コード例 #1
0
ファイル: PodbaseSecure.java プロジェクト: julianh2o/Podbase
  public static void authenticate(
      @Required String username, String password, String hash, boolean remember) throws Throwable {
    Boolean allowed = false;
    allowed = Security.authenticate(username, password);

    String redirectUrl = flash.get("url");

    if (validation.hasErrors() || !allowed) {
      flash.put("url", redirectUrl);

      flash.error("secure.error");
      params.flash();
      Secure.login();
    }

    session.put("username", username);

    if (remember) {
      response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
    }

    if (redirectUrl == null) redirectUrl = "/";

    if (hash != null) redirectUrl += hash;

    redirect(redirectUrl);
  }
コード例 #2
0
ファイル: Scope.java プロジェクト: playone/playone
    static Session restore() {
      try {
        Session session = new Session();
        Http.Cookie cookie = Http.Request.current().cookies.get(COOKIE_PREFIX + "_SESSION");
        final int duration = Time.parseDuration(COOKIE_EXPIRE);
        final long expiration = (duration * 1000l);

        if (cookie != null
            && Play.started
            && cookie.value != null
            && !cookie.value.trim().equals("")) {
          String value = cookie.value;
          int firstDashIndex = value.indexOf("-");
          if (firstDashIndex > -1) {
            String sign = value.substring(0, firstDashIndex);
            String data = value.substring(firstDashIndex + 1);
            if (CookieDataCodec.safeEquals(sign, Crypto.sign(data, Play.secretKey.getBytes()))) {
              CookieDataCodec.decode(session.data, data);
            }
          }
          if (COOKIE_EXPIRE != null) {
            // Verify that the session contains a timestamp, and that it's not expired
            if (!session.contains(TS_KEY)) {
              session = new Session();
            } else {
              if ((Long.parseLong(session.get(TS_KEY))) < System.currentTimeMillis()) {
                // Session expired
                session = new Session();
              }
            }
            session.put(TS_KEY, System.currentTimeMillis() + expiration);
          } else {
            // Just restored. Nothing changed. No cookie-expire.
            session.changed = false;
          }
        } else {
          // no previous cookie to restore; but we may have to set the timestamp in the new cookie
          if (COOKIE_EXPIRE != null) {
            session.put(TS_KEY, (System.currentTimeMillis() + expiration));
          }
        }

        return session;
      } catch (Exception e) {
        throw new UnexpectedException(
            "Corrupted HTTP session from " + Http.Request.current().remoteAddress, e);
      }
    }
コード例 #3
0
ファイル: Scope.java プロジェクト: playone/playone
 void save() {
   if (Http.Response.current() == null) {
     // Some request like WebSocket don't have any response
     return;
   }
   if (!changed && SESSION_SEND_ONLY_IF_CHANGED && COOKIE_EXPIRE == null) {
     // Nothing changed and no cookie-expire, consequently send nothing back.
     return;
   }
   if (isEmpty()) {
     // The session is empty: delete the cookie
     if (Http.Request.current().cookies.containsKey(COOKIE_PREFIX + "_SESSION")
         || !SESSION_SEND_ONLY_IF_CHANGED) {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION", "", null, "/", 0, COOKIE_SECURE, SESSION_HTTPONLY);
     }
     return;
   }
   try {
     String sessionData = CookieDataCodec.encode(data);
     String sign = Crypto.sign(sessionData, Play.secretKey.getBytes());
     if (COOKIE_EXPIRE == null) {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION",
               sign + "-" + sessionData,
               null,
               "/",
               null,
               COOKIE_SECURE,
               SESSION_HTTPONLY);
     } else {
       Http.Response.current()
           .setCookie(
               COOKIE_PREFIX + "_SESSION",
               sign + "-" + sessionData,
               null,
               "/",
               Time.parseDuration(COOKIE_EXPIRE),
               COOKIE_SECURE,
               SESSION_HTTPONLY);
     }
   } catch (Exception e) {
     throw new UnexpectedException("Session serializationProblem", e);
   }
 }
コード例 #4
0
ファイル: Scope.java プロジェクト: playone/playone
 public String getAuthenticityToken() {
   if (!data.containsKey(AT_KEY)) {
     data.put(AT_KEY, Crypto.sign(UUID.randomUUID().toString()));
   }
   return data.get(AT_KEY);
 }
コード例 #5
0
ファイル: Invitation.java プロジェクト: saoutal/Dolomite
  public static void inviteNewMember(
      @Required String nom,
      @Required String prenom,
      @Required String mail,
      @Required String langue) {

    try {
      String login = normalize(prenom) + '.' + normalize(nom);
      String url = "";
      String signature = "";
      String community = "Hypertopic";
      //
      String mailGodfather = "";
      String firstNameGodfather = "";
      String lastNameGodfather = "";
      int flag = -1;

      if (session.get("username").equals("admin")) {
        firstNameGodfather = "l'administrateur";
        mailGodfather = "Hypertopic Team <*****@*****.**>";
      } else {
        HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username"));
        mailGodfather = infos.get("mail");
        firstNameGodfather = infos.get("firstName");
        lastNameGodfather = infos.get("lastName");
        firstNameGodfather =
            firstNameGodfather.substring(0, 1).toUpperCase()
                + firstNameGodfather.substring(1).toLowerCase();
        lastNameGodfather =
            lastNameGodfather.substring(0, 1).toUpperCase()
                + lastNameGodfather.substring(1).toLowerCase();
      }
      flag = Invitation.verifyMaliciousPassword(login, mail);
      if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) {

        System.out.println("invitenewmember");
        try {
          url = "http://" + request.domain;
          if (request.port != 80) url += ":" + request.port;
          url +=
              "/inscription?firstname="
                  + URLEncoder.encode(prenom, "UTF-8")
                  + "&lastname="
                  + URLEncoder.encode(nom, "UTF-8")
                  + "&email="
                  + URLEncoder.encode(mail, "UTF-8");
          signature = Crypto.sign(prenom + nom + mail);
          url += "&signature=" + signature;
          System.out.println("url in inviteNewMember: " + url);
        } catch (UnsupportedEncodingException uee) {
          System.err.println(uee);
        }
        if (validation.hasErrors()) {
          render("Invitation/index.html");
        } else {
          if (renderArgs.get("domainName") != null) {
            community = renderArgs.get("domainName").toString();
          }

          System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer");
          if (langue.equals("fr")) {
            Mails.inviteFr(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          } else {
            Mails.inviteEn(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          }
          flash.success(Messages.get("invitation_success"));
          System.out.println("community: " + community);

          session.remove("nom");
          session.remove("prenom");
          session.remove("mail");
          Invitation.invitation();
        }

      } else {
        if (langue.equals("fr")) {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        } else {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        }

        Invitation.invitation();
      }
    } catch (Exception e) {
      System.out.println("An exception occurred in Invitation.inviteNewMember");
      e.printStackTrace();
      render("Invitation/index.html");
    }
  }