser(), guestPlus, minutesValid, getContext()); } catch (XWikiException exp) { _LOGGER.error("Failed to create new validation Token for user: " + getContext().getUser(), exp); } } return null; } public String getNewCelementsTokenForUser() { return getNewCelementsTokenForUser(false); } public Map<String, String> activateAccount(String activationCode) { try { return authenticationService.activateAccount(activationCode); } catch (AccountActivationFailedException authExp) { _LOGGER.info("Failed to activate account", authExp); } return Collections.emptyMap(); } /* * TODO: Please get rid of throwing an exception to the view (client), use try/catch * and write the exception in a log-file */ public String getUniqueValidationKey() throws XWikiException { return new NewCelementsTokenForUserCommand().getUniqueValidationKey(getContext()); } /* * TODO: Please get rid of throwing an exception to the view (client), use try/catch * and write the exception in a log-file */ public String recoverPassword() throws XWikiException { return new PasswordRecoveryAndEmailValidationCommand().recoverPassword(); } /* * TODO: Please get rid of throwing an exception to the view (client), use try/catch * and write the exception in a log-file */ public String recoverPassword(String account) throws XWikiException { return new PasswordRecoveryAndEmailValidationCommand().recoverPassword(account, account); } /* * TODO: Please get rid of throwing an exception to the view (client), use try/catch * and write the exception in a log-file */ public XWikiUser checkAuth(String logincredential, String password, String rememberme, String possibleLogins) throws XWikiException { return authenticationService.checkAuth(logincredential, password, rememberme, possibleLogins, null); } /* * TODO: Please get rid of throwing an exception to the view (client), use try/catch * and write the exception in a log-file */ public XWikiUser checkAuth(String logincredential, String password, String rememberme, String possibleLogins, boolean noRedirect) throws XWikiException { return authenticationService.checkAuth(logincredential, password, rememberme, possibleLogins, noRedirect); } public String isValidUserJSON(String username, String password, String memberOfGroup, List<String> returnGroupMemberships) { RemoteUserValidator validater = new RemoteUserValidator(); if (hasProgrammingRights()) { return validater.isValidUserJSON(username, password, memberOfGroup, returnGroupMemberships, getContext()); } return null; } public String getLogoutRedirectURL() { XWiki xwiki = getContext().getWiki(); String logoutRedirectConf = xwiki.getSpacePreference("LogoutRedirect", "celements.logoutRedirect", xwiki.getDefaultSpace(getContext()) + ".WebHome", getContext()); String logoutRedirectURL = logoutRedirectConf; if (!logoutRedirectConf.startsWith("http://") && !logoutRedirectConf.startsWith("https://")) { logoutRedirectURL = xwiki.getURL(logoutRedirectConf, "view", "logout=1", getContext()); } return logoutRedirectURL; } public String getLoginRedirectURL() { XWiki xwiki = getContext().getWiki(); String loginRedirectConf = xwiki.getSpacePreference("LoginRedirect", "celements.loginRedirect", xwiki.getDefaultSpace(getContext()) + ".WebHome", getContext()); String loginRedirectURL = loginRedirectConf; if (!loginRedirectConf.startsWith("http://") && !loginRedirectConf.startsWith("https://")) { loginRedirectURL = xwiki.getURL(loginRedirectConf, "view", "", getContext()); } return loginRedirectURL; } /** * API to check rights on a document for a given user or group * * @param level * right to check (view, edit, comment, delete) * @param user * user or group for which to check the right * @param isUser * true for users and false for group * @param docname * document on which to check the rights * @return true if right is granted/false if not */ public boolean hasAccessLevel(String level, String user, boolean isUser, DocumentReference docRef) { try { return authenticationService.hasAccessLevel(level, user, isUser, docRef); } catch (Exception exp) { _LOGGER.warn("hasAccessLevel failed for level[" + level + "] user[" + user + "] " + "docRef[" + docRef + "] isUser[" + isUser + "]", exp); return false; } } private boolean hasProgrammingRights() { return getContext().getWiki().getRightService().hasProgrammingRights(getContext()); } private boolean hasAdminRights() { return getContext().getWiki().getRightService().hasAdminRights(getContext()); } }