1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.user.impl.xwiki

File AbstractXWikiAuthService.java

 

Coverage histogram

../../../../../../img/srcFileCovDistChart8.png
56% of files have more coverage

Code metrics

6
13
2
1
103
44
6
0.46
6.5
2
3

Classes

Class Line # Actions
AbstractXWikiAuthService 41 13 0% 6 4
0.809523881%
 

Contributing tests

This file is covered by 6 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.user.impl.xwiki;
21   
22    import java.security.Principal;
23   
24    import org.apache.commons.lang3.StringUtils;
25    import org.securityfilter.realm.SimplePrincipal;
26    import org.slf4j.Logger;
27    import org.slf4j.LoggerFactory;
28    import org.xwiki.model.reference.DocumentReference;
29    import org.xwiki.model.reference.DocumentReferenceResolver;
30   
31    import com.xpn.xwiki.XWikiContext;
32    import com.xpn.xwiki.user.api.XWikiAuthService;
33    import com.xpn.xwiki.user.api.XWikiRightService;
34    import com.xpn.xwiki.web.Utils;
35   
36    /**
37    * Common methods useful to all Authentication services implementations.
38    *
39    * @version $Id: 336c0f8e256582abc02e3c2cc4b92c1d926df2bf $
40    */
 
41    public abstract class AbstractXWikiAuthService implements XWikiAuthService
42    {
43    /**
44    * Logging tool.
45    */
46    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractXWikiAuthService.class);
47   
48    /**
49    * The XWiki config property for storing the superadmin password.
50    */
51    private static final String SUPERADMIN_PASSWORD_CONFIG = "xwiki.superadminpassword";
52   
53    /**
54    * @param username the username to check for superadmin access. Examples: "xwiki:XWiki.superadmin",
55    * "XWiki.superAdmin", "superadmin", etc
56    * @return true if the username is that of the superadmin (whatever the case) or false otherwise
57    */
 
58  11342 toggle protected boolean isSuperAdmin(String username)
59    {
60    // FIXME: this method should probably use a XWikiRightService#isSuperadmin(String) method, see
61    // XWikiRightServiceImpl#isSuperadmin(String)
62   
63    // Note 1: we use the default document reference resolver here but it doesn't matter since we only care about
64    // the resolved page name.
65    // Note 2: we use a resolver since the passed username could contain the wiki and/or space too and we want
66    // to retrieve only the page name
67  11342 DocumentReference documentReference =
68    Utils.<DocumentReferenceResolver<String>>getComponent(DocumentReferenceResolver.TYPE_STRING).resolve(
69    username);
70  11342 return StringUtils.equalsIgnoreCase(documentReference.getName(), XWikiRightService.SUPERADMIN_USER);
71    }
72   
73    /**
74    * @param password the superadmin password to check against the superadmin password located in XWiki's config file
75    * @param context the XWiki context object, allowing access to XWiki's config
76    * @return a null Principal is the user hasn't been validated as Superadmin or a Super Admin Principal otherwise
77    */
 
78  3563 toggle protected Principal authenticateSuperAdmin(String password, XWikiContext context)
79    {
80  3563 if (LOGGER.isTraceEnabled()) {
81  0 LOGGER.trace("Authenticate superadmin");
82    }
83   
84  3563 Principal principal;
85   
86    // Security check: only decide that the passed user is the super admin if the
87    // super admin password is configured in XWiki's configuration.
88  3563 String superadminpassword = context.getWiki().Param(SUPERADMIN_PASSWORD_CONFIG);
89  3563 if ((superadminpassword != null) && (superadminpassword.equals(password))) {
90  3560 if (context.isMainWiki()) {
91  3560 principal = new SimplePrincipal(XWikiRightService.SUPERADMIN_USER_FULLNAME);
92    } else {
93  0 principal =
94    new SimplePrincipal(context.getMainXWiki() + ":" + XWikiRightService.SUPERADMIN_USER_FULLNAME);
95    }
96    } else {
97  3 principal = null;
98  3 context.put("message", "invalidcredentials");
99    }
100   
101  3563 return principal;
102    }
103    }