@Override
protected String[] doLogin(HttpServletRequest request, HttpServletResponse response)
throws Exception {
long companyId = PortalUtil.getCompanyId(request);
if (!isEnabled(companyId)) {
return null;
}
String login = ParamUtil.getString(request, getLoginParam());
if (Validator.isNull(login)) {
return null;
}
String password = ParamUtil.getString(request, getPasswordParam());
if (Validator.isNull(password)) {
return null;
}
Company company = PortalUtil.getCompany(request);
String authType = company.getAuthType();
long userId = 0;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
userId = _userLocalService.getUserIdByEmailAddress(company.getCompanyId(), login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
userId = _userLocalService.getUserIdByScreenName(company.getCompanyId(), login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
userId = GetterUtil.getLong(login);
} else {
return null;
}
if (userId > 0) {
User user = _userLocalService.getUserById(userId);
String userPassword = user.getPassword();
if (!user.isPasswordEncrypted()) {
userPassword = PasswordEncryptorUtil.encrypt(userPassword);
}
String encPassword = PasswordEncryptorUtil.encrypt(password, userPassword);
if (!userPassword.equals(password) && !userPassword.equals(encPassword)) {
return null;
}
}
String[] credentials =
new String[] {String.valueOf(userId), password, Boolean.FALSE.toString()};
return credentials;
}
protected void testEncrypt(String algorithm, String plainTextPassword, String encryptedPassword)
throws Exception {
Assert.assertEquals(
encryptedPassword,
PasswordEncryptorUtil.encrypt(algorithm, plainTextPassword, encryptedPassword));
}
protected void testEncrypt(String algorithm) throws Exception {
String password = "******";
String encrypted = PasswordEncryptorUtil.encrypt(algorithm, password, null);
testEncrypt(algorithm, password, encrypted);
}
protected void testEncryptFailure(
String algorithm, String plainTextPassword, String encryptedPassword) {
try {
PasswordEncryptorUtil.encrypt(algorithm, plainTextPassword, encryptedPassword);
Assert.fail();
} catch (Exception e) {
}
}
@Before
public void setUp() {
DigesterUtil digesterUtil = new DigesterUtil();
digesterUtil.setDigester(new DigesterImpl());
PasswordEncryptorUtil passwordEncryptorUtil = new PasswordEncryptorUtil();
CompositePasswordEncryptor compositePasswordEncryptor = new CompositePasswordEncryptor();
compositePasswordEncryptor.setDefaultPasswordEncryptor(new DefaultPasswordEncryptor());
List<PasswordEncryptor> passwordEncryptors = new ArrayList<>();
passwordEncryptors.add(new BCryptPasswordEncryptor());
passwordEncryptors.add(new CryptPasswordEncryptor());
passwordEncryptors.add(new NullPasswordEncryptor());
passwordEncryptors.add(new PBKDF2PasswordEncryptor());
passwordEncryptors.add(new SSHAPasswordEncryptor());
compositePasswordEncryptor.setPasswordEncryptors(passwordEncryptors);
passwordEncryptorUtil.setPasswordEncryptor(compositePasswordEncryptor);
}