@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(password)) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(encode(password))) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
byte[] salt = new String(s_defaultSalt).getBytes(); if (realUser) { String storedPassword[] = user.getPassword().split(":"); if (storedPassword.length != 2) { s_logger.warn("The stored password for " + username + " isn't in the right format for this authenticator");
try { if (isValidUser) { String[] storedPassword = user.getPassword().split(":"); if ((storedPassword.length != 3) || (!StringUtils.isNumeric(storedPassword[2]))) { s_logger.warn("The stored password for " + username + " isn't in the right format for this authenticator"); result = ConstantTimeComparator.compareStrings(user.getPassword(), encode(password, salt, rounds));
private String getSignInURL(UserAccount accountValues){ List<NameValuePair> params = new LinkedList<NameValuePair>(); params.add(new BasicNameValuePair("client_id", accountValues.getClient_id() )); params.add(new BasicNameValuePair("client_secret",accountValues.getClient_secret() )); params.add(new BasicNameValuePair("grant_type", "password")); params.add(new BasicNameValuePair("username", accountValues.getEmail() )); params.add(new BasicNameValuePair("password", accountValues.getPassword() )); String paramString = URLEncodedUtils.format(params, "utf-8"); return this.baseUrl+"?"+paramString; }
@ApiMethod(name = "loginUser", path="login") public LoginResponse login(LoginRequest req, HttpServletRequest context) { //TODO user search para buscar los usuarios? UserAccount user = ofy().load().type(UserAccount.class).filter("username", req.getUsername()).first() .now(); if(user == null){ // return error } if(user.getPassword().equals(EncryptionUtils.encrypt(req.getPassword()))){ //do whatever session handling you like } }