package com.celements.auth; import java.util.HashMap; import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xwiki.component.annotation.Component; import org.xwiki.component.annotation.Requirement; import org.xwiki.context.Execution; import org.xwiki.model.reference.DocumentReference; import com.celements.model.access.IModelAccessFacade; import com.celements.model.access.exception.DocumentLoadException; import com.celements.model.access.exception.DocumentNotExistsException; import com.celements.model.access.exception.DocumentSaveException; import com.celements.web.plugin.cmd.UserNameForUserDataCommand; import com.celements.web.service.IWebUtilsService; import com.xpn.xwiki.XWikiContext; import com.xpn.xwiki.XWikiException; import com.xpn.xwiki.doc.XWikiDocument; import com.xpn.xwiki.objects.BaseObject; import com.xpn.xwiki.objects.classes.PasswordClass; import com.xpn.xwiki.user.api.XWikiUser; import com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl; @Component public class AuthenticationService implements IAuthenticationServiceRole { private static Logger _LOGGER = LoggerFactory.getLogger(AuthenticationService.class); @Requirement private IWebUtilsService webUtilsService; @Requirement private IModelAccessFacade modelAccess; @Requirement private Execution execution; private XWikiContext getContext() { return (XWikiContext) execution.getContext().getProperty("xwikicontext"); } @Override public String getPasswordHash(String encoding, String str) { return new PasswordClass().getEquivalentPassword(encoding, str); } @Override public Map<String, String> activateAccount(String activationCode) throws AccountActivationFailedException { _LOGGER.debug("activateAccount: for code " + activationCode); try { Map<String, String> userAccount = new HashMap<String, String>(); String hashedCode = getPasswordHash("hash:SHA-512:", activationCode); String username = new UserNameForUserDataCommand().getUsernameForUserData(hashedCode, "validkey", getContext()); _LOGGER.debug("activateAccount: username = " + username); if ((username != null) && !username.equals("")) { String password = getContext().getWiki().generateRandomString(24); DocumentReference userDocRef = webUtilsService.resolveDocumentReference(username); _LOGGER.debug("activateAccount: userDocRef = " + userDocRef); XWikiDocument doc = modelAccess.getDocument(userDocRef); _LOGGER.debug("activateAccount: userDoc = " + doc); DocumentReference userObjRef = webUtilsService.resolveDocumentReference("XWiki.XWikiUsers"); _LOGGER.debug("activateAccount: userObjRef = " + userObjRef); BaseObject obj = doc.getXObject(userObjRef); _LOGGER.debug("activateAccount: userObj = " + obj); // obj.set("validkey", "", context); obj.set("active", "1", getContext()); obj.set("force_pwd_change", "1", getContext()); obj.set("password", password, getContext()); modelAccess.saveDocument(doc, "activate account"); userAccount.put("username", username); userAccount.put("password", password); } return userAccount; } catch (XWikiException | DocumentSaveException | DocumentLoadException | DocumentNotExistsException exp) { throw new AccountActivationFailedException(exp); } } @Override public XWikiUser checkAuth(String logincredential, String password, String rememberme, String possibleLogins, Boolean noRedirect) throws XWikiException { String loginname = new UserNameForUserDataCommand().getUsernameForUserData(logincredential, possibleLogins, getContext()); if ("".equals(loginname) && possibleLogins.matches("(.*,)?loginname(,.*)?")) { loginname = logincredential; } if (noRedirect != null) { getContext().put("ajax", noRedirect); } return getContext().getWiki().getAuthService().checkAuth(loginname, password, rememberme, getContext()); } /** * API to check rights on a document for a given user or group * * @param level * right to check (view, edit, comment, delete) * @param user * user or group for which to check the right * @param isUser * true for users and false for group * @param docname * document on which to check the rights * @return true if right is granted/false if not */ public boolean hasAccessLevel(String level, String user, boolean isUser, DocumentReference docRef) throws XWikiException { return ((XWikiRightServiceImpl) getContext().getWiki().getRightService()).hasAccessLevel(level, user, webUtilsService.getRefDefaultSerializer().serialize(docRef), isUser, getContext()); } }