/projects/compiere-330/base/src/org/compiere/util/WebLogin.java
Java | 712 lines | 480 code | 62 blank | 170 comment | 124 complexity | 6bbae67be1ff903021cc11baf7070e39 MD5 | raw file
1/******************************************************************************
2 * Product: Compiere ERP & CRM Smart Business Solution *
3 * Copyright (C) 1999-2007 ComPiere, Inc. All Rights Reserved. *
4 * This program is free software, you can redistribute it and/or modify it *
5 * under the terms version 2 of the GNU General Public License as published *
6 * by the Free Software Foundation. This program is distributed in the hope *
7 * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
8 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
9 * See the GNU General Public License for more details. *
10 * You should have received a copy of the GNU General Public License along *
11 * with this program, if not, write to the Free Software Foundation, Inc., *
12 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. *
13 * For the text or an alternative of this public license, you may reach us *
14 * ComPiere, Inc., 3600 Bridge Parkway #102, Redwood City, CA 94065, USA *
15 * or via info@compiere.org or http://www.compiere.org/license.html *
16 *****************************************************************************/
17package org.compiere.util;
18
19import java.io.*;
20import java.util.logging.*;
21
22import javax.servlet.*;
23import javax.servlet.http.*;
24
25import org.compiere.model.*;
26
27
28/**
29 * WebLogin provides a standard interface to login
30 * from Webapps like WStore or CM
31 *
32 * @author Yves Sandfort, Jorg Janke
33 * @version $Id$
34 */
35public class WebLogin
36{
37 /** Logger */
38 private static CLogger log = CLogger.getCLogger(WebLogin.class);
39
40 private final static String COOKIE_NAME = "CompiereWebUser";
41
42 /** Forward Parameter */
43 private String P_ForwardTo = "ForwardTo";
44 /** SalesRep Parameter */
45 private String P_SalesRep_ID = "SalesRep_ID";
46 /** EMail Parameter */
47 private String P_EMail = "EMail";
48 /** Password Parameter */
49 private String P_Password = "Password";
50 /** Mode/Action Parameter */
51 private String P_Action = "Mode";
52
53 /** Login Page */
54 private String m_login_page = "/login.jsp";
55 /** Update Page */
56 private String m_update_page = "/update.jsp";
57
58 /** Message */
59 private String m_message = null;
60 /** Context */
61 private Ctx m_ctx;
62 /** HttpServletRequest */
63 private HttpServletRequest m_request;
64 /** HttpServletResponse */
65 private HttpServletResponse m_response;
66 /** HttpSession */
67 private HttpSession m_session;
68 /** adressConfirm */
69 private boolean m_addressConfirm;
70 /** forward */
71 private String m_forward;
72 /** SalesRep */
73 private String m_salesRep;
74 /** EMail */
75 private String m_email;
76 /** Password */
77 private String m_password;
78 /** WebUser */
79 private WebUser m_wu;
80 /** Mode */
81 private String m_mode;
82
83 /**
84 * WebLogin
85 * @param t_request
86 * @param t_response
87 * @param t_ctx
88 */
89 public WebLogin (HttpServletRequest t_request, HttpServletResponse t_response, Ctx t_ctx)
90 {
91 m_request = t_request;
92 m_response = t_response;
93 m_ctx = t_ctx;
94 // We will check the Request to see whether Parameters are overwritten
95 if (m_request.getParameter ("P_ForwardTo")!=null)
96 setP_ForwardTo (m_request.getParameter("P_ForwardTo"));
97 if (m_request.getParameter ("SalesRep_ID")!=null)
98 setP_SalesRep_ID (m_request.getParameter ("SalesRep_ID"));
99 if (m_request.getParameter ("P_EMail")!=null)
100 setP_EMail (m_request.getParameter ("P_EMail"));
101 if (m_request.getParameter ("P_Password")!=null)
102 setP_Password (m_request.getParameter ("P_Password"));
103 if (m_request.getParameter ("P_Action")!=null)
104 setP_Action (m_request.getParameter ("P_Action"));
105 if (m_request.getParameter ("LOGIN_RelURL")!=null)
106 setLogin_RelURL (m_request.getParameter ("LOGIN_RelURL"));
107 if (m_request.getParameter ("update_page")!=null)
108 setLogin_RelURL (m_request.getParameter ("update_page"));
109 } // WebLogin
110
111 /**
112 * Init will initialize the WebLogin Object for further use
113 * @return true if init was successfull
114 */
115 public boolean init()
116 {
117 m_session = m_request.getSession(true); // create new
118 m_forward = WebUtil.getParameter (m_request, P_ForwardTo); // get forward from request
119 if (m_forward != null)
120 m_session.setAttribute(P_ForwardTo, m_forward);
121 else
122 m_forward = "";
123 m_salesRep = WebUtil.getParameter (m_request, P_SalesRep_ID); // get SalesRep from request
124 if (m_salesRep != null)
125 m_session.setAttribute(P_SalesRep_ID, m_salesRep);
126
127 // Get Base Info
128 m_email = WebUtil.getParameter (m_request, P_EMail);
129 if (m_email == null)
130 m_email = "";
131 m_email = m_email.trim();
132 if (m_email != null)
133 m_session.setAttribute (P_EMail, m_email);
134 m_password = WebUtil.getParameter (m_request, P_Password);
135 if (m_password == null)
136 m_password = ""; // null loads w/o check
137 m_password = m_password.trim();
138 if (m_session.getAttribute (WebInfo.NAME)!=null)
139 {
140 WebInfo wi = (WebInfo)m_session.getAttribute(WebInfo.NAME);
141 m_wu = wi.getWebUser ();
142 }
143 return true;
144 } // init
145
146 /**
147 * Action run functions against the Login process.
148 * @return true if successful
149 * @throws IOException
150 * @throws ServletException
151 */
152 public boolean action() throws IOException, ServletException
153 {
154 // Mode
155 if (getMode() == null)
156 {
157 String mode = WebUtil.getParameter (m_request, P_Action);
158 setMode(mode);
159 if (mode == null || mode.equals("null"))
160 return false;
161 }
162 boolean deleteCookie = "deleteCookie".equals(m_mode);
163 if (deleteCookie)
164 {
165 log.fine("** deleteCookie");
166 WebUtil.deleteCookieWebUser (m_request, m_response, COOKIE_NAME);
167 }
168 //
169 boolean logout = "logout".equals(m_mode);
170 if (logout || deleteCookie)
171 {
172 log.fine("** logout");
173 if (m_session != null)
174 {
175 MSession cSession = MSession.get (m_ctx);
176 if (cSession != null)
177 cSession.logout();
178 m_session.removeAttribute("AD_Session_ID");
179 //
180 m_wu = (WebUser)m_session.getAttribute(WebUser.NAME);
181 if (m_wu != null)
182 m_wu.logout();
183
184 m_session.removeAttribute(WebUser.NAME);
185 m_session.setMaxInactiveInterval(1);
186 m_session.invalidate ();
187 }
188 // Forward to unsecure /
189 WebUtil.createForwardPage(m_response, "Logout", "http://" + m_request.getServerName() + "/", 2);
190 }
191 // Send EMail *** Send Password EMail Request
192 else if ("SendEMail".equals(m_mode))
193 {
194 log.info("** send mail");
195 m_wu = WebUser.get (m_ctx, m_email); // find it
196 if (!m_wu.isEMailValid())
197 m_wu.setPasswordMessage("EMail not found in system");
198 else
199 {
200 m_wu.setPassword(); // set password to current
201 //
202 String msg = WebUtil.sendEMail (m_request, m_wu,
203 X_W_MailMsg.MAILMSGTYPE_UserPassword, new Object[]{
204 m_request.getServerName(),
205 m_wu.getName(),
206 WebUtil.getFrom(m_request),
207 m_wu.getPassword()});
208 if (EMail.SENT_OK.equals(msg))
209 m_wu.setPasswordMessage ("EMail sent");
210 else
211 m_wu.setPasswordMessage ("Problem sending EMail: " + msg);
212 }
213 m_forward = getLogin_RelURL ();
214 } // SendEMail
215 // Login
216 else if ("Login".equals(m_mode))
217 {
218 log.info("** login " + m_email + "/" + m_password);
219 // add Cookie
220 WebUtil.addCookieWebUser(m_request, m_response, m_email, COOKIE_NAME);
221
222 // Always re-query
223 m_wu = WebUser.get (m_ctx, m_email, m_password, false);
224 m_wu.login(m_password);
225 // Password valid
226 if (m_wu.isLoggedIn())
227 {
228 if (m_forward==null || m_forward.equals(getLogin_RelURL ()))
229 m_forward = "/index.jsp";
230 // Create Session with User ID
231 MSession session = MSession.get (m_ctx, X_AD_Session.SESSIONTYPE_WebStore, true,
232 m_request.getRemoteAddr(),
233 m_request.getRemoteHost(), m_session.getId());
234 if (session != null)
235 m_session.setAttribute("AD_Session_ID", session.getAD_Session_ID());
236 }
237 else
238 {
239 m_forward = getLogin_RelURL ();
240 log.fine("- PasswordMessage=" + m_wu.getPasswordMessage());
241 }
242 // If no session exists or is not loaded, load or create it
243 if (m_session==null)
244 m_session = m_request.getSession (true);
245
246 m_session.setAttribute (WebInfo.NAME, new WebInfo (m_ctx, m_wu));
247 } // Login
248
249 // Login New
250 else if ("LoginNew".equals(m_mode))
251 {
252 log.info("** loginNew");
253 WebUtil.addCookieWebUser(m_request, m_response, "", COOKIE_NAME);
254 m_wu = WebUser.get (m_ctx, "");
255 m_forward = getLogin_RelURL ();
256 }
257
258 // Submit - update/new Contact
259 else if ("Submit".equals(m_mode))
260 {
261 log.info("** submit " + m_email + "/" + m_password + " - AddrConf=" + m_addressConfirm);
262 // we have a record for address update
263 if (m_wu != null && m_wu.isLoggedIn() && m_addressConfirm) // address update
264 ;
265 else // Submit - always re-load user record
266 m_wu = WebUser.get (m_ctx, m_email, null, false); // load w/o password check direct
267 //
268 if (m_wu.getAD_User_ID() != 0) // existing BPC
269 {
270 String passwordNew = WebUtil.getParameter (m_request, "PasswordNew");
271 if (passwordNew == null)
272 passwordNew = "";
273 boolean passwordChange = passwordNew.length() > 0 && !passwordNew.equals(m_password);
274 if (m_addressConfirm || m_wu.login (m_password))
275 {
276 // Create / set session
277 if (m_wu.isLoggedIn())
278 {
279 MSession session = MSession.get (m_ctx, X_AD_Session.SESSIONTYPE_WebStore, true,
280 m_request.getRemoteAddr(),
281 m_request.getRemoteHost(), m_session.getId());
282 if (session != null)
283 m_session.setAttribute("AD_Session_ID", session.getAD_Session_ID());
284 }
285 //
286 if (passwordChange)
287 log.fine("- update Pwd " + m_email + ", Old=" + m_password + ", DB=" + m_wu.getPassword() + ", New=" + passwordNew);
288 if (WebUtil.updateFields(m_request, m_wu, passwordChange))
289 {
290 if (passwordChange)
291 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "Password changed");
292 }
293 else
294 {
295 m_forward = getLogin_RelURL ();
296 log.warning(" - update not done");
297 }
298 }
299 else
300 {
301 m_forward = getLogin_RelURL ();
302 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "Email/Password not correct");
303 log.warning(" - update not confirmed");
304 }
305 }
306 else // new
307 {
308 log.fine("** new " + m_email + "/" + m_password);
309 m_wu.setEmail (m_email);
310 m_wu.setPassword (m_password);
311 if (WebUtil.updateFields (m_request, m_wu, true))
312 {
313 if (m_wu.login(m_password))
314 {
315 m_session.setAttribute (WebInfo.NAME, new WebInfo (m_ctx, m_wu));
316 // Create / set session
317 MSession session = MSession.get (m_ctx, X_AD_Session.SESSIONTYPE_WebStore, true,
318 m_request.getRemoteAddr(),
319 m_request.getRemoteHost(), m_session.getId());
320 if (session != null)
321 m_session.setAttribute("AD_Session_ID", session.getAD_Session_ID());
322 WebUtil.resendCode(m_request, m_wu);
323 }
324 else
325 m_forward = getLogin_RelURL ();
326 }
327 else
328 {
329 log.fine("- failed - " + m_wu.getSaveErrorMessage() + " - " + m_wu.getPasswordMessage());
330 m_forward = getLogin_RelURL ();
331 }
332 } // new
333 if (m_wu!=null)
334 m_session.setAttribute (WebInfo.NAME, new WebInfo (m_ctx, m_wu));
335 } // Submit
336
337 else if("email".equals(m_mode))
338 {
339 String email = WebUtil.getParameter (m_request, "EMail");
340 if (email == null)
341 email = "";
342 email = email.trim();
343
344 String emailNew = WebUtil.getParameter (m_request, "EMailNew");
345 if (emailNew == null)
346 emailNew = "";
347
348 email = email.trim();
349 if(emailNew.length() == 0||emailNew.equals(email))
350 {
351 setMessage("New EMail invalid.");
352 return false;
353 }
354
355 if(!WebUtil.isEmailValid(emailNew))
356 {
357 setMessage("New EMail invalid.");
358 return false;
359 }
360
361 m_wu.setEmail(emailNew);
362 m_wu.save();
363 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "EMail Address Changed");
364 m_session.setAttribute(WebInfo.NAME, new WebInfo(m_ctx, m_wu));
365 }
366
367 else if("password".equals(m_mode))
368 {
369 if (m_wu == null)
370 {
371 log.warning("No web user");
372 return false;
373 }
374
375 String password = WebUtil.getParameter (m_request, "Password");
376 if (password == null)
377 password = ""; // null loads w/o check
378 password = password.trim();
379
380 if(!m_wu.login(password))
381 {
382 setMessage("Email/Password not correct");
383 return false;
384 }
385
386 MSession session = MSession.get (m_ctx, X_AD_Session.SESSIONTYPE_WebStore, true,
387 m_request.getRemoteAddr(), m_request.getRemoteHost(), m_session.getId());
388 if (session != null)
389 m_session.setAttribute("AD_Session_ID", session.getAD_Session_ID());
390
391 String passwordNew = WebUtil.getParameter (m_request, "PasswordNew");
392 if (passwordNew == null)
393 passwordNew = "";
394
395 password = password.trim();
396 if( passwordNew.length() == 0 || passwordNew.equals(password))
397 {
398 setMessage("New Password invalid.");
399 return false;
400 }
401
402 m_wu.setPasswordMessage(null);
403 m_wu.setPassword(passwordNew);
404 if(m_wu.getPasswordMessage() != null)
405 {
406 setMessage("New Password invalid.");
407 return false;
408 }
409 m_wu.save();
410 if (m_forward==null || m_forward.equals(getLogin_RelURL ()))
411 m_forward = "/index.jsp";
412 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "Password Changed");
413 m_session.setAttribute(WebInfo.NAME, new WebInfo(m_ctx, m_wu));
414 }
415
416 else if("address".equals(m_mode))
417 {
418 m_wu.setC_Country_ID(WebUtil.getParamOrNull(m_request, "C_Country_ID"));
419 m_wu.setC_Region_ID(WebUtil.getParamOrNull(m_request, "C_Region_ID"));
420 m_wu.setRegionName(WebUtil.getParamOrNull(m_request, "RegionName"));
421 m_wu.setName(WebUtil.getParamOrNull(m_request, "Name"));
422 m_wu.setCompany(WebUtil.getParamOrNull(m_request, "Company"));
423 m_wu.setTitle(WebUtil.getParamOrNull(m_request, "Title"));
424 m_wu.setAddress(WebUtil.getParamOrNull(m_request, "Address"));
425 m_wu.setAddress2(WebUtil.getParamOrNull(m_request, "Address2"));
426 m_wu.setCity(WebUtil.getParamOrNull(m_request, "City"));
427 m_wu.setPostal(WebUtil.getParamOrNull(m_request, "Postal"));
428 m_wu.setPhone(WebUtil.getParamOrNull(m_request, "Phone"));
429 m_wu.setFax(WebUtil.getParamOrNull(m_request, "Fax"));
430 m_wu.save();
431 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "Contact Information Changed");
432 m_session.setAttribute(WebInfo.NAME, new WebInfo(m_ctx, m_wu));
433 }
434
435 else if ("EMailVerify".equals(m_mode))
436 {
437 if (m_wu == null)
438 {
439 log.warning("No web user");
440 return false;
441 }
442
443 log.info(m_forward + " - " + m_wu.toString());
444
445 String cmd = WebUtil.getParameter(m_request, "ReSend");
446 if (cmd != null && cmd.length() > 1)
447 WebUtil.resendCode(m_request, m_wu);
448 else
449 {
450 boolean success = m_wu.setEMailVerifyCode(
451 WebUtil.getParameter(m_request, "VerifyCode"), m_request.getRemoteAddr());
452 if (success)
453 m_session.setAttribute(WebSessionCtx.HDR_MESSAGE, "EMail verified");
454 }
455 }
456
457 else if ("bankaccountach".equals(m_mode))
458 {
459 if (m_wu == null)
460 {
461 log.warning("No web user");
462 return false;
463 }
464
465 log.info(m_forward + " - " + m_wu.toString());
466
467 MBPBankAccount thisBPBankAccount = m_wu.getBankAccount (true);
468 // As this sets bankaccountach
469 thisBPBankAccount.setIsACH (true);
470 thisBPBankAccount.setA_City (WebUtil.getParamOrNull (m_request, "A_City"));
471 thisBPBankAccount.setA_Name (WebUtil.getParamOrNull (m_request, "A_Name"));
472 thisBPBankAccount.setAccountNo (WebUtil.getParamOrNull (m_request, "AccountNo"));
473 if (WebUtil.getParamOrNull (m_request, "RoutingNo")!=null)
474 {
475 MBank[] thisBank = MBank.getByRoutingNo (m_ctx, WebUtil.getParamOrNull (m_request, "RoutingNo"));
476 if (thisBank!=null && thisBank.length>0) {
477 thisBPBankAccount.setC_Bank_ID (thisBank[0].get_ID ());
478 } else {
479 // Create Bank
480 MBank newBank = new MBank(m_ctx, 0, null);
481 newBank.setName (WebUtil.getParamOrNull (m_request, "A_City"));
482 newBank.setRoutingNo (WebUtil.getParamOrNull (m_request, "RoutingNo"));
483 newBank.save ();
484 thisBPBankAccount.setC_Bank_ID (newBank.get_ID ());
485 }
486 thisBPBankAccount.setRoutingNo (WebUtil.getParamOrNull (m_request, "RoutingNo"));
487 }
488 thisBPBankAccount.save ();
489 }
490 else
491 log.log(Level.WARNING, "Unknown request='" + m_mode + "'");
492
493 return true;
494 } // action
495
496 /**
497 * setMessage to set a Message
498 * @param newVal
499 */
500 public void setMessage(String newVal)
501 {
502 if (newVal!=null)
503 m_message = newVal;
504 }
505
506 /**
507 * getMessage back
508 * @return Message
509 */
510 public String getMessage()
511 {
512 return m_message;
513 }
514
515 /**
516 * setP_ForwardTo to overwrite default "ForwardTo" Parameter
517 * @param newVal new value to look for
518 */
519 public void setP_ForwardTo(String newVal)
520 {
521 if (newVal!=null)
522 P_ForwardTo = newVal;
523 }
524
525 /**
526 * getP_ForwardTo
527 * @return ForwardTo request parameter
528 */
529 public String getP_ForwardTo()
530 {
531 return P_ForwardTo;
532 }
533
534 /**
535 * setP_EMail to overwrite default "EMail" Parameter
536 * @param newVal new value to look for
537 */
538 public void setP_EMail(String newVal)
539 {
540 if (newVal!=null)
541 P_EMail = newVal;
542 }
543
544 /**
545 * getP_EMail
546 * @return EMail request parameter
547 */
548 public String getP_EMail()
549 {
550 return P_EMail;
551 }
552
553 /**
554 * setP_Password to overwrite default "Password" Parameter
555 * @param newVal new value to look for
556 */
557 public void setP_Password(String newVal)
558 {
559 if (newVal!=null)
560 P_Password = newVal;
561 }
562
563 /**
564 * getP_Password
565 * @return Password request parameter
566 */
567 public String getP_Password()
568 {
569 return P_Password;
570 }
571
572 /**
573 * setP_SalesRep_ID to overwrite default "SalesRep_ID" Parameter
574 * @param newVal new value to look for
575 */
576 public void setP_SalesRep_ID(String newVal)
577 {
578 if (newVal!=null)
579 P_SalesRep_ID = newVal;
580 }
581
582 /**
583 * getP_SalesRep_ID
584 * @return SalesRep_ID request parameter
585 */
586 public String getP_SalesRep_ID()
587 {
588 return P_SalesRep_ID;
589 }
590
591 /**
592 * setP_Action to overwrite default "Action/Mode" Parameter
593 * @param newVal new value to look for
594 */
595 public void setP_Action(String newVal)
596 {
597 if (newVal!=null)
598 P_Action = newVal;
599 }
600
601 /**
602 * getP_SalesRep_ID
603 * @return SalesRep_ID request parameter
604 */
605 public String getP_Action()
606 {
607 return P_Action;
608 }
609
610 /**
611 * setLogin_RelURL to overwrite default Login Relative URL
612 * @param newVal new relative URL inside Domain to goto
613 */
614 public void setLogin_RelURL(String newVal)
615 {
616 if (newVal!=null)
617 m_login_page = newVal;
618 }
619
620 /**
621 * getLogin_RelURL
622 * @return Login_RelURL request parameter
623 */
624 public String getLogin_RelURL()
625 {
626 return m_login_page;
627 }
628
629 /**
630 * setLogin_RelURL to overwrite default Login Relative URL
631 * @param newVal new relative URL inside Domain to goto
632 */
633 public void setUpdate_page(String newVal)
634 {
635 if (newVal!=null)
636 m_update_page = newVal;
637 }
638
639 /**
640 * getLogin_RelURL
641 * @return Login_RelURL request parameter
642 */
643 public String getUpdate_page()
644 {
645 return m_update_page;
646 }
647
648 /**
649 * setForward updates Forward URL
650 * @param newVal
651 */
652 public void setForward(String newVal)
653 {
654 if (newVal!=null)
655 m_forward = newVal;
656 }
657
658 /**
659 * getForward
660 * @return URL to forward request on to
661 */
662 public String getForward()
663 {
664 return m_forward;
665 }
666
667 /**
668 * getSalesRep_ID
669 * @return SalesRep_ID of the SalesRep_ID in the Request
670 */
671 public String getSalesRep_ID()
672 {
673 return m_salesRep;
674 }
675
676 /**
677 * setAddressConfirm
678 * @param newVal new addressConfirm
679 */
680 public void setAddressConfirm(boolean newVal)
681 {
682 m_addressConfirm = newVal;
683 }
684
685 /**
686 * getAdressConfirm
687 * @return boolean addressConfirm
688 */
689 public boolean getAddressConfirm()
690 {
691 return m_addressConfirm;
692 }
693
694 public WebUser getWebUser()
695 {
696 return m_wu;
697 }
698
699 /**
700 * Set Mode
701 * @param t_mode mode
702 */
703 public void setMode(String t_mode)
704 {
705 m_mode = t_mode;
706 }
707
708 public String getMode()
709 {
710 return m_mode;
711 }
712} // WebLogin