1 12 13 package com.openedit.modules.admin; 14 15 import java.util.ArrayList ; 16 import java.util.Enumeration ; 17 import java.util.Iterator ; 18 import java.util.List ; 19 20 import javax.servlet.http.Cookie ; 21 import javax.servlet.http.HttpServletRequest ; 22 import javax.servlet.http.HttpServletResponse ; 23 24 import org.apache.commons.logging.Log; 25 import org.apache.commons.logging.LogFactory; 26 27 import com.openedit.OpenEditException; 28 import com.openedit.WebPageRequest; 29 import com.openedit.config.Configuration; 30 import com.openedit.modules.BaseModule; 31 import com.openedit.page.Page; 32 import com.openedit.page.PageRequestKeys; 33 import com.openedit.users.StringEncrypter; 34 import com.openedit.users.User; 35 import com.openedit.util.URLUtilities; 36 import com.openedit.util.strainer.Filter; 37 38 import com.openedit.modules.email.SendMailModule; 39 45 public class AdminModule extends BaseModule 46 { 47 protected static final String COOKIE = "openedit.usermanager.autologin"; 48 protected static final String KEY = "SomeWeirdReallyLongStringYUITYGFNERDF343dfdGDFGSDGGD"; 49 protected String fieldImagesRoot; protected String fieldRootFTPURL; 51 protected static final String UNAME = "username"; 52 protected static final String EMAIL = "to"; 53 private static final Log log = LogFactory.getLog(AdminModule.class); 54 55 protected SendMailModule sendMailModule; 56 public AdminModule() 57 { 58 super(); 59 } 60 61 66 public void setRootFTPURL(String rootFTPURL) 67 { 68 if ((rootFTPURL != null) && rootFTPURL.endsWith("/")) 69 { 70 fieldRootFTPURL = rootFTPURL.substring(0, rootFTPURL.length() - 1); 71 } 72 else 73 { 74 fieldRootFTPURL = rootFTPURL; 75 } 76 } 77 78 84 public String getRootFTPURL() 85 { 86 return fieldRootFTPURL; 87 } 88 89 protected PasswordHelper getPasswordHelper(WebPageRequest inReq) throws OpenEditException 90 { 91 PasswordHelper passwordHelper = (PasswordHelper) inReq.getSessionValue("passwordHelper"); 92 if (passwordHelper == null) 93 { 94 passwordHelper = new PasswordHelper(); 95 passwordHelper.setSendMailModule(sendMailModule); 96 inReq.putSessionValue("passwordHelper", passwordHelper); 97 } 98 99 return passwordHelper; 100 } 101 102 public void emailPasswordReminder(WebPageRequest inReq) throws Exception  103 { 104 String e = inReq.getRequestParameter(EMAIL); 105 String u = inReq.getRequestParameter(UNAME); 106 if ( e == null && u == null){ 107 inReq.putPageValue("commandSucceeded", "didnotexecute"); 108 return; 110 } 111 112 User foundUser = null; 113 String username = null; 114 String email = null; 115 String password = null; 116 String emailaddress = inReq.getRequestParameter(EMAIL); 118 if (emailaddress != null && emailaddress.length() > 0){ 119 foundUser = (User)getUserManager().getUserByEmail(emailaddress); 120 if (foundUser != null){ 121 } 122 } 123 124 username = inReq.getRequestParameter(UNAME); 126 if (username != null && foundUser == null){ 127 foundUser = (User)getUserManager().getUser(username); 128 } 129 130 if (foundUser != null){ 131 email = foundUser.getEmail(); 132 if (email == null || email.equals("")){ 133 inReq.putPageValue("commandSucceeded", "noemail"); 134 return; 135 } 136 password = foundUser.getClearPassword(); 138 username = foundUser.getUserName(); 139 } 140 else { 141 inReq.putPageValue("commandSucceeded", "nouser"); 142 return; 143 } 144 145 PasswordHelper passwordHelper = getPasswordHelper(inReq); 147 passwordHelper.emailPasswordReminder(inReq, getPageManager(), username, password, email); 148 149 } 150 public void allowEditing(WebPageRequest inReq) throws Exception  151 { 152 boolean value = false; 153 if ( inReq.getUser() != null ) 154 { 155 Filter filter = inReq.getPage().getEditFilter(); 156 value= ((filter == null) || filter.passes( inReq )); 157 158 } 159 inReq.setEditable(value); 160 171 } 172 173 public void allowViewing( WebPageRequest inReq ) throws OpenEditException 174 { 175 AllowViewing command = new AllowViewing(); 176 command.setPageManager( getPageManager() ); 177 178 command.configure( inReq.getCurrentAction().getConfig(), inReq.getPage().getPageSettings() ); 179 command.execute( inReq ); 180 } 181 public void enforcePrivilege( WebPageRequest inReq ) throws OpenEditException 182 { 183 EnforcePrivilege command = new EnforcePrivilege(); 184 command.setPageManager( getPageManager() ); 185 command.configure( inReq.getCurrentAction().getConfig() , inReq.getPage().getPageSettings() ); 186 command.execute( inReq ); 187 } 188 public void checkForDuplicateByEmail( WebPageRequest inReq) throws Exception  189 { 190 String email = inReq.getRequiredParameter("email"); 191 192 User user = getUserManager().getUserByEmail( email ); 193 if ( user != null) 194 { 195 String page = inReq.getCurrentAction().getConfig().getChildValue("redirectpage"); 196 if ( page == null) 197 { 198 inReq.redirect(page); 199 } 200 else 201 { 202 inReq.putPageValue("oe-exception","Account already exists with address " + email ); 203 } 204 } 205 } 206 227 public void login( WebPageRequest inReq ) throws Exception  228 { 229 String account = inReq.getRequestParameter("accountname"); 230 String password = inReq.getRequestParameter("password"); 231 232 if ( account != null ) 233 { 234 User user = getUserManager().getUser( account ); 235 if ( user == null) 236 { 237 user = getUserManager().getUserByEmail(account); 238 } 239 if( user == null) { 241 String groupname = inReq.getPage().get("autologingroup"); 242 if( groupname != null) 243 { 244 user = getUserManager().createGuestUser(account, password, groupname); 245 } 246 } 247 248 loginAndRedirect(user,password, inReq); 249 } 250 } 260 261 265 protected void loginAndRedirect(User user, String inPassword, WebPageRequest inReq) throws Exception  266 { 267 boolean userok = false; 268 String sendTo = inReq.getRequestParameter("loginokpage"); 269 270 if ( user != null ) 271 { 272 if ( inPassword != null ) 275 { 276 userok = getUserManager().authenticate( user, inPassword ); 277 } 278 } 279 280 if ( userok == false ) 281 { 282 inReq.getRequest().setAttribute("oe-exception","Invalid Logon"); 284 inReq.putPageValue("oe-exception","Invalid Logon"); 285 } 286 else 287 { 288 inReq.putSessionValue( "user", user ); 289 if ( sendTo == null || sendTo.trim().length() == 0) 291 { 292 String sendToOld = (String )inReq.getSessionValue("originalEntryPage"); 293 String referrer = inReq.getRequest().getHeader("REFERER"); 294 if ( sendToOld != null && !sendToOld.equals(referrer)) 295 { 296 sendTo = sendToOld; 297 } 298 inReq.removeSessionValue( "originalEntryPage" ); 299 } 300 if ( sendTo == null ) 301 { 302 sendTo = "/index.html"; 303 } 304 savePasswordAsCookie(user, inReq); 305 inReq.redirect( sendTo ); 306 } 307 308 } 309 310 public void savePasswordAsCookie(User user, WebPageRequest inReq) throws OpenEditException 311 { 312 HttpServletResponse res = inReq.getResponse(); 313 if ( res!= null) 314 { 315 String crypt = new StringEncrypter( StringEncrypter.DES_ENCRYPTION_SCHEME, KEY ).encrypt(user.getPassword()); 316 Cookie cookie = new Cookie (createCookieName(inReq),user.getUserName() + "OEWITHOE" + crypt); 318 cookie.setMaxAge(Integer.MAX_VALUE); 319 cookie.setPath("/"); res.addCookie(cookie); 321 } 322 } 323 324 public void logout( WebPageRequest inReq ) throws OpenEditException 325 { 326 User user = (User)inReq.getSessionValue("user"); 327 getUserManager().logout(user); 328 329 Enumeration enumeration = inReq.getSession().getAttributeNames(); 330 List toremove = new ArrayList (); 331 while( enumeration.hasMoreElements()) 332 { 333 String id = (String )enumeration.nextElement(); 334 toremove.add(id); 335 } 336 for (Iterator iter = toremove.iterator(); iter.hasNext();) 337 { 338 String id = (String ) iter.next(); 339 inReq.removeSessionValue(id); 340 } 341 342 343 347 String referrer = inReq.getRequestParameter("editingPath"); 348 Page epath = getPageManager().getPage(referrer); 349 if ( referrer == null 350 || referrer.indexOf( "/openedit") >= 0 351 || !epath.isHtml() 352 || !epath.exists()) 353 { 354 referrer = "/index.html"; 355 } 356 removeCookie(inReq); 357 inReq.redirect( referrer ); 358 } 359 360 protected void removeCookie(WebPageRequest inReq) 361 { 362 HttpServletResponse res = inReq.getResponse(); 363 if ( res!= null) 364 { 365 String home = (String )inReq.getPageValue("home"); 366 Cookie cookie = new Cookie (createCookieName(inReq),"none"); 367 cookie.setMaxAge(0); 368 cookie.setPath("/"); res.addCookie(cookie); 370 } 371 } 372 373 public void autoLogin(WebPageRequest inReq) throws OpenEditException 374 { 375 if ( inReq.getUser() != null) 376 { 377 return; 378 } 379 if (!inReq.getPage().isHtml() ) 380 { 381 return; } 383 readPasswordFromCookie(inReq); 384 } 385 386 public void autoLoginFromRequest(WebPageRequest inRequest) throws OpenEditException 387 { 388 String username = inRequest.getRequest().getRemoteUser(); 390 if( username != null) 391 { 392 User user = getUserManager().getUser(username); 393 if (user != null) 394 { 395 inRequest.putProtectedPageValue(PageRequestKeys.USER, user); 396 } 397 } 398 } 399 400 String createCookieName(WebPageRequest inReq) 401 { 402 String home = (String )inReq.getPageValue("home"); 403 return COOKIE+home+"Un1qu3_str1ng"; 404 } 405 406 boolean verifyCookieName(WebPageRequest inReq, Cookie inCookie) 407 { 408 return inCookie.getName().startsWith(createCookieName(inReq)); 409 } 410 411 protected void readPasswordFromCookie(WebPageRequest inReq) throws OpenEditException 412 { 413 HttpServletRequest req = inReq.getRequest(); 415 if ( req != null) 416 { 417 Cookie [] cookies = req.getCookies(); 418 if ( cookies != null) 419 { 420 for (int i = 0; i < cookies.length; i++) 421 { 422 Cookie cook = cookies[i]; 423 if ( cook.getName() != null && verifyCookieName(inReq, cook) ) 424 { 425 String uandpass = cook.getValue(); 426 if ( uandpass != null) 427 { 428 String [] units = uandpass.split("OEWITHOE"); 429 User user = getUserManager().getUser( units[0] ); 430 if ( user == null) 431 { 432 log.info("User " + units[0] + " not found."); 433 cook.setMaxAge(0); inReq.getResponse().addCookie(cook); 436 } 437 else 438 { 439 String encoded = units[1]; 440 String password = new StringEncrypter(StringEncrypter.DES_ENCRYPTION_SCHEME, KEY ).decrypt(encoded); 442 boolean ok = getUserManager().authenticate(user,password); 443 if ( ok ) 444 { 445 inReq.putSessionValue( "user", user ); 446 return; 447 } 448 else 449 { 450 log.info("Auto login did not work " + units[0] + " password " + password); 451 cook.setMaxAge(0); inReq.getResponse().addCookie(cook); 453 } 454 } 455 456 } 457 } 458 } 459 } 460 } 461 } 462 463 public void wrapDecoration(WebPageRequest inreq) 465 { 466 log.error("Please remove Decorate.wrapDecoration from your _site.xconf"); 467 } 468 public void insertDecoration(WebPageRequest inReq) throws Exception  469 { 470 log.error("Please remove Decorate.insertDecoration from your _site.xconf"); 471 483 } 484 485 public void forwardToSecureSocketsLayer(WebPageRequest inReq) 486 { 487 String host = inReq.getPage().get("hostName"); 488 String useSecure = inReq.getPage().get("useshttps"); 489 490 if (Boolean.parseBoolean(useSecure) && host != null && inReq.getRequest() != null) 491 { 492 if ( !inReq.getRequest().isSecure() ) 493 { 494 String path = "https://" + host + inReq.getPathUrl(); 495 log.info("Forward to address " + path); 496 inReq.redirect(path); 497 } 498 } 499 } 500 501 public void redirect(WebPageRequest inReq) 502 { 503 String path = inReq.getCurrentAction().getChildValue("redirectpath"); 504 if( path == null) 505 { 506 path = inReq.getPage().get("redirectpath"); 507 } 508 if (path != null && inReq.getRequest() != null) 509 { 510 URLUtilities utils = (URLUtilities)inReq.getPageValue(PageRequestKeys.URL_UTILITIES); 511 if( path.endsWith("/")) 512 { 513 path = path.substring(0,path.length()-1); 514 } 515 List host = inReq.getCurrentAction().getConfig().getChildren("host"); 516 if( host.size() > 0) 517 { 518 String server = utils.buildRoot(); boolean found = false; 520 for (Iterator iterator = host.iterator(); iterator.hasNext();) 521 { 522 Configuration conf = (Configuration) iterator.next(); 523 String hostval = conf.getValue(); 525 log.debug("Checking [" + server + "] starts with [" + hostval + "]"); 526 if( server.startsWith(hostval)) 527 { 528 found = true; 529 break; 530 } 531 } 532 if( !found) 533 { 534 log.info("Host did not match, was [" + server + "]"); 535 return; 536 } 537 } 538 int indestpath = path.indexOf("*"); if (indestpath > -1 ) 540 { 541 String begin = path.substring(0,indestpath); 545 String ending = inReq.getContentPage().getName(); 546 547 String redirectPath = begin + ending; if( !inReq.getPath().equals(redirectPath)) 549 { 550 inReq.redirectPermanently(redirectPath); 551 } 552 } 553 else if( path.startsWith("http")) 554 { 555 String fixedpath = path; 556 String domain = utils.siteRoot(); 557 if( domain.startsWith("https://") && !fixedpath.startsWith("https://") ) 558 { 559 fixedpath = "https://" + path.substring("https://".length()-1, path.length()); 560 } 561 if( !fixedpath.startsWith(domain) ) 562 { 563 if ( inReq.getContentPage().exists() ) 565 { 566 String newurl = fixedpath + utils.requestPathWithArguments(); 567 inReq.redirectPermanently(newurl); 568 } 569 else 570 { 571 inReq.redirectPermanently(fixedpath); 572 } 573 } 574 } 575 else 576 { 577 if( !inReq.getPath().equals(path)) 578 { 579 inReq.redirectPermanently(path); 580 } 581 } 582 } 583 } 584 585 public void redirectToOriginal(WebPageRequest inReq ) 586 { 587 String editPath = inReq.getRequestParameter("editPath"); 588 String orig = inReq.getRequestParameter("origURL"); 589 if( orig != null) 590 { 591 if ( orig.indexOf("?") == -1 && editPath != null) 592 { 593 inReq.redirect(orig + "?path=" + editPath + "&cache=false"); 594 } 595 else 596 { 597 inReq.redirect(orig); 598 } 599 } 600 else 601 { 602 } 604 } 605 606 public SendMailModule getSendMailModule() { 607 return sendMailModule; 608 } 609 610 public void setSendMailModule(SendMailModule sendMailModule) { 611 this.sendMailModule = sendMailModule; 612 } 613 614 615 616 } 617 | Popular Tags |