@Override protected String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { long companyId = PortalUtil.getCompanyId(request); if (!isEnabled(companyId)) { return null; } String login = ParamUtil.getString(request, getLoginParam()); if (Validator.isNull(login)) { return null; } String password = ParamUtil.getString(request, getPasswordParam()); if (Validator.isNull(password)) { return null; } Company company = PortalUtil.getCompany(request); String authType = company.getAuthType(); long userId = 0; if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) { userId = _userLocalService.getUserIdByEmailAddress(company.getCompanyId(), login); } else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) { userId = _userLocalService.getUserIdByScreenName(company.getCompanyId(), login); } else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) { userId = GetterUtil.getLong(login); } else { return null; } if (userId > 0) { User user = _userLocalService.getUserById(userId); String userPassword = user.getPassword(); if (!user.isPasswordEncrypted()) { userPassword = PasswordEncryptorUtil.encrypt(userPassword); } String encPassword = PasswordEncryptorUtil.encrypt(password, userPassword); if (!userPassword.equals(password) && !userPassword.equals(encPassword)) { return null; } } String[] credentials = new String[] {String.valueOf(userId), password, Boolean.FALSE.toString()}; return credentials; }
protected void testEncrypt(String algorithm, String plainTextPassword, String encryptedPassword) throws Exception { Assert.assertEquals( encryptedPassword, PasswordEncryptorUtil.encrypt(algorithm, plainTextPassword, encryptedPassword)); }
protected void testEncrypt(String algorithm) throws Exception { String password = "******"; String encrypted = PasswordEncryptorUtil.encrypt(algorithm, password, null); testEncrypt(algorithm, password, encrypted); }
protected void testEncryptFailure( String algorithm, String plainTextPassword, String encryptedPassword) { try { PasswordEncryptorUtil.encrypt(algorithm, plainTextPassword, encryptedPassword); Assert.fail(); } catch (Exception e) { } }