/*
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package com.celements.web.token;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.objects.classes.PasswordClass;
import com.xpn.xwiki.store.XWikiStoreInterface;
import com.xpn.xwiki.user.api.XWikiUser;
import com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl;
public class TokenLDAPAuthServiceImpl extends XWikiLDAPAuthServiceImpl {
private static final Log LOGGER = LogFactory.getFactory().getInstance(
TokenLDAPAuthServiceImpl.class);
@Override
public XWikiUser checkAuth(XWikiContext context) throws XWikiException {
if ((context.getResponse() != null) && !"".equals(context.getWiki().Param("celements.auth.P3P",
""))) {
context.getResponse().addHeader("P3P", "CP=\"" + context.getWiki().Param("celements.auth.P3P")
+ "\"");
}
if (context.getRequest() != null) {
String token = context.getRequest().getParameter("token");
String username = context.getRequest().getParameter("username");
boolean hasToken = (token != null) && !"".equals(token);
if (hasToken && (username != null) && !"".equals(username)) {
LOGGER.info("trying to authenticate user [" + username + "] with token [" + hasToken
+ "].");
XWikiUser tokenUser = checkAuthByToken(username, token, context);
if (tokenUser != null) {
return tokenUser;
}
}
LOGGER.info("checkAuth for token skipped or failed. user [" + username + "] with token ["
+ hasToken + "].");
}
return super.checkAuth(context);
}
public XWikiUser checkAuthByToken(String loginname, String userToken, XWikiContext context)
throws XWikiException {
if ((loginname != null) && !"".equals(loginname)) {
String usernameByToken = getUsernameForToken(userToken, context);
if ((usernameByToken != null) && !usernameByToken.equals("") && (usernameByToken.equals(
"XWiki." + loginname) || usernameByToken.equals("xwiki:XWiki." + loginname))) {
LOGGER.info("checkAuthByToken: user " + usernameByToken + " identified by userToken.");
context.setUser(usernameByToken);
return context.getXWikiUser();
} else {
LOGGER.warn("checkAuthByToken: username could not be identified by token");
}
}
return null;
}
public String getUsernameForToken(String userToken, XWikiContext context) throws XWikiException {
String hashedCode = encryptString("hash:SHA-512:", userToken);
String userDoc = "";
if ((userToken != null) && (userToken.trim().length() > 0)) {
String hql = ", BaseObject as obj, Classes.TokenClass as token where ";
hql += "doc.space='XWiki' ";
hql += "and obj.name=doc.fullName ";
hql += "and token.tokenvalue=? ";
hql += "and token.validuntil>=? ";
hql += "and obj.id=token.id ";
List<Object> parameterList = new Vector<Object>();
parameterList.add(hashedCode);
parameterList.add(new Date());
XWikiStoreInterface storage = context.getWiki().getStore();
List<String> users = storage.searchDocumentsNames(hql, 0, 0, parameterList, context);
LOGGER.debug("searching token in db [" + context.getDatabase() + "] and found " + users.size()
+ " with parameters " + Arrays.deepToString(parameterList.toArray()));
if (users == null || users.size() == 0) {
String db = context.getDatabase();
context.setDatabase("xwiki");
users = storage.searchDocumentsNames(hql, 0, 0, parameterList, context);
LOGGER.debug("searching token in db [" + context.getDatabase() + "] and found "
+ users.size() + " with parameters " + Arrays.deepToString(parameterList.toArray()));
if (users != null && users.size() == 1) {
users.add("xwiki:" + users.remove(0));
}
context.setDatabase(db);
}
int usersFound = 0;
for (String tmpUserDoc : users) {
if (!tmpUserDoc.trim().equals("")) {
usersFound++;
userDoc = tmpUserDoc;
}
}
if (usersFound > 1) {
LOGGER.warn("Found more than one user for token '" + userToken + "'");
return null;
}
} else {
LOGGER.warn("No valid token given");
}
LOGGER.info("getUsernameForToken: returning user [" + userDoc + "].");
return userDoc;
}
String encryptString(String encoding, String str) {
return new PasswordClass().getEquivalentPassword(encoding, str);
}
}