1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package com.xpn.xwiki.user.impl.xwiki; |
21 |
|
|
22 |
|
import java.io.IOException; |
23 |
|
import java.security.Principal; |
24 |
|
|
25 |
|
import javax.servlet.http.HttpServletRequest; |
26 |
|
import javax.servlet.http.HttpServletResponse; |
27 |
|
|
28 |
|
import org.apache.commons.codec.binary.Base64; |
29 |
|
import org.apache.commons.lang3.StringUtils; |
30 |
|
import org.securityfilter.authenticator.BasicAuthenticator; |
31 |
|
import org.securityfilter.filter.SecurityFilter; |
32 |
|
import org.securityfilter.filter.SecurityRequestWrapper; |
33 |
|
import org.securityfilter.realm.SimplePrincipal; |
34 |
|
|
35 |
|
import com.xpn.xwiki.XWikiContext; |
36 |
|
import com.xpn.xwiki.XWikiException; |
37 |
|
|
|
|
| 42.7% |
Uncovered Elements: 55 (96) |
Complexity: 25 |
Complexity Density: 0.42 |
|
38 |
|
public class MyBasicAuthenticator extends BasicAuthenticator implements XWikiAuthenticator |
39 |
|
{ |
|
|
| 0% |
Uncovered Elements: 1 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
40 |
0 |
@Override... |
41 |
|
public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response) throws Exception |
42 |
|
{ |
43 |
0 |
return processLogin(request, response, null); |
44 |
|
} |
45 |
|
|
|
|
| 0% |
Uncovered Elements: 7 (7) |
Complexity: 2 |
Complexity Density: 0.4 |
|
46 |
0 |
@Override... |
47 |
|
public boolean processLogin(SecurityRequestWrapper request, HttpServletResponse response, XWikiContext context) |
48 |
|
throws Exception |
49 |
|
{ |
50 |
0 |
Principal principal = checkLogin(request, response, context); |
51 |
|
|
52 |
0 |
if (principal == null) { |
53 |
|
|
54 |
|
|
55 |
0 |
showLogin(request.getCurrentRequest(), response); |
56 |
0 |
return true; |
57 |
|
} |
58 |
|
|
59 |
0 |
return false; |
60 |
|
} |
61 |
|
|
|
|
| 0% |
Uncovered Elements: 13 (13) |
Complexity: 3 |
Complexity Density: 0.33 |
|
62 |
0 |
@Override... |
63 |
|
public boolean processLogin(String username, String password, String rememberme, SecurityRequestWrapper request, |
64 |
|
HttpServletResponse response, XWikiContext context) throws Exception |
65 |
|
{ |
66 |
0 |
Principal principal = authenticate(username, password, context); |
67 |
0 |
if (principal != null) { |
68 |
|
|
69 |
0 |
request.getSession().removeAttribute(LOGIN_ATTEMPTS); |
70 |
|
|
71 |
|
|
72 |
0 |
if (!StringUtils.contains(principal.getName(), ':')) { |
73 |
0 |
principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName()); |
74 |
|
} |
75 |
|
|
76 |
0 |
request.setUserPrincipal(principal); |
77 |
0 |
return false; |
78 |
|
} else { |
79 |
|
|
80 |
|
|
81 |
0 |
showLogin(request.getCurrentRequest(), response); |
82 |
0 |
return true; |
83 |
|
} |
84 |
|
} |
85 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
86 |
6306 |
private static String convertUsername(String username, XWikiContext context)... |
87 |
|
{ |
88 |
6306 |
return context.getWiki().convertUsername(username, context); |
89 |
|
} |
90 |
|
|
|
|
| 89.5% |
Uncovered Elements: 2 (19) |
Complexity: 4 |
Complexity Density: 0.31 |
|
91 |
13038 |
public static Principal checkLogin(SecurityRequestWrapper request, HttpServletResponse response,... |
92 |
|
XWikiContext context) throws Exception |
93 |
|
{ |
94 |
|
|
95 |
13038 |
String authorizationHeader = request.getHeader("Authorization"); |
96 |
13022 |
if (authorizationHeader != null) { |
97 |
6306 |
String decoded = decodeBasicAuthorizationString(authorizationHeader); |
98 |
6306 |
String username = convertUsername(parseUsername(decoded), context); |
99 |
6306 |
String password = parsePassword(decoded); |
100 |
|
|
101 |
6306 |
Principal principal = authenticate(username, password, context); |
102 |
|
|
103 |
6306 |
if (principal != null) { |
104 |
|
|
105 |
6306 |
request.getSession().removeAttribute(LOGIN_ATTEMPTS); |
106 |
|
|
107 |
|
|
108 |
6306 |
if (!StringUtils.contains(principal.getName(), ':')) { |
109 |
6306 |
principal = new SimplePrincipal(context.getWikiId() + ":" + principal.getName()); |
110 |
|
} |
111 |
|
|
112 |
6306 |
request.setUserPrincipal(principal); |
113 |
|
|
114 |
6306 |
return principal; |
115 |
|
} |
116 |
|
} |
117 |
|
|
118 |
6719 |
return null; |
119 |
|
} |
120 |
|
|
121 |
|
|
122 |
|
|
123 |
|
|
124 |
|
@param |
125 |
|
@return |
126 |
|
|
|
|
| 60% |
Uncovered Elements: 4 (10) |
Complexity: 3 |
Complexity Density: 0.5 |
|
127 |
6306 |
public static String parseUsername(String decoded)... |
128 |
|
{ |
129 |
6306 |
if (decoded == null) { |
130 |
0 |
return null; |
131 |
|
} else { |
132 |
6306 |
int colon = decoded.indexOf(':'); |
133 |
6306 |
if (colon < 0) { |
134 |
0 |
return null; |
135 |
|
} else { |
136 |
6306 |
return decoded.substring(0, colon).trim(); |
137 |
|
} |
138 |
|
} |
139 |
|
} |
140 |
|
|
141 |
|
|
142 |
|
|
143 |
|
|
144 |
|
@param |
145 |
|
@return |
146 |
|
|
|
|
| 60% |
Uncovered Elements: 4 (10) |
Complexity: 3 |
Complexity Density: 0.5 |
|
147 |
6306 |
public static String parsePassword(String decoded)... |
148 |
|
{ |
149 |
6306 |
if (decoded == null) { |
150 |
0 |
return null; |
151 |
|
} else { |
152 |
6306 |
int colon = decoded.indexOf(':'); |
153 |
6306 |
if (colon < 0) { |
154 |
0 |
return (null); |
155 |
|
} else { |
156 |
6306 |
return decoded.substring(colon + 1).trim(); |
157 |
|
} |
158 |
|
} |
159 |
|
} |
160 |
|
|
161 |
|
|
162 |
|
|
163 |
|
|
164 |
|
@param |
165 |
|
@return |
166 |
|
|
|
|
| 66.7% |
Uncovered Elements: 2 (6) |
Complexity: 3 |
Complexity Density: 0.75 |
|
167 |
6306 |
public static String decodeBasicAuthorizationString(String authorization)... |
168 |
|
{ |
169 |
6306 |
if (authorization == null || !authorization.toLowerCase().startsWith("basic ")) { |
170 |
0 |
return null; |
171 |
|
} else { |
172 |
6306 |
authorization = authorization.substring(6).trim(); |
173 |
|
|
174 |
6306 |
return new String(Base64.decodeBase64(authorization.getBytes())); |
175 |
|
} |
176 |
|
} |
177 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
178 |
6306 |
public static Principal authenticate(String username, String password, XWikiContext context) throws XWikiException... |
179 |
|
{ |
180 |
6306 |
return context.getWiki().getAuthService().authenticate(username, password, context); |
181 |
|
} |
182 |
|
|
|
|
| 0% |
Uncovered Elements: 16 (16) |
Complexity: 3 |
Complexity Density: 0.25 |
|
183 |
0 |
public static void showLogin(HttpServletRequest request, HttpServletResponse response, String realmName)... |
184 |
|
throws IOException |
185 |
|
{ |
186 |
|
|
187 |
0 |
SecurityFilter.saveRequestInformation(request); |
188 |
|
|
189 |
|
|
190 |
0 |
int loginAttempts; |
191 |
0 |
if (request.getSession().getAttribute(LOGIN_ATTEMPTS) != null) { |
192 |
0 |
loginAttempts = ((Integer) request.getSession().getAttribute(LOGIN_ATTEMPTS)).intValue(); |
193 |
0 |
loginAttempts += 1; |
194 |
|
} else { |
195 |
0 |
loginAttempts = 1; |
196 |
|
} |
197 |
0 |
request.getSession().setAttribute(LOGIN_ATTEMPTS, loginAttempts); |
198 |
|
|
199 |
0 |
if (loginAttempts <= MAX_ATTEMPTS) { |
200 |
0 |
response.setHeader("WWW-Authenticate", "BASIC realm=\"" + realmName + "\""); |
201 |
0 |
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); |
202 |
|
} else { |
203 |
0 |
request.getSession().removeAttribute(LOGIN_ATTEMPTS); |
204 |
0 |
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, LOGIN_FAILED_MESSAGE); |
205 |
|
} |
206 |
|
} |
207 |
|
|
|
|
| 0% |
Uncovered Elements: 1 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
208 |
0 |
@Override... |
209 |
|
public void showLogin(HttpServletRequest request, HttpServletResponse response, XWikiContext context) |
210 |
|
throws IOException |
211 |
|
{ |
212 |
0 |
showLogin(request, response, this.realmName); |
213 |
|
} |
214 |
|
} |