mirror
/
DMDirc-Plugins
kopia lustrzana https://github.com/DMDirc/Plugins.git
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Wydania 7 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1196 Commity
3 Gałęzie
Drzewo: 8381857bdc
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '8381857bdc'
${ noResults }
DMDirc-Plugins/src/com/dmdirc/addons/ui_web/WebUserRealm.java

WebUserRealm.java 4.9KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. /*

  2.  * Copyright (c) 2006-2014 DMDirc Developers

  3.  *

  4.  * Permission is hereby granted, free of charge, to any person obtaining a copy

  5.  * of this software and associated documentation files (the "Software"), to deal

  6.  * in the Software without restriction, including without limitation the rights

  7.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

  8.  * copies of the Software, and to permit persons to whom the Software is

  9.  * furnished to do so, subject to the following conditions:

  10.  *

  11.  * The above copyright notice and this permission notice shall be included in

  12.  * all copies or substantial portions of the Software.

  13.  *

  14.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

  15.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

  16.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

  17.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

  18.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

  19.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE

  20.  * SOFTWARE.

  21.  */

  22. 

  23. package com.dmdirc.addons.ui_web;

  24. 

  25. import com.dmdirc.interfaces.config.IdentityController;

  26. 

  27. import java.math.BigInteger;

  28. import java.security.MessageDigest;

  29. import java.security.NoSuchAlgorithmException;

  30. import java.security.Principal;

  31. import java.util.ArrayList;

  32. import java.util.HashMap;

  33. import java.util.List;

  34. import java.util.Map;

  35. 

  36. import org.mortbay.jetty.Request;

  37. import org.mortbay.jetty.security.UserRealm;

  38. 

  39. /**

  40.  * Describes the users allowed to access the web UI.

  41.  */

  42. public class WebUserRealm implements UserRealm {

  43. 

  44.     /** A map of known principals. */

  45.     private final Map<String, Principal> principals = new HashMap<>();

  46.     /** The config source to retrieve user information from. */

  47.     private final IdentityController identityController;

  48.     /** The domain to use when retrieving configuration. */

  49.     private final String domain;

  50. 

  51.     public WebUserRealm(final IdentityController identityController, final String domain) {

  52.         this.identityController = identityController;

  53.         this.domain = domain;

  54.     }

  55. 

  56.     /** {@inheritDoc} */

  57.     @Override

  58.     public String getName() {

  59.         if (identityController.getGlobalConfiguration().hasOptionString(domain, "users")) {

  60.             return "DMDirc web UI";

  61.         } else {

  62.             return "DMDirc web UI first run -- "

  63.                     + "enter the username and password you wish to use in "

  64.                     + "the future";

  65.         }

  66.     }

  67. 

  68.     /** {@inheritDoc} */

  69.     @Override

  70.     public Principal getPrincipal(final String username) {

  71.         return principals.get(username);

  72.     }

  73. 

  74.     /** {@inheritDoc} */

  75.     @Override

  76.     public Principal authenticate(final String username,

  77.             final Object credentials, final Request request) {

  78.         if (!identityController.getGlobalConfiguration().hasOptionString(domain, "users")) {

  79.             final List<String> users = new ArrayList<>();

  80.             users.add(username + ":" + getHash(username, credentials));

  81.             identityController.getUserSettings().setOption(domain, "users", users);

  82.         }

  83. 

  84.         for (String userinfo : identityController.getGlobalConfiguration().getOptionList(domain,

  85.                 "users")) {

  86.             if (userinfo.startsWith(username + ":")) {

  87.                 final String pass = userinfo.substring(username.length() + 1);

  88. 

  89.                 if (pass.equals(getHash(username, credentials))) {

  90.                     principals.put(username, new WebPrincipal(username));

  91.                     return getPrincipal(username);

  92.                 }

  93.             }

  94.         }

  95. 

  96.         return null;

  97.     }

  98. 

  99.     /** {@inheritDoc} */

  100.     @Override

  101.     public boolean reauthenticate(final Principal user) {

  102.         return principals.containsValue(user);

  103.     }

  104. 

  105.     /** {@inheritDoc} */

  106.     @Override

  107.     public boolean isUserInRole(final Principal user, final String role) {

  108.         return true;

  109.     }

  110. 

  111.     /** {@inheritDoc} */

  112.     @Override

  113.     public void disassociate(final Principal user) {

  114.         // Do nothing

  115.     }

  116. 

  117.     /** {@inheritDoc} */

  118.     @Override

  119.     public Principal pushRole(final Principal user, final String role) {

  120.         // Do nothing

  121.         return user;

  122.     }

  123. 

  124.     /** {@inheritDoc} */

  125.     @Override

  126.     public Principal popRole(final Principal user) {

  127.         // Do nothing

  128.         return user;

  129.     }

  130. 

  131.     /** {@inheritDoc} */

  132.     @Override

  133.     public void logout(final Principal user) {

  134.         principals.remove(user.getName());

  135.     }

  136. 

  137.     private String getHash(final String username, final Object credentials) {

  138.         final String target = username + "--" + (String) credentials;

  139. 

  140.         try {

  141.             final MessageDigest md = MessageDigest.getInstance("SHA-512");

  142. 

  143.             return new BigInteger(md.digest(target.getBytes())).toString(16);

  144.         } catch (NoSuchAlgorithmException ex) {

  145.             // Don't hash

  146.             return target;

  147.         }

  148.     }

  149. 

  150. }