Ejemplo n.º 1
0
  @Util
  public static void PopupPassValidateCopy(String accion, Agente dbAgente, Agente agente) {
    CustomValidation.clearValidadas();
    if (secure.checkGrafico(
        "noEditable",
        "editable",
        accion,
        (Map<String, Long>) tags.TagMapStack.top("idParams"),
        null)) {
      CustomValidation.valid("agente", agente);
      dbAgente.username = agente.username;
    }

    CustomValidation.valid("agente", agente);
    CustomValidation.required("agente.verificacion", agente.verificacion);
    CustomValidation.required("agente.newpassword", agente.newpassword);
    CustomValidation.compare(agente.newpassword, params.get("agente_newpasswordcopy"));

    if (agente.verificacion != null) { // agente.verificación = contraseña actual
      if (dbAgente.password.equals(Crypto.passwordHash(agente.verificacion))) {
        dbAgente.password = Crypto.passwordHash(agente.newpassword);
        log.info("El usuario <" + dbAgente.username + "> ha modificado su contraseña");
      } else {
        Validation.addError("password", "Contraseña actual incorrecta");
      }
    }
    //		else {
    //			dbAgente.password = Crypto.passwordHash(agente.newpassword);
    //			log.info("El usuario <" + dbAgente.username + "> ha modificado su contraseña");
    //		}
  }
Ejemplo n.º 2
0
 public static User connect(String login, String password) {
   return find(
           "SELECT u FROM User u WHERE (u.email = ?1 OR u.username = ?1) and u.password = ?2",
           login,
           Crypto.passwordHash(password))
       .first();
 }
Ejemplo n.º 3
0
 public User(String email, String password, String username) {
   this.email = email;
   this.password = Crypto.passwordHash(password);
   this.username = username;
   Skins.setSkin(this.profile, "DEFAULT"); // set skin as default skin
   // this.education = new ArrayList<Enrollment>();
 }
Ejemplo n.º 4
0
  public static void authenticate(
      @Required String username, String password, String hash, boolean remember) throws Throwable {
    Boolean allowed = false;
    allowed = Security.authenticate(username, password);

    String redirectUrl = flash.get("url");

    if (validation.hasErrors() || !allowed) {
      flash.put("url", redirectUrl);

      flash.error("secure.error");
      params.flash();
      Secure.login();
    }

    session.put("username", username);

    if (remember) {
      response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
    }

    if (redirectUrl == null) redirectUrl = "/";

    if (hash != null) redirectUrl += hash;

    redirect(redirectUrl);
  }
Ejemplo n.º 5
0
 public static void hashPasswords() {
   List<User> users = User.findAll();
   for (User u : users) {
     u.password = Crypto.passwordHash(u.password);
     u.save();
   }
 }
Ejemplo n.º 6
0
    static Session restore() {
      try {
        Session session = new Session();
        Http.Cookie cookie = Http.Request.current().cookies.get(COOKIE_PREFIX + "_SESSION");
        final int duration = Time.parseDuration(COOKIE_EXPIRE);
        final long expiration = (duration * 1000l);

        if (cookie != null
            && Play.started
            && cookie.value != null
            && !cookie.value.trim().equals("")) {
          String value = cookie.value;
          int firstDashIndex = value.indexOf("-");
          if (firstDashIndex > -1) {
            String sign = value.substring(0, firstDashIndex);
            String data = value.substring(firstDashIndex + 1);
            if (CookieDataCodec.safeEquals(sign, Crypto.sign(data, Play.secretKey.getBytes()))) {
              CookieDataCodec.decode(session.data, data);
            }
          }
          if (COOKIE_EXPIRE != null) {
            // Verify that the session contains a timestamp, and that it's not expired
            if (!session.contains(TS_KEY)) {
              session = new Session();
            } else {
              if ((Long.parseLong(session.get(TS_KEY))) < System.currentTimeMillis()) {
                // Session expired
                session = new Session();
              }
            }
            session.put(TS_KEY, System.currentTimeMillis() + expiration);
          } else {
            // Just restored. Nothing changed. No cookie-expire.
            session.changed = false;
          }
        } else {
          // no previous cookie to restore; but we may have to set the timestamp in the new cookie
          if (COOKIE_EXPIRE != null) {
            session.put(TS_KEY, (System.currentTimeMillis() + expiration));
          }
        }

        return session;
      } catch (Exception e) {
        throw new UnexpectedException(
            "Corrupted HTTP session from " + Http.Request.current().remoteAddress, e);
      }
    }
Ejemplo n.º 7
0
 void save() {
   if (Http.Response.current() == null) {
     // Some request like WebSocket don't have any response
     return;
   }
   if (!changed && SESSION_SEND_ONLY_IF_CHANGED && COOKIE_EXPIRE == null) {
     // Nothing changed and no cookie-expire, consequently send nothing back.
     return;
   }
   if (isEmpty()) {
     // The session is empty: delete the cookie
     if (Http.Request.current().cookies.containsKey(COOKIE_PREFIX + "_SESSION")
         || !SESSION_SEND_ONLY_IF_CHANGED) {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION", "", null, "/", 0, COOKIE_SECURE, SESSION_HTTPONLY);
     }
     return;
   }
   try {
     String sessionData = CookieDataCodec.encode(data);
     String sign = Crypto.sign(sessionData, Play.secretKey.getBytes());
     if (COOKIE_EXPIRE == null) {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION",
               sign + "-" + sessionData,
               null,
               "/",
               null,
               COOKIE_SECURE,
               SESSION_HTTPONLY);
     } else {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION",
               sign + "-" + sessionData,
               null,
               "/",
               Time.parseDuration(COOKIE_EXPIRE),
               COOKIE_SECURE,
               SESSION_HTTPONLY);
     }
   } catch (Exception e) {
     throw new UnexpectedException("Session serializationProblem", e);
   }
 }
Ejemplo n.º 8
0
 public String getAuthenticityToken() {
   if (!data.containsKey(AT_KEY)) {
     data.put(AT_KEY, Crypto.sign(UUID.randomUUID().toString()));
   }
   return data.get(AT_KEY);
 }
Ejemplo n.º 9
0
 public static User connect(String email, String password) {
   return find("byEmailAndPassword", email, Crypto.passwordHash(password)).first();
 }
Ejemplo n.º 10
0
 /**
  * Hash a password using the OpenBSD bcrypt scheme. This can be used to check if a plain-text
  * password matches the encrypted and stored password value for this user.
  *
  * @param password The plain-text password to be hashed
  * @return a String that is the hashed value of the password.
  */
 private String hashPassword(String password) {
   return Crypto.encryptAES(BCrypt.hashpw(password, salt));
 }
Ejemplo n.º 11
0
  public static void inviteNewMember(
      @Required String nom,
      @Required String prenom,
      @Required String mail,
      @Required String langue) {

    try {
      String login = normalize(prenom) + '.' + normalize(nom);
      String url = "";
      String signature = "";
      String community = "Hypertopic";
      //
      String mailGodfather = "";
      String firstNameGodfather = "";
      String lastNameGodfather = "";
      int flag = -1;

      if (session.get("username").equals("admin")) {
        firstNameGodfather = "l'administrateur";
        mailGodfather = "Hypertopic Team <*****@*****.**>";
      } else {
        HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username"));
        mailGodfather = infos.get("mail");
        firstNameGodfather = infos.get("firstName");
        lastNameGodfather = infos.get("lastName");
        firstNameGodfather =
            firstNameGodfather.substring(0, 1).toUpperCase()
                + firstNameGodfather.substring(1).toLowerCase();
        lastNameGodfather =
            lastNameGodfather.substring(0, 1).toUpperCase()
                + lastNameGodfather.substring(1).toLowerCase();
      }
      flag = Invitation.verifyMaliciousPassword(login, mail);
      if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) {

        System.out.println("invitenewmember");
        try {
          url = "http://" + request.domain;
          if (request.port != 80) url += ":" + request.port;
          url +=
              "/inscription?firstname="
                  + URLEncoder.encode(prenom, "UTF-8")
                  + "&lastname="
                  + URLEncoder.encode(nom, "UTF-8")
                  + "&email="
                  + URLEncoder.encode(mail, "UTF-8");
          signature = Crypto.sign(prenom + nom + mail);
          url += "&signature=" + signature;
          System.out.println("url in inviteNewMember: " + url);
        } catch (UnsupportedEncodingException uee) {
          System.err.println(uee);
        }
        if (validation.hasErrors()) {
          render("Invitation/index.html");
        } else {
          if (renderArgs.get("domainName") != null) {
            community = renderArgs.get("domainName").toString();
          }

          System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer");
          if (langue.equals("fr")) {
            Mails.inviteFr(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          } else {
            Mails.inviteEn(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          }
          flash.success(Messages.get("invitation_success"));
          System.out.println("community: " + community);

          session.remove("nom");
          session.remove("prenom");
          session.remove("mail");
          Invitation.invitation();
        }

      } else {
        if (langue.equals("fr")) {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        } else {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        }

        Invitation.invitation();
      }
    } catch (Exception e) {
      System.out.println("An exception occurred in Invitation.inviteNewMember");
      e.printStackTrace();
      render("Invitation/index.html");
    }
  }