001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.kernel.util.KeyValuePair;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Company;
024    import com.liferay.portal.model.User;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.CookieKeys;
027    import com.liferay.portal.util.PortalUtil;
028    
029    import javax.servlet.http.Cookie;
030    import javax.servlet.http.HttpServletRequest;
031    import javax.servlet.http.HttpServletResponse;
032    
033    /**
034     * @author Brian Wing Shun Chan
035     */
036    public class RememberMeAutoLogin implements AutoLogin {
037    
038            public String[] login(
039                            HttpServletRequest request, HttpServletResponse response)
040                    throws AutoLoginException {
041    
042                    try {
043                            String[] credentials = null;
044    
045                            String autoUserId = CookieKeys.getCookie(
046                                    request, CookieKeys.ID, false);
047                            String autoPassword = CookieKeys.getCookie(
048                                    request, CookieKeys.PASSWORD, false);
049                            String rememberMe = CookieKeys.getCookie(
050                                    request, CookieKeys.REMEMBER_ME, false);
051    
052                            // LEP-5188
053    
054                            String proxyPath = PortalUtil.getPathProxy();
055                            String contextPath = PortalUtil.getPathContext();
056    
057                            if (proxyPath.equals(contextPath)) {
058                                    if (Validator.isNotNull(request.getContextPath())) {
059                                            rememberMe = Boolean.TRUE.toString();
060                                    }
061                            }
062                            else {
063                                    if (!contextPath.equals(request.getContextPath())) {
064                                            rememberMe = Boolean.TRUE.toString();
065                                    }
066                            }
067    
068                            if (Validator.isNotNull(autoUserId) &&
069                                    Validator.isNotNull(autoPassword) &&
070                                    Validator.isNotNull(rememberMe)) {
071    
072                                    Company company = PortalUtil.getCompany(request);
073    
074                                    KeyValuePair kvp = null;
075    
076                                    if (company.isAutoLogin()) {
077                                            kvp = UserLocalServiceUtil.decryptUserId(
078                                                    company.getCompanyId(), autoUserId, autoPassword);
079    
080                                            credentials = new String[3];
081    
082                                            credentials[0] = kvp.getKey();
083                                            credentials[1] = kvp.getValue();
084                                            credentials[2] = Boolean.FALSE.toString();
085                                    }
086                            }
087    
088                            // LPS-11218
089    
090                            if (credentials != null) {
091                                    Company company = PortalUtil.getCompany(request);
092    
093                                    User defaultUser = UserLocalServiceUtil.getDefaultUser(
094                                            company.getCompanyId());
095    
096                                    long userId = GetterUtil.getLong(credentials[0]);
097    
098                                    if (defaultUser.getUserId() == userId) {
099                                            credentials = null;
100    
101                                            removeCookies(request, response);
102                                    }
103                            }
104    
105                            return credentials;
106                    }
107                    catch (Exception e) {
108                            _log.warn(e, e);
109    
110                            removeCookies(request, response);
111    
112                            throw new AutoLoginException(e);
113                    }
114            }
115    
116            protected void removeCookies(
117                    HttpServletRequest request, HttpServletResponse response) {
118    
119                    Cookie cookie = new Cookie(CookieKeys.ID, StringPool.BLANK);
120    
121                    cookie.setMaxAge(0);
122                    cookie.setPath(StringPool.SLASH);
123    
124                    CookieKeys.addCookie(request, response, cookie);
125    
126                    cookie = new Cookie(CookieKeys.PASSWORD, StringPool.BLANK);
127    
128                    cookie.setMaxAge(0);
129                    cookie.setPath(StringPool.SLASH);
130    
131                    CookieKeys.addCookie(request, response, cookie);
132            }
133    
134            private static Log _log = LogFactoryUtil.getLog(RememberMeAutoLogin.class);
135    
136    }