@Util
public static void PopupPassValidateCopy(String accion, Agente dbAgente, Agente agente) {
CustomValidation.clearValidadas();
if (secure.checkGrafico(
"noEditable",
"editable",
accion,
(Map<String, Long>) tags.TagMapStack.top("idParams"),
null)) {
CustomValidation.valid("agente", agente);
dbAgente.username = agente.username;
}
CustomValidation.valid("agente", agente);
CustomValidation.required("agente.verificacion", agente.verificacion);
CustomValidation.required("agente.newpassword", agente.newpassword);
CustomValidation.compare(agente.newpassword, params.get("agente_newpasswordcopy"));
if (agente.verificacion != null) { // agente.verificación = contraseña actual
if (dbAgente.password.equals(Crypto.passwordHash(agente.verificacion))) {
dbAgente.password = Crypto.passwordHash(agente.newpassword);
log.info("El usuario <" + dbAgente.username + "> ha modificado su contraseña");
} else {
Validation.addError("password", "Contraseña actual incorrecta");
}
}
// else {
// dbAgente.password = Crypto.passwordHash(agente.newpassword);
// log.info("El usuario <" + dbAgente.username + "> ha modificado su contraseña");
// }
}
public static User connect(String login, String password) {
return find(
"SELECT u FROM User u WHERE (u.email = ?1 OR u.username = ?1) and u.password = ?2",
login,
Crypto.passwordHash(password))
.first();
}
public User(String email, String password, String username) {
this.email = email;
this.password = Crypto.passwordHash(password);
this.username = username;
Skins.setSkin(this.profile, "DEFAULT"); // set skin as default skin
// this.education = new ArrayList<Enrollment>();
}
public static void authenticate(
@Required String username, String password, String hash, boolean remember) throws Throwable {
Boolean allowed = false;
allowed = Security.authenticate(username, password);
String redirectUrl = flash.get("url");
if (validation.hasErrors() || !allowed) {
flash.put("url", redirectUrl);
flash.error("secure.error");
params.flash();
Secure.login();
}
session.put("username", username);
if (remember) {
response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");
}
if (redirectUrl == null) redirectUrl = "/";
if (hash != null) redirectUrl += hash;
redirect(redirectUrl);
}
public static void hashPasswords() {
List<User> users = User.findAll();
for (User u : users) {
u.password = Crypto.passwordHash(u.password);
u.save();
}
}
static Session restore() {
try {
Session session = new Session();
Http.Cookie cookie = Http.Request.current().cookies.get(COOKIE_PREFIX + "_SESSION");
final int duration = Time.parseDuration(COOKIE_EXPIRE);
final long expiration = (duration * 1000l);
if (cookie != null
&& Play.started
&& cookie.value != null
&& !cookie.value.trim().equals("")) {
String value = cookie.value;
int firstDashIndex = value.indexOf("-");
if (firstDashIndex > -1) {
String sign = value.substring(0, firstDashIndex);
String data = value.substring(firstDashIndex + 1);
if (CookieDataCodec.safeEquals(sign, Crypto.sign(data, Play.secretKey.getBytes()))) {
CookieDataCodec.decode(session.data, data);
}
}
if (COOKIE_EXPIRE != null) {
// Verify that the session contains a timestamp, and that it's not expired
if (!session.contains(TS_KEY)) {
session = new Session();
} else {
if ((Long.parseLong(session.get(TS_KEY))) < System.currentTimeMillis()) {
// Session expired
session = new Session();
}
}
session.put(TS_KEY, System.currentTimeMillis() + expiration);
} else {
// Just restored. Nothing changed. No cookie-expire.
session.changed = false;
}
} else {
// no previous cookie to restore; but we may have to set the timestamp in the new cookie
if (COOKIE_EXPIRE != null) {
session.put(TS_KEY, (System.currentTimeMillis() + expiration));
}
}
return session;
} catch (Exception e) {
throw new UnexpectedException(
"Corrupted HTTP session from " + Http.Request.current().remoteAddress, e);
}
}
void save() {
if (Http.Response.current() == null) {
// Some request like WebSocket don't have any response
return;
}
if (!changed && SESSION_SEND_ONLY_IF_CHANGED && COOKIE_EXPIRE == null) {
// Nothing changed and no cookie-expire, consequently send nothing back.
return;
}
if (isEmpty()) {
// The session is empty: delete the cookie
if (Http.Request.current().cookies.containsKey(COOKIE_PREFIX + "_SESSION")
|| !SESSION_SEND_ONLY_IF_CHANGED) {
Http.Response.current()
.setCookie(
COOKIE_PREFIX + "_SESSION", "", null, "/", 0, COOKIE_SECURE, SESSION_HTTPONLY);
}
return;
}
try {
String sessionData = CookieDataCodec.encode(data);
String sign = Crypto.sign(sessionData, Play.secretKey.getBytes());
if (COOKIE_EXPIRE == null) {
Http.Response.current()
.setCookie(
COOKIE_PREFIX + "_SESSION",
sign + "-" + sessionData,
null,
"/",
null,
COOKIE_SECURE,
SESSION_HTTPONLY);
} else {
Http.Response.current()
.setCookie(
COOKIE_PREFIX + "_SESSION",
sign + "-" + sessionData,
null,
"/",
Time.parseDuration(COOKIE_EXPIRE),
COOKIE_SECURE,
SESSION_HTTPONLY);
}
} catch (Exception e) {
throw new UnexpectedException("Session serializationProblem", e);
}
}
public String getAuthenticityToken() {
if (!data.containsKey(AT_KEY)) {
data.put(AT_KEY, Crypto.sign(UUID.randomUUID().toString()));
}
return data.get(AT_KEY);
}
public static User connect(String email, String password) {
return find("byEmailAndPassword", email, Crypto.passwordHash(password)).first();
}
/**
* Hash a password using the OpenBSD bcrypt scheme. This can be used to check if a plain-text
* password matches the encrypted and stored password value for this user.
*
* @param password The plain-text password to be hashed
* @return a String that is the hashed value of the password.
*/
private String hashPassword(String password) {
return Crypto.encryptAES(BCrypt.hashpw(password, salt));
}
public static void inviteNewMember(
@Required String nom,
@Required String prenom,
@Required String mail,
@Required String langue) {
try {
String login = normalize(prenom) + '.' + normalize(nom);
String url = "";
String signature = "";
String community = "Hypertopic";
//
String mailGodfather = "";
String firstNameGodfather = "";
String lastNameGodfather = "";
int flag = -1;
if (session.get("username").equals("admin")) {
firstNameGodfather = "l'administrateur";
mailGodfather = "Hypertopic Team <*****@*****.**>";
} else {
HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username"));
mailGodfather = infos.get("mail");
firstNameGodfather = infos.get("firstName");
lastNameGodfather = infos.get("lastName");
firstNameGodfather =
firstNameGodfather.substring(0, 1).toUpperCase()
+ firstNameGodfather.substring(1).toLowerCase();
lastNameGodfather =
lastNameGodfather.substring(0, 1).toUpperCase()
+ lastNameGodfather.substring(1).toLowerCase();
}
flag = Invitation.verifyMaliciousPassword(login, mail);
if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) {
System.out.println("invitenewmember");
try {
url = "http://" + request.domain;
if (request.port != 80) url += ":" + request.port;
url +=
"/inscription?firstname="
+ URLEncoder.encode(prenom, "UTF-8")
+ "&lastname="
+ URLEncoder.encode(nom, "UTF-8")
+ "&email="
+ URLEncoder.encode(mail, "UTF-8");
signature = Crypto.sign(prenom + nom + mail);
url += "&signature=" + signature;
System.out.println("url in inviteNewMember: " + url);
} catch (UnsupportedEncodingException uee) {
System.err.println(uee);
}
if (validation.hasErrors()) {
render("Invitation/index.html");
} else {
if (renderArgs.get("domainName") != null) {
community = renderArgs.get("domainName").toString();
}
System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer");
if (langue.equals("fr")) {
Mails.inviteFr(
"Hypertopic Team <*****@*****.**>",
mail,
prenom,
nom,
url,
community,
firstNameGodfather,
lastNameGodfather,
mailGodfather);
} else {
Mails.inviteEn(
"Hypertopic Team <*****@*****.**>",
mail,
prenom,
nom,
url,
community,
firstNameGodfather,
lastNameGodfather,
mailGodfather);
}
flash.success(Messages.get("invitation_success"));
System.out.println("community: " + community);
session.remove("nom");
session.remove("prenom");
session.remove("mail");
Invitation.invitation();
}
} else {
if (langue.equals("fr")) {
flash.error(Messages.get("invitation_mailadresse_no_match"));
} else {
flash.error(Messages.get("invitation_mailadresse_no_match"));
}
Invitation.invitation();
}
} catch (Exception e) {
System.out.println("An exception occurred in Invitation.inviteNewMember");
e.printStackTrace();
render("Invitation/index.html");
}
}