/** Validates fields for auth submit */
public void validateLoginSubmit() {
if (auth.getUsername() == null || auth.getUsername().trim().equals("")) {
addFieldError("auth.username", "Required");
}
if (auth.getPassword() == null || auth.getPassword().trim().equals("")) {
addFieldError("auth.password", "Required");
}
}
@Action(
value = "/loginSubmit",
results = {
@Result(name = "input", location = "/login.jsp"),
@Result(
name = "change_password",
location = "/admin/userSettings.action",
type = "redirect"),
@Result(name = "otp", location = "/admin/viewOTP.action", type = "redirect"),
@Result(name = "success", location = "/admin/menu.action", type = "redirect")
})
public String loginSubmit() {
String retVal = SUCCESS;
String authToken = AuthDB.login(auth);
if (authToken != null) {
User user = AuthDB.getUserByAuthToken(authToken);
if (user != null) {
String sharedSecret = null;
if (otpEnabled) {
sharedSecret = AuthDB.getSharedSecret(user.getId());
if (StringUtils.isNotEmpty(sharedSecret)
&& (auth.getOtpToken() == null
|| !OTPUtil.verifyToken(sharedSecret, auth.getOtpToken()))) {
addActionError(AUTH_ERROR);
return INPUT;
}
}
// check to see if admin has any assigned profiles
if (!User.MANAGER.equals(user.getUserType())
&& (user.getProfileList() == null || user.getProfileList().size() <= 0)) {
addActionError("Authentication Failed : There are no profiles assigned to this account");
return INPUT;
}
AuthUtil.setAuthToken(servletRequest.getSession(), authToken);
AuthUtil.setUserId(servletRequest.getSession(), user.getId());
AuthUtil.setAuthType(servletRequest.getSession(), user.getAuthType());
AuthUtil.setTimeout(servletRequest.getSession());
// for first time login redirect to set OTP
if (otpEnabled && StringUtils.isEmpty(sharedSecret)) {
return "otp";
} else if ("changeme".equals(auth.getPassword())
&& Auth.AUTH_BASIC.equals(user.getAuthType())) {
retVal = "change_password";
}
}
} else {
addActionError(AUTH_ERROR);
retVal = INPUT;
}
return retVal;
}