LuteceDefaultAdminAuthentication.java

  1. /*
  2.  * Copyright (c) 2002-2022, City of Paris
  3.  * All rights reserved.
  4.  *
  5.  * Redistribution and use in source and binary forms, with or without
  6.  * modification, are permitted provided that the following conditions
  7.  * are met:
  8.  *
  9.  *  1. Redistributions of source code must retain the above copyright notice
  10.  *     and the following disclaimer.
  11.  *
  12.  *  2. Redistributions in binary form must reproduce the above copyright notice
  13.  *     and the following disclaimer in the documentation and/or other materials
  14.  *     provided with the distribution.
  15.  *
  16.  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  17.  *     contributors may be used to endorse or promote products derived from
  18.  *     this software without specific prior written permission.
  19.  *
  20.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  24.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30.  * POSSIBILITY OF SUCH DAMAGE.
  31.  *
  32.  * License 1.0
  33.  */
  34. package fr.paris.lutece.portal.business.user.authentication;

  36. import fr.paris.lutece.portal.business.user.AdminUser;
  37. import fr.paris.lutece.portal.business.user.log.UserLog;
  38. import fr.paris.lutece.portal.business.user.log.UserLogHome;
  39. import fr.paris.lutece.portal.service.admin.AdminUserService;
  40. import fr.paris.lutece.util.http.SecurityUtil;
  41. import fr.paris.lutece.util.password.IPassword;
  42. import fr.paris.lutece.util.password.IPasswordFactory;

  44. import java.util.Collection;

  46. import javax.inject.Inject;
  47. import javax.security.auth.login.FailedLoginException;
  48. import javax.security.auth.login.LoginException;

  50. import javax.servlet.http.HttpServletRequest;

  52. /**
  53.  * Default authentication module for admin authentication
  54.  */
  55. public class LuteceDefaultAdminAuthentication implements AdminAuthentication
  56. {
  57.     private static final String CONSTANT_LOST_PASSWORD_URL = "jsp/admin/AdminForgotPassword.jsp";
  58.     private static final String CONSTANT_LOST_LOGIN_URL = "jsp/admin/AdminForgotLogin.jsp";
  59.     private ILuteceDefaultAdminUserDAO _dao;

  61.     @Inject
  62.     private IPasswordFactory _passwordFactory;

  64.     /**
  65.      * Setter used by Spring IoC
  66.      * 
  67.      * @param dao
  68.      *            The DAO (defined in the Spring context)
  69.      */
  70.     public void setDao( ILuteceDefaultAdminUserDAO dao )
  71.     {
  72.         _dao = dao;
  73.     }

  75.     /**
  76.      * {@inheritDoc}
  77.      */
  78.     @Override
  79.     public String getAuthServiceName( )
  80.     {
  81.         return "LUTECE DEFAULT AUTHENTICATION";
  82.     }

  84.     /**
  85.      * {@inheritDoc}
  86.      */
  87.     @Override
  88.     public String getAuthType( HttpServletRequest request )
  89.     {
  90.         return HttpServletRequest.BASIC_AUTH;
  91.     }

  93.     /**
  94.      * {@inheritDoc}
  95.      */
  96.     @Override
  97.     public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request ) throws LoginException
  98.     {
  99.         // Test the number of errors during an interval of minutes
  100.         int nMaxFailed = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
  101.         int nIntervalMinutes = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );

  103.         if ( ( nMaxFailed > 0 ) && ( nIntervalMinutes > 0 ) )
  104.         {
  105.             // Creating a record of connections log
  106.             UserLog userLog = new UserLog( );
  107.             userLog.setAccessCode( strAccessCode );
  108.             userLog.setIpAddress( SecurityUtil.getRealIp( request ) );
  109.             userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date( ).getTime( ) ) );

  111.             int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes );

  113.             if ( nNbFailed > nMaxFailed )
  114.             {
  115.                 throw new FailedLoginException( );
  116.             }
  117.         }

  119.         IPassword pasword = _dao.loadPassword( strAccessCode );

  121.         if ( !pasword.check( strUserPassword ) )
  122.         {
  123.             throw new FailedLoginException( );
  124.         }

  126.         if ( pasword.isLegacy( ) )
  127.         {
  128.             // upgrade password storage
  129.             IPassword upgradedPassword = _passwordFactory.getPasswordFromCleartext( strUserPassword );
  130.             _dao.store( strAccessCode, upgradedPassword );
  131.         }

  133.         LuteceDefaultAdminUser user = _dao.load( strAccessCode, this );

  135.         if ( ( user.getPasswordMaxValidDate( ) != null ) && ( user.getPasswordMaxValidDate( ).getTime( ) < new java.util.Date( ).getTime( ) ) )
  136.         {
  137.             _dao.updateResetPassword( user, Boolean.TRUE );
  138.         }

  140.         AdminUserService.updateUserExpirationDate( user );

  142.         return user;
  143.     }

  145.     /**
  146.      * {@inheritDoc}
  147.      */
  148.     @Override
  149.     public void logout( AdminUser user )
  150.     {
  151.         // Nothing
  152.     }

  154.     /**
  155.      * {@inheritDoc}
  156.      */
  157.     @Override
  158.     public AdminUser getAnonymousUser( )
  159.     {
  160.         return null;
  161.     }

  163.     /**
  164.      * {@inheritDoc}
  165.      */
  166.     @Override
  167.     public boolean isExternalAuthentication( )
  168.     {
  169.         return false;
  170.     }

  172.     /**
  173.      * {@inheritDoc}
  174.      */
  175.     @Override
  176.     public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
  177.     {
  178.         return null;
  179.     }

  181.     /**
  182.      * {@inheritDoc}
  183.      */
  184.     @Override
  185.     public String getLoginPageUrl( )
  186.     {
  187.         return "jsp/admin/AdminLogin.jsp";
  188.     }

  190.     /**
  191.      * {@inheritDoc}
  192.      */
  193.     @Override
  194.     public String getChangePasswordPageUrl( )
  195.     {
  196.         return "jsp/admin/user/ModifyDefaultUserPassword.jsp";
  197.     }

  199.     /**
  200.      * {@inheritDoc}
  201.      */
  202.     @Override
  203.     public String getDoLoginUrl( )
  204.     {
  205.         return null;
  206.     }

  208.     /**
  209.      * {@inheritDoc}
  210.      */
  211.     @Override
  212.     public String getDoLogoutUrl( )
  213.     {
  214.         return null;
  215.     }

  217.     /**
  218.      * {@inheritDoc}
  219.      */
  220.     @Override
  221.     public String getNewAccountPageUrl( )
  222.     {
  223.         return null;
  224.     }

  226.     /**
  227.      * {@inheritDoc}
  228.      */
  229.     @Override
  230.     public String getViewAccountPageUrl( )
  231.     {
  232.         return null;
  233.     }

  235.     /**
  236.      * {@inheritDoc}
  237.      */
  238.     @Override
  239.     public String getLostPasswordPageUrl( )
  240.     {
  241.         return CONSTANT_LOST_PASSWORD_URL;
  242.     }

  244.     /**
  245.      * {@inheritDoc}
  246.      */
  247.     @Override
  248.     public String getLostLoginPageUrl( )
  249.     {
  250.         return CONSTANT_LOST_LOGIN_URL;
  251.     }

  253.     /**
  254.      * Not used - Return null always for this module
  255.      * 
  256.      * @param strLastName
  257.      *            The last name
  258.      * @param strFirstName
  259.      *            The first name
  260.      * @param strEmail
  261.      *            The email
  262.      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList(String strLastName, String strFirstName, String strEmail )
  263.      * @return null
  264.      */
  265.     @Override
  266.     public Collection<AdminUser> getUserList( String strLastName, String strFirstName, String strEmail )
  267.     {
  268.         return null;
  269.     }

  271.     /**
  272.      * Not used - Return null always for this module
  273.      * 
  274.      * @param strLogin
  275.      *            The login
  276.      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String)
  277.      * @return null
  278.      */
  279.     @Override
  280.     public AdminUser getUserPublicData( String strLogin )
  281.     {
  282.         return null;
  283.     }
  284. }
Created with JaCoCo 0.8.4.201905082037