/** * Setup common variables used by almost all templates. * * @param context SimpleHash The context to use * @param jforumContext JForumContext */ public void prepareTemplateContext(SimpleHash context, ForumContext jforumContext) { RequestContext request = JForumExecutionContext.getRequest(); context.put("karmaEnabled", SecurityRepository.canAccess(SecurityConstants.PERM_KARMA_ENABLED)); context.put("dateTimeFormat", SystemGlobals.getValue(ConfigKeys.DATE_TIME_FORMAT)); context.put("autoLoginEnabled", SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)); context.put( "sso", ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))); context.put("contextPath", request.getContextPath()); context.put("serverName", request.getServerName()); context.put("templateName", SystemGlobals.getValue(ConfigKeys.TEMPLATE_DIR)); context.put("extension", SystemGlobals.getValue(ConfigKeys.SERVLET_EXTENSION)); context.put("serverPort", Integer.toString(request.getServerPort())); context.put("I18n", I18n.getInstance()); context.put("version", SystemGlobals.getValue(ConfigKeys.VERSION)); context.put("forumTitle", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_TITLE)); context.put("pageTitle", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_TITLE)); context.put("metaKeywords", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_METATAG_KEYWORDS)); context.put( "metaDescription", SystemGlobals.getValue(ConfigKeys.FORUM_PAGE_METATAG_DESCRIPTION)); context.put("forumLink", SystemGlobals.getValue(ConfigKeys.FORUM_LINK)); context.put("homepageLink", SystemGlobals.getValue(ConfigKeys.HOMEPAGE_LINK)); context.put("encoding", SystemGlobals.getValue(ConfigKeys.ENCODING)); context.put( "bookmarksEnabled", SecurityRepository.canAccess(SecurityConstants.PERM_BOOKMARKS_ENABLED)); context.put( "canAccessModerationLog", SecurityRepository.canAccess(SecurityConstants.PERM_MODERATION_LOG)); context.put("JForumContext", jforumContext); context.put("timestamp", new Long(System.currentTimeMillis())); }
/** * Checks for user authentication using some SSO implementation * * @param userSession UserSession */ protected void checkSSO(UserSession userSession) { LOG.trace("checkSSO"); try { SSO sso = (SSO) Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance(); String username = sso.authenticateUser(JForumExecutionContext.getRequest()); if (username == null || username.trim().equals("")) { userSession.makeAnonymous(); } else { SSOUtils utils = new SSOUtils(); if (!utils.userExists(username)) { SessionContext session = JForumExecutionContext.getRequest().getSessionContext(); String email = (String) session.getAttribute(SystemGlobals.getValue(ConfigKeys.SSO_EMAIL_ATTRIBUTE)); String password = (String) session.getAttribute(SystemGlobals.getValue(ConfigKeys.SSO_PASSWORD_ATTRIBUTE)); if (email == null) { email = SystemGlobals.getValue(ConfigKeys.SSO_DEFAULT_EMAIL); } if (password == null) { password = SystemGlobals.getValue(ConfigKeys.SSO_DEFAULT_PASSWORD); } utils.register(password, email); } this.configureUserSession(userSession, utils.getUser()); } } catch (Exception e) { e.printStackTrace(); throw new ForumException("Error while executing SSO actions: " + e); } }
/** * Check if the logged user has access to the role. This method gets user's id from its session. * * @param roleName The role name to verify * @param value The value relacted to the role to verify for access * @return <code>true</code> if the user has access to the role, <code>false</code> if access is * denied */ public static boolean canAccess(String roleName, String value) { UserSession us = SessionFacade.getUserSession(); if (us == null) { logger.warn( "Found null userSession. Going anonymous. Session id #" + JForumExecutionContext.getRequest().getSessionContext().getId()); us = new UserSession(); us.makeAnonymous(); } return canAccess(us.getUserId(), roleName, value); }
/** * Gets a cookie by its name. * * @param name The cookie name to retrieve * @return The <code>Cookie</code> object if found, or <code>null</code> oterwhise */ public static Cookie getCookie(String name) { Cookie[] cookies = JForumExecutionContext.getRequest().getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals(name)) { return c; } } } return null; }
/** * Do a refresh in the user's session. This method will update the last visit time for the current * user, as well checking for authentication if the session is new or the SSO user has changed */ public void refreshSession() { LOG.trace("refreshSession"); UserSession userSession = SessionFacade.getUserSession(); RequestContext request = JForumExecutionContext.getRequest(); if (userSession == null) { userSession = new UserSession(); userSession.registerBasicInfo(); userSession.setSessionId(request.getSessionContext().getId()); userSession.setIp(request.getRemoteAddr()); SessionFacade.makeUnlogged(); if (!JForumExecutionContext.getForumContext().isBot()) { // Non-SSO authentications can use auto login if (!ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { if (SystemGlobals.getBoolValue(ConfigKeys.AUTO_LOGIN_ENABLED)) { this.checkAutoLogin(userSession); } else { userSession.makeAnonymous(); } } else { this.checkSSO(userSession); } } SessionFacade.add(userSession); } else if (ConfigKeys.TYPE_SSO.equals(SystemGlobals.getValue(ConfigKeys.AUTHENTICATION_TYPE))) { SSO sso; try { sso = (SSO) Class.forName(SystemGlobals.getValue(ConfigKeys.SSO_IMPLEMENTATION)).newInstance(); } catch (Exception e) { throw new ForumException(e); } // If SSO, then check if the session is valid if (!sso.isSessionValid(userSession, request)) { SessionFacade.remove(userSession.getSessionId()); refreshSession(); } } else { SessionFacade.getUserSession().updateSessionTime(); } }
/** @param u User */ private static void handleAvatar(User u) { LOG.trace("handleAvatar"); String fileName = MD5.crypt(Integer.toString(u.getId())); FileItem item = (FileItem) JForumExecutionContext.getRequest().getObjectParameter("avatar"); UploadUtils uploadUtils = new UploadUtils(item); // Gets file extension String extension = uploadUtils.getExtension().toLowerCase(); int type = ImageUtils.IMAGE_UNKNOWN; if (extension.equals("jpg") || extension.equals("jpeg")) { type = ImageUtils.IMAGE_JPEG; } else if (extension.equals("gif") || extension.equals("png")) { type = ImageUtils.IMAGE_PNG; } if (type != ImageUtils.IMAGE_UNKNOWN) { String avatarTmpFileName = SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "_tmp." + extension; // We cannot handle gifs if (extension.toLowerCase().equals("gif")) { extension = "png"; } String avatarFinalFileName = SystemGlobals.getApplicationPath() + "/images/avatar/" + fileName + "." + extension; uploadUtils.saveUploadedFile(avatarTmpFileName); // OK, time to check and process the avatar size int maxWidth = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH); int maxHeight = SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT); BufferedImage image = ImageUtils.resizeImage(avatarTmpFileName, type, maxWidth, maxHeight); ImageUtils.saveImage(image, avatarFinalFileName, type); u.setAvatar(fileName + "." + extension); // Delete the temporary file new File(avatarTmpFileName).delete(); } }
/** * Updates the user information * * @param userId int The user id we are saving * @return List */ public static List saveUser(int userId) { LOG.trace("saveUser"); List errors = new ArrayList(); UserDAO um = DataAccessDriver.getInstance().newUserDAO(); User u = um.selectById(userId); RequestContext request = JForumExecutionContext.getRequest(); boolean isAdmin = SessionFacade.getUserSession().isAdmin(); if (isAdmin) { String username = request.getParameter("username"); if (username != null) { u.setUsername(username.trim()); } if (request.getParameter("rank_special") != null) { u.setRankId(request.getIntParameter("rank_special")); } } SafeHtml safeHtml = new SafeHtml(); u.setId(userId); u.setIcq(safeHtml.makeSafe(request.getParameter("icq"))); u.setAim(safeHtml.makeSafe(request.getParameter("aim"))); u.setMsnm(safeHtml.makeSafe(request.getParameter("msn"))); u.setYim(safeHtml.makeSafe(request.getParameter("yim"))); u.setFrom(safeHtml.makeSafe(request.getParameter("location"))); u.setOccupation(safeHtml.makeSafe(request.getParameter("occupation"))); u.setInterests(safeHtml.makeSafe(request.getParameter("interests"))); u.setBiography(safeHtml.makeSafe(request.getParameter("biography"))); u.setSignature(safeHtml.makeSafe(request.getParameter("signature"))); u.setViewEmailEnabled(request.getParameter("viewemail").equals("1")); u.setViewOnlineEnabled(request.getParameter("hideonline").equals("0")); u.setNotifyPrivateMessagesEnabled(request.getParameter("notifypm").equals("1")); u.setNotifyOnMessagesEnabled(request.getParameter("notifyreply").equals("1")); u.setAttachSignatureEnabled(request.getParameter("attachsig").equals("1")); u.setHtmlEnabled(request.getParameter("allowhtml").equals("1")); u.setLang(request.getParameter("language")); u.setBbCodeEnabled("1".equals(request.getParameter("allowbbcode"))); u.setSmiliesEnabled("1".equals(request.getParameter("allowsmilies"))); u.setNotifyAlways("1".equals(request.getParameter("notify_always"))); u.setNotifyText("1".equals(request.getParameter("notify_text"))); String website = safeHtml.makeSafe(request.getParameter("website")); if (!StringUtils.isEmpty(website) && !website.toLowerCase().startsWith("http://")) { website = "http://" + website; } u.setWebSite(website); String currentPassword = request.getParameter("current_password"); boolean isCurrentPasswordEmpty = currentPassword == null || "".equals(currentPassword.trim()); if (isAdmin || !isCurrentPasswordEmpty) { if (!isCurrentPasswordEmpty) { currentPassword = MD5.crypt(currentPassword); } if (isAdmin || u.getPassword().equals(currentPassword)) { u.setEmail(safeHtml.makeSafe(request.getParameter("email"))); String newPassword = request.getParameter("new_password"); if (newPassword != null && newPassword.length() > 0) { u.setPassword(MD5.crypt(newPassword)); } } else { errors.add(I18n.getMessage("User.currentPasswordInvalid")); } } if (request.getParameter("avatardel") != null) { File avatarFile = new File(u.getAvatar()); File fileToDelete = new File(SystemGlobals.getApplicationPath() + "/images/avatar/" + avatarFile.getName()); if (fileToDelete.exists()) { fileToDelete.delete(); } u.setAvatar(null); } if (request.getObjectParameter("avatar") != null) { try { UserCommon.handleAvatar(u); } catch (Exception e) { UserCommon.LOG.warn("Problems while uploading the avatar: " + e); errors.add(I18n.getMessage("User.avatarUploadError")); } } else if (SystemGlobals.getBoolValue(ConfigKeys.AVATAR_ALLOW_EXTERNAL_URL)) { String avatarUrl = request.getParameter("avatarUrl"); if (!StringUtils.isEmpty(avatarUrl)) { if (avatarUrl.toLowerCase().startsWith("http://")) { try { Image image = ImageIO.read(new URL(avatarUrl)); if (image != null) { if (image.getWidth(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_WIDTH) || image.getHeight(null) > SystemGlobals.getIntValue(ConfigKeys.AVATAR_MAX_HEIGHT)) { errors.add(I18n.getMessage("User.avatarTooBig")); } else { u.setAvatar(avatarUrl); } } } catch (Exception e) { errors.add(I18n.getMessage("User.avatarUploadError")); } } else { errors.add(I18n.getMessage("User.avatarUrlShouldHaveHttp")); } } } if (errors.size() == 0) { um.update(u); if (SessionFacade.getUserSession().getUserId() == userId) { SessionFacade.getUserSession().setLang(u.getLang()); } } return errors; }