/**
* Special login method - it cannot be assumed that the database schema is unchanged, so do not
* use standard methods.
*/
public static boolean login(String username, String password) throws WikiException {
WikiVersion oldVersion =
new WikiVersion(Environment.getValue(Environment.PROP_BASE_WIKI_VERSION));
if (!oldVersion.before(0, 7, 0)) {
try {
return (WikiBase.getDataHandler().authenticate(username, password));
} catch (DataAccessException e) {
logger.severe("Unable to authenticate user during upgrade", e);
throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
}
}
try {
Connection conn = DatabaseConnection.getConnection();
WikiPreparedStatement stmt =
new WikiPreparedStatement(
"select 1 from jam_wiki_user_info where login = ? and encoded_password = ?");
if (!StringUtils.isBlank(password)) {
password = Encryption.encrypt(password);
}
stmt.setString(1, username);
stmt.setString(2, password);
WikiResultSet rs = stmt.executeQuery(conn);
return (rs.size() > 0);
} catch (SQLException e) {
logger.severe("Database failure while authenticating user", e);
throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage()));
}
}
// FIXME - shouldn't need to pass in response
private boolean register(
HttpServletRequest request,
HttpServletResponse response,
ModelAndView next,
WikiPageInfo pageInfo)
throws Exception {
pageInfo.setSpecial(true);
pageInfo.setAction(WikiPageInfo.ACTION_REGISTER);
pageInfo.setPageTitle(new WikiMessage("register.title"));
String virtualWikiName = JAMWikiServlet.getVirtualWikiFromURI(request);
WikiUser user = new WikiUser();
String userIdString = request.getParameter("userId");
if (StringUtils.hasText(userIdString)) {
int userId = new Integer(userIdString).intValue();
if (userId > 0) user = WikiBase.getHandler().lookupWikiUser(userId);
}
user.setLogin(request.getParameter("login"));
user.setDisplayName(request.getParameter("displayName"));
user.setEmail(request.getParameter("email"));
String newPassword = request.getParameter("newPassword");
if (StringUtils.hasText(newPassword)) {
user.setEncodedPassword(Encryption.encrypt(newPassword));
}
// FIXME - need to distinguish between add & update
user.setCreateIpAddress(request.getRemoteAddr());
user.setLastLoginIpAddress(request.getRemoteAddr());
next.addObject("newuser", user);
Vector errors = validate(request, user);
if (errors.size() > 0) {
next.addObject("errors", errors);
String oldPassword = request.getParameter("oldPassword");
String confirmPassword = request.getParameter("confirmPassword");
if (oldPassword != null) next.addObject("oldPassword", oldPassword);
if (newPassword != null) next.addObject("newPassword", newPassword);
if (confirmPassword != null) next.addObject("confirmPassword", confirmPassword);
return false;
} else {
WikiBase.getHandler().writeWikiUser(user);
request.getSession().setAttribute(JAMWikiServlet.PARAMETER_USER, user);
VirtualWiki virtualWiki = WikiBase.getHandler().lookupVirtualWiki(virtualWikiName);
String topic = virtualWiki.getDefaultTopicName();
String redirect =
LinkUtil.buildInternalLinkUrl(request.getContextPath(), virtualWikiName, topic);
// FIXME - can a redirect be done with Spring?
redirect(redirect, response);
return true;
}
}
private boolean initialize(HttpServletRequest request, ModelAndView next, WikiPageInfo pageInfo)
throws Exception {
setProperties(request, next);
WikiUser user = setAdminUser(request);
List<WikiMessage> errors = validate(request, user);
if (!errors.isEmpty()) {
this.view(request, next, pageInfo);
next.addObject("errors", errors);
next.addObject("username", user.getUsername());
next.addObject("newPassword", request.getParameter("newPassword"));
next.addObject("confirmPassword", request.getParameter("confirmPassword"));
return false;
}
if (previousInstall() && request.getParameter("override") == null) {
// user is trying to do a new install when a previous installation exists
next.addObject("upgrade", "true");
next.addObject("username", user.getUsername());
next.addObject("newPassword", request.getParameter("newPassword"));
next.addObject("confirmPassword", request.getParameter("confirmPassword"));
return false;
}
Environment.setBooleanValue(Environment.PROP_BASE_INITIALIZED, true);
Environment.setValue(Environment.PROP_BASE_WIKI_VERSION, WikiVersion.CURRENT_WIKI_VERSION);
String username = request.getParameter("username");
String newPassword = request.getParameter("newPassword");
String encryptedPassword = Encryption.encrypt(newPassword);
WikiBase.reset(request.getLocale(), user, username, encryptedPassword);
JAMWikiAuthenticationConfiguration.resetJamwikiAnonymousAuthorities();
JAMWikiAuthenticationConfiguration.resetDefaultGroupRoles();
Environment.saveProperties();
// the setup process does not add new topics to the index (currently)
// TODO - remove this once setup uses safe connection handling
WikiBase.getSearchEngine().refreshIndex();
// force current user credentials to be removed and re-validated.
SecurityContextHolder.clearContext();
return true;
}
/**
* Encrypt and set a property value.
*
* @param name The name of the encrypted property being retrieved.
* @value The enencrypted value of the property.
*/
public static void setEncryptedProperty(String name, String value) throws Exception {
value = Encryption.encrypt(value);
Environment.setValue(name, value);
}
