Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
AdminDatabaseAuthentication |
|
| 1.2222222222222223;1,222 |
1 | /* | |
2 | * Copyright (c) 2002-2017, Mairie de Paris | |
3 | * All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * | |
9 | * 1. Redistributions of source code must retain the above copyright notice | |
10 | * and the following disclaimer. | |
11 | * | |
12 | * 2. Redistributions in binary form must reproduce the above copyright notice | |
13 | * and the following disclaimer in the documentation and/or other materials | |
14 | * provided with the distribution. | |
15 | * | |
16 | * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its | |
17 | * contributors may be used to endorse or promote products derived from | |
18 | * this software without specific prior written permission. | |
19 | * | |
20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
21 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE | |
24 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
30 | * POSSIBILITY OF SUCH DAMAGE. | |
31 | * | |
32 | * License 1.0 | |
33 | */ | |
34 | package fr.paris.lutece.plugins.adminauthenticationdatabase; | |
35 | ||
36 | import fr.paris.lutece.portal.business.user.AdminUser; | |
37 | import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication; | |
38 | import fr.paris.lutece.portal.business.user.log.UserLog; | |
39 | import fr.paris.lutece.portal.business.user.log.UserLogHome; | |
40 | import fr.paris.lutece.portal.service.util.AppPropertiesService; | |
41 | ||
42 | import java.util.Collection; | |
43 | ||
44 | import javax.security.auth.login.FailedLoginException; | |
45 | import javax.security.auth.login.LoginException; | |
46 | ||
47 | import javax.servlet.http.HttpServletRequest; | |
48 | ||
49 | ||
50 | /** | |
51 | * Data authentication module for admin authentication | |
52 | */ | |
53 | public class AdminDatabaseAuthentication implements AdminAuthentication | |
54 | { | |
55 | private static final String PROPERTY_MAX_ACCESS_FAILED = "admindatabaseauthentication.access.failures.max"; | |
56 | private static final String PROPERTY_INTERVAL_MINUTES = "admindatabaseauthentication.access.failures.interval.minutes"; | |
57 | private static final String PROPERTY_SERVICE_NAME = "admindatabaseauthentication.auth.service.name"; | |
58 | private static final String PROPERTY_LOGIN_PAGE_URL = "admindatabaseauthentication.login.page.url"; | |
59 | 0 | private AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO( ); |
60 | ||
61 | /** | |
62 | * | |
63 | */ | |
64 | public AdminDatabaseAuthentication( ) | |
65 | { | |
66 | 0 | super( ); |
67 | 0 | } |
68 | ||
69 | /** | |
70 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthServiceName() | |
71 | */ | |
72 | public String getAuthServiceName( ) | |
73 | { | |
74 | 0 | return AppPropertiesService.getProperty( PROPERTY_SERVICE_NAME ); |
75 | } | |
76 | ||
77 | /** | |
78 | * @return {@link javax.servlet.http.HttpServletRequest#BASIC_AUTH} | |
79 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthType(javax.servlet.http.HttpServletRequest) | |
80 | */ | |
81 | public String getAuthType( HttpServletRequest request ) | |
82 | { | |
83 | 0 | return HttpServletRequest.BASIC_AUTH; |
84 | } | |
85 | ||
86 | /* (non-Javadoc) | |
87 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#login(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest) | |
88 | */ | |
89 | public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request ) | |
90 | throws LoginException | |
91 | { | |
92 | // Creating a record of connections log | |
93 | 0 | UserLog userLog = new UserLog( ); |
94 | 0 | userLog.setAccessCode( strAccessCode ); |
95 | 0 | userLog.setIpAddress( request.getRemoteAddr( ) ); |
96 | 0 | userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date( ).getTime( ) ) ); |
97 | ||
98 | // Test the number of errors during an interval of minutes | |
99 | 0 | int nMaxFailed = AppPropertiesService.getPropertyInt( PROPERTY_MAX_ACCESS_FAILED, 3 ); |
100 | 0 | int nIntervalMinutes = AppPropertiesService.getPropertyInt( PROPERTY_INTERVAL_MINUTES, 10 ); |
101 | 0 | int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes ); |
102 | ||
103 | 0 | if ( nNbFailed > nMaxFailed ) |
104 | { | |
105 | 0 | throw new FailedLoginException( ); |
106 | } | |
107 | ||
108 | 0 | int nUserCode = _dao.checkPassword( strAccessCode, strUserPassword ); |
109 | ||
110 | 0 | if ( nUserCode != AdminDatabaseUserDAO.USER_OK ) |
111 | { | |
112 | 0 | throw new FailedLoginException( ); |
113 | } | |
114 | ||
115 | 0 | AdminUser user = _dao.load( strAccessCode, this ); |
116 | ||
117 | 0 | return user; |
118 | } | |
119 | ||
120 | /** | |
121 | * For non-external authentication : nothing to do | |
122 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#logout(fr.paris.lutece.portal.business.user.authentication.AdminUser) | |
123 | */ | |
124 | public void logout( AdminUser user ) | |
125 | { | |
126 | 0 | } |
127 | ||
128 | /* (non-Javadoc) | |
129 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAnonymousUser() | |
130 | */ | |
131 | public AdminUser getAnonymousUser( ) | |
132 | { | |
133 | // TODO Auto-generated method stub | |
134 | 0 | return null; |
135 | } | |
136 | ||
137 | /** | |
138 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#isExternalAuthentication() | |
139 | * @return false always | |
140 | */ | |
141 | public boolean isExternalAuthentication( ) | |
142 | { | |
143 | 0 | return false; |
144 | } | |
145 | ||
146 | /** | |
147 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getHttpAuthenticatedUser(javax.servlet.http.HttpServletRequest) | |
148 | * @return null always | |
149 | */ | |
150 | public AdminUser getHttpAuthenticatedUser( HttpServletRequest request ) | |
151 | { | |
152 | 0 | return null; |
153 | } | |
154 | ||
155 | /** | |
156 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLoginPageUrl() | |
157 | */ | |
158 | public String getLoginPageUrl( ) | |
159 | { | |
160 | 0 | return AppPropertiesService.getProperty( PROPERTY_LOGIN_PAGE_URL ); |
161 | } | |
162 | ||
163 | /* (non-Javadoc) | |
164 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl() | |
165 | */ | |
166 | public String getChangePasswordPageUrl( ) | |
167 | { | |
168 | // TODO Auto-generated method stub | |
169 | 0 | return null; |
170 | } | |
171 | ||
172 | /* (non-Javadoc) | |
173 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLoginUrl() | |
174 | */ | |
175 | public String getDoLoginUrl( ) | |
176 | { | |
177 | // TODO Auto-generated method stub | |
178 | 0 | return null; |
179 | } | |
180 | ||
181 | /* (non-Javadoc) | |
182 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLogoutUrl() | |
183 | */ | |
184 | public String getDoLogoutUrl( ) | |
185 | { | |
186 | // TODO Auto-generated method stub | |
187 | 0 | return null; |
188 | } | |
189 | ||
190 | /* (non-Javadoc) | |
191 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl() | |
192 | */ | |
193 | public String getNewAccountPageUrl( ) | |
194 | { | |
195 | // TODO Auto-generated method stub | |
196 | 0 | return null; |
197 | } | |
198 | ||
199 | /* (non-Javadoc) | |
200 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getViewAccountPageUrl() | |
201 | */ | |
202 | public String getViewAccountPageUrl( ) | |
203 | { | |
204 | // TODO Auto-generated method stub | |
205 | 0 | return null; |
206 | } | |
207 | ||
208 | /* (non-Javadoc) | |
209 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl() | |
210 | */ | |
211 | public String getLostPasswordPageUrl( ) | |
212 | { | |
213 | // TODO Auto-generated method stub | |
214 | 0 | return null; |
215 | } | |
216 | ||
217 | /* (non-Javadoc) | |
218 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl() | |
219 | */ | |
220 | public String getLostLoginPageUrl( ) | |
221 | { | |
222 | // TODO Auto-generated method stub | |
223 | 0 | return null; |
224 | } | |
225 | ||
226 | /** | |
227 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList() | |
228 | */ | |
229 | public Collection getUserList( String strLastName, String strFirstName, String strEmail ) | |
230 | { | |
231 | 0 | return _dao.selectAllDatabaseUsers( strLastName, strFirstName, strEmail, this ); |
232 | } | |
233 | ||
234 | /** | |
235 | * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String) | |
236 | */ | |
237 | public AdminUser getUserPublicData( String strLogin ) | |
238 | { | |
239 | 0 | return _dao.selectUserPublicData( strLogin, this ); |
240 | } | |
241 | } |