/** * * Login the user. parameters: username password appcode: the App Code (API KEY) login_data: * json serialized string containing info related to the device used by the user. In particular, * for push notification, must by supplied: deviceId os: (android|ios) * * @return * @throws SqlInjectionException * @throws IOException * @throws JsonProcessingException */ @With({NoUserCredentialWrapFilter.class}) public static Result login() throws SqlInjectionException, JsonProcessingException, IOException { String username = ""; String password = ""; String appcode = ""; String loginData = null; RequestBody body = request().body(); // BaasBoxLogger.debug ("Login called. The body is: {}", body); if (body == null) return badRequest( "missing data: is the body x-www-form-urlencoded or application/json? Detected: " + request().getHeader(CONTENT_TYPE)); Map<String, String[]> bodyUrlEncoded = body.asFormUrlEncoded(); if (bodyUrlEncoded != null) { if (bodyUrlEncoded.get("username") == null) return badRequest("The 'username' field is missing"); else username = bodyUrlEncoded.get("username")[0]; if (bodyUrlEncoded.get("password") == null) return badRequest("The 'password' field is missing"); else password = bodyUrlEncoded.get("password")[0]; if (bodyUrlEncoded.get("appcode") == null) return badRequest("The 'appcode' field is missing"); else appcode = bodyUrlEncoded.get("appcode")[0]; if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode); if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername()) || username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername())) return forbidden(username + " cannot login"); if (bodyUrlEncoded.get("login_data") != null) loginData = bodyUrlEncoded.get("login_data")[0]; if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData); } else { JsonNode bodyJson = body.asJson(); if (bodyJson == null) return badRequest( "missing data : is the body x-www-form-urlencoded or application/json? Detected: " + request().getHeader(CONTENT_TYPE)); if (bodyJson.get("username") == null) return badRequest("The 'username' field is missing"); else username = bodyJson.get("username").asText(); if (bodyJson.get("password") == null) return badRequest("The 'password' field is missing"); else password = bodyJson.get("password").asText(); if (bodyJson.get("appcode") == null) return badRequest("The 'appcode' field is missing"); else appcode = bodyJson.get("appcode").asText(); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode); if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername()) || username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername())) return forbidden(username + " cannot login"); if (bodyJson.get("login_data") != null) loginData = bodyJson.get("login_data").asText(); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData); } /* other useful parameter to receive and to store...*/ // validate user credentials ODatabaseRecordTx db = null; String user = null; try { db = DbHelper.open(appcode, username, password); user = prepareResponseToJson(UserService.getCurrentUser()); if (loginData != null) { JsonNode loginInfo = null; try { loginInfo = Json.parse(loginData); } catch (Exception e) { if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Error parsong login_data field"); if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug(ExceptionUtils.getFullStackTrace(e)); return badRequest("login_data field is not a valid json string"); } Iterator<Entry<String, JsonNode>> it = loginInfo.fields(); HashMap<String, Object> data = new HashMap<String, Object>(); while (it.hasNext()) { Entry<String, JsonNode> element = it.next(); String key = element.getKey(); Object value = element.getValue().asText(); data.put(key, value); } UserService.registerDevice(data); } } catch (OSecurityAccessException e) { if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized"); } catch (InvalidAppCodeException e) { if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized"); } finally { if (db != null && !db.isClosed()) db.close(); } ImmutableMap<SessionKeys, ? extends Object> sessionObject = SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password); response() .setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN)); ObjectMapper mapper = new ObjectMapper(); user = user.substring(0, user.lastIndexOf("}")) + ",\"" + SessionKeys.TOKEN.toString() + "\":\"" + (String) sessionObject.get(SessionKeys.TOKEN) + "\"}"; JsonNode jn = mapper.readTree(user); return ok(jn); }