Exemple #1
0
  /**
   * Setup common variables used by almost all templates.
   *
   * @param context SimpleHash The context to use
   * @param jforumContext JForumContext
   */
  public void prepareTemplateContext(SimpleHash context, ForumContext jforumContext) {
    RequestContext request = JForumExecutionContext.getRequest();

    context.put("karmaEnabled", SecurityRepository.canAccess(SecurityConstants.PERM_KARMA_ENABLED));
    context.put("dateTimeFormat", SystemGlobals.getValue(ConfigKeys.DATE_TIME_FORMAT));
    context.put("autoLoginEnabled", SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED));
    context.put(
        "sso", ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE)));
    context.put("contextPath", request.getContextPath());
    context.put("serverName", request.getServerName());
    context.put("templateName", SystemGlobals.getValue(ConfigKeys.TEMPLATE_DIR));
    context.put("extension", SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION));
    context.put("serverPort", Integer.toString(request.getServerPort()));
    context.put("I18n", I18n.getInstance());
    context.put("version", SystemGlobals.getValue(ConfigKeys.VERSION));
    context.put("forumTitle", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_TITLE));
    context.put("pageTitle", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_TITLE));
    context.put("metaKeywords", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_METATAG_KEYWORDS));
    context.put(
        "metaDescription", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_METATAG_DESCRIPTION));
    context.put("forumLink", SystemGlobals.getValue(ConfigKeys.FORUM_LINK));
    context.put("homepageLink", SystemGlobals.getValue(ConfigKeys.HOMEPAGE_LINK));
    context.put("encoding", SystemGlobals.getValue(ConfigKeys.ENCODING));
    context.put(
        "bookmarksEnabled", SecurityRepository.canAccess(SecurityConstants.PERM_BOOKMARKS_ENABLED));
    context.put(
        "canAccessModerationLog",
        SecurityRepository.canAccess(SecurityConstants.PERM_MODERATION_LOG));
    context.put("JForumContext", jforumContext);
    context.put("timestamp", new Long(System.currentTimeMillis()));
  }
Exemple #2
0
  /**
   * Checks for user authentication using some SSO implementation
   *
   * @param userSession UserSession
   */
  protected void checkSSO(UserSession userSession) {

    LOG.trace("checkSSO");
    try {
      SSO sso =
          (SSO) Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance();
      String username = sso.authenticateUser(JForumExecutionContext.getRequest());

      if (username == null || username.trim().equals("")) {
        userSession.makeAnonymous();
      } else {
        SSOUtils utils = new SSOUtils();

        if (!utils.userExists(username)) {
          SessionContext session = JForumExecutionContext.getRequest().getSessionContext();

          String email =
              (String) session.getAttribute(SystemGlobals.getValue(ConfigKeys.SSO_EMAIL_ATTRIBUTE));
          String password =
              (String)
                  session.getAttribute(SystemGlobals.getValue(ConfigKeys.SSO_PASSWORD_ATTRIBUTE));

          if (email == null) {
            email = SystemGlobals.getValue(ConfigKeys.SSO_DEFAULT_EMAIL);
          }

          if (password == null) {
            password = SystemGlobals.getValue(ConfigKeys.SSO_DEFAULT_PASSWORD);
          }

          utils.register(password, email);
        }

        this.configureUserSession(userSession, utils.getUser());
      }
    } catch (Exception e) {
      e.printStackTrace();
      throw new ForumException("Error while executing SSO actions: " + e);
    }
  }
Exemple #3
0
  /**
   * Check if the logged user has access to the role. This method gets user's id from its session.
   *
   * @param roleName The role name to verify
   * @param value The value relacted to the role to verify for access
   * @return <code>true</code> if the user has access to the role, <code>false</code> if access is
   *     denied
   */
  public static boolean canAccess(String roleName, String value) {
    UserSession us = SessionFacade.getUserSession();

    if (us == null) {
      logger.warn(
          "Found null userSession. Going anonymous. Session id #"
              + JForumExecutionContext.getRequest().getSessionContext().getId());
      us = new UserSession();
      us.makeAnonymous();
    }

    return canAccess(us.getUserId(), roleName, value);
  }
Exemple #4
0
  /**
   * Gets a cookie by its name.
   *
   * @param name The cookie name to retrieve
   * @return The <code>Cookie</code> object if found, or <code>null</code> oterwhise
   */
  public static Cookie getCookie(String name) {
    Cookie[] cookies = JForumExecutionContext.getRequest().getCookies();

    if (cookies != null) {
      for (int i = 0; i < cookies.length; i++) {
        Cookie c = cookies[i];

        if (c.getName().equals(name)) {
          return c;
        }
      }
    }

    return null;
  }
Exemple #5
0
  /**
   * Do a refresh in the user's session. This method will update the last visit time for the current
   * user, as well checking for authentication if the session is new or the SSO user has changed
   */
  public void refreshSession() {

    LOG.trace("refreshSession");
    UserSession userSession = SessionFacade.getUserSession();
    RequestContext request = JForumExecutionContext.getRequest();

    if (userSession == null) {
      userSession = new UserSession();
      userSession.registerBasicInfo();
      userSession.setSessionId(request.getSessionContext().getId());
      userSession.setIp(request.getRemoteAddr());
      SessionFacade.makeUnlogged();

      if (!JForumExecutionContext.getForumContext().isBot()) {
        // Non-SSO authentications can use auto login
        if (!ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
          if (SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) {
            this.checkAutoLogin(userSession);
          } else {
            userSession.makeAnonymous();
          }
        } else {
          this.checkSSO(userSession);
        }
      }

      SessionFacade.add(userSession);
    } else if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) {
      SSO sso;

      try {
        sso =
            (SSO)
                Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance();
      } catch (Exception e) {
        throw new ForumException(e);
      }

      // If SSO, then check if the session is valid
      if (!sso.isSessionValid(userSession, request)) {
        SessionFacade.remove(userSession.getSessionId());
        refreshSession();
      }
    } else {
      SessionFacade.getUserSession().updateSessionTime();
    }
  }
Exemple #6
0
  /** @param u User */
  private static void handleAvatar(User u) {

    LOG.trace("handleAvatar");
    String fileName = MD5.crypt(Integer.toString(u.getId()));
    FileItem item = (FileItem) JForumExecutionContext.getRequest().getObjectParameter("avatar");
    UploadUtils uploadUtils = new UploadUtils(item);

    // Gets file extension
    String extension = uploadUtils.getExtension().toLowerCase();
    int type = ImageUtils.IMAGE_UNKNOWN;

    if (extension.equals("jpg") || extension.equals("jpeg")) {
      type = ImageUtils.IMAGE_JPEG;
    } else if (extension.equals("gif") || extension.equals("png")) {
      type = ImageUtils.IMAGE_PNG;
    }

    if (type != ImageUtils.IMAGE_UNKNOWN) {
      String avatarTmpFileName =
          SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "_tmp." + extension;

      // We cannot handle gifs
      if (extension.toLowerCase().equals("gif")) {
        extension = "png";
      }

      String avatarFinalFileName =
          SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "." + extension;

      uploadUtils.saveUploadedFile(avatarTmpFileName);

      // OK, time to check and process the avatar size
      int maxWidth = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH);
      int maxHeight = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT);

      BufferedImage image = ImageUtils.resizeImage(avatarTmpFileName, type, maxWidth, maxHeight);
      ImageUtils.saveImage(image, avatarFinalFileName, type);

      u.setAvatar(fileName + "." + extension);

      // Delete the temporary file
      new File(avatarTmpFileName).delete();
    }
  }
Exemple #7
0
  /**
   * Updates the user information
   *
   * @param userId int The user id we are saving
   * @return List
   */
  public static List saveUser(int userId) {

    LOG.trace("saveUser");
    List errors = new ArrayList();

    UserDAO um = DataAccessDriver.getInstance().newUserDAO();
    User u = um.selectById(userId);

    RequestContext request = JForumExecutionContext.getRequest();
    boolean isAdmin = SessionFacade.getUserSession().isAdmin();

    if (isAdmin) {
      String username = request.getParameter("username");

      if (username != null) {
        u.setUsername(username.trim());
      }

      if (request.getParameter("rank_special") != null) {
        u.setRankId(request.getIntParameter("rank_special"));
      }
    }

    SafeHtml safeHtml = new SafeHtml();

    u.setId(userId);
    u.setIcq(safeHtml.makeSafe(request.getParameter("icq")));
    u.setAim(safeHtml.makeSafe(request.getParameter("aim")));
    u.setMsnm(safeHtml.makeSafe(request.getParameter("msn")));
    u.setYim(safeHtml.makeSafe(request.getParameter("yim")));
    u.setFrom(safeHtml.makeSafe(request.getParameter("location")));
    u.setOccupation(safeHtml.makeSafe(request.getParameter("occupation")));
    u.setInterests(safeHtml.makeSafe(request.getParameter("interests")));
    u.setBiography(safeHtml.makeSafe(request.getParameter("biography")));
    u.setSignature(safeHtml.makeSafe(request.getParameter("signature")));
    u.setViewEmailEnabled(request.getParameter("viewemail").equals("1"));
    u.setViewOnlineEnabled(request.getParameter("hideonline").equals("0"));
    u.setNotifyPrivateMessagesEnabled(request.getParameter("notifypm").equals("1"));
    u.setNotifyOnMessagesEnabled(request.getParameter("notifyreply").equals("1"));
    u.setAttachSignatureEnabled(request.getParameter("attachsig").equals("1"));
    u.setHtmlEnabled(request.getParameter("allowhtml").equals("1"));
    u.setLang(request.getParameter("language"));
    u.setBbCodeEnabled("1".equals(request.getParameter("allowbbcode")));
    u.setSmiliesEnabled("1".equals(request.getParameter("allowsmilies")));
    u.setNotifyAlways("1".equals(request.getParameter("notify_always")));
    u.setNotifyText("1".equals(request.getParameter("notify_text")));

    String website = safeHtml.makeSafe(request.getParameter("website"));

    if (!StringUtils.isEmpty(website) && !website.toLowerCase().startsWith("http://")) {
      website = "http://" + website;
    }

    u.setWebSite(website);

    String currentPassword = request.getParameter("current_password");
    boolean isCurrentPasswordEmpty = currentPassword == null || "".equals(currentPassword.trim());

    if (isAdmin || !isCurrentPasswordEmpty) {
      if (!isCurrentPasswordEmpty) {
        currentPassword = MD5.crypt(currentPassword);
      }

      if (isAdmin || u.getPassword().equals(currentPassword)) {
        u.setEmail(safeHtml.makeSafe(request.getParameter("email")));

        String newPassword = request.getParameter("new_password");

        if (newPassword != null && newPassword.length() > 0) {
          u.setPassword(MD5.crypt(newPassword));
        }
      } else {
        errors.add(I18n.getMessage("User.currentPasswordInvalid"));
      }
    }

    if (request.getParameter("avatardel") != null) {
      File avatarFile = new File(u.getAvatar());

      File fileToDelete =
          new File(SystemGlobals.getApplicationPath() + "/images/avatar/" + avatarFile.getName());

      if (fileToDelete.exists()) {
        fileToDelete.delete();
      }

      u.setAvatar(null);
    }

    if (request.getObjectParameter("avatar") != null) {
      try {
        UserCommon.handleAvatar(u);
      } catch (Exception e) {
        UserCommon.LOG.warn("Problems while uploading the avatar: " + e);
        errors.add(I18n.getMessage("User.avatarUploadError"));
      }
    } else if (SystemGlobals.getBoolValue(ConfigKeys.AVATAR_ALLOW_EXTERNAL_URL)) {
      String avatarUrl = request.getParameter("avatarUrl");

      if (!StringUtils.isEmpty(avatarUrl)) {
        if (avatarUrl.toLowerCase().startsWith("http://")) {

          try {
            Image image = ImageIO.read(new URL(avatarUrl));

            if (image != null) {
              if (image.getWidth(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH)
                  || image.getHeight(null)
                      > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT)) {
                errors.add(I18n.getMessage("User.avatarTooBig"));
              } else {
                u.setAvatar(avatarUrl);
              }
            }
          } catch (Exception e) {
            errors.add(I18n.getMessage("User.avatarUploadError"));
          }
        } else {
          errors.add(I18n.getMessage("User.avatarUrlShouldHaveHttp"));
        }
      }
    }

    if (errors.size() == 0) {
      um.update(u);

      if (SessionFacade.getUserSession().getUserId() == userId) {
        SessionFacade.getUserSession().setLang(u.getLang());
      }
    }

    return errors;
  }