Example 1 with PasswordClass
use of com.xpn.xwiki.objects.classes.PasswordClass in project xwiki-platform by xwiki.
the class XWikiAuthServiceImpl method checkPassword.
protected boolean checkPassword(String username, String password, XWikiContext context) throws XWikiException {
long time = System.currentTimeMillis();
try {
boolean result = false;
final XWikiDocument doc = context.getWiki().getDocument(username, context);
final BaseObject userObject = doc.getXObject(USERCLASS_REFERENCE);
// We only allow empty password from users having a XWikiUsers object.
if (userObject != null) {
final String stored = userObject.getStringValue("password");
result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored);
}
if (LOGGER.isDebugEnabled()) {
if (result) {
LOGGER.debug("Password check for user " + username + " successful");
} else {
LOGGER.debug("Password check for user " + username + " failed");
}
LOGGER.debug((System.currentTimeMillis() - time) + " milliseconds spent validating password.");
}
return result;
} catch (Throwable e) {
LOGGER.error("Failed to check password", e);
return false;
}
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
PasswordClass(com.xpn.xwiki.objects.classes.PasswordClass)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 2 with PasswordClass
use of com.xpn.xwiki.objects.classes.PasswordClass in project xwiki-platform by xwiki.
the class XWiki method validateUser.
public int validateUser(boolean withConfirmEmail, XWikiContext context) throws XWikiException {
try {
XWikiRequest request = context.getRequest();
// Get the user document
String username = convertUsername(request.getParameter("xwikiname"), context);
if (username.indexOf('.') == -1) {
username = "XWiki." + username;
}
XWikiDocument userDocument = getDocument(username, context);
// Get the stored validation key
BaseObject userObject = userDocument.getObject("XWiki.XWikiUsers", 0);
String storedKey = userObject.getStringValue("validkey");
// Get the validation key from the URL
String validationKey = request.getParameter("validkey");
PropertyInterface validationKeyClass = getClass("XWiki.XWikiUsers", context).get("validkey");
if (validationKeyClass instanceof PasswordClass) {
validationKey = ((PasswordClass) validationKeyClass).getEquivalentPassword(storedKey, validationKey);
}
// Compare the two keys
if ((!storedKey.equals("") && (storedKey.equals(validationKey)))) {
userObject.setIntValue("active", 1);
saveDocument(userDocument, context);
if (withConfirmEmail) {
String email = userObject.getStringValue("email");
String password = userObject.getStringValue("password");
sendValidationEmail(username, password, email, request.getParameter("validkey"), "confirmation_email_content", context);
}
return 0;
} else {
return -1;
}
} catch (Exception e) {
LOGGER.error(e.getMessage(), e);
throw new XWikiException(XWikiException.MODULE_XWIKI_APP, XWikiException.ERROR_XWIKI_APP_VALIDATE_USER, "Exception while validating user", e, null);
}
}
Also used :
XWikiRequest(com.xpn.xwiki.web.XWikiRequest)
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
PropertyInterface(com.xpn.xwiki.objects.PropertyInterface)
PasswordClass(com.xpn.xwiki.objects.classes.PasswordClass)
ParseGroovyFromString(com.xpn.xwiki.internal.render.groovy.ParseGroovyFromString)
IncludeServletAsString(com.xpn.xwiki.web.includeservletasstring.IncludeServletAsString)
WikiManagerException(org.xwiki.wiki.manager.WikiManagerException)
IOException(java.io.IOException)
JobException(org.xwiki.job.JobException)
ParseException(org.xwiki.rendering.parser.ParseException)
QueryException(org.xwiki.query.QueryException)
URIException(org.apache.commons.httpclient.URIException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
HibernateException(org.hibernate.HibernateException)
ComponentLookupException(org.xwiki.component.manager.ComponentLookupException)
NamingException(javax.naming.NamingException)
FileNotFoundException(java.io.FileNotFoundException)
MalformedURLException(java.net.MalformedURLException)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Example 3 with PasswordClass
use of com.xpn.xwiki.objects.classes.PasswordClass in project xwiki-platform by xwiki.
the class User method checkPassword.
/**
* Check if the password passed as argument is the user password. This method is used when a user wants to change
* its password. To make sure that it wouldn't be used to perform brute force attacks, we ensure that this is only
* used to check the current user password on its profile page.
*
* @param password Password submitted.
* @return true if password is really the user password.
* @throws XWikiException error if authorization denied.
*/
public boolean checkPassword(String password) throws XWikiException {
EntityReference userReference = REFERENCE_RESOLVER.resolve(this.user.getUser());
EntityReference docReference = getXWikiContext().getDoc().getDocumentReference();
if (userReference.equals(getXWikiContext().getUserReference()) && userReference.equals(docReference)) {
try {
boolean result = false;
XWikiDocument userDoc = getXWikiContext().getWiki().getDocument(userReference, getXWikiContext());
BaseObject obj = userDoc.getXObject(USERCLASS_REFERENCE);
// We only allow empty password from users having a XWikiUsers object.
if (obj != null) {
final String stored = obj.getStringValue("password");
result = new PasswordClass().getEquivalentPassword(stored, password).equals(stored);
}
return result;
} catch (Throwable e) {
LOGGER.error("Failed to check password", e);
return false;
}
} else {
throw new XWikiException(XWikiException.MODULE_XWIKI_ACCESS, XWikiException.ERROR_XWIKI_ACCESS_DENIED, "You cannot use this method for checking another user password.", null);
}
}
Also used :
XWikiDocument(com.xpn.xwiki.doc.XWikiDocument)
PasswordClass(com.xpn.xwiki.objects.classes.PasswordClass)
EntityReference(org.xwiki.model.reference.EntityReference)
XWikiException(com.xpn.xwiki.XWikiException)
BaseObject(com.xpn.xwiki.objects.BaseObject)
Aggregations
XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)3
BaseObject (com.xpn.xwiki.objects.BaseObject)3
PasswordClass (com.xpn.xwiki.objects.classes.PasswordClass)3
XWikiException (com.xpn.xwiki.XWikiException)1
ParseGroovyFromString (com.xpn.xwiki.internal.render.groovy.ParseGroovyFromString)1
PropertyInterface (com.xpn.xwiki.objects.PropertyInterface)1
XWikiRequest (com.xpn.xwiki.web.XWikiRequest)1
IncludeServletAsString (com.xpn.xwiki.web.includeservletasstring.IncludeServletAsString)1
FileNotFoundException (java.io.FileNotFoundException)1
IOException (java.io.IOException)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
MalformedURLException (java.net.MalformedURLException)1
NamingException (javax.naming.NamingException)1
URIException (org.apache.commons.httpclient.URIException)1
HibernateException (org.hibernate.HibernateException)1
ComponentLookupException (org.xwiki.component.manager.ComponentLookupException)1
JobException (org.xwiki.job.JobException)1
EntityReference (org.xwiki.model.reference.EntityReference)1
QueryException (org.xwiki.query.QueryException)1
ParseException (org.xwiki.rendering.parser.ParseException)1
