zallery/src/zall/manager/AuthenticationManager.java

package zall.manager;

import zall.Zallery;
import zall.ZalleryConstant;
import zall.bean.Folder;
import zall.bean.Media;
import zall.bean.User;
import zutil.Hasher;
import zutil.db.DBConnection;
import zutil.log.LogUtil;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.sql.SQLException;
import java.util.logging.Logger;

import static zall.ZalleryConstant.SESSION_KEY_USER;

/**
 *
 */
public class AuthenticationManager {
    private static final Logger logger = LogUtil.getLogger();

    /**
     * Authenticate a username and password and return the associated Uaer object
     */
    public static User authenticate(DBConnection db, String email, String password) throws SQLException {
        User authenticatedUser = null;
        User user = User.load(db, email);

        // Valid email?
        if( user != null ){
            if (user.getPassword().equals(Hasher.MD5(password))) {
                authenticatedUser = user;
                authenticatedUser.setAuthBy(User.AuthType.USER_INPUT);
                authenticatedUser.save(db);
                logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy());
            }
        }
        return authenticatedUser;
    }

    /**
     * @return the User associated with the provided session.
     */
    public static User getUserSession(HttpSession session) {
        return (User) session.getAttribute(SESSION_KEY_USER);
    }
    public static void setUserSession(User user, HttpSession session) {
        session.setAttribute(SESSION_KEY_USER, user);
    }
    public static void rmUserSession(HttpSession session) {
        session.removeAttribute(SESSION_KEY_USER);
    }

    /**
     * @return true if the user has a isValid authentication session
     */
    public static boolean isValid(User user, HttpServletRequest request) {
        if(user == null)
            return false;
        if(!user.isEnabled())
            return false;
        if(user.getSessionHash() == null || user.getSessionHash().isEmpty() )
            return false;

        switch(user.getAuthBy()){
            case USER_INPUT:
                if (!user.isEmailVerified()) return false;
            case COOKIE:
                String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH);
                return user.getSessionHash().equals(cookieHash) &&
                        user.getIpHost().equals(request.getRemoteAddr());
        }
        return false;
    }

    /**
     * @return true if the specified user can edit the media
     */
    public static boolean canEdit(User user, Media target) {
        return target != null && (user.isSuperUser() || target.getUser().equals(user));
    }
    /**
     * @return true if the specified user can edit the media
     */
    public static boolean canEdit(User user, Folder target) {
        return target != null && (user.isSuperUser() || user.equals( target.getUser() ));
    }
    /**
     * @return true if the specified user can edit the profile of the other user
     */
    public static boolean canEdit(User user, User target){
        return user.equals( target ) || user.isSuperUser();
    }


    /**
     * Reset the user authentication. In plain word: logout user.
     */
    public static void reset(DBConnection db, User user) throws SQLException {
        user.setSessionHash(null);
        user.save(db);
    }

}
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`package zall.manager;`

Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import zall.Zallery;`
			`import zall.ZalleryConstant;`
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`import zall.bean.Folder;`
			`import zall.bean.Media;`
			`import zall.bean.User;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import zutil.Hasher;`
			`import zutil.db.DBConnection;`
			`import zutil.log.LogUtil;`

			`import javax.servlet.http.HttpServletRequest;`
fixed most compilation errors 2018-07-24 16:23:53 +02:00			`import javax.servlet.http.HttpSession;`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`import java.sql.SQLException;`
			`import java.util.logging.Logger;`
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00
fixed most compilation errors 2018-07-24 16:23:53 +02:00			`import static zall.ZalleryConstant.SESSION_KEY_USER;`

Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`/**`
			`*`
			`*/`
			`public class AuthenticationManager {`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`private static final Logger logger = LogUtil.getLogger();`

			`/**`
			`* Authenticate a username and password and return the associated Uaer object`
			`*/`
			`public static User authenticate(DBConnection db, String email, String password) throws SQLException {`
			`User authenticatedUser = null;`
			`User user = User.load(db, email);`

			`// Valid email?`
			`if( user != null ){`
			`if (user.getPassword().equals(Hasher.MD5(password))) {`
			`authenticatedUser = user;`
			`authenticatedUser.setAuthBy(User.AuthType.USER_INPUT);`
			`authenticatedUser.save(db);`
			`logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy());`
			`}`
			`}`
			`return authenticatedUser;`
			`}`

fixed most compilation errors 2018-07-24 16:23:53 +02:00			`/**`
			`* @return the User associated with the provided session.`
			`*/`
			`public static User getUserSession(HttpSession session) {`
			`return (User) session.getAttribute(SESSION_KEY_USER);`
			`}`
			`public static void setUserSession(User user, HttpSession session) {`
			`session.setAttribute(SESSION_KEY_USER, user);`
			`}`
			`public static void rmUserSession(HttpSession session) {`
			`session.removeAttribute(SESSION_KEY_USER);`
			`}`

Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`/**`
updated email templates 2018-07-25 15:36:57 +02:00			`* @return true if the user has a isValid authentication session`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`*/`
updated email templates 2018-07-25 15:36:57 +02:00			`public static boolean isValid(User user, HttpServletRequest request) {`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`if(user == null)`
			`return false;`
			`if(!user.isEnabled())`
			`return false;`
			`if(user.getSessionHash() == null \|\| user.getSessionHash().isEmpty() )`
			`return false;`

fixed most compilation errors 2018-07-24 16:23:53 +02:00			`switch(user.getAuthBy()){`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`case USER_INPUT:`
			`if (!user.isEmailVerified()) return false;`
			`case COOKIE:`
			`String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH);`
			`return user.getSessionHash().equals(cookieHash) &&`
fixed most compilation errors 2018-07-24 16:23:53 +02:00			`user.getIpHost().equals(request.getRemoteAddr());`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00			`}`
			`return false;`
			`}`
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00
			`/**`
			`* @return true if the specified user can edit the media`
			`*/`
			`public static boolean canEdit(User user, Media target) {`
			`return target != null && (user.isSuperUser() \|\| target.getUser().equals(user));`
			`}`
			`/**`
			`* @return true if the specified user can edit the media`
			`*/`
			`public static boolean canEdit(User user, Folder target) {`
			`return target != null && (user.isSuperUser() \|\| user.equals( target.getUser() ));`
			`}`
			`/**`
			`* @return true if the specified user can edit the profile of the other user`
			`*/`
			`public static boolean canEdit(User user, User target){`
			`return user.equals( target ) \|\| user.isSuperUser();`
			`}`
Some progress on auth logic and cleanup of User class 2017-11-13 16:34:13 +01:00

			`/**`
			`* Reset the user authentication. In plain word: logout user.`
			`*/`
			`public static void reset(DBConnection db, User user) throws SQLException {`
			`user.setSessionHash(null);`
			`user.save(db);`
			`}`
fixed most compilation errors 2018-07-24 16:23:53 +02:00
Initial impl of Authenticator and jsp files 2017-10-19 15:46:38 +02:00			`}`