/**
* Special login method - it cannot be assumed that the database schema is unchanged, so do not
* use standard methods.
*/
public static boolean login(String username, String password) throws WikiException {
WikiVersion oldVersion =
new WikiVersion(Environment.getValue(Environment.PROP_BASE_WIKI_VERSION));
if (!oldVersion.before(0, 7, 0)) {
try {
return (WikiBase.getDataHandler().authenticate(username, password));
} catch (DataAccessException e) {
logger.severe("Unable to authenticate user during upgrade", e);
throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
}
}
try {
Connection conn = DatabaseConnection.getConnection();
WikiPreparedStatement stmt =
new WikiPreparedStatement(
"select 1 from jam_wiki_user_info where login = ? and encoded_password = ?");
if (!StringUtils.isBlank(password)) {
password = Encryption.encrypt(password);
}
stmt.setString(1, username);
stmt.setString(2, password);
WikiResultSet rs = stmt.executeQuery(conn);
return (rs.size() > 0);
} catch (SQLException e) {
logger.severe("Database failure while authenticating user", e);
throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
}
}
private void setProperties(HttpServletRequest request, ModelAndView next) throws Exception {
Environment.setValue(
Environment.PROP_BASE_FILE_DIR, request.getParameter(Environment.PROP_BASE_FILE_DIR));
Environment.setValue(
Environment.PROP_FILE_DIR_FULL_PATH,
request.getParameter(Environment.PROP_FILE_DIR_FULL_PATH));
Environment.setValue(
Environment.PROP_FILE_DIR_RELATIVE_PATH,
request.getParameter(Environment.PROP_FILE_DIR_RELATIVE_PATH));
Environment.setValue(
Environment.PROP_BASE_PERSISTENCE_TYPE,
request.getParameter(Environment.PROP_BASE_PERSISTENCE_TYPE));
if (Environment.getValue(Environment.PROP_BASE_PERSISTENCE_TYPE)
.equals(WikiBase.PERSISTENCE_EXTERNAL)) {
Environment.setValue(
Environment.PROP_DB_DRIVER, request.getParameter(Environment.PROP_DB_DRIVER));
Environment.setValue(
Environment.PROP_DB_TYPE, request.getParameter(Environment.PROP_DB_TYPE));
Environment.setValue(Environment.PROP_DB_URL, request.getParameter(Environment.PROP_DB_URL));
Environment.setValue(
Environment.PROP_DB_USERNAME, request.getParameter(Environment.PROP_DB_USERNAME));
Encryption.setEncryptedProperty(
Environment.PROP_DB_PASSWORD, request.getParameter(Environment.PROP_DB_PASSWORD), null);
next.addObject("dbPassword", request.getParameter(Environment.PROP_DB_PASSWORD));
} else {
WikiDatabase.setupDefaultDatabase(Environment.getInstance());
}
Environment.setValue(Environment.PROP_FILE_SERVER_URL, Utilities.getServerUrl(request));
Environment.setValue(Environment.PROP_SERVER_URL, Utilities.getServerUrl(request));
}
protected PasswordAuthentication getPasswordAuthentication() {
PasswordAuthentication passwordAuthentication =
new PasswordAuthentication(
Environment.getValue(Environment.PROP_EMAIL_SMTP_USERNAME),
Encryption.getEncryptedProperty(Environment.PROP_EMAIL_SMTP_PASSWORD, null));
if (logger.isDebugEnabled()) {
logger.debug("Authenticating with: " + passwordAuthentication);
}
return passwordAuthentication;
}
private boolean previousInstall() {
String driver = Environment.getValue(Environment.PROP_DB_DRIVER);
String url = Environment.getValue(Environment.PROP_DB_URL);
String userName = Environment.getValue(Environment.PROP_DB_USERNAME);
String password = Encryption.getEncryptedProperty(Environment.PROP_DB_PASSWORD, null);
try {
DatabaseConnection.testDatabase(driver, url, userName, password, true);
} catch (Exception e) {
// no previous database, all good
return false;
}
return true;
}
private static void setPassword(
Properties props,
HttpServletRequest request,
ModelAndView next,
String parameter,
String passwordParam)
throws Exception {
if (StringUtils.hasText(request.getParameter(parameter))) {
String value = request.getParameter(parameter);
Encryption.setEncryptedProperty(parameter, value, props);
next.addObject(passwordParam, request.getParameter(parameter));
} else {
props.setProperty(parameter, Environment.getValue(parameter));
}
}
// FIXME - shouldn't need to pass in response
private boolean register(
HttpServletRequest request,
HttpServletResponse response,
ModelAndView next,
WikiPageInfo pageInfo)
throws Exception {
pageInfo.setSpecial(true);
pageInfo.setAction(WikiPageInfo.ACTION_REGISTER);
pageInfo.setPageTitle(new WikiMessage("register.title"));
String virtualWikiName = JAMWikiServlet.getVirtualWikiFromURI(request);
WikiUser user = new WikiUser();
String userIdString = request.getParameter("userId");
if (StringUtils.hasText(userIdString)) {
int userId = new Integer(userIdString).intValue();
if (userId > 0) user = WikiBase.getHandler().lookupWikiUser(userId);
}
user.setLogin(request.getParameter("login"));
user.setDisplayName(request.getParameter("displayName"));
user.setEmail(request.getParameter("email"));
String newPassword = request.getParameter("newPassword");
if (StringUtils.hasText(newPassword)) {
user.setEncodedPassword(Encryption.encrypt(newPassword));
}
// FIXME - need to distinguish between add & update
user.setCreateIpAddress(request.getRemoteAddr());
user.setLastLoginIpAddress(request.getRemoteAddr());
next.addObject("newuser", user);
Vector errors = validate(request, user);
if (errors.size() > 0) {
next.addObject("errors", errors);
String oldPassword = request.getParameter("oldPassword");
String confirmPassword = request.getParameter("confirmPassword");
if (oldPassword != null) next.addObject("oldPassword", oldPassword);
if (newPassword != null) next.addObject("newPassword", newPassword);
if (confirmPassword != null) next.addObject("confirmPassword", confirmPassword);
return false;
} else {
WikiBase.getHandler().writeWikiUser(user);
request.getSession().setAttribute(JAMWikiServlet.PARAMETER_USER, user);
VirtualWiki virtualWiki = WikiBase.getHandler().lookupVirtualWiki(virtualWikiName);
String topic = virtualWiki.getDefaultTopicName();
String redirect =
LinkUtil.buildInternalLinkUrl(request.getContextPath(), virtualWikiName, topic);
// FIXME - can a redirect be done with Spring?
redirect(redirect, response);
return true;
}
}
private boolean initialize(HttpServletRequest request, ModelAndView next, WikiPageInfo pageInfo)
throws Exception {
setProperties(request, next);
WikiUser user = setAdminUser(request);
List<WikiMessage> errors = validate(request, user);
if (!errors.isEmpty()) {
this.view(request, next, pageInfo);
next.addObject("errors", errors);
next.addObject("username", user.getUsername());
next.addObject("newPassword", request.getParameter("newPassword"));
next.addObject("confirmPassword", request.getParameter("confirmPassword"));
return false;
}
if (previousInstall() && request.getParameter("override") == null) {
// user is trying to do a new install when a previous installation exists
next.addObject("upgrade", "true");
next.addObject("username", user.getUsername());
next.addObject("newPassword", request.getParameter("newPassword"));
next.addObject("confirmPassword", request.getParameter("confirmPassword"));
return false;
}
Environment.setBooleanValue(Environment.PROP_BASE_INITIALIZED, true);
Environment.setValue(Environment.PROP_BASE_WIKI_VERSION, WikiVersion.CURRENT_WIKI_VERSION);
String username = request.getParameter("username");
String newPassword = request.getParameter("newPassword");
String encryptedPassword = Encryption.encrypt(newPassword);
WikiBase.reset(request.getLocale(), user, username, encryptedPassword);
JAMWikiAuthenticationConfiguration.resetJamwikiAnonymousAuthorities();
JAMWikiAuthenticationConfiguration.resetDefaultGroupRoles();
Environment.saveProperties();
// the setup process does not add new topics to the index (currently)
// TODO - remove this once setup uses safe connection handling
WikiBase.getSearchEngine().refreshIndex();
// force current user credentials to be removed and re-validated.
SecurityContextHolder.clearContext();
return true;
}
/**
* Encrypt and set a property value.
*
* @param name The name of the encrypted property being retrieved.
* @value The enencrypted value of the property.
*/
public static void setEncryptedProperty(String name, String value) throws Exception {
value = Encryption.encrypt(value);
Environment.setValue(name, value);
}
/**
* If a property value is encrypted, return the unencrypted value.
*
* @param name The name of the encrypted property being retrieved.
* @return The unencrypted value of the property.
*/
public static String getEncryptedProperty(String name) {
return Encryption.decrypt(Environment.getValue(name));
}
