Some progress on auth logic and cleanup of User class

2017-11-13 16:34:13 +01:00 · 2017-11-13 16:34:13 +01:00 · 26ab7c9dd9
commit 26ab7c9dd9
parent 58d4ab2f75
12 changed files with 370 additions and 110 deletions
--- a/src/zall/manager/AuthenticationManager.java
+++ b/src/zall/manager/AuthenticationManager.java
@ -1,13 +1,65 @@
 package zall.manager;

+import zall.Zallery;
+import zall.ZalleryConstant;
 import zall.bean.Folder;
 import zall.bean.Media;
 import zall.bean.User;
+import zall.util.msg.UserMessage;
+import zutil.Hasher;
+import zutil.db.DBConnection;
+import zutil.log.LogUtil;
+
+import javax.servlet.http.HttpServletRequest;
+import java.sql.SQLException;
+import java.util.logging.Logger;

 /**
 *
 */
 public class AuthenticationManager {
+    private static final Logger logger = LogUtil.getLogger();
+
+    /**
+     * Authenticate a username and password and return the associated Uaer object
+     */
+    public static User authenticate(DBConnection db, String email, String password) throws SQLException {
+        User authenticatedUser = null;
+        User user = User.load(db, email);
+
+        // Valid email?
+        if( user != null ){
+            if (user.getPassword().equals(Hasher.MD5(password))) {
+                authenticatedUser = user;
+                authenticatedUser.setAuthBy(User.AuthType.USER_INPUT);
+                authenticatedUser.save(db);
+                logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy());
+            }
+        }
+        return authenticatedUser;
+    }
+
+    /**
+     * @return true if the user has a valid authentication session
+     */
+    public static boolean valid(User user, HttpServletRequest request) {
+        if(user == null)
+            return false;
+        if(!user.isEnabled())
+            return false;
+        if(user.getSessionHash() == null || user.getSessionHash().isEmpty() )
+            return false;
+
+        switch( user.getAuthBy() ){
+            case USER_INPUT:
+                if (!user.isEmailVerified()) return false;
+            case COOKIE:
+                String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH);
+                return user.getSessionHash().equals(cookieHash) &&
+                        user.getIpHost().equals( request.getRemoteAddr() );
+        }
+        return false;
+    }

    /**
     * @return true if the specified user can edit the media
@ -27,4 +79,13 @@ public class AuthenticationManager {
    public static boolean canEdit(User user, User target){
        return user.equals( target ) || user.isSuperUser();
    }
+
+
+    /**
+     * Reset the user authentication. In plain word: logout user.
+     */
+    public static void reset(DBConnection db, User user) throws SQLException {
+        user.setSessionHash(null);
+        user.save(db);
+    }
 }