zallery/src/zall/manager/AuthenticationManager.java

package zall.manager;

import zall.bean.Folder;
import zall.bean.Media;
import zall.bean.User;
import zall.util.ServletUtil;
import zutil.Hasher;
import zutil.db.DBConnection;
import zutil.log.LogUtil;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.util.logging.Logger;


/**
 *
 */
public class AuthenticationManager {
    private static final Logger logger = LogUtil.getLogger();

    public static final String SESSION_KEY_USER      = "zall_user";
    public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
    public static final long   SESSION_TIMEOUT       = 1000*60*60*24*3; // 3day


    /**
     * Authenticate a username and password and return the associated Uaer object
     */
    public static User authenticate(DBConnection db, String email, String password) throws SQLException {
        User user = User.load(db, email);

        // Valid email?
        if( user != null ){
            if (user.getPassword().equals(Hasher.MD5(password))) {
                userAuthenticated(db, user, User.AuthType.USER_INPUT);
                return user;
            }
        }
        return null;
    }

    /**
     * Uses a cookie to authenticate a user,
     *
     * @return a user object or null authentications fails
     */
    public static User authenticate(DBConnection db, HttpServletRequest request) throws SQLException{
        String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
        User user = User.loadBySessionHash(db, sessionHash);

        if( user != null &&
                user.getIpHost().equals(request.getRemoteAddr()) &&
                user.getLoginDate().getTime() + SESSION_TIMEOUT > System.currentTimeMillis()){
            userAuthenticated(db, user, User.AuthType.COOKIE);
            return user;
        }
        return null;
    }

    private static void userAuthenticated(DBConnection db, User user, User.AuthType authType) throws SQLException {
        user.setLoginDate(new Timestamp(System.currentTimeMillis()));
        user.setAuthBy(authType);
        user.save(db);
        logger.info("User(" + user.getName() + ") authenticated by " + user.getAuthBy());
    }

    /**
     * @return the User associated with the provided session.
     */
    public static User getUserSession(HttpSession session) {
        return (User) session.getAttribute(SESSION_KEY_USER);
    }
    public static void setUserSession(User user, HttpSession session) {
        session.setAttribute(SESSION_KEY_USER, user);
    }
    public static void rmUserSession(HttpSession session) {
        session.removeAttribute(SESSION_KEY_USER);
    }

    /**
     * @return true if the user has a isValid authentication session
     */
    public static boolean isValid(User user, HttpServletRequest request) {
        if(user == null)
            return false;
        if(!user.isEnabled())
            return false;
        if(user.getSessionHash() == null || user.getSessionHash().isEmpty() )
            return false;

        switch(user.getAuthBy()){
            case USER_INPUT:
                if (!user.isEmailVerified()) return false;
            case COOKIE:
                String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
                return user.getSessionHash().equals(sessionHash) &&
                        user.getIpHost().equals(request.getRemoteAddr());
        }
        return false;
    }

    /**
     * @return true if the specified user can edit the media
     */
    public static boolean canEdit(User user, Media target) {
        return target != null && (user.isSuperUser() || target.getUser().equals(user));
    }
    /**
     * @return true if the specified user can edit the media
     */
    public static boolean canEdit(User user, Folder target) {
        return target != null && (user.isSuperUser() || user.equals( target.getUser() ));
    }
    /**
     * @return true if the specified user can edit the profile of the other user
     */
    public static boolean canEdit(User user, User target){
        return user.equals( target ) || user.isSuperUser();
    }


    /**
     * Reset the user authentication. In plain word: logout user.
     */
    public static void reset(DBConnection db, User user) throws SQLException {
        user.setSessionHash(null);
        user.save(db);
    }

}
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`package zall.manager;`

			`import zall.bean.Folder;`
			`import zall.bean.Media;`
			`import zall.bean.User;`
Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`import zall.util.ServletUtil;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import zutil.Hasher;`
			`import zutil.db.DBConnection;`
			`import zutil.log.LogUtil;`

			`import javax.servlet.http.HttpServletRequest;`
fixed most compilation errors 2018-07-24 16:23:53 +02:00			`import javax.servlet.http.HttpSession;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import java.sql.SQLException;`
Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`import java.sql.Timestamp;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import java.util.logging.Logger;`
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00
fixed most compilation errors 2018-07-24 16:23:53 +02:00
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`/**`
			`*`
			`*/`
			`public class AuthenticationManager {`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`private static final Logger logger = LogUtil.getLogger();`

Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`public static final String SESSION_KEY_USER = "zall_user";`
			`public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";`
			`public static final long SESSION_TIMEOUT = 10006060243; // 3day`


Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`/**`
			`* Authenticate a username and password and return the associated Uaer object`
			`*/`
			`public static User authenticate(DBConnection db, String email, String password) throws SQLException {`
			`User user = User.load(db, email);`

			`// Valid email?`
			`if( user != null ){`
			`if (user.getPassword().equals(Hasher.MD5(password))) {`
Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`userAuthenticated(db, user, User.AuthType.USER_INPUT);`
			`return user;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`}`
			`}`
Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`return null;`
			`}`

			`/**`
			`* Uses a cookie to authenticate a user,`
			`*`
			`* @return a user object or null authentications fails`
			`*/`
			`public static User authenticate(DBConnection db, HttpServletRequest request) throws SQLException{`
			`String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);`
			`User user = User.loadBySessionHash(db, sessionHash);`

			`if( user != null &&`
			`user.getIpHost().equals(request.getRemoteAddr()) &&`
			`user.getLoginDate().getTime() + SESSION_TIMEOUT > System.currentTimeMillis()){`
			`userAuthenticated(db, user, User.AuthType.COOKIE);`
			`return user;`
			`}`
			`return null;`
			`}`

			`private static void userAuthenticated(DBConnection db, User user, User.AuthType authType) throws SQLException {`
			`user.setLoginDate(new Timestamp(System.currentTimeMillis()));`
			`user.setAuthBy(authType);`
			`user.save(db);`
			`logger.info("User(" + user.getName() + ") authenticated by " + user.getAuthBy());`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`}`

fixed most compilation errors 2018-07-24 16:23:53 +02:00			`/**`
			`* @return the User associated with the provided session.`
			`*/`
			`public static User getUserSession(HttpSession session) {`
			`return (User) session.getAttribute(SESSION_KEY_USER);`
			`}`
			`public static void setUserSession(User user, HttpSession session) {`
			`session.setAttribute(SESSION_KEY_USER, user);`
			`}`
			`public static void rmUserSession(HttpSession session) {`
			`session.removeAttribute(SESSION_KEY_USER);`
			`}`

Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`/**`
updated email templates 2018-07-25 15:36:57 +02:00			`* @return true if the user has a isValid authentication session`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`*/`
updated email templates 2018-07-25 15:36:57 +02:00			`public static boolean isValid(User user, HttpServletRequest request) {`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`if(user == null)`
			`return false;`
			`if(!user.isEnabled())`
			`return false;`
			`if(user.getSessionHash() == null \|\| user.getSessionHash().isEmpty() )`
			`return false;`

fixed most compilation errors 2018-07-24 16:23:53 +02:00			`switch(user.getAuthBy()){`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`case USER_INPUT:`
			`if (!user.isEmailVerified()) return false;`
			`case COOKIE:`
Added URI fields and added cookie authentication 2018-07-27 15:29:00 +02:00			`String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);`
			`return user.getSessionHash().equals(sessionHash) &&`
fixed most compilation errors 2018-07-24 16:23:53 +02:00			`user.getIpHost().equals(request.getRemoteAddr());`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`}`
			`return false;`
			`}`
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00
			`/**`
			`* @return true if the specified user can edit the media`
			`*/`
			`public static boolean canEdit(User user, Media target) {`
			`return target != null && (user.isSuperUser() \|\| target.getUser().equals(user));`
			`}`
			`/**`
			`* @return true if the specified user can edit the media`
			`*/`
			`public static boolean canEdit(User user, Folder target) {`
			`return target != null && (user.isSuperUser() \|\| user.equals( target.getUser() ));`
			`}`
			`/**`
			`* @return true if the specified user can edit the profile of the other user`
			`*/`
			`public static boolean canEdit(User user, User target){`
			`return user.equals( target ) \|\| user.isSuperUser();`
			`}`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00

			`/**`
			`* Reset the user authentication. In plain word: logout user.`
			`*/`
			`public static void reset(DBConnection db, User user) throws SQLException {`
			`user.setSessionHash(null);`
			`user.save(db);`
			`}`
fixed most compilation errors 2018-07-24 16:23:53 +02:00
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`}`