commit | author | age
|
04a985
|
1 |
/* |
JM |
2 |
* Copyright 2013 gitblit.com. |
|
3 |
* |
|
4 |
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
5 |
* you may not use this file except in compliance with the License. |
|
6 |
* You may obtain a copy of the License at |
|
7 |
* |
|
8 |
* http://www.apache.org/licenses/LICENSE-2.0 |
|
9 |
* |
|
10 |
* Unless required by applicable law or agreed to in writing, software |
|
11 |
* distributed under the License is distributed on an "AS IS" BASIS, |
|
12 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
13 |
* See the License for the specific language governing permissions and |
|
14 |
* limitations under the License. |
|
15 |
*/ |
|
16 |
package com.gitblit.manager; |
|
17 |
|
|
18 |
import java.nio.charset.Charset; |
|
19 |
import java.security.Principal; |
|
20 |
import java.text.MessageFormat; |
|
21 |
import java.util.ArrayList; |
|
22 |
import java.util.HashMap; |
|
23 |
import java.util.List; |
|
24 |
import java.util.Map; |
7ab32b
|
25 |
import java.util.concurrent.TimeUnit; |
04a985
|
26 |
|
JM |
27 |
import javax.servlet.http.Cookie; |
|
28 |
import javax.servlet.http.HttpServletRequest; |
|
29 |
import javax.servlet.http.HttpServletResponse; |
efdb2b
|
30 |
import javax.servlet.http.HttpSession; |
04a985
|
31 |
|
JM |
32 |
import org.slf4j.Logger; |
|
33 |
import org.slf4j.LoggerFactory; |
|
34 |
|
|
35 |
import com.gitblit.Constants; |
|
36 |
import com.gitblit.Constants.AccountType; |
|
37 |
import com.gitblit.Constants.AuthenticationType; |
|
38 |
import com.gitblit.IStoredSettings; |
|
39 |
import com.gitblit.Keys; |
|
40 |
import com.gitblit.auth.AuthenticationProvider; |
|
41 |
import com.gitblit.auth.AuthenticationProvider.UsernamePasswordAuthenticationProvider; |
|
42 |
import com.gitblit.auth.HtpasswdAuthProvider; |
|
43 |
import com.gitblit.auth.LdapAuthProvider; |
|
44 |
import com.gitblit.auth.PAMAuthProvider; |
|
45 |
import com.gitblit.auth.RedmineAuthProvider; |
|
46 |
import com.gitblit.auth.SalesforceAuthProvider; |
|
47 |
import com.gitblit.auth.WindowsAuthProvider; |
|
48 |
import com.gitblit.models.TeamModel; |
|
49 |
import com.gitblit.models.UserModel; |
bcc8a0
|
50 |
import com.gitblit.transport.ssh.SshKey; |
04a985
|
51 |
import com.gitblit.utils.Base64; |
JM |
52 |
import com.gitblit.utils.HttpUtils; |
|
53 |
import com.gitblit.utils.StringUtils; |
|
54 |
import com.gitblit.utils.X509Utils.X509Metadata; |
|
55 |
|
|
56 |
/** |
|
57 |
* The authentication manager handles user login & logout. |
|
58 |
* |
|
59 |
* @author James Moger |
|
60 |
* |
|
61 |
*/ |
|
62 |
public class AuthenticationManager implements IAuthenticationManager { |
|
63 |
|
|
64 |
private final Logger logger = LoggerFactory.getLogger(getClass()); |
|
65 |
|
|
66 |
private final IStoredSettings settings; |
|
67 |
|
|
68 |
private final IRuntimeManager runtimeManager; |
|
69 |
|
|
70 |
private final IUserManager userManager; |
|
71 |
|
|
72 |
private final List<AuthenticationProvider> authenticationProviders; |
|
73 |
|
|
74 |
private final Map<String, Class<? extends AuthenticationProvider>> providerNames; |
|
75 |
|
|
76 |
private final Map<String, String> legacyRedirects; |
|
77 |
|
|
78 |
public AuthenticationManager( |
|
79 |
IRuntimeManager runtimeManager, |
|
80 |
IUserManager userManager) { |
|
81 |
|
|
82 |
this.settings = runtimeManager.getSettings(); |
|
83 |
this.runtimeManager = runtimeManager; |
|
84 |
this.userManager = userManager; |
|
85 |
this.authenticationProviders = new ArrayList<AuthenticationProvider>(); |
|
86 |
|
|
87 |
// map of shortcut provider names |
|
88 |
providerNames = new HashMap<String, Class<? extends AuthenticationProvider>>(); |
|
89 |
providerNames.put("htpasswd", HtpasswdAuthProvider.class); |
|
90 |
providerNames.put("ldap", LdapAuthProvider.class); |
|
91 |
providerNames.put("pam", PAMAuthProvider.class); |
|
92 |
providerNames.put("redmine", RedmineAuthProvider.class); |
|
93 |
providerNames.put("salesforce", SalesforceAuthProvider.class); |
|
94 |
providerNames.put("windows", WindowsAuthProvider.class); |
|
95 |
|
|
96 |
// map of legacy external user services |
|
97 |
legacyRedirects = new HashMap<String, String>(); |
|
98 |
legacyRedirects.put("com.gitblit.HtpasswdUserService", "htpasswd"); |
|
99 |
legacyRedirects.put("com.gitblit.LdapUserService", "ldap"); |
|
100 |
legacyRedirects.put("com.gitblit.PAMUserService", "pam"); |
|
101 |
legacyRedirects.put("com.gitblit.RedmineUserService", "redmine"); |
|
102 |
legacyRedirects.put("com.gitblit.SalesforceUserService", "salesforce"); |
|
103 |
legacyRedirects.put("com.gitblit.WindowsUserService", "windows"); |
|
104 |
} |
|
105 |
|
|
106 |
@Override |
|
107 |
public AuthenticationManager start() { |
|
108 |
// automatically adjust legacy configurations |
|
109 |
String realm = settings.getString(Keys.realm.userService, "${baseFolder}/users.conf"); |
|
110 |
if (legacyRedirects.containsKey(realm)) { |
|
111 |
logger.warn(""); |
088b6f
|
112 |
logger.warn(Constants.BORDER2); |
04a985
|
113 |
logger.warn(" IUserService '{}' is obsolete!", realm); |
JM |
114 |
logger.warn(" Please set '{}={}'", "realm.authenticationProviders", legacyRedirects.get(realm)); |
088b6f
|
115 |
logger.warn(Constants.BORDER2); |
04a985
|
116 |
logger.warn(""); |
JM |
117 |
|
|
118 |
// conditionally override specified authentication providers |
|
119 |
if (StringUtils.isEmpty(settings.getString(Keys.realm.authenticationProviders, null))) { |
|
120 |
settings.overrideSetting(Keys.realm.authenticationProviders, legacyRedirects.get(realm)); |
|
121 |
} |
|
122 |
} |
|
123 |
|
|
124 |
// instantiate and setup specified authentication providers |
|
125 |
List<String> providers = settings.getStrings(Keys.realm.authenticationProviders); |
|
126 |
if (providers.isEmpty()) { |
|
127 |
logger.info("External authentication disabled."); |
|
128 |
} else { |
|
129 |
for (String provider : providers) { |
|
130 |
try { |
|
131 |
Class<?> authClass; |
|
132 |
if (providerNames.containsKey(provider)) { |
|
133 |
// map the name -> class |
|
134 |
authClass = providerNames.get(provider); |
|
135 |
} else { |
|
136 |
// reflective lookup |
|
137 |
authClass = Class.forName(provider); |
|
138 |
} |
|
139 |
logger.info("setting up {}", authClass.getName()); |
|
140 |
AuthenticationProvider authImpl = (AuthenticationProvider) authClass.newInstance(); |
|
141 |
authImpl.setup(runtimeManager, userManager); |
|
142 |
authenticationProviders.add(authImpl); |
|
143 |
} catch (Exception e) { |
|
144 |
logger.error("", e); |
|
145 |
} |
|
146 |
} |
|
147 |
} |
|
148 |
return this; |
|
149 |
} |
|
150 |
|
|
151 |
@Override |
|
152 |
public AuthenticationManager stop() { |
6659fa
|
153 |
for (AuthenticationProvider provider : authenticationProviders) { |
JM |
154 |
try { |
|
155 |
provider.stop(); |
|
156 |
} catch (Exception e) { |
|
157 |
logger.error("Failed to stop " + provider.getClass().getSimpleName(), e); |
|
158 |
} |
|
159 |
} |
04a985
|
160 |
return this; |
JM |
161 |
} |
bcc8a0
|
162 |
|
b4a63a
|
163 |
public void addAuthenticationProvider(AuthenticationProvider prov) { |
JM |
164 |
authenticationProviders.add(prov); |
|
165 |
} |
04a985
|
166 |
|
JM |
167 |
/** |
|
168 |
* Authenticate a user based on HTTP request parameters. |
|
169 |
* |
|
170 |
* Authentication by X509Certificate is tried first and then by cookie. |
|
171 |
* |
|
172 |
* @param httpRequest |
|
173 |
* @return a user object or null |
|
174 |
*/ |
|
175 |
@Override |
|
176 |
public UserModel authenticate(HttpServletRequest httpRequest) { |
|
177 |
return authenticate(httpRequest, false); |
|
178 |
} |
|
179 |
|
|
180 |
/** |
|
181 |
* Authenticate a user based on HTTP request parameters. |
|
182 |
* |
|
183 |
* Authentication by servlet container principal, X509Certificate, cookie, |
|
184 |
* and finally BASIC header. |
|
185 |
* |
|
186 |
* @param httpRequest |
|
187 |
* @param requiresCertificate |
|
188 |
* @return a user object or null |
|
189 |
*/ |
|
190 |
@Override |
|
191 |
public UserModel authenticate(HttpServletRequest httpRequest, boolean requiresCertificate) { |
|
192 |
// try to authenticate by servlet container principal |
|
193 |
if (!requiresCertificate) { |
|
194 |
Principal principal = httpRequest.getUserPrincipal(); |
|
195 |
if (principal != null) { |
|
196 |
String username = principal.getName(); |
|
197 |
if (!StringUtils.isEmpty(username)) { |
23e08c
|
198 |
boolean internalAccount = userManager.isInternalAccount(username); |
04a985
|
199 |
UserModel user = userManager.getUserModel(username); |
JM |
200 |
if (user != null) { |
|
201 |
// existing user |
efdb2b
|
202 |
flagSession(httpRequest, AuthenticationType.CONTAINER); |
04a985
|
203 |
logger.debug(MessageFormat.format("{0} authenticated by servlet container principal from {1}", |
JM |
204 |
user.username, httpRequest.getRemoteAddr())); |
9aa119
|
205 |
return validateAuthentication(user, AuthenticationType.CONTAINER); |
04a985
|
206 |
} else if (settings.getBoolean(Keys.realm.container.autoCreateAccounts, false) |
JM |
207 |
&& !internalAccount) { |
|
208 |
// auto-create user from an authenticated container principal |
|
209 |
user = new UserModel(username.toLowerCase()); |
|
210 |
user.displayName = username; |
|
211 |
user.password = Constants.EXTERNAL_ACCOUNT; |
|
212 |
user.accountType = AccountType.CONTAINER; |
|
213 |
userManager.updateUserModel(user); |
efdb2b
|
214 |
flagSession(httpRequest, AuthenticationType.CONTAINER); |
04a985
|
215 |
logger.debug(MessageFormat.format("{0} authenticated and created by servlet container principal from {1}", |
JM |
216 |
user.username, httpRequest.getRemoteAddr())); |
9aa119
|
217 |
return validateAuthentication(user, AuthenticationType.CONTAINER); |
04a985
|
218 |
} else if (!internalAccount) { |
JM |
219 |
logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted servlet container authentication from {1}", |
|
220 |
principal.getName(), httpRequest.getRemoteAddr())); |
|
221 |
} |
|
222 |
} |
|
223 |
} |
|
224 |
} |
|
225 |
|
|
226 |
// try to authenticate by certificate |
|
227 |
boolean checkValidity = settings.getBoolean(Keys.git.enforceCertificateValidity, true); |
|
228 |
String [] oids = settings.getStrings(Keys.git.certificateUsernameOIDs).toArray(new String[0]); |
|
229 |
UserModel model = HttpUtils.getUserModelFromCertificate(httpRequest, checkValidity, oids); |
|
230 |
if (model != null) { |
|
231 |
// grab real user model and preserve certificate serial number |
|
232 |
UserModel user = userManager.getUserModel(model.username); |
|
233 |
X509Metadata metadata = HttpUtils.getCertificateMetadata(httpRequest); |
|
234 |
if (user != null) { |
efdb2b
|
235 |
flagSession(httpRequest, AuthenticationType.CERTIFICATE); |
04a985
|
236 |
logger.debug(MessageFormat.format("{0} authenticated by client certificate {1} from {2}", |
JM |
237 |
user.username, metadata.serialNumber, httpRequest.getRemoteAddr())); |
9aa119
|
238 |
return validateAuthentication(user, AuthenticationType.CERTIFICATE); |
04a985
|
239 |
} else { |
JM |
240 |
logger.warn(MessageFormat.format("Failed to find UserModel for {0}, attempted client certificate ({1}) authentication from {2}", |
|
241 |
model.username, metadata.serialNumber, httpRequest.getRemoteAddr())); |
|
242 |
} |
|
243 |
} |
|
244 |
|
|
245 |
if (requiresCertificate) { |
|
246 |
// caller requires client certificate authentication (e.g. git servlet) |
|
247 |
return null; |
|
248 |
} |
|
249 |
|
7ab32b
|
250 |
UserModel user = null; |
JM |
251 |
|
04a985
|
252 |
// try to authenticate by cookie |
7ab32b
|
253 |
String cookie = getCookie(httpRequest); |
JM |
254 |
if (!StringUtils.isEmpty(cookie)) { |
|
255 |
user = userManager.getUserModel(cookie.toCharArray()); |
|
256 |
if (user != null) { |
efdb2b
|
257 |
flagSession(httpRequest, AuthenticationType.COOKIE); |
7ab32b
|
258 |
logger.debug(MessageFormat.format("{0} authenticated by cookie from {1}", |
04a985
|
259 |
user.username, httpRequest.getRemoteAddr())); |
9aa119
|
260 |
return validateAuthentication(user, AuthenticationType.COOKIE); |
7ab32b
|
261 |
} |
04a985
|
262 |
} |
JM |
263 |
|
|
264 |
// try to authenticate by BASIC |
|
265 |
final String authorization = httpRequest.getHeader("Authorization"); |
|
266 |
if (authorization != null && authorization.startsWith("Basic")) { |
|
267 |
// Authorization: Basic base64credentials |
|
268 |
String base64Credentials = authorization.substring("Basic".length()).trim(); |
|
269 |
String credentials = new String(Base64.decode(base64Credentials), |
|
270 |
Charset.forName("UTF-8")); |
|
271 |
// credentials = username:password |
|
272 |
final String[] values = credentials.split(":", 2); |
|
273 |
|
|
274 |
if (values.length == 2) { |
|
275 |
String username = values[0]; |
|
276 |
char[] password = values[1].toCharArray(); |
|
277 |
user = authenticate(username, password); |
|
278 |
if (user != null) { |
efdb2b
|
279 |
flagSession(httpRequest, AuthenticationType.CREDENTIALS); |
04a985
|
280 |
logger.debug(MessageFormat.format("{0} authenticated by BASIC request header from {1}", |
JM |
281 |
user.username, httpRequest.getRemoteAddr())); |
9aa119
|
282 |
return validateAuthentication(user, AuthenticationType.CREDENTIALS); |
04a985
|
283 |
} else { |
JM |
284 |
logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}", |
|
285 |
username, httpRequest.getRemoteAddr())); |
|
286 |
} |
|
287 |
} |
|
288 |
} |
|
289 |
return null; |
9aa119
|
290 |
} |
JM |
291 |
|
|
292 |
/** |
44e2ee
|
293 |
* Authenticate a user based on a public key. |
e3b636
|
294 |
* |
44e2ee
|
295 |
* This implementation assumes that the authentication has already take place |
JM |
296 |
* (e.g. SSHDaemon) and that this is a validation/verification of the user. |
|
297 |
* |
|
298 |
* @param username |
|
299 |
* @param key |
e3b636
|
300 |
* @return a user object or null |
DO |
301 |
*/ |
|
302 |
@Override |
bcc8a0
|
303 |
public UserModel authenticate(String username, SshKey key) { |
e3b636
|
304 |
if (username != null) { |
DO |
305 |
if (!StringUtils.isEmpty(username)) { |
|
306 |
UserModel user = userManager.getUserModel(username); |
|
307 |
if (user != null) { |
|
308 |
// existing user |
44e2ee
|
309 |
logger.debug(MessageFormat.format("{0} authenticated by {1} public key", |
JM |
310 |
user.username, key.getAlgorithm())); |
|
311 |
return validateAuthentication(user, AuthenticationType.PUBLIC_KEY); |
e3b636
|
312 |
} |
44e2ee
|
313 |
logger.warn(MessageFormat.format("Failed to find UserModel for {0} during public key authentication", |
JM |
314 |
username)); |
e3b636
|
315 |
} |
DO |
316 |
} else { |
44e2ee
|
317 |
logger.warn("Empty user passed to AuthenticationManager.authenticate!"); |
e3b636
|
318 |
} |
DO |
319 |
return null; |
|
320 |
} |
|
321 |
|
|
322 |
|
|
323 |
/** |
9aa119
|
324 |
* This method allows the authentication manager to reject authentication |
JM |
325 |
* attempts. It is called after the username/secret have been verified to |
|
326 |
* ensure that the authentication technique has been logged. |
|
327 |
* |
|
328 |
* @param user |
|
329 |
* @return |
|
330 |
*/ |
|
331 |
protected UserModel validateAuthentication(UserModel user, AuthenticationType type) { |
|
332 |
if (user == null) { |
|
333 |
return null; |
|
334 |
} |
|
335 |
if (user.disabled) { |
|
336 |
// user has been disabled |
|
337 |
logger.warn("Rejected {} authentication attempt by disabled account \"{}\"", |
|
338 |
type, user.username); |
|
339 |
return null; |
|
340 |
} |
|
341 |
return user; |
04a985
|
342 |
} |
JM |
343 |
|
efdb2b
|
344 |
protected void flagSession(HttpServletRequest httpRequest, AuthenticationType authenticationType) { |
JM |
345 |
httpRequest.getSession().setAttribute(Constants.AUTHENTICATION_TYPE, authenticationType); |
04a985
|
346 |
} |
JM |
347 |
|
|
348 |
/** |
|
349 |
* Authenticate a user based on a username and password. |
|
350 |
* |
|
351 |
* @see IUserService.authenticate(String, char[]) |
|
352 |
* @param username |
|
353 |
* @param password |
|
354 |
* @return a user object or null |
|
355 |
*/ |
|
356 |
@Override |
|
357 |
public UserModel authenticate(String username, char[] password) { |
|
358 |
if (StringUtils.isEmpty(username)) { |
|
359 |
// can not authenticate empty username |
|
360 |
return null; |
|
361 |
} |
|
362 |
|
|
363 |
String usernameDecoded = StringUtils.decodeUsername(username); |
|
364 |
String pw = new String(password); |
|
365 |
if (StringUtils.isEmpty(pw)) { |
|
366 |
// can not authenticate empty password |
|
367 |
return null; |
|
368 |
} |
|
369 |
|
|
370 |
UserModel user = userManager.getUserModel(usernameDecoded); |
1293c2
|
371 |
|
JM |
372 |
// try local authentication |
|
373 |
if (user != null && user.isLocalAccount()) { |
b4a63a
|
374 |
return authenticateLocal(user, password); |
04a985
|
375 |
} |
JM |
376 |
|
|
377 |
// try registered external authentication providers |
b4a63a
|
378 |
for (AuthenticationProvider provider : authenticationProviders) { |
JM |
379 |
if (provider instanceof UsernamePasswordAuthenticationProvider) { |
|
380 |
UserModel returnedUser = provider.authenticate(usernameDecoded, password); |
|
381 |
if (returnedUser != null) { |
|
382 |
// user authenticated |
|
383 |
returnedUser.accountType = provider.getAccountType(); |
|
384 |
return validateAuthentication(returnedUser, AuthenticationType.CREDENTIALS); |
04a985
|
385 |
} |
JM |
386 |
} |
|
387 |
} |
bcc8a0
|
388 |
|
b4a63a
|
389 |
// could not authenticate locally or with a provider |
JM |
390 |
return null; |
|
391 |
} |
bcc8a0
|
392 |
|
b4a63a
|
393 |
/** |
JM |
394 |
* Returns a UserModel if local authentication succeeds. |
bcc8a0
|
395 |
* |
b4a63a
|
396 |
* @param user |
JM |
397 |
* @param password |
|
398 |
* @return a UserModel if local authentication succeeds, null otherwise |
|
399 |
*/ |
|
400 |
protected UserModel authenticateLocal(UserModel user, char [] password) { |
|
401 |
UserModel returnedUser = null; |
|
402 |
if (user.password.startsWith(StringUtils.MD5_TYPE)) { |
|
403 |
// password digest |
|
404 |
String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password)); |
|
405 |
if (user.password.equalsIgnoreCase(md5)) { |
|
406 |
returnedUser = user; |
|
407 |
} |
|
408 |
} else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) { |
|
409 |
// username+password digest |
|
410 |
String md5 = StringUtils.COMBINED_MD5_TYPE |
|
411 |
+ StringUtils.getMD5(user.username.toLowerCase() + new String(password)); |
|
412 |
if (user.password.equalsIgnoreCase(md5)) { |
|
413 |
returnedUser = user; |
|
414 |
} |
|
415 |
} else if (user.password.equals(new String(password))) { |
|
416 |
// plain-text password |
|
417 |
returnedUser = user; |
|
418 |
} |
|
419 |
return validateAuthentication(returnedUser, AuthenticationType.CREDENTIALS); |
04a985
|
420 |
} |
JM |
421 |
|
|
422 |
/** |
7ab32b
|
423 |
* Returns the Gitlbit cookie in the request. |
JM |
424 |
* |
|
425 |
* @param request |
|
426 |
* @return the Gitblit cookie for the request or null if not found |
|
427 |
*/ |
|
428 |
@Override |
|
429 |
public String getCookie(HttpServletRequest request) { |
|
430 |
if (settings.getBoolean(Keys.web.allowCookieAuthentication, true)) { |
|
431 |
Cookie[] cookies = request.getCookies(); |
|
432 |
if (cookies != null && cookies.length > 0) { |
|
433 |
for (Cookie cookie : cookies) { |
|
434 |
if (cookie.getName().equals(Constants.NAME)) { |
|
435 |
String value = cookie.getValue(); |
|
436 |
return value; |
|
437 |
} |
|
438 |
} |
|
439 |
} |
|
440 |
} |
|
441 |
return null; |
|
442 |
} |
|
443 |
|
|
444 |
/** |
04a985
|
445 |
* Sets a cookie for the specified user. |
JM |
446 |
* |
|
447 |
* @param response |
|
448 |
* @param user |
|
449 |
*/ |
|
450 |
@Override |
ec7ed8
|
451 |
@Deprecated |
04a985
|
452 |
public void setCookie(HttpServletResponse response, UserModel user) { |
ec7ed8
|
453 |
setCookie(null, response, user); |
JM |
454 |
} |
|
455 |
|
|
456 |
/** |
|
457 |
* Sets a cookie for the specified user. |
|
458 |
* |
|
459 |
* @param request |
|
460 |
* @param response |
|
461 |
* @param user |
|
462 |
*/ |
|
463 |
@Override |
|
464 |
public void setCookie(HttpServletRequest request, HttpServletResponse response, UserModel user) { |
04a985
|
465 |
if (settings.getBoolean(Keys.web.allowCookieAuthentication, true)) { |
efdb2b
|
466 |
HttpSession session = request.getSession(); |
JM |
467 |
AuthenticationType authenticationType = (AuthenticationType) session.getAttribute(Constants.AUTHENTICATION_TYPE); |
|
468 |
boolean standardLogin = authenticationType.isStandard(); |
04a985
|
469 |
|
JM |
470 |
if (standardLogin) { |
|
471 |
Cookie userCookie; |
|
472 |
if (user == null) { |
|
473 |
// clear cookie for logout |
|
474 |
userCookie = new Cookie(Constants.NAME, ""); |
|
475 |
} else { |
|
476 |
// set cookie for login |
|
477 |
String cookie = userManager.getCookie(user); |
|
478 |
if (StringUtils.isEmpty(cookie)) { |
|
479 |
// create empty cookie |
|
480 |
userCookie = new Cookie(Constants.NAME, ""); |
|
481 |
} else { |
|
482 |
// create real cookie |
|
483 |
userCookie = new Cookie(Constants.NAME, cookie); |
7ab32b
|
484 |
// expire the cookie in 7 days |
JM |
485 |
userCookie.setMaxAge((int) TimeUnit.DAYS.toSeconds(7)); |
04a985
|
486 |
} |
JM |
487 |
} |
ec7ed8
|
488 |
String path = "/"; |
JM |
489 |
if (request != null) { |
|
490 |
if (!StringUtils.isEmpty(request.getContextPath())) { |
|
491 |
path = request.getContextPath(); |
|
492 |
} |
|
493 |
} |
|
494 |
userCookie.setPath(path); |
04a985
|
495 |
response.addCookie(userCookie); |
JM |
496 |
} |
|
497 |
} |
|
498 |
} |
|
499 |
|
|
500 |
/** |
|
501 |
* Logout a user. |
|
502 |
* |
ec7ed8
|
503 |
* @param response |
04a985
|
504 |
* @param user |
JM |
505 |
*/ |
|
506 |
@Override |
ec7ed8
|
507 |
@Deprecated |
04a985
|
508 |
public void logout(HttpServletResponse response, UserModel user) { |
ec7ed8
|
509 |
setCookie(null, response, null); |
JM |
510 |
} |
|
511 |
|
|
512 |
/** |
|
513 |
* Logout a user. |
|
514 |
* |
|
515 |
* @param request |
|
516 |
* @param response |
|
517 |
* @param user |
|
518 |
*/ |
|
519 |
@Override |
|
520 |
public void logout(HttpServletRequest request, HttpServletResponse response, UserModel user) { |
|
521 |
setCookie(request, response, null); |
04a985
|
522 |
} |
JM |
523 |
|
|
524 |
/** |
|
525 |
* Returns true if the user's credentials can be changed. |
|
526 |
* |
|
527 |
* @param user |
|
528 |
* @return true if the user service supports credential changes |
|
529 |
*/ |
|
530 |
@Override |
|
531 |
public boolean supportsCredentialChanges(UserModel user) { |
|
532 |
return (user != null && user.isLocalAccount()) || findProvider(user).supportsCredentialChanges(); |
|
533 |
} |
|
534 |
|
|
535 |
/** |
|
536 |
* Returns true if the user's display name can be changed. |
|
537 |
* |
|
538 |
* @param user |
|
539 |
* @return true if the user service supports display name changes |
|
540 |
*/ |
|
541 |
@Override |
|
542 |
public boolean supportsDisplayNameChanges(UserModel user) { |
|
543 |
return (user != null && user.isLocalAccount()) || findProvider(user).supportsDisplayNameChanges(); |
|
544 |
} |
|
545 |
|
|
546 |
/** |
|
547 |
* Returns true if the user's email address can be changed. |
|
548 |
* |
|
549 |
* @param user |
|
550 |
* @return true if the user service supports email address changes |
|
551 |
*/ |
|
552 |
@Override |
|
553 |
public boolean supportsEmailAddressChanges(UserModel user) { |
|
554 |
return (user != null && user.isLocalAccount()) || findProvider(user).supportsEmailAddressChanges(); |
|
555 |
} |
|
556 |
|
|
557 |
/** |
|
558 |
* Returns true if the user's team memberships can be changed. |
|
559 |
* |
|
560 |
* @param user |
|
561 |
* @return true if the user service supports team membership changes |
|
562 |
*/ |
|
563 |
@Override |
|
564 |
public boolean supportsTeamMembershipChanges(UserModel user) { |
|
565 |
return (user != null && user.isLocalAccount()) || findProvider(user).supportsTeamMembershipChanges(); |
|
566 |
} |
|
567 |
|
|
568 |
/** |
|
569 |
* Returns true if the team memberships can be changed. |
|
570 |
* |
|
571 |
* @param user |
|
572 |
* @return true if the team membership can be changed |
|
573 |
*/ |
|
574 |
@Override |
|
575 |
public boolean supportsTeamMembershipChanges(TeamModel team) { |
|
576 |
return (team != null && team.isLocalTeam()) || findProvider(team).supportsTeamMembershipChanges(); |
|
577 |
} |
|
578 |
|
|
579 |
protected AuthenticationProvider findProvider(UserModel user) { |
|
580 |
for (AuthenticationProvider provider : authenticationProviders) { |
|
581 |
if (provider.getAccountType().equals(user.accountType)) { |
|
582 |
return provider; |
|
583 |
} |
|
584 |
} |
|
585 |
return AuthenticationProvider.NULL_PROVIDER; |
|
586 |
} |
|
587 |
|
|
588 |
protected AuthenticationProvider findProvider(TeamModel team) { |
|
589 |
for (AuthenticationProvider provider : authenticationProviders) { |
|
590 |
if (provider.getAccountType().equals(team.accountType)) { |
|
591 |
return provider; |
|
592 |
} |
|
593 |
} |
|
594 |
return AuthenticationProvider.NULL_PROVIDER; |
|
595 |
} |
|
596 |
} |