98 lines
4.2 KiB
JavaScript
98 lines
4.2 KiB
JavaScript
// The contents of this file are subject to the Mozilla Public License Version 1.1
|
|
// (the "License"); you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
|
|
//
|
|
// Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
|
|
// WARRANTY OF ANY KIND, either express or implied. See the License for the specific
|
|
// language governing rights and limitations under the License.
|
|
//
|
|
// The Original Code is the Venice Web Communities System.
|
|
//
|
|
// The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
|
|
// for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
|
|
// Copyright (C) 2002 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
|
|
//
|
|
// Contributor(s):
|
|
|
|
importClass(Packages.com.silverwrist.dynamo.UserInfoNamespace);
|
|
importPackage(Packages.com.silverwrist.dynamo.iface);
|
|
importPackage(Packages.com.silverwrist.dynamo.util);
|
|
importPackage(Packages.com.silverwrist.dynamo.xmlrpc);
|
|
importClass(Packages.com.silverwrist.venice.VeniceNamespaces);
|
|
importPackage(Packages.com.silverwrist.venice.session);
|
|
importPackage(Packages.com.silverwrist.venice.xmlrpc);
|
|
|
|
req = bsf.lookupBean("request"); // get request
|
|
req_help = bsf.lookupBean("request_help"); // get request helper
|
|
session = req_help.getSession(); // get session
|
|
method = req.queryString + ""; // get method name
|
|
|
|
if (method=="venice:session.destroy")
|
|
{ // destroy - takes one parameter, the session ID
|
|
if (req.getParameters().size()!=1)
|
|
dynamo.scriptReturn(new XmlRpcParameterError("parameter count mismatch");
|
|
session.invalidate(); // invalidate the session
|
|
dynamo.scriptReturn(Boolean.TRUE);
|
|
|
|
} // end if
|
|
|
|
if (method=="venice:session.login")
|
|
{ // login - parameters are session ID, user name, and password
|
|
if (req.getParameters().size()!=3)
|
|
dynamo.scriptReturn(new XmlRpcParameterError("parameter count mismatch");
|
|
username = req_help.getParameterString("1");
|
|
password = req_help.getParameterString("2");
|
|
|
|
// Check to make sure the user isn't already logged in.
|
|
old_user = vlib.getUser(session);
|
|
if (!(old_user.isAnonymous()))
|
|
dynamo.scriptReturn(new FaultCode(VeniceFaultCodes.IS_LOGGEDIN,"session already logged in"));
|
|
|
|
// Perform the login.
|
|
new_user = vlib.lookupUser(req,username);
|
|
if (new_user!=null)
|
|
{ // the user is present - we can do this
|
|
if (new_user.isAnonymous())
|
|
{ // anonymous user account - can't log in
|
|
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Anonymous user");
|
|
dynamo.scriptReturn(new FaultCode(VeniceFaultCodes.USER_NOLOGIN,"account cannot be logged into"));
|
|
|
|
} // end if
|
|
|
|
if (new_user.isLocked())
|
|
{ // account is locked - we can't log in
|
|
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Locked Account");
|
|
dynamo.scriptReturn(new FaultCode(VeniceFaultCodes.USER_LOCKED,"account locked: " + username));
|
|
|
|
} // end if
|
|
|
|
if (new_user.authenticate(UserInfoNamespace.NAMESPACE,UserInfoNamespace.AUTH_DEFAULT,"",password))
|
|
{ // authentication successful - set this user into the session and return
|
|
logger.debug("User \"" + new_user.name + "\" logged in successfully");
|
|
session.setObject(SessionInfoParams.NAMESPACE,SessionInfoParams.ATTR_USER,new_user);
|
|
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.ok");
|
|
new_user.setLastAccessDate(new_user,new java.util.Date());
|
|
dynamo.exec("/util/setup_user.js");
|
|
dynamo.scriptReturn(Boolean.TRUE);
|
|
|
|
} // end if
|
|
else
|
|
{ // authentication failed
|
|
audit.write(req,new_user,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Bad password");
|
|
dynamo.scriptReturn(new FaultCode(VeniceFaultCodes.USER_NOAUTH,"authentication failed: " + username));
|
|
|
|
} // end else
|
|
|
|
} // end if
|
|
else
|
|
{ // the user is not found
|
|
audit.write(req,null,VeniceNamespaces.USER_EVENT_NAMESPACE,"login.fail","Bad username",username);
|
|
dynamo.scriptReturn(new FaultCode(VeniceFaultCodes.USER_NOTFOUND,"no such user: " + username));
|
|
|
|
} // end else
|
|
|
|
} // end if
|
|
|
|
// if get here, we don't grok the method name - return failure
|
|
dynamo.scriptOutput(new XmlRpcMethodNotFound(method));
|