@Override
protected String[] doLogin(HttpServletRequest request, HttpServletResponse response)
throws Exception {
long companyId = PortalUtil.getCompanyId(request);
if (!isEnabled(companyId)) {
return null;
}
String login = ParamUtil.getString(request, getLoginParam());
if (Validator.isNull(login)) {
return null;
}
String password = ParamUtil.getString(request, getPasswordParam());
if (Validator.isNull(password)) {
return null;
}
Company company = PortalUtil.getCompany(request);
String authType = company.getAuthType();
long userId = 0;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
userId = _userLocalService.getUserIdByEmailAddress(company.getCompanyId(), login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
userId = _userLocalService.getUserIdByScreenName(company.getCompanyId(), login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
userId = GetterUtil.getLong(login);
} else {
return null;
}
if (userId > 0) {
User user = _userLocalService.getUserById(userId);
String userPassword = user.getPassword();
if (!user.isPasswordEncrypted()) {
userPassword = PasswordEncryptorUtil.encrypt(userPassword);
}
String encPassword = PasswordEncryptorUtil.encrypt(password, userPassword);
if (!userPassword.equals(password) && !userPassword.equals(encPassword)) {
return null;
}
}
String[] credentials =
new String[] {String.valueOf(userId), password, Boolean.FALSE.toString()};
return credentials;
}
