Subversion Repositories bacoAlunos

package pt.estgp.estgweb.services.authenticate;

import jomm.dao.impl.AbstractDao;

import jomm.utils.BytesUtils;

import jomm.utils.DesUtils;

import openldap.ILdapManager;

import openldap.LdapManagerFactory;

import org.apache.log4j.Logger;

import pt.estgp.estgweb.Globals;

import pt.estgp.estgweb.domain.*;

import pt.estgp.estgweb.domain.dao.DaoFactory;

import pt.estgp.estgweb.services.common.CommonServicesManager;

import pt.estgp.estgweb.services.email.SendEmailService;

import pt.estgp.estgweb.services.email.SimpleSendEmailInterface;

import pt.estgp.estgweb.services.expceptions.ServiceException;

import pt.estgp.estgweb.services.ftpservices.FtpService;

import pt.estgp.estgweb.utils.ConfigProperties;

import pt.utl.ist.berserk.logic.serviceManager.IService;

import java.util.*;

/*

 * @author Goncalo Luiz gedl [AT] rnl [DOT] ist [DOT] utl [DOT] pt

 *

 *

 * Created at 17/Out/2003 , 23:45:24

 *

 */

/**

 * @author Jorge Machado

 *

 *

 * Created at 17/Out/2003 , 23:45:24

 *

 */

public class AuthenticateService implements IService

{

    private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger = 1.5.0/docs/api/java/util/logging/Logger.html">Logger.getLogger(AuthenticateService.class);

    private static final boolean USE_LDAP = ConfigProperties.getBooleanProperty("use.ldap");

    ILdapManager ldapManager = LdapManagerFactory.getLdapManager();

    public UserSession run(1.5.0/docs/api/java/lang/String.html">String username, 1.5.0/docs/api/java/lang/String.html">String password, UserSession userSession) throws ServiceException

    {

        logger.info("Try LOGIN username:" + username);

        if(userSession.getUser() != null)

            throw new AuthenticateException(AuthenticateException.ALREADY_AUTHENTICATED);

        if(username == null || username.trim().length() == 0 || password == null || password.trim().length() == 0)

            throw new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

        boolean go = false;

        if(USE_LDAP)

            go = ldapManager.login(username,password);

        User u = null;

        if(!go)

        {

            u = DaoFactory.getUserDaoImpl().loadByUsernameAndPassword(username,password);

            if(u == null)

            {

                logger.warn("user:" + username + " fail password");

                throw new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

            }

            logger.warn("user:" + username + " fail LDAP but pass local authentication");

        }

        else

            try

            {

                u = DaoFactory.getUserDaoImpl().loadByUsername(username);

            }

            catch(1.5.0/docs/api/java/lang/Throwable.html">Throwable e){}

        if(u == null)

        {

            logger.warn("user:" + username + " does not exist");

            throw new AuthenticateException(AuthenticateException.DOES_NOT_EXIST);

            /*

            u = getUserInfo(username);

            u.setPassword(password);

            //put password to be complete for advising

            CommonServicesManager.getInstance().adviseNew(u);

//            u.setPassword(null); OLD Line now we save the last sucessfully password in DB

            u.setPassword(jomm.utils.BytesUtils.getDigestMD5Hex(password));

            if(u.getRoles().contains("teacher"))

            {

            }

            else if (u.getRoles().contains("student"))

            {

            }*/

        }

        else

        {

            logger.info("username:" + username + " login:OK");

//            String passwordAux = u.getPassword();

            u.setPassword(password);

            CommonServicesManager.getInstance().adviseUpdate(u);

//            u.setPassword(passwordAux);

            u.setPassword(jomm.utils.BytesUtils.getDigestMD5Hex(password));

        }

        //CHECK USER BLOCK's

        if(!u.isAdmin() && !u.isSuperuser())

        {

            if(u.isAutoBlockMode() && u.isAutoBlock()

                    ||

                    !u.isAutoBlockMode() && u.isManualBlock())

            {

                logger.warn("user:" + username + " blocked");

                throw  new AuthenticateException(AuthenticateException.BLOCKED);

            }

        }

        logger.warn("user:" + username + " authenticated");

        //((UserSessionImpl)userSession).reset();

        //((UserSessionImpl)userSession).clearObjectsWithOpenTransaction();

        //DaoFactory.getUserSessionDaoImpl().flush();

        //PASSWORD PARA SERVICOS FTP CLIENT

                ((UserSessionImpl) userSession).put(FtpService.FTP_PASSWORD, DesUtils.getInstance().encrypt(password));

        //put password to be complete for advising

        userSession.setName(u.getName());

        userSession.setUsername(u.getUsername());

        userSession.setUser(u);

        if(u.getRoles() == null || u.getRoles().trim().length() == 0)

            u.setRoles(Globals.ROLE_INVITED);

        /**CHECK BASIC SYSTEM ROLES**/

        if(u instanceof Teacher && !u.hasRole(Globals.TEACHER_ROLE))

            u.addRole(Globals.TEACHER_ROLE);

        if(u instanceof Student && !u.hasRole(Globals.STUDENT_ROLE))

            u.addRole(Globals.STUDENT_ROLE);

        DaoFactory.getUserSessionDaoImpl().reattach(userSession);

        logger.info("LOGIN SERVICE FINISH for username:" + username);

        return userSession;

    }

    private User getUserInfo(1.5.0/docs/api/java/lang/String.html">String username)

    {

        1.5.0/docs/api/java/util/HashMap.html">HashMap map = ldapManager.getUserInfo(username);

        UserImpl u = DomainObjectFactory.createUserImpl();

        u.setUsername(username);

        u.setName(getName(map));

        u.setRoles(getRoles(map));

        u.setNewUser(true);

        /*todo call commonServices Manager advise New put Password First*/

        DaoFactory.getUserDaoImpl().save(u);

        return u;

    }

    private 1.5.0/docs/api/java/lang/String.html">String getName(1.5.0/docs/api/java/util/HashMap.html">HashMap text)

    {

        1.5.0/docs/api/java/util/Set.html">Set s = text.entrySet();

        1.5.0/docs/api/java/util/Iterator.html">Iterator iter = s.iterator();

        int iterCount=0;

        1.5.0/docs/api/java/lang/String.html">String name=null;

        while(iter.hasNext())

        {

            1.5.0/docs/api/java/util/Map.Entry.html">Map.Entry e = (1.5.0/docs/api/java/util/Map.Entry.html">Map.Entry) iter.next();

            if(iterCount==3)

            {

                name=e.getValue().toString();

            }

            iterCount++;

        }

        return name;

    }

    public 1.5.0/docs/api/java/lang/String.html">String getRoles(1.5.0/docs/api/java/util/HashMap.html">HashMap text)

    {

        1.5.0/docs/api/java/util/Set.html">Set s = text.entrySet();

        1.5.0/docs/api/java/util/Iterator.html">Iterator iter = s.iterator();

        int iterCount=0;

        1.5.0/docs/api/java/lang/String.html">String roles=null;

        while(iter.hasNext())

        {

            1.5.0/docs/api/java/util/Map.Entry.html">Map.Entry e = (1.5.0/docs/api/java/util/Map.Entry.html">Map.Entry) iter.next();

            if(iterCount==0)

            {

                1.5.0/docs/api/java/lang/String.html">String[] splitText=e.getValue().toString().split(",");

                if(splitText[1].contains("CN"))

                {

                    roles="student";

                }

                else if(splitText[1].contains("OU"))

                {

                    roles="teacher";

                }

            }

            iterCount++;

        }

        return roles;

    }

    public UserSession loginPae(1.5.0/docs/api/java/lang/String.html">String username, 1.5.0/docs/api/java/lang/String.html">String password, UserSession userSession) throws ServiceException

    {

        if(userSession.getUser() != null)

        {

            new LogoutService().run(userSession);

        }

        if(username == null || username.trim().length() == 0 || password == null || password.trim().length() == 0)

            throw new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

        User u = null;

        boolean go = false;

        try{

            try{

            u = DaoFactory.getUserDaoImpl().loadBySigesCode(new 1.5.0/docs/api/java/lang/Integer.html">Integer(username));

            }catch(1.5.0/docs/api/java/lang/Exception.html">Exception e){}

            if(u == null)

                u = DaoFactory.getUserDaoImpl().loadByUsername(username);

            if(u == null)

                throw new AuthenticateException(AuthenticateException.DOES_NOT_EXIST);

            go = u.getPasswordSiges() != null && u.getPasswordSiges().equals(jomm.utils.BytesUtils.getDigestMD5Hex(password));

            if(go)

            {

                logger.info("siges:" + username + " login:PASSSIGES");

            }

            else

            {

                go = u.getPassword() != null && u.getPassword().equals(jomm.utils.BytesUtils.getDigestMD5Hex(password));

                if(go)

                {

                    logger.info("siges:" + username + " login:PASSBACO");

                }

                else

                {

                    go = u.getBi() != null && u.getBi().equals(password);

                    if(go)

                    {

                        logger.info("siges:" + username + " login:BI");

                    }

                }

            }

        }

        catch(1.5.0/docs/api/java/lang/Throwable.html">Throwable e)

        {

        }

        if(!go)

        {

            logger.warn("siges:" + username + " fail password");

            throw new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

        }

        //CHECK USER BLOCK's

        if(!u.isAdmin() && !u.isSuperuser())

        {

            if(u.isAutoBlockMode() && u.isAutoBlock()

                    ||

                    !u.isAutoBlockMode() && u.isManualBlock())

            {

                logger.warn("siges:" + username + " blocked");

                throw new AuthenticateException(AuthenticateException.BLOCKED);

            }

        }

        logger.warn("siges:" + username + " authenticated");

        userSession.setName(u.getName());

        userSession.setUsername(u.getUsername());

        userSession.setUser(u);

        if(u.getRoles() == null || u.getRoles().trim().length() == 0)

            u.setRoles(Globals.ROLE_INVITED);

        DaoFactory.getUserSessionDaoImpl().reattach(userSession);

        return userSession;

    }

    public UserSession changePassword(1.5.0/docs/api/java/lang/String.html">String password, UserSession userSession) throws ServiceException

    {

        userSession.getUser().setPassword(password);

        CommonServicesManager.getInstance().adviseUpdate(userSession.getUser());

        userSession.getUser().setPassword(jomm.utils.BytesUtils.getDigestMD5Hex(password));

        return userSession;

    }

    public User requestChangePassword(1.5.0/docs/api/java/lang/String.html">String identifier) throws ServiceException

    {

        List<User> users = DaoFactory.getUserDaoImpl().loadBySigesCodeUsernameEmailsBiSiges(identifier);

        if(users.size() == 0)

            return null;

        else if(users.size() > 1)

        {

            1.5.0/docs/api/java/lang/String.html">String subject = "DANGER two or more users sharing identifier property " + identifier;

            logger.warn(subject);

            1.5.0/docs/api/java/lang/String.html">String msg = "";

            for(User u: users)

            {

                logger.warn(u.getId() + " " + u.getUsername() + " " + u.getEmail());

                msg += " ( " + u.getId() + " " + u.getUsername() + " " + u.getEmail() + " )";

            }

            new SendEmailService().sendNotificationAdmin(msg,"Ao tentar recuperar password idenficamos mais de um caso com o mesmo identificador:" + msg);

            return null;

        }

        else

        {

            User u = users.get(0);

            logger.info("User " + u.getId() + " " + u.getName() + " identificado vamos criar um certificado e enviar um email para reposição de password");

            1.5.0/docs/api/java/lang/String.html">String text = "Caro " + u.getName() + " vimos por este meio informá-lo que já pode redifinir a sua password no seguinte endereço web. " +

                    "Este endereço expira em " +

                    +Globals.CERTIFICATES_EXPIRTATION_IN_DAYS + " dias. Se por algum motivo for alheio a este pedido por favor ignore este email. " +

                    "A sua password no PAE será mantida.";

            SimpleSendEmailInterface.createCertificatedEmailJobAndSendNow(u,

                    "Sistema de Recuperação de Passwords PAE-IPP",

                    "Pedido de Recuperação de Password",

                    text,

                    Globals.SITE_URL + "/user/ChangePassword.do",

                    "Message Email (request change password from user with id " + u.getId()

            );

            return u;

        }

    }

    public UserSession loginCertificate(1.5.0/docs/api/java/lang/String.html">String certificate, UserSession userSession) throws ServiceException

    {

        if(userSession.getUser() != null)

        {

            new LogoutService().run(userSession);

        }

        if(certificate == null || certificate.trim().length() == 0)

            throw new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

        User u = null;

        List<User> users = DaoFactory.getUserDaoImpl().loadByCertificate(certificate);

        if(users == null || users.size() > 1 || users.size()== 0)

        {

            if(users.size() > 1)

                logger.error("Erro dois users com o mesmo certificado");

            throw  new AuthenticateException(AuthenticateException.FAIL_AUTHENTICATION);

        }

        u = users.get(0);

        logger.info("certificate:" + u.getUsername() + " login:certificate:" + certificate);

        //CHECK USER BLOCK's

        if(!u.isAdmin() && !u.isSuperuser())

        {

            if(u.isAutoBlockMode() && u.isAutoBlock()

                    ||

                    !u.isAutoBlockMode() && u.isManualBlock())

            {

                logger.warn("certificate:" + u.getUsername() + " blocked");

                throw new AuthenticateException(AuthenticateException.BLOCKED);

            }

        }

        logger.warn("certificate:" + u.getUsername() + " authenticated");

        userSession.setName(u.getName());

        userSession.setUsername(u.getUsername());

        userSession.setUser(u);

        if(u.getRoles() == null || u.getRoles().trim().length() == 0)

            u.setRoles(Globals.ROLE_INVITED);

        DaoFactory.getUserSessionDaoImpl().reattach(userSession);

        return userSession;

    }

    /**

     * Create a new Certificate for usage in URL auto login

     *

     * @param userId

     * @return the certificate string to use in URL

     */

    public 1.5.0/docs/api/java/lang/String.html">String createCertificateForId(long userId, UserSession usersession)

    {

        User u = DaoFactory.getUserDaoImpl().load(userId);

        return createCertificate(u, usersession);

    }

    public 1.5.0/docs/api/java/lang/String.html">String createCertificateForId(long userId)

    {

        User u = DaoFactory.getUserDaoImpl().load(userId);

        return createCertificate(u);

    }

    public 1.5.0/docs/api/java/lang/String.html">String createCertificate(User user)

    {

        return createCertificate(user,null);

    }

    /**

     * Create a new Certificate for usage in URL auto login

     *

     * @param user to crate certificate

     * @return the certificate string

     */

    public 1.5.0/docs/api/java/lang/String.html">String createCertificate(User user, UserSession usersession)

    {

        1.5.0/docs/api/java/lang/String.html">String certificate = user.getId()

                + "-" + 1.5.0/docs/api/java/lang/System.html">System.currentTimeMillis()

                + "-" + 1.5.0/docs/api/java/lang/Thread.html">Thread.currentThread().hashCode()

                + "-" +  1.5.0/docs/api/java/lang/Runtime.html">Runtime.getRuntime().freeMemory();

        1.5.0/docs/api/java/lang/String.html">String md5 = BytesUtils.getMD5(certificate);

        user.setAuthenticationCertificate(md5);

        //3600 seconds = 1 hour = 3600.000 milis * 24 = 1 day * 15 = 15 days

        long daysInMilis =  3600 * 1000 * 24 * Globals.CERTIFICATES_EXPIRTATION_IN_DAYS;

        user.setAuthenticationCertificateExpire(new 5+0%2Fdocs%2Fapi+Date">Date(1.5.0/docs/api/java/lang/System.html">System.currentTimeMillis()+daysInMilis));

        return md5;

    }

    public static void main(1.5.0/docs/api/java/lang/String.html">String [] args)

    {

        AbstractDao.getCurrentSession().beginTransaction();

        1.5.0/docs/api/java/lang/String.html">String certificate = new AuthenticateService().createCertificateForId(1691,null);

        AbstractDao.getCurrentSession().getTransaction().commit();

    }

}