Ejemplo n.º 1
0
  /**
   * Validates the login. Writes the isValid flag into the session along with the current user.
   *
   * @return true if OK, false if there's a problem
   */
  private boolean validateLogin(
      HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception {

    // Creates a user database access bean.
    UserManager userManager = new UserManager();
    // (no setSession() here, since user may not exist yet)

    // Validates the login
    String username = req.getParameter("Username");
    String password = req.getParameter("Password");
    boolean isValid = userManager.isValidUser(username, password);
    boolean isAdmin = userManager.isAdmin(username);

    // To allow bootstrapping the system, if there are no users
    // yet, set this session valid, and grant admin privileges.
    if (userManager.getRecords().isEmpty()) {
      isValid = true;
      isAdmin = true;
    }

    if (isValid) {
      // Writes User object and validity flag to the session
      session.setAttribute("user", new User(username, password, isAdmin));
      session.setAttribute("isValid", new Boolean(isValid));
    } else {
      Util.putMessagePage(res, "Invalid user or password");
      return false;
    }
    return isValid;
  }
Ejemplo n.º 2
0
  public Message startAuthentication(AuthenticationMessage msg)
      throws AuthenticationException, GeneralSecurityException {
    if (msg instanceof RequestLoginMessage) {
      RequestLoginMessage rlm = (RequestLoginMessage) msg;
      username = rlm.getLogin();

      if (!allowRoot && username.equals("root")) {
        throw new AuthenticationException("Must authenticate as a regular user first.");
      }

      // generate challange
      byte[] passhash = UserManager.v().getPassHash(username);
      if (passhash == null) {
        throw new AuthenticationException("User has no password");
      }

      ChallangeMessage cm = new ChallangeMessage();
      SecureRandom rand = new SecureRandom();
      rand.nextBytes(randNumber);
      cm.setChallange(randNumber, passhash);
      state = CL_CHALLANGE_SENT;

      // send the challange
      return cm;
    } else if (msg instanceof ChallangeCheckStatusMessage) {
      // After authentication is complete the client sends this message
      //  It can be safely ignored. We don't care that the client has
      //  actually authenticated us.
      return null;
    }

    throw new AuthenticationException("State Error");
  }
Ejemplo n.º 3
0
  public Message updateState(AuthenticationMessage msg)
      throws AuthenticationException, GeneralSecurityException {
    switch (state) {
      case CL_CHALLANGE_SENT:
        {
          ChallangeResponseMessage crm = null;
          byte[] resp;
          if (msg instanceof ChallangeResponseMessage) {
            crm = (ChallangeResponseMessage) msg;
            resp = crm.getResponse();
          } else {
            throw new AuthenticationException("State Error");
          }

          if (!Arrays.equals(randNumber, resp)) {
            throw new AuthenticationException("Authentication Failed");
          }
          state = SR_AUTH_SERVER;
          // wait for challenge
          ChallangeCheckStatusMessage check = new ChallangeCheckStatusMessage();
          check.setOk(true);
          return check;
        }

      case SR_AUTH_SERVER:
        {
          ChallangeMessage cm = null;
          if (msg instanceof ChallangeMessage) {
            cm = (ChallangeMessage) msg;
          } else {
            throw new AuthenticationException("State Error");
          }

          // send reponse
          ChallangeResponseMessage crm = new ChallangeResponseMessage();
          byte[] passhash = UserManager.v().getPassHash(username);
          if (passhash == null) {
            throw new AuthenticationException("User has no password");
          }
          crm.produceResponse(cm.getChallange(), passhash);

          authenticated = true;
          logger.info("User " + username + " logged in");
          state = DONE_STATE;
          // complete the challenege-response
          return crm;
        }

      default:
        {
          if (msg instanceof ChallangeCheckStatusMessage) {
            return null;
          }
        }
    }

    throw new AuthenticationException("State Incomplete");
  }
  /**
   * Displays a given Meeting page for a HTTP Get, or creates a new Meeting for a HTTP Post
   *
   * <p>- Requires a cookie for the session user - Requires a meetingId request parameter for a GET
   * - Requires description, createdByUserId, datepicker, meetingTime, groupId request parameters
   * for a POST
   *
   * @param req The HTTP Request
   * @param res The HTTP Response
   */
  public void meetingAction(HttpServletRequest req, HttpServletResponse res) {
    // Ensure there is a cookie for the session user
    if (AccountController.redirectIfNoCookie(req, res)) return;

    Map<String, Object> viewData = new HashMap<String, Object>();
    viewData.put("title", "Meeting");

    // Initialise Manager connections
    MeetingManager meetingMan = new MeetingManager();
    GroupManager groupMan = new GroupManager();

    if (req.getMethod() == HttpMethod.Get) {
      // Get request parameter
      int meetingId = Integer.parseInt(req.getParameter("meetingId"));
      Meeting meeting = meetingMan.get(meetingId);

      if (meeting != null) {

        List<User> meetingUsers = groupMan.getGroupUsers(meeting.getGroupId());
        viewData.put("meetingUsers", meetingUsers);
        viewData.put("meeting", meeting);
        view(req, res, "/views/group/Meeting.jsp", viewData);

      } else {
        httpNotFound(req, res);
      }
    } else if (req.getMethod() == HttpMethod.Post) {

      // Get details from request
      String description = req.getParameter("description");
      int createdByUserId = Integer.parseInt(req.getParameter("createdByUserId"));
      Date dateCreated = new Date();

      String meetingDate = req.getParameter("datepicker");
      String meetingTime = req.getParameter("meetingTime");

      // Parse meeting date time details
      DateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm");
      Date dateDue = new Date();
      try {
        dateDue = format.parse(meetingDate + " " + meetingTime);
      } catch (ParseException e) {
        // Unable to parse date. This shouldn't happen since we are
        // performing javascript validation.
      }

      int groupId = Integer.parseInt(req.getParameter("groupId"));

      // Create a Meeting
      Meeting meeting = new Meeting();
      meeting.setDescription(description);
      meeting.setCreatedByUserId(createdByUserId);
      meeting.setDateCreated(dateCreated);
      meeting.setDateDue(dateDue);
      meeting.setGroupId(groupId);

      meetingMan.createMeeting(meeting);
      int meetingId = meetingMan.getIdFor(meeting);
      meeting.setId(meetingId);

      UserManager userMan = new UserManager();
      User createdByUser = userMan.get(createdByUserId);

      // Create a notification for all users in group
      NotificationManager notificationMan = new NotificationManager();
      List<User> users = groupMan.getGroupUsers(groupId);

      for (User u : users) {
        Notification notification =
            new Notification(
                u.getId(),
                u,
                groupId,
                null,
                "Meeting " + description + " was created by " + createdByUser.getFullName(),
                "/group/meeting?meetingId=" + meetingId);
        notificationMan.createNotification(notification);
      }

      // Update the User Session to show new meeting
      HttpSession session = req.getSession();
      Session userSession = (Session) session.getAttribute("userSession");
      User admin = userSession.getUser();
      admin.getMeetings().add(meeting);

      // Show meeting page
      viewData.put("meetingUsers", users);
      viewData.put("meeting", meeting);
      view(req, res, "/views/group/Meeting.jsp", viewData);
    }
  }