Coverage Report

Coverage Report - fr.paris.lutece.plugins.adminauthenticationdatabase.AdminDatabaseAuthentication

Classes in this File

Line Coverage

Branch Coverage

Complexity

AdminDatabaseAuthentication

0 %

0/33

0 %

0/4

1,222

 /*
  * Copyright (c) 2002-2017, Mairie de Paris
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice
  *     and the following disclaimer.
  *
  *  2. Redistributions in binary form must reproduce the above copyright notice
  *     and the following disclaimer in the documentation and/or other materials
  *     provided with the distribution.
  *
  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  *     contributors may be used to endorse or promote products derived from
  *     this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
  * License 1.0
  */
 package fr.paris.lutece.plugins.adminauthenticationdatabase;
 
 import fr.paris.lutece.portal.business.user.AdminUser;
 import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
 import fr.paris.lutece.portal.business.user.log.UserLog;
 import fr.paris.lutece.portal.business.user.log.UserLogHome;
 import fr.paris.lutece.portal.service.util.AppPropertiesService;
 
 import java.util.Collection;
 
 import javax.security.auth.login.FailedLoginException;
 import javax.security.auth.login.LoginException;
 
 import javax.servlet.http.HttpServletRequest;
 
 
 /**
  * Data authentication module for admin authentication
  */
 public class AdminDatabaseAuthentication implements AdminAuthentication
 {
     private static final String PROPERTY_MAX_ACCESS_FAILED = "admindatabaseauthentication.access.failures.max";
     private static final String PROPERTY_INTERVAL_MINUTES = "admindatabaseauthentication.access.failures.interval.minutes";
     private static final String PROPERTY_SERVICE_NAME = "admindatabaseauthentication.auth.service.name";
     private static final String PROPERTY_LOGIN_PAGE_URL = "admindatabaseauthentication.login.page.url";
     private AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO(  );
 
     /**
      *
      */
     public AdminDatabaseAuthentication(  )
     {
         super(  );
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthServiceName()
      */
     public String getAuthServiceName(  )
     {
         return AppPropertiesService.getProperty( PROPERTY_SERVICE_NAME );
     }
 
     /**
      * @return {@link javax.servlet.http.HttpServletRequest#BASIC_AUTH}
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthType(javax.servlet.http.HttpServletRequest)
      */
     public String getAuthType( HttpServletRequest request )
     {
         return HttpServletRequest.BASIC_AUTH;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#login(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
      */
     public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request )
         throws LoginException
     {
         // Creating a record of connections log
         UserLog userLog = new UserLog(  );
         userLog.setAccessCode( strAccessCode );
         userLog.setIpAddress( request.getRemoteAddr(  ) );
         userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date(  ).getTime(  ) ) );
 
         // Test the number of errors during an interval of minutes
         int nMaxFailed = AppPropertiesService.getPropertyInt( PROPERTY_MAX_ACCESS_FAILED, 3 );
         int nIntervalMinutes = AppPropertiesService.getPropertyInt( PROPERTY_INTERVAL_MINUTES, 10 );
         int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes );
 
         if ( nNbFailed > nMaxFailed )
         {
             throw new FailedLoginException(  );
         }
 
         int nUserCode = _dao.checkPassword( strAccessCode, strUserPassword );
 
         if ( nUserCode != AdminDatabaseUserDAO.USER_OK )
         {
             throw new FailedLoginException(  );
         }
 
         AdminUser user = _dao.load( strAccessCode, this );
 
         return user;
     }
 
     /**
      * For non-external authentication : nothing to do
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#logout(fr.paris.lutece.portal.business.user.authentication.AdminUser)
      */
     public void logout( AdminUser user )
     {
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAnonymousUser()
      */
     public AdminUser getAnonymousUser(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#isExternalAuthentication()
      * @return false always
      */
     public boolean isExternalAuthentication(  )
     {
         return false;
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getHttpAuthenticatedUser(javax.servlet.http.HttpServletRequest)
      * @return null always
      */
     public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
     {
         return null;
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLoginPageUrl()
      */
     public String getLoginPageUrl(  )
     {
         return AppPropertiesService.getProperty( PROPERTY_LOGIN_PAGE_URL );
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
      */
     public String getChangePasswordPageUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLoginUrl()
      */
     public String getDoLoginUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLogoutUrl()
      */
     public String getDoLogoutUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
      */
     public String getNewAccountPageUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getViewAccountPageUrl()
      */
     public String getViewAccountPageUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
      */
     public String getLostPasswordPageUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
     
     /* (non-Javadoc)
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
      */
     public String getLostLoginPageUrl(  )
     {
         // TODO Auto-generated method stub
         return null;
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList()
      */
     public Collection getUserList( String strLastName, String strFirstName, String strEmail )
     {
         return _dao.selectAllDatabaseUsers( strLastName, strFirstName, strEmail, this );
     }
 
     /**
      * @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String)
      */
     public AdminUser getUserPublicData( String strLogin )
     {
         return _dao.selectUserPublicData( strLogin, this );
     }
 }

1		/*
2		* Copyright (c) 2002-2017, Mairie de Paris
3		* All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions
7		* are met:
8		*
9		* 1. Redistributions of source code must retain the above copyright notice
10		* and the following disclaimer.
11		*
12		* 2. Redistributions in binary form must reproduce the above copyright notice
13		* and the following disclaimer in the documentation and/or other materials
14		* provided with the distribution.
15		*
16		* 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17		* contributors may be used to endorse or promote products derived from
18		* this software without specific prior written permission.
19		*
20		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21		* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23		* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27		* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28		* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30		* POSSIBILITY OF SUCH DAMAGE.
31		*
32		* License 1.0
33		*/
34		package fr.paris.lutece.plugins.adminauthenticationdatabase;
35
36		import fr.paris.lutece.portal.business.user.AdminUser;
37		import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
38		import fr.paris.lutece.portal.business.user.log.UserLog;
39		import fr.paris.lutece.portal.business.user.log.UserLogHome;
40		import fr.paris.lutece.portal.service.util.AppPropertiesService;
41
42		import java.util.Collection;
43
44		import javax.security.auth.login.FailedLoginException;
45		import javax.security.auth.login.LoginException;
46
47		import javax.servlet.http.HttpServletRequest;
48
49
50		/**
51		* Data authentication module for admin authentication
52		*/
53		public class AdminDatabaseAuthentication implements AdminAuthentication
54		{
55		private static final String PROPERTY_MAX_ACCESS_FAILED = "admindatabaseauthentication.access.failures.max";
56		private static final String PROPERTY_INTERVAL_MINUTES = "admindatabaseauthentication.access.failures.interval.minutes";
57		private static final String PROPERTY_SERVICE_NAME = "admindatabaseauthentication.auth.service.name";
58		private static final String PROPERTY_LOGIN_PAGE_URL = "admindatabaseauthentication.login.page.url";
59	0	private AdminDatabaseUserDAO _dao = new AdminDatabaseUserDAO( );
60
61		/**
62		*
63		*/
64		public AdminDatabaseAuthentication( )
65		{
66	0	super( );
67	0	}
68
69		/**
70		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthServiceName()
71		*/
72		public String getAuthServiceName( )
73		{
74	0	return AppPropertiesService.getProperty( PROPERTY_SERVICE_NAME );
75		}
76
77		/**
78		* @return {@link javax.servlet.http.HttpServletRequest#BASIC_AUTH}
79		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAuthType(javax.servlet.http.HttpServletRequest)
80		*/
81		public String getAuthType( HttpServletRequest request )
82		{
83	0	return HttpServletRequest.BASIC_AUTH;
84		}
85
86		/* (non-Javadoc)
87		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#login(java.lang.String, java.lang.String, javax.servlet.http.HttpServletRequest)
88		*/
89		public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request )
90		throws LoginException
91		{
92		// Creating a record of connections log
93	0	UserLog userLog = new UserLog( );
94	0	userLog.setAccessCode( strAccessCode );
95	0	userLog.setIpAddress( request.getRemoteAddr( ) );
96	0	userLog.setDateLogin( new java.sql.Timestamp( new java.util.Date( ).getTime( ) ) );
97
98		// Test the number of errors during an interval of minutes
99	0	int nMaxFailed = AppPropertiesService.getPropertyInt( PROPERTY_MAX_ACCESS_FAILED, 3 );
100	0	int nIntervalMinutes = AppPropertiesService.getPropertyInt( PROPERTY_INTERVAL_MINUTES, 10 );
101	0	int nNbFailed = UserLogHome.getLoginErrors( userLog, nIntervalMinutes );
102
103	0	if ( nNbFailed > nMaxFailed )
104		{
105	0	throw new FailedLoginException( );
106		}
107
108	0	int nUserCode = _dao.checkPassword( strAccessCode, strUserPassword );
109
110	0	if ( nUserCode != AdminDatabaseUserDAO.USER_OK )
111		{
112	0	throw new FailedLoginException( );
113		}
114
115	0	AdminUser user = _dao.load( strAccessCode, this );
116
117	0	return user;
118		}
119
120		/**
121		* For non-external authentication : nothing to do
122		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#logout(fr.paris.lutece.portal.business.user.authentication.AdminUser)
123		*/
124		public void logout( AdminUser user )
125		{
126	0	}
127
128		/* (non-Javadoc)
129		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getAnonymousUser()
130		*/
131		public AdminUser getAnonymousUser( )
132		{
133		// TODO Auto-generated method stub
134	0	return null;
135		}
136
137		/**
138		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#isExternalAuthentication()
139		* @return false always
140		*/
141		public boolean isExternalAuthentication( )
142		{
143	0	return false;
144		}
145
146		/**
147		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getHttpAuthenticatedUser(javax.servlet.http.HttpServletRequest)
148		* @return null always
149		*/
150		public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
151		{
152	0	return null;
153		}
154
155		/**
156		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLoginPageUrl()
157		*/
158		public String getLoginPageUrl( )
159		{
160	0	return AppPropertiesService.getProperty( PROPERTY_LOGIN_PAGE_URL );
161		}
162
163		/* (non-Javadoc)
164		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
165		*/
166		public String getChangePasswordPageUrl( )
167		{
168		// TODO Auto-generated method stub
169	0	return null;
170		}
171
172		/* (non-Javadoc)
173		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLoginUrl()
174		*/
175		public String getDoLoginUrl( )
176		{
177		// TODO Auto-generated method stub
178	0	return null;
179		}
180
181		/* (non-Javadoc)
182		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getDoLogoutUrl()
183		*/
184		public String getDoLogoutUrl( )
185		{
186		// TODO Auto-generated method stub
187	0	return null;
188		}
189
190		/* (non-Javadoc)
191		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getNewAccountPageUrl()
192		*/
193		public String getNewAccountPageUrl( )
194		{
195		// TODO Auto-generated method stub
196	0	return null;
197		}
198
199		/* (non-Javadoc)
200		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getViewAccountPageUrl()
201		*/
202		public String getViewAccountPageUrl( )
203		{
204		// TODO Auto-generated method stub
205	0	return null;
206		}
207
208		/* (non-Javadoc)
209		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
210		*/
211		public String getLostPasswordPageUrl( )
212		{
213		// TODO Auto-generated method stub
214	0	return null;
215		}
216
217		/* (non-Javadoc)
218		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getLostPasswordPageUrl()
219		*/
220		public String getLostLoginPageUrl( )
221		{
222		// TODO Auto-generated method stub
223	0	return null;
224		}
225
226		/**
227		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserList()
228		*/
229		public Collection getUserList( String strLastName, String strFirstName, String strEmail )
230		{
231	0	return _dao.selectAllDatabaseUsers( strLastName, strFirstName, strEmail, this );
232		}
233
234		/**
235		* @see fr.paris.lutece.portal.business.user.authentication.AdminAuthentication#getUserPublicData(java.lang.String)
236		*/
237		public AdminUser getUserPublicData( String strLogin )
238		{
239	0	return _dao.selectUserPublicData( strLogin, this );
240		}
241		}