1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication;
35
36 import fr.paris.lutece.plugins.mylutece.authentication.PortalAuthentication;
37 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseHome;
38 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUser;
39 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUserHome;
40 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.web.MyLuteceOpenIdDatabaseApp;
41 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.service.OpenIDDatabasePlugin;
42 import fr.paris.lutece.portal.service.i18n.I18nService;
43 import fr.paris.lutece.portal.service.plugin.Plugin;
44 import fr.paris.lutece.portal.service.plugin.PluginService;
45 import fr.paris.lutece.portal.service.security.LoginRedirectException;
46 import fr.paris.lutece.portal.service.security.LuteceUser;
47 import fr.paris.lutece.portal.service.security.SecurityService;
48 import fr.paris.lutece.portal.service.util.AppLogService;
49 import fr.paris.lutece.portal.service.util.AppPathService;
50 import fr.paris.lutece.portal.service.util.AppPropertiesService;
51 import fr.paris.lutece.util.url.UrlItem;
52
53 import org.apache.log4j.Logger;
54
55 import org.openid4java.OpenIDException;
56
57 import org.openid4java.consumer.ConsumerException;
58 import org.openid4java.consumer.ConsumerManager;
59 import org.openid4java.consumer.InMemoryConsumerAssociationStore;
60 import org.openid4java.consumer.InMemoryNonceVerifier;
61 import org.openid4java.consumer.VerificationResult;
62
63 import org.openid4java.discovery.DiscoveryInformation;
64 import org.openid4java.discovery.Identifier;
65
66 import org.openid4java.message.AuthRequest;
67 import org.openid4java.message.AuthSuccess;
68 import org.openid4java.message.MessageExtension;
69 import org.openid4java.message.ParameterList;
70 import org.openid4java.message.ax.StoreResponse;
71 import org.openid4java.message.sreg.SRegMessage;
72 import org.openid4java.message.sreg.SRegRequest;
73 import org.openid4java.message.sreg.SRegResponse;
74
75
76 import org.openid4java.util.HttpClientFactory;
77 import org.openid4java.util.ProxyProperties;
78
79 import java.util.ArrayList;
80 import java.util.Collection;
81 import java.util.HashSet;
82 import java.util.List;
83 import java.util.Locale;
84 import java.util.Set;
85
86 import javax.security.auth.login.LoginException;
87
88 import javax.servlet.http.HttpServletRequest;
89
90
91
92
93
94
95
96
97
98
99
100 public class BaseAuthentication extends PortalAuthentication
101 {
102
103
104 private static final String AUTH_SERVICE_NAME = AppPropertiesService.getProperty( "mylutece-openiddatabase.service.name" );
105
106
107 private static final String PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE = "module.mylutece.database.message.userNotFoundDatabase";
108 private static final String PLUGIN_NAME = "mylutece-openiddatabase";
109 private static final String URL_CALLBACK = "jsp/site/plugins/mylutece/modules/openiddatabase/OpenIdDatabaseProviderCallBack.jsp";
110 private static final String CONSTANT_PATH_ICON = "images/local/skin/plugins/mylutece/modules/openiddatabase/mylutece-openid.png";
111 private static final String MESSAGE_KEY_AUTHENTICATION_FAILED = "module.mylutece.openid.authenticationFailed";
112 private static ConsumerManager _manager;
113 private static Logger _logger = Logger.getLogger( "openid" );
114
115
116 private static final String PROPERTY_PROXY_PASSWORD = "openiddatabase.proxyPassword";
117 private static final String PROPERTY_PROXY_HOST_NAME = "openiddatabase.proxyHostName";
118 private static final String PROPERTY_PROXY_PORT_NUMBER = "openiddatabase.proxyPort";
119 private static final String PROPERTY_PROXY_DOMAIN_NAME = "openiddatabase.domainName";
120 private static final String PROPERTY_PROXY_USER_NAME = "openiddatabase.proxyUserName";
121
122
123 public static final String PARAMETER_PAGE = "page";
124 public static final String PARAMETER_XPAGE_VALUE = "myluteceopeniddatabase";
125 public static final String PARAMETER_ERROR = "error";
126 private static final String PARAMETER_LOGIN = "login";
127 private static final String PARAMETER_LAST_NAME = "last_name";
128 private static final String PARAMETER_FIRST_NAME = "first_name";
129 private static final String PARAMETER_EMAIL = "email";
130
131
132
133
134
135 public BaseAuthentication( )
136 {
137 super( );
138
139
140 if ( _manager == null )
141 {
142 try
143 {
144 _manager = new ConsumerManager( );
145 }
146 catch ( ConsumerException e )
147 {
148 AppLogService.error( "Error instantiating OpenID ConsumerManager : " + e.getMessage( ), e );
149 }
150 }
151 }
152
153
154
155
156
157 public String getAuthServiceName( )
158 {
159 return AUTH_SERVICE_NAME;
160 }
161
162
163
164
165
166
167 public String getAuthType( HttpServletRequest request )
168 {
169 return HttpServletRequest.BASIC_AUTH;
170 }
171
172
173
174
175
176
177
178
179
180
181
182 public LuteceUser login( String strUserName, String strUserPassword, HttpServletRequest request )
183 throws LoginException, LoginRedirectException
184 {
185 if ( strUserPassword.equals( "dummy" ) )
186 {
187 return loginOpenId( strUserName, request );
188 }
189 else
190 {
191 return loginDatabase( strUserName, strUserPassword, request );
192 }
193 }
194
195 public LuteceUser loginOpenId( String strUserName, HttpServletRequest request )
196 throws LoginException, LoginRedirectException
197 {
198 String strRedirectUrl = getProviderRedirectUrl( request, strUserName );
199
200 if ( strRedirectUrl != null )
201 {
202 throw new LoginRedirectException( strRedirectUrl );
203 }
204
205 return null;
206 }
207
208 public LuteceUser loginDatabase( String strUserName, String strUserPassword, HttpServletRequest request )
209 throws LoginException, LoginRedirectException
210 {
211 Locale locale = request.getLocale( );
212 Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
213
214 BaseUser user = OpenIdDatabaseHome.findLuteceUserByLogin( strUserName, plugin, this );
215
216
217 if ( user == null )
218 {
219 AppLogService.info( "Unable to find user in the database : " + strUserName );
220 throw new LoginException( I18nService.getLocalizedString( PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE, locale ) );
221 }
222
223
224 if ( !OpenIdDatabaseUserHome.checkPassword( strUserName, strUserPassword, plugin ) )
225 {
226 AppLogService.info( "User login : Incorrect login or password" + strUserName );
227 throw new LoginException( I18nService.getLocalizedString( PROPERTY_MESSAGE_USER_NOT_FOUND_DATABASE, locale ) );
228 }
229
230
231 ArrayList<String> arrayRoles = OpenIdDatabaseHome.findUserRolesFromLogin( strUserName, plugin );
232
233 if ( !arrayRoles.isEmpty( ) )
234 {
235 user.setRoles( arrayRoles );
236 }
237
238
239 ArrayList<String> arrayGroups = OpenIdDatabaseHome.findUserGroupsFromLogin( strUserName, plugin );
240
241 if ( !arrayGroups.isEmpty( ) )
242 {
243 user.setGroups( arrayGroups );
244 }
245
246 return user;
247 }
248
249
250
251
252
253 public void logout( LuteceUser user )
254 {
255 }
256
257
258
259
260
261
262 public LuteceUser getAnonymousUser( )
263 {
264 return new BaseUser( LuteceUser.ANONYMOUS_USERNAME, this );
265 }
266
267
268
269
270
271
272
273
274 public boolean isUserInRole( LuteceUser user, HttpServletRequest request, String strRole )
275 {
276 String[] roles = setAllRoles( user );
277
278 if ( ( roles != null ) && ( strRole != null ) )
279 {
280 for ( String role : roles )
281 {
282 if ( strRole.equals( role ) )
283 {
284 return true;
285 }
286 }
287 }
288
289 return false;
290 }
291
292
293
294
295
296 public String getViewAccountPageUrl( )
297 {
298 return MyLuteceOpenIdDatabaseApp.getViewAccountUrl( );
299 }
300
301
302
303
304
305 public String getNewAccountPageUrl( )
306 {
307 return MyLuteceOpenIdDatabaseApp.getNewAccountUrl( );
308 }
309
310
311
312
313
314 public String getChangePasswordPageUrl( )
315 {
316 return MyLuteceOpenIdDatabaseApp.getChangePasswordUrl( );
317 }
318
319
320
321
322
323 public String getLostPasswordPageUrl( )
324 {
325 return MyLuteceOpenIdDatabaseApp.getLostPasswordUrl( );
326 }
327
328
329
330
331
332
333
334
335
336 private String[] setAllRoles( LuteceUser user )
337 {
338 Set<String> setRoles = new HashSet<String>( );
339 String[] strGroups = user.getGroups( );
340 String[] strRoles = user.getRoles( );
341
342 if ( strRoles != null )
343 {
344 for ( String strRole : strRoles )
345 {
346 setRoles.add( strRole );
347 }
348 }
349
350 String[] strReturnRoles = new String[setRoles.size( )];
351 setRoles.toArray( strReturnRoles );
352
353 return strReturnRoles;
354 }
355
356
357
358
359
360
361 public Collection<LuteceUser> getUsers( )
362 {
363 Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
364
365 Collection<BaseUser> BaseUsers = OpenIdDatabaseHome.findDatabaseUsersList( plugin, this );
366 Collection<LuteceUser> luteceUsers = new ArrayList<LuteceUser>( );
367
368 for ( BaseUser user : BaseUsers )
369 {
370 luteceUsers.add( user );
371 }
372
373 return luteceUsers;
374 }
375
376
377
378
379
380
381 public LuteceUser getUser( String userLogin )
382 {
383 Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
384
385 BaseUser user = OpenIdDatabaseHome.findLuteceUserByLogin( userLogin, plugin, this );
386
387 return user;
388 }
389
390
391
392
393
394
395
396 private String getProviderRedirectUrl( HttpServletRequest request, String strOpenID )
397 {
398 String strReturnUrl = getMessageUrl( request, MESSAGE_KEY_AUTHENTICATION_FAILED );
399 String strProxyHostName = AppPropertiesService.getProperty( PROPERTY_PROXY_HOST_NAME );
400
401
402 if ( ( strProxyHostName != null ) && !strProxyHostName.equals( "" ) )
403 {
404 ProxyProperties proxyProps = new ProxyProperties( );
405 String strDomain = AppPropertiesService.getProperty( PROPERTY_PROXY_DOMAIN_NAME );
406 int strProxyPort = Integer.parseInt( AppPropertiesService.getProperty( PROPERTY_PROXY_PORT_NUMBER ) );
407 String strUserName = AppPropertiesService.getProperty( PROPERTY_PROXY_USER_NAME );
408 String strPassword = AppPropertiesService.getProperty( PROPERTY_PROXY_PASSWORD );
409
410 proxyProps.setProxyHostName( strProxyHostName );
411 proxyProps.setProxyPort( strProxyPort );
412 proxyProps.setDomain( strDomain );
413 proxyProps.setUserName( strUserName );
414 proxyProps.setPassword( strPassword );
415
416 HttpClientFactory.setProxyProperties( proxyProps );
417 }
418
419 try
420 {
421 _manager = new ConsumerManager( );
422 _manager.setAssociations( new InMemoryConsumerAssociationStore( ) );
423 _manager.setNonceVerifier( new InMemoryNonceVerifier( 5000 ) );
424
425
426 List discoveries = _manager.discover( strOpenID.trim( ) );
427
428
429
430 DiscoveryInformation discovered = _manager.associate( discoveries );
431
432
433 request.getSession( ).setAttribute( "openid-disc", discovered );
434
435
436
437
438 SRegRequest fetch = SRegRequest.createFetchRequest( );
439 fetch.addAttribute( "fullname", true );
440 fetch.addAttribute( "nickname", true );
441 fetch.addAttribute( "email", true );
442
443
444
445
446 AuthRequest authReq = _manager.authenticate( discovered, getReturnUrl( request ) );
447
448
449 authReq.addExtension( fetch );
450
451 strReturnUrl = authReq.getDestinationUrl( true );
452 }
453 catch ( OpenIDException e )
454 {
455 _logger.error( "OpenId Error building authentication request : " + e.getMessage( ), e );
456 }
457
458 return strReturnUrl;
459 }
460
461
462
463
464
465
466
467 private String getReturnUrl( HttpServletRequest request )
468 {
469 _logger.debug( "Callback URL : " + AppPathService.getBaseUrl( request ) + URL_CALLBACK );
470
471 return AppPathService.getBaseUrl( request ) + URL_CALLBACK;
472 }
473
474
475
476
477
478
479
480 private String getMessageUrl( HttpServletRequest request, String strMessageKey )
481 {
482 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + AppPathService.getPortalUrl( ) );
483 url.addParameter( PARAMETER_PAGE, PARAMETER_XPAGE_VALUE );
484 url.addParameter( PARAMETER_ERROR, strMessageKey );
485
486 return url.getUrl( );
487 }
488
489
490
491
492
493
494
495
496 public String verifyResponse( HttpServletRequest request )
497 {
498 String strReturnUrl = getMessageUrl( request, MESSAGE_KEY_AUTHENTICATION_FAILED );
499
500 _logger.debug( "Provider callback - host : " + request.getRemoteHost( ) + " - IP : " +
501 request.getRemoteAddr( ) );
502
503 BaseUser user = null;
504
505 try
506 {
507
508
509 ParameterList response = new ParameterList( request.getParameterMap( ) );
510
511
512 DiscoveryInformation discovered = (DiscoveryInformation) request.getSession( ).getAttribute( "openid-disc" );
513
514
515 StringBuffer receivingURL = request.getRequestURL( );
516 String queryString = request.getQueryString( );
517
518 if ( ( queryString != null ) && ( queryString.length( ) > 0 ) )
519 {
520 receivingURL.append( "?" ).append( request.getQueryString( ) );
521 }
522
523
524
525 VerificationResult verification = _manager.verify( receivingURL.toString( ), response, discovered );
526
527
528 Identifier verified = verification.getVerifiedId( );
529 _logger.debug( "Authentication verification : " + verified );
530
531 if ( verified != null )
532 {
533 user = new BaseUser( verified.getIdentifier( ), this );
534
535 AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse( );
536
537 if ( authSuccess.hasExtension( SRegMessage.OPENID_NS_SREG ) )
538 {
539 _logger.debug( "Authentication successfull - identifier : " + verified.getIdentifier( ) );
540
541 MessageExtension ext = authSuccess.getExtension( SRegMessage.OPENID_NS_SREG );
542
543 if ( ext instanceof SRegResponse )
544 {
545
546
547
548
549 SRegResponse sregResp = (SRegResponse) ext;
550
551 String strFirstName = (String) sregResp.getAttributeValue( "fullname" );
552 String strLastName = (String) sregResp.getAttributeValue( "nickname" );
553
554
555
556 String strEmail = sregResp.getAttributeValue( "email" );
557
558 user.setUserInfo( LuteceUser.NAME_GIVEN, strFirstName );
559 user.setUserInfo( LuteceUser.NAME_FAMILY, strLastName );
560 user.setUserInfo( LuteceUser.BUSINESS_INFO_ONLINE_EMAIL, strEmail );
561
562 Plugin plugin = PluginService.getPlugin( PLUGIN_NAME );
563 OpenIdDatabaseUser databaseUser = new OpenIdDatabaseUser( );
564 databaseUser.setEmail( strEmail );
565 databaseUser.setFirstName( strFirstName );
566 databaseUser.setLastName( strLastName );
567 databaseUser.setLogin( verified.getIdentifier( ) );
568 databaseUser.setAuthentificationType( "openid" );
569 strReturnUrl = AppPathService.getBaseUrl( request ) + AppPathService.getPortalUrl( );
570
571
572 if ( !OpenIdDatabaseUserHome.checkUserLogin( verified.getIdentifier( ), plugin ) )
573 {
574 OpenIdDatabaseUserHome.create( databaseUser, "", plugin );
575
576 if ( databaseUser.isValid( ) )
577 {
578 SecurityService.getInstance( ).registerUser( request, user );
579 }
580 else
581 {
582 strReturnUrl = getUserDetailsUrl( request, databaseUser );
583 }
584 }
585 else
586 {
587 SecurityService.getInstance( ).registerUser( request, user );
588
589 if ( databaseUser.isValid( ) )
590 {
591 OpenIdDatabaseUserHome.updateByLogin( databaseUser, plugin );
592 }
593 else
594 {
595 strReturnUrl = getUserDetailsUrl( request, databaseUser );
596 }
597 }
598
599
600
601 }
602 else if ( ext instanceof StoreResponse )
603 {
604 }
605 }
606 }
607 }
608 catch ( OpenIDException e )
609 {
610 _logger.error( "OpenId Error in provider response : " + e.getMessage( ), e );
611 }
612
613 return strReturnUrl;
614 }
615
616
617
618
619
620
621
622 private String getUserDetailsUrl( HttpServletRequest request, OpenIdDatabaseUser user )
623 {
624 UrlItem url = new UrlItem( AppPathService.getBaseUrl( request ) + AppPathService.getPortalUrl( ) );
625 url.addParameter( PARAMETER_PAGE, PARAMETER_XPAGE_VALUE );
626 url.addParameter( "action", "detailsOpenId" );
627 url.addParameter( PARAMETER_LOGIN, user.getLogin( ) );
628 url.addParameter( PARAMETER_FIRST_NAME, user.getFirstName( ) );
629 url.addParameter( PARAMETER_LAST_NAME, user.getLastName( ) );
630 url.addParameter( PARAMETER_EMAIL, user.getEmail( ) );
631
632 return url.getUrl( );
633 }
634
635
636
637
638
639 public String getIconUrl()
640 {
641 return CONSTANT_PATH_ICON;
642 }
643
644
645
646
647
648 public String getName()
649 {
650 return OpenIDDatabasePlugin.PLUGIN_NAME;
651 }
652
653
654
655
656
657 public String getPluginName()
658 {
659 return OpenIDDatabasePlugin.PLUGIN_NAME;
660 }
661 }