Fixed authentication
This commit is contained in:
parent
87bd924e8d
commit
80b46fbc1f
3 changed files with 54 additions and 31 deletions
|
|
@ -64,7 +64,7 @@ CREATE TABLE `User` (
|
|||
`passwordSalt` varchar(5) DEFAULT NULL,
|
||||
`ipHost` varchar(20) DEFAULT NULL,
|
||||
`loginDate` datetime DEFAULT NULL,
|
||||
`cookieHash` varchar(32) DEFAULT NULL,
|
||||
`cookieHash` varchar(42) DEFAULT NULL,
|
||||
`superUser` tinyint(1) NOT NULL,
|
||||
`enabled` tinyint(1) NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
||||
|
|
|
|||
|
|
@ -10,8 +10,7 @@ public interface ZalleryConstants {
|
|||
/** Session Constants **/
|
||||
|
||||
public static final String SESSION_KEY_USER_MSG = "zall_user_message";
|
||||
public static final String SESSION_KEY_USER = "zall_user";
|
||||
public static final String SESSION_KEY_AUTH_HASH = "zall_user_session_hash";
|
||||
public static final String SESSION_KEY_USER_OBJ = "zall_user";
|
||||
public static final long SESSION_TIMEOUT = 3*24*60*60*1000; // 2 day
|
||||
|
||||
/** Cookie Constants **/
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
package zall.manager;
|
||||
|
||||
import zall.ZalleryConstants;
|
||||
import zall.bean.Folder;
|
||||
import zall.bean.Media;
|
||||
import zall.bean.User;
|
||||
|
|
@ -53,7 +52,7 @@ public class AuthenticationManager {
|
|||
* @return a user object or null authentications fails
|
||||
*/
|
||||
public static User authenticate(DBConnection db, HttpServletRequest request, HttpServletResponse response) throws SQLException {
|
||||
String cookieHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
|
||||
String cookieHash = ServletUtil.getCookieValue(request.getCookies(), COOKIE_KEY_USER_HASH);
|
||||
if (cookieHash != null) {
|
||||
User user = User.loadByCookieHash(db, cookieHash);
|
||||
|
||||
|
|
@ -76,7 +75,7 @@ public class AuthenticationManager {
|
|||
user.setLoginDate(new Timestamp(System.currentTimeMillis()));
|
||||
user.setAuthBy(authType);
|
||||
user.setIpHost(request.getRemoteAddr());
|
||||
user.setCookieHash(Double.toHexString(Math.random()));
|
||||
user.setCookieHash(Hasher.SHA1(Math.random()));
|
||||
user.save(db);
|
||||
|
||||
setUserSession(user, request.getSession());
|
||||
|
|
@ -86,41 +85,64 @@ public class AuthenticationManager {
|
|||
response.addCookie(c);
|
||||
}
|
||||
|
||||
logger.info("User(" + user.getEmail() + ") authenticated by " + user.getAuthBy());
|
||||
logger.info("User(" + user.getEmail() + ") successfully authenticated by " + user.getAuthBy());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the User associated with the provided session.
|
||||
*/
|
||||
public static User getUserSession(HttpSession session) {
|
||||
return (User) session.getAttribute(SESSION_KEY_USER);
|
||||
return (User) session.getAttribute(SESSION_KEY_USER_OBJ);
|
||||
}
|
||||
|
||||
public static void setUserSession(User user, HttpSession session) {
|
||||
session.setAttribute(SESSION_KEY_USER, user);
|
||||
session.setAttribute(SESSION_KEY_USER_OBJ, user);
|
||||
}
|
||||
|
||||
public static void rmUserSession(HttpSession session) {
|
||||
session.removeAttribute(SESSION_KEY_USER);
|
||||
session.removeAttribute(SESSION_KEY_USER_OBJ);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if the user has a isValid authentication session
|
||||
* @return true if the user has correctly been authenticated
|
||||
*/
|
||||
public static boolean isValid(User user, HttpServletRequest request) {
|
||||
if(user == null)
|
||||
if (user == null) {
|
||||
logger.fine("Invalid user, user is null.");
|
||||
return false;
|
||||
if(!user.isEnabled())
|
||||
return false;
|
||||
if(user.getCookieHash() == null || user.getCookieHash().isEmpty() )
|
||||
}
|
||||
if (!user.isEnabled()) {
|
||||
logger.fine("Invalid user(" + user.getEmail() + "), user disabled.");
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (user.getAuthBy()) {
|
||||
case USER_INPUT:
|
||||
if (!user.isEmailVerified()) return false;
|
||||
case COOKIE:
|
||||
String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
|
||||
return user.getCookieHash().equals(sessionHash) &&
|
||||
user.getIpHost().equals(request.getRemoteAddr());
|
||||
if (!user.isEmailVerified()) {
|
||||
logger.fine("Invalid user(" + user.getEmail() + "), email not verified");
|
||||
return false;
|
||||
}
|
||||
case COOKIE:
|
||||
if (user.getCookieHash() == null || user.getCookieHash().isEmpty()) {
|
||||
logger.fine("Invalid user(" + user.getEmail() + "), null or empty cookie hash.");
|
||||
return false;
|
||||
}
|
||||
String cookieHash = ServletUtil.getCookieValue(request.getCookies(), COOKIE_KEY_USER_HASH);
|
||||
if (!user.getCookieHash().equals(cookieHash)) {
|
||||
logger.fine("Invalid user(" + user.getEmail() + "), " +
|
||||
"cookie hash not matching, (server) " + user.getCookieHash() + " == (user) " + cookieHash + ".");
|
||||
return false;
|
||||
}
|
||||
if (!user.getIpHost().equals(request.getRemoteAddr())) {
|
||||
logger.fine("Invalid user(" + user.getEmail() + "), " +
|
||||
"ip host not matching, (server) " + user.getIpHost() + " == (user) " + request.getRemoteAddr() + ".");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
default:
|
||||
logger.severe("Unknown user authentication type: " + user.getAuthBy());
|
||||
}
|
||||
logger.severe("Invalid user.");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -130,12 +152,14 @@ public class AuthenticationManager {
|
|||
public static boolean canEdit(User user, Media target) {
|
||||
return target != null && (user.isSuperUser() || target.getUser().equals(user));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if the specified user can edit the media
|
||||
*/
|
||||
public static boolean canEdit(User user, Folder target) {
|
||||
return target != null && (user.isSuperUser() || user.equals(target.getUser()));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if the specified user can edit the profile of the other user
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue