use of com.liferay.portal.UserIdException in project liferay-ide by liferay.
the class UserLocalServiceImpl method authenticate.
/**
* Attempts to authenticate the user by their login and password, while
* using the AuthPipeline.
*
* <p>
* Authentication type specifies what <code>login</code> contains.The valid
* values are:
* </p>
*
* <ul>
* <li>
* <code>CompanyConstants.AUTH_TYPE_EA</code> - <code>login</code> is the
* user's email address
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_SN</code> - <code>login</code> is the
* user's screen name
* </li>
* <li>
* <code>CompanyConstants.AUTH_TYPE_ID</code> - <code>login</code> is the
* user's primary key
* </li>
* </ul>
*
* @param companyId the primary key of the user's company
* @param login either the user's email address, screen name, or primary
* key depending on the value of <code>authType</code>
* @param password the user's password
* @param authType the type of authentication to perform
* @param headerMap the header map from the authentication request
* @param parameterMap the parameter map from the authentication request
* @param resultsMap the map of authentication results (may be nil). After
* a succesful authentication the user's primary key will be placed
* under the key <code>userId</code>.
* @return the authentication status. This can be {@link
* com.liferay.portal.security.auth.Authenticator#FAILURE}
* indicating that the user's credentials are invalid, {@link
* com.liferay.portal.security.auth.Authenticator#SUCCESS}
* indicating a successful login, or {@link
* com.liferay.portal.security.auth.Authenticator#DNE} indicating
* that a user with that login does not exist.
* @throws PortalException if <code>login</code> or <code>password</code>
* was <code>null</code>
* @throws SystemException if a system exception occurred
* @see com.liferay.portal.security.auth.AuthPipeline
*/
protected int authenticate(long companyId, String login, String password, String authType, Map<String, String[]> headerMap, Map<String, String[]> parameterMap, Map<String, Object> resultsMap) throws PortalException, SystemException {
if (PropsValues.AUTH_LOGIN_DISABLED) {
return Authenticator.FAILURE;
}
login = StringUtil.toLowerCase(login.trim());
long userId = GetterUtil.getLong(login);
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
if (Validator.isNull(login)) {
throw new UserEmailAddressException();
}
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
if (Validator.isNull(login)) {
throw new UserScreenNameException();
}
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
if (Validator.isNull(login)) {
throw new UserIdException();
}
}
if (Validator.isNull(password)) {
throw new UserPasswordException(UserPasswordException.PASSWORD_INVALID);
}
int authResult = Authenticator.FAILURE;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
authResult = AuthPipeline.authenticateByEmailAddress(PropsKeys.AUTH_PIPELINE_PRE, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
authResult = AuthPipeline.authenticateByScreenName(PropsKeys.AUTH_PIPELINE_PRE, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
authResult = AuthPipeline.authenticateByUserId(PropsKeys.AUTH_PIPELINE_PRE, companyId, userId, password, headerMap, parameterMap);
}
// Get user
User user = null;
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
user = fetchUserByEmailAddress(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
user = fetchUserByScreenName(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
user = userPersistence.fetchByPrimaryKey(GetterUtil.getLong(login));
}
if (user == null) {
return Authenticator.DNE;
}
if (user.isDefaultUser()) {
if (_log.isInfoEnabled()) {
_log.info("Authentication is disabled for the default user");
}
return Authenticator.DNE;
} else if (!user.isActive()) {
if (_log.isInfoEnabled()) {
_log.info("Authentication is disabled for inactive user " + user.getUserId());
}
return Authenticator.FAILURE;
}
if (!user.isPasswordEncrypted()) {
user.setPassword(PasswordEncryptorUtil.encrypt(user.getPassword()));
user.setPasswordEncrypted(true);
userPersistence.update(user);
}
// Check password policy to see if the is account locked out or if the
// password is expired
checkLockout(user);
checkPasswordExpired(user);
// Authenticate against the User_ table
boolean skipLiferayCheck = false;
if (authResult == Authenticator.SKIP_LIFERAY_CHECK) {
authResult = Authenticator.SUCCESS;
skipLiferayCheck = true;
} else if ((authResult == Authenticator.SUCCESS) && PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK) {
boolean authenticated = PwdAuthenticator.authenticate(login, password, user.getPassword());
if (authenticated) {
authResult = Authenticator.SUCCESS;
} else {
authResult = Authenticator.FAILURE;
}
}
if (authResult == Authenticator.SUCCESS) {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
authResult = AuthPipeline.authenticateByEmailAddress(PropsKeys.AUTH_PIPELINE_POST, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
authResult = AuthPipeline.authenticateByScreenName(PropsKeys.AUTH_PIPELINE_POST, companyId, login, password, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
authResult = AuthPipeline.authenticateByUserId(PropsKeys.AUTH_PIPELINE_POST, companyId, userId, password, headerMap, parameterMap);
}
}
if (authResult == Authenticator.SUCCESS) {
if (resultsMap != null) {
resultsMap.put("userId", user.getUserId());
}
if (skipLiferayCheck || !PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK || Validator.isNull(user.getDigest())) {
String digest = user.getDigest(password);
user.setDigest(digest);
userPersistence.update(user);
}
}
if (authResult == Authenticator.FAILURE) {
try {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
AuthPipeline.onFailureByEmailAddress(PropsKeys.AUTH_FAILURE, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
AuthPipeline.onFailureByScreenName(PropsKeys.AUTH_FAILURE, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
AuthPipeline.onFailureByUserId(PropsKeys.AUTH_FAILURE, companyId, userId, headerMap, parameterMap);
}
user = userPersistence.fetchByPrimaryKey(user.getUserId());
if (user == null) {
return Authenticator.DNE;
}
if (!LDAPSettingsUtil.isPasswordPolicyEnabled(user.getCompanyId())) {
PasswordPolicy passwordPolicy = user.getPasswordPolicy();
user = userPersistence.fetchByPrimaryKey(user.getUserId());
int failedLoginAttempts = user.getFailedLoginAttempts();
int maxFailures = passwordPolicy.getMaxFailure();
if ((failedLoginAttempts >= maxFailures) && (maxFailures != 0)) {
if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
AuthPipeline.onMaxFailuresByEmailAddress(PropsKeys.AUTH_MAX_FAILURES, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
AuthPipeline.onMaxFailuresByScreenName(PropsKeys.AUTH_MAX_FAILURES, companyId, login, headerMap, parameterMap);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
AuthPipeline.onMaxFailuresByUserId(PropsKeys.AUTH_MAX_FAILURES, companyId, userId, headerMap, parameterMap);
}
}
}
} catch (Exception e) {
_log.error(e, e);
}
}
return authResult;
}
Aggregations