Authentication.java

Go to the documentation of this file.

/*
 * Turró i Cutiller Foundation. License notice.
 * Copyright (C) 2015 Lluis Turró Cutiller <http://www.turro.org/>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.turro.auth;
 
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
import org.amic.util.date.CheckDate;
import org.turro.string.Strings;
import org.apache.commons.mail.EmailException;
import org.turro.action.Actions;
import org.turro.action.Contacts;
import static org.turro.action.Contacts.BEHAVEAS_ICONTACT;
import org.turro.action.MailSenders;
import org.turro.action.Secrets;
import org.turro.action.UserSummaries;
import org.turro.elephant.context.Application;
import org.turro.elephant.context.ElephantContext;
import org.turro.elephant.context.IConstructor;
import org.turro.elephant.security.IUser;
import org.turro.external.Authentications;
import org.turro.external.IElephantAuthentication;
import org.turro.i18n.I_;
import org.turro.log.SystemLogType;
import org.turro.log.SystemLogger;
import org.turro.plugin.contacts.IContact;
import org.turro.sso.SSO;
 
public class Authentication {
 
  public static void doLogin(String login, String pass, String redir, Object extra) throws IOException {
    IConstructor constructor = Application.getApplication().getConstructor();
    IContact user = resolveUser(login, pass, extra);
    if (user != null) {
      constructor.setMaxInactiveInterval(1 * 60 * 60);
      constructor.setSessionAttribute(IUser.LOGGED_USER, user);
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/in", null, null);
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.TRUE);
      if (user instanceof IContact) {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, user);
      } else {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, getLoggedIContact());
      }
      if(SSO.hasSSO()) {
        SSO.getSSO().createAssertion(constructor.getRequest(), constructor.getResponse(),
                (IContact) constructor.getSessionAttribute(Contacts.LOGGED_ICONTACT));
      }
    } else {
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/failed", login, null);
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.FALSE);
      constructor.removeSessionAttribute(Contacts.LOGGED_ICONTACT);
      constructor.removeSessionAttribute(IUser.LOGGED_USER);
    }
    Application.getApplication().sendRedirect(redir == null ? constructor.getLastReferringContext() : redir);
  }
 
  @Deprecated
  public static boolean authenticate(String login, String pass) throws IOException {
    IConstructor constructor = Application.getApplication().getConstructor();
    IContact user = Contacts.getEmpty();
    if (user.validate(login, pass)) {
      constructor.setSessionAttribute(IUser.LOGGED_USER, user);
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.TRUE);
      if (user instanceof IContact) {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, user);
      } else {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, getLoggedIContact());
      }
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/in", null, null);
      return true;
    } else {
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/failed", login, null);
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.FALSE);
      constructor.removeSessionAttribute(Contacts.LOGGED_ICONTACT);
      constructor.removeSessionAttribute(IUser.LOGGED_USER);
      return false;
    }
  }
 
  @Deprecated
  public static void reauthenticate() throws IOException {
    IConstructor constructor = Application.getApplication().getConstructor();
    IContact user = constructor.getUser();
    if (user != null && user.isValid()) {
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.FALSE);
      user.reload();
      constructor.setSessionAttribute(IUser.LOGGED_USER, user);
      constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.TRUE);
      if (user instanceof IContact) {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, user);
      } else {
        constructor.setSessionAttribute(Contacts.LOGGED_ICONTACT, getLoggedIContact());
      }
    }
  }
 
  public static void doLogout(String redir) throws IOException {
    IConstructor constructor = Application.getApplication().getConstructor();
    if(SSO.hasSSO()) {
      SSO.getProvider().removeAssertion(constructor.getRequest(), constructor.getResponse(), 
              (IContact) constructor.getSessionAttribute(Contacts.LOGGED_ICONTACT));
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/out", "sso", null);
    } else {
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/out", null, null);
    }
    constructor.setSessionAttribute(IUser.INTERNAL_SIGNIN, Boolean.FALSE);
    Application.getApplication().sendRedirect(redir == null ? "/" : redir);
    Application.getApplication().invalidateSession();
  }
 
  public static boolean canLogin(String login, int minutes) {
    if(!Strings.isBlank(login) && login.length() > 3) {
      return SystemLogger.getInstance().getCountOf(login, "/log/failed", new CheckDate().addMinutes(-minutes).getDate()) < 3;
    }
    return false;
  }
 
  public static boolean hasContact() {
    IContact contact = getIContact();
    return contact != null && contact.isValid();
  }
  
  public static IContact getIContact() {
    IContact contact = null;
    try {
      contact = getBehaveAsIContact();
      if (contact == null) {
        contact = getRealIContact();
      }
    } catch (Exception ex) {
      contact = null;
    }
    return contact;
  }
 
  public static IContact reloadIContact() {
    Application app = Application.getApplication();
    HttpSession session = app.getHttpSession(false);
    if(session != null && hasContact()) {
      IContact contact = Contacts.getContactById(getIContact().getId());
      if(contact.isValid()) {
        session.setAttribute(IUser.LOGGED_USER, contact);
        if(isBehaving()) {
          session.setAttribute(Contacts.BEHAVEAS_ICONTACT, contact);
        } else {
          session.setAttribute(Contacts.LOGGED_ICONTACT, contact);
        }
        return contact;
      }
    }
    Application.getApplication().sendRedirect("/");
    Application.getApplication().invalidateSession();
    return null;
  }
 
  public static IContact getRealIContact() {
    IContact contact = null;
    try {
      contact = getRealLoggedIContact();
      if (contact == null) { // should be a viewer, no framework
        contact = getLoggedIContact();
      }
    } catch (Exception ex) {
      contact = null;
    }
    return contact;
  }
 
  public static boolean canImpersonate() {
    return isRealAdministrator();
  }
  
  public static boolean isBehaving() {
    Application app = Application.getApplication();
    return app.getHttpSession(false).getAttribute(BEHAVEAS_ICONTACT) != null;
  }
  
  public static void impersonateContact(Object contact) {
    impersonateIContact(Contacts.getContact(contact));
  }
 
  public static void impersonateIContact(IContact contact) {
    Application app = Application.getApplication();
    if (contact != null && contact.isWebUser()) {
      IContact user = contact;
      user.impersonateByEmail(contact.getConnector(IUser.CONNECTOR_EMAIL));
      app.getHttpSession(false).setAttribute(IUser.LOGGED_USER, user);
      app.getHttpSession(false).setAttribute(Contacts.BEHAVEAS_ICONTACT, contact);
      UserSummaries.removeAttributes();
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/impersonate", null, user.getName());
    } else {
      contact = getRealLoggedIContact();
      IContact user = contact;
      user.impersonateByEmail(contact.getConnector(IUser.CONNECTOR_EMAIL));
      app.getHttpSession(false).setAttribute(IUser.LOGGED_USER, user);
      app.getHttpSession(false).removeAttribute(Contacts.BEHAVEAS_ICONTACT);
      UserSummaries.removeAttributes();
      SystemLogger.getInstance().doLog(SystemLogType.LOG_INFO, "/log/backtoself", null, null);
    }
  }
 
  private static IContact getBehaveAsIContact() {
    Application app = Application.getApplication();
    return (IContact) app.getHttpSession(false).getAttribute(Contacts.BEHAVEAS_ICONTACT);
  }
 
  private static IContact getRealLoggedIContact() {
    Application app = Application.getApplication();
    return (IContact) app.getHttpSession(false).getAttribute(Contacts.LOGGED_ICONTACT);
  }
 
  public static IContact getLoggedIContact() {
    return Contacts.getLoggedIContact(Application.getApplication());
  }
 
  public static boolean isWebapp() {
    IContact contact = getIContact();
    return contact != null && contact.isWebapp();
  }
 
  public static boolean isContactLogged() {
    IContact contact = getIContact();
    return contact != null && contact.isWebUser();
  }
  
  public static boolean isAdministrator() {
    IContact contact = getIContact();
    return isWebapp() && contact.isAdmin();
  }
  
  public static boolean isRealAdministrator() {
    IContact contact = getRealIContact();
    return contact != null && contact.isWebapp() && contact.isAdmin();
  }
  
  public static boolean isLogged(IContact contact) {
    IContact logged = getIContact();
    return logged != null && logged.isValid() && logged.equals(contact);
  }
 
  public static boolean sendReminder(IConstructor constructor, String name, String email) {
    try {
      Map args = new HashMap();
      args.put("email", email);
      args.put("name", name);
      try {
        args.put("link", ElephantContext.getServerUrl("http") + "?" + Actions.createAction((String) args.get("email"), "/user/changepass"));
      } catch (Exception ex) {
        Logger.getLogger(Authentication.class.getName()).log(Level.SEVERE, ElephantContext.logMsg(null), ex);
      }
      MailSenders.getPool()
              .addUser((String) args.get("name"), (String) args.get("email"))
              .putAll(args)
              .sendTemplate("sign-reminder", I_.get("Password reminder") + " : " + ElephantContext.getSiteName());
      return true;
    } catch (EmailException ex) {
      Logger.getLogger(Authentication.class.getName()).log(Level.SEVERE, ElephantContext.logMsg(null), ex);
      return false;
    }
  }
 
  public static boolean isCloudAdmin() {
    return Secrets.isSecret("key=cloudadmin", Authentication.getIContact());
  }
  
  private static IContact resolveUser(String login, String pass, Object extra) {
    if(extra != null) { // might be an outsider
      IElephantAuthentication ea = Authentications.getFor(extra);
      if(ea != null) {
        IContact c = ea.doLogin(login, pass, extra);
        if(c != null) return c;
      }
    } else {
      IContact user = Contacts.getEmpty();
      if(user.validate(login, pass)) return user;
    }
    return null;
  }
  
  private Authentication() {
  }
 
}