Added URI fields and added cookie authentication

2018-07-27 15:29:00 +02:00 · 2018-07-27 15:29:00 +02:00 · 8e56ff406a
commit 8e56ff406a
parent 99c67eaaba
16 changed files with 133 additions and 71 deletions
--- a/src/zall/manager/AuthenticationManager.java
+++ b/src/zall/manager/AuthenticationManager.java
@ -1,10 +1,9 @@
 package zall.manager;

-import zall.Zallery;
-import zall.ZalleryConstant;
 import zall.bean.Folder;
 import zall.bean.Media;
 import zall.bean.User;
+import zall.util.ServletUtil;
 import zutil.Hasher;
 import zutil.db.DBConnection;
 import zutil.log.LogUtil;
@ -12,9 +11,9 @@ import zutil.log.LogUtil;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.sql.SQLException;
+import java.sql.Timestamp;
 import java.util.logging.Logger;

-import static zall.ZalleryConstant.SESSION_KEY_USER;

 /**
 *
@ -22,23 +21,50 @@ import static zall.ZalleryConstant.SESSION_KEY_USER;
 public class AuthenticationManager {
    private static final Logger logger = LogUtil.getLogger();

+    public static final String SESSION_KEY_USER      = "zall_user";
+    public static final String SESSION_KEY_AUTH_HASH = "zall_ueser_session_hash";
+    public static final long   SESSION_TIMEOUT       = 1000*60*60*24*3; // 3day
+
+
    /**
     * Authenticate a username and password and return the associated Uaer object
     */
    public static User authenticate(DBConnection db, String email, String password) throws SQLException {
-        User authenticatedUser = null;
        User user = User.load(db, email);

        // Valid email?
        if( user != null ){
            if (user.getPassword().equals(Hasher.MD5(password))) {
-                authenticatedUser = user;
-                authenticatedUser.setAuthBy(User.AuthType.USER_INPUT);
-                authenticatedUser.save(db);
-                logger.info("User(" + authenticatedUser.getName() + ") authenticated by "+authenticatedUser.getAuthBy());
+                userAuthenticated(db, user, User.AuthType.USER_INPUT);
+                return user;
            }
        }
-        return authenticatedUser;
+        return null;
+    }
+
+    /**
+     * Uses a cookie to authenticate a user,
+     *
+     * @return a user object or null authentications fails
+     */
+    public static User authenticate(DBConnection db, HttpServletRequest request) throws SQLException{
+        String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
+        User user = User.loadBySessionHash(db, sessionHash);
+
+        if( user != null &&
+                user.getIpHost().equals(request.getRemoteAddr()) &&
+                user.getLoginDate().getTime() + SESSION_TIMEOUT > System.currentTimeMillis()){
+            userAuthenticated(db, user, User.AuthType.COOKIE);
+            return user;
+        }
+        return null;
+    }
+
+    private static void userAuthenticated(DBConnection db, User user, User.AuthType authType) throws SQLException {
+        user.setLoginDate(new Timestamp(System.currentTimeMillis()));
+        user.setAuthBy(authType);
+        user.save(db);
+        logger.info("User(" + user.getName() + ") authenticated by " + user.getAuthBy());
    }

    /**
@ -69,8 +95,8 @@ public class AuthenticationManager {
            case USER_INPUT:
                if (!user.isEmailVerified()) return false;
            case COOKIE:
-                String cookieHash = Zallery.getCookieValue(request.getCookies(), ZalleryConstant.SESSION_KEY_AUTH_HASH);
-                return user.getSessionHash().equals(cookieHash) &&
+                String sessionHash = ServletUtil.getCookieValue(request.getCookies(), SESSION_KEY_AUTH_HASH);
+                return user.getSessionHash().equals(sessionHash) &&
                        user.getIpHost().equals(request.getRemoteAddr());
        }
        return false;