MOA-ID Configuration Tool Beta

1 files changed, 139 insertions, 2 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4e8e44007..6aeebcf7b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,32 +1,169 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.Date;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import com.opensymphony.xwork2.ActionSupport;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
-public class IndexAction implements ServletRequestAware,
+public class IndexAction extends ActionSupport implements ServletRequestAware,
 	ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(IndexAction.class);
+	
 	private HttpServletRequest request;
 	private HttpServletResponse response;
 	
+	private String password;
+	private String username;
+	
 	public String start() {
 				
 		return Constants.STRUTS_SUCCESS;
 	}
 	
+	public String authenticate() {
+		
+		String key = null;
+		
+		if (MiscUtil.isNotEmpty(username)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+				log.warn("Username contains potentail XSS characters: " + username);
+				addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				return Constants.STRUTS_ERROR;
+			}
+		} else {
+			log.warn("Username is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+			return Constants.STRUTS_ERROR;
+		}
+		
+		if (MiscUtil.isEmpty(password)) {
+			log.warn("Password is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			key = AuthenticationHelper.generateKeyFormPassword(password);
+			if (key == null) {
+				addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+				return Constants.STRUTS_ERROR;
+			}
+		}
+		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username);
+		if (dbuser == null) {
+			log.warn("Unknown Username");
+			addActionError(LanguageHelper.getErrorString("webpages.index.username.unkown"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			if (!dbuser.isIsActive()) {
+				log.warn("Username " + dbuser.getUsername() + " is not active");
+				addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			if (!dbuser.getPassword().equals(key)) {
+				log.warn("Username " + dbuser.getUsername() + " use a false password");
+				addActionError(LanguageHelper.getErrorString("webpages.index.password.false"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			AuthenticatedUser authuser = new AuthenticatedUser(
+					dbuser.getHjid(), 
+					dbuser.getGivenname(), 
+					dbuser.getFamilyname(), 
+					dbuser.getUsername(), 
+					true, 
+					dbuser.isIsAdmin());
+			
+			authuser.setLastLogin(dbuser.getLastLoginItem());
+			
+			dbuser.setLastLoginItem(new Date());
+			
+			try {
+				ConfigurationDBUtils.saveOrUpdate(dbuser);
+				
+			} catch (MOADatabaseException e) {
+				log.warn("UserDatabase communicaton error", e);
+				addActionError(LanguageHelper.getErrorString("error.login"));
+				return Constants.STRUTS_ERROR;
+			}
+			finally {
+				ConfigurationDBUtils.closeSession();
+			}
+			request.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
+			return Constants.STRUTS_SUCCESS;	
+		}
+	}
+	
+	public String logout() {
+		
+		HttpSession session = request.getSession();
+		
+		if (session != null)
+			session.invalidate();
+		
+		return Constants.STRUTS_SUCCESS;
+	}
 	
 	public void setServletResponse(HttpServletResponse arg0) {
 		this.response = arg0;
 	}
 	public void setServletRequest(HttpServletRequest arg0) {
 		this.request =  arg0;
-	}	
+	}
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	
+	
 
 }