Merge with 69f810c84e882a49d6470bfa8a2c07309eda4231

This commit is contained in:
Heng Sin Low 2012-08-17 10:48:52 +08:00
commit 3c3b264887
4 changed files with 186 additions and 177 deletions

View File

@ -36,6 +36,7 @@ import org.compiere.util.CCache;
import org.compiere.util.CLogger; import org.compiere.util.CLogger;
import org.compiere.util.DB; import org.compiere.util.DB;
import org.compiere.util.Env; import org.compiere.util.Env;
import org.compiere.util.KeyNamePair;
import org.compiere.util.Msg; import org.compiere.util.Msg;
import org.compiere.util.Secure; import org.compiere.util.Secure;
import org.compiere.util.SecureEngine; import org.compiere.util.SecureEngine;
@ -173,80 +174,62 @@ public class MUser extends X_AD_User
return null; return null;
} }
boolean hash_password = MSysConfig.getBooleanValue(MSysConfig.USER_PASSWORD_HASH, false); boolean hash_password = MSysConfig.getBooleanValue(MSysConfig.USER_PASSWORD_HASH, false);
boolean email_login = MSysConfig.getBooleanValue(MSysConfig.USE_EMAIL_FOR_LOGIN, false);
ArrayList<KeyNamePair> clientList = new ArrayList<KeyNamePair>();
ArrayList<Integer> clientsValidated = new ArrayList<Integer>();
MUser retValue = null; MUser retValue = null;
if (!hash_password)
{
int AD_Client_ID = Env.getAD_Client_ID(ctx);
StringBuffer where = new StringBuffer("Password IS NOT NULL AND ");
if (email_login)
where.append("EMail=?");
else
where.append("COALESCE(LDAPUser,Name)=?");
where.append(" AND")
.append(" EXISTS (SELECT * FROM AD_User_Roles ur")
.append(" INNER JOIN AD_Role r ON (ur.AD_Role_ID=r.AD_Role_ID)")
.append(" WHERE ur.AD_User_ID=AD_User.AD_User_ID AND ur.IsActive='Y' AND r.IsActive='Y') AND ")
.append(" EXISTS (SELECT * FROM AD_Client c")
.append(" WHERE c.AD_Client_ID=AD_User.AD_Client_ID")
.append(" AND c.IsActive='Y') AND ")
.append(" AD_User.IsActive='Y'");
String sql = "SELECT * FROM AD_User " List<MUser> users = new Query(ctx, MUser.Table_Name, where.toString(), null)
+ "WHERE COALESCE(LDAPUser, Name)=? " // #1 .setParameters(name)
+ " AND ((Password=? AND (SELECT IsEncrypted FROM AD_Column WHERE AD_Column_ID=417)='N') " // #2 .setOrderBy(MUser.COLUMNNAME_AD_User_ID)
+ "OR (Password=? AND (SELECT IsEncrypted FROM AD_Column WHERE AD_Column_ID=417)='Y'))" // #3 .list();
+ " AND IsActive='Y' AND AD_Client_ID=?" // #4
;
PreparedStatement pstmt = null;
ResultSet rs = null;
try
{
pstmt = DB.prepareStatement (sql, null);
pstmt.setString (1, name);
pstmt.setString (2, password);
pstmt.setString (3, SecureEngine.encrypt(password));
pstmt.setInt(4, AD_Client_ID);
rs = pstmt.executeQuery ();
if (rs.next ())
{
retValue = new MUser (ctx, rs, null);
if (rs.next())
s_log.warning ("More then one user with Name/Password = " + name);
}
else
s_log.fine("No record");
}
catch (Exception e)
{
s_log.log(Level.SEVERE, sql, e);
}
finally
{
DB.close(rs, pstmt);
rs = null; pstmt = null;
}
} else {
String where = " COALESCE(LDAPUser,Name) = ? AND" +
" EXISTS (SELECT * FROM AD_User_Roles ur" +
" INNER JOIN AD_Role r ON (ur.AD_Role_ID=r.AD_Role_ID)" +
" WHERE ur.AD_User_ID=AD_User.AD_User_ID AND ur.IsActive='Y' AND r.IsActive='Y') AND " +
" EXISTS (SELECT * FROM AD_Client c" +
" WHERE c.AD_Client_ID=AD_User.AD_Client_ID" +
" AND c.IsActive='Y') AND " +
" AD_User.IsActive='Y'";
MUser user = MTable.get(ctx, MUser.Table_ID).createQuery( where, null).setParameters(name).firstOnly(); // throws error if username collision occurs if (users.size() == 0) {
s_log.saveError("UserPwdError", name, false);
return null;
}
String hash = null; for (MUser user : users) {
String salt = null; if (clientsValidated.contains(user.getAD_Client_ID())) {
s_log.severe("Two users with password with the same name/email combination on same tenant: " + name);
if (user != null ) return null;
{
hash = user.getPassword();
salt = user.getSalt();
} }
// always do calculation to confuse timing based attacks clientsValidated.add(user.getAD_Client_ID());
if ( user == null ) boolean valid = false;
user = MUser.get(ctx, 0); if (hash_password) {
if ( hash == null ) String hash = user.getPassword();
hash = "0000000000000000"; String salt = user.getSalt();
if ( salt == null ) // always do calculation to confuse timing based attacks
salt = "0000000000000000"; if ( hash == null )
hash = "0000000000000000";
if ( salt == null )
salt = "0000000000000000";
valid = user.authenticateHash(password);
} else {
// password not hashed
valid = user.getPassword().equals(password);
}
if ( user.authenticateHash(password) ) if (valid){
{
retValue=user; retValue=user;
} }
} }
return retValue; return retValue;
} // get } // get

View File

@ -275,22 +275,22 @@ public final class ALogin extends CDialog
// DefaultTab // DefaultTab
defaultPanel.setLayout(defaultPanelLayout); defaultPanel.setLayout(defaultPanelLayout);
// //
clientLabel.setText("Client");
clientLabel.setHorizontalAlignment(SwingConstants.RIGHT);
clientLabel.setLabelFor(clientCombo);
clientCombo.addActionListener(this);
defaultPanel.add(clientLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0
,GridBagConstraints.EAST, GridBagConstraints.NONE, new Insets(12, 12, 5, 5), 0, 0));
defaultPanel.add(clientCombo, new GridBagConstraints(1, 0, 1, 1, 1.0, 0.0
,GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL, new Insets(12, 0, 5, 12), 0, 0));
roleLabel.setText("Role"); roleLabel.setText("Role");
roleLabel.setHorizontalAlignment(SwingConstants.RIGHT); roleLabel.setHorizontalAlignment(SwingConstants.RIGHT);
roleLabel.setLabelFor(roleCombo); roleLabel.setLabelFor(roleCombo);
roleCombo.addActionListener(this); roleCombo.addActionListener(this);
defaultPanel.add(roleLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0 defaultPanel.add(roleLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0
,GridBagConstraints.EAST, GridBagConstraints.NONE, new Insets(12, 12, 5, 5), 0, 0)); ,GridBagConstraints.EAST, GridBagConstraints.NONE, new Insets(5, 12, 5, 5), 0, 0));
defaultPanel.add(roleCombo, new GridBagConstraints(1, 0, 1, 1, 1.0, 0.0 defaultPanel.add(roleCombo, new GridBagConstraints(1, 1, 1, 1, 1.0, 0.0
,GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL, new Insets(12, 0, 5, 12), 0, 0)); ,GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL, new Insets(5, 0, 5, 12), 0, 0));
clientLabel.setText("Client");
clientLabel.setHorizontalAlignment(SwingConstants.RIGHT);
clientLabel.setLabelFor(clientCombo);
defaultPanel.add(clientLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0
,GridBagConstraints.EAST, GridBagConstraints.NONE, new Insets(5, 12, 5, 5), 0, 0));
clientCombo.addActionListener(this);
defaultPanel.add(clientCombo, new GridBagConstraints(1, 1, 1, 1, 1.0, 0.0
,GridBagConstraints.WEST, GridBagConstraints.HORIZONTAL, new Insets(5, 0, 5, 12), 0, 0));
orgLabel.setText("Organization"); orgLabel.setText("Organization");
orgLabel.setHorizontalAlignment(SwingConstants.RIGHT); orgLabel.setHorizontalAlignment(SwingConstants.RIGHT);
orgLabel.setLabelFor(orgCombo); orgLabel.setLabelFor(orgCombo);
@ -500,10 +500,10 @@ public final class ALogin extends CDialog
else if (e.getSource() == languageCombo) else if (e.getSource() == languageCombo)
languageComboChanged(); languageComboChanged();
// //
else if (e.getSource() == roleCombo)
roleComboChanged();
else if (e.getSource() == clientCombo) else if (e.getSource() == clientCombo)
clientComboChanged(); clientComboChanged();
else if (e.getSource() == roleCombo)
roleComboChanged();
else if (e.getSource() == orgCombo) else if (e.getSource() == orgCombo)
orgComboChanged(); orgComboChanged();
else if ("onlineLoginHelp".equals(e.getActionCommand())) else if ("onlineLoginHelp".equals(e.getActionCommand()))
@ -645,13 +645,13 @@ public final class ALogin extends CDialog
// Reference check // Reference check
Ini.setProperty(Ini.P_LOGMIGRATIONSCRIPT, "Reference".equalsIgnoreCase(CConnection.get().getDbUid())); Ini.setProperty(Ini.P_LOGMIGRATIONSCRIPT, "Reference".equalsIgnoreCase(CConnection.get().getDbUid()));
// Get Roles // Get Clients
m_login = new Login(m_ctx); m_login = new Login(m_ctx);
KeyNamePair[] roles = null; KeyNamePair[] clients = null;
try try
{ {
roles = m_login.getRoles(m_user, new String(m_pwd)); clients = m_login.getClients(m_user, new String(m_pwd));
if (roles == null || roles.length == 0) if (clients == null || clients.length == 0)
{ {
statusBar.setStatusLine(txt_UserPwdError, true); statusBar.setStatusLine(txt_UserPwdError, true);
userTextField.setBackground(AdempierePLAF.getFieldBackground_Error()); userTextField.setBackground(AdempierePLAF.getFieldBackground_Error());
@ -679,11 +679,85 @@ public final class ALogin extends CDialog
// Delete existing role items // Delete existing role items
m_comboActive = true; m_comboActive = true;
if (roleCombo.getItemCount() > 0) if (clientCombo.getItemCount() > 0)
roleCombo.removeAllItems(); clientCombo.removeAllItems();
// Initial role // Initial role
KeyNamePair iniValue = null; KeyNamePair iniValue = null;
String iniDefault = Ini.getProperty(Ini.P_CLIENT);
// fill roles
for (int i = 0; i < clients.length; i++)
{
clientCombo.addItem(clients[i]);
if (clients[i].getName().equals(iniDefault))
iniValue = clients[i];
}
if (iniValue != null){
clientCombo.setSelectedItem(iniValue);
} else {
clientCombo.setSelectedItem(clients[0]);
}
if (clientCombo.getItemCount() == 1)
{
clientCombo.setSelectedIndex(0);
clientCombo.setVisible(false);
clientCombo.setVisible(false);
clientLabel.setVisible(false);
}
else
{
clientCombo.setVisible(true);
clientCombo.setVisible(true);
}
userTextField.setBackground(AdempierePLAF.getFieldBackground_Normal());
passwordField.setBackground(AdempierePLAF.getFieldBackground_Normal());
//
this.setTitle(hostField.getDisplay());
statusBar.setStatusLine(txt_LoggedIn);
m_comboActive = false;
clientComboChanged();
return true;
} // tryConnection
/**
* Client changed - fill Role List
*/
private void clientComboChanged ()
{
KeyNamePair client = (KeyNamePair)clientCombo.getSelectedItem();
if (client == null || m_comboActive)
return;
log.config(": " + client);
m_comboActive = true;
// @Trifon - Set Proper "#AD_Client_ID", #AD_User_ID and "#SalesRep_ID"
// https://sourceforge.net/tracker/?func=detail&aid=2957215&group_id=176962&atid=879332
Env.setContext(m_ctx, "#AD_Client_ID", client.getKey());
MUser user = MUser.get (m_ctx, userTextField.getText());
if (user != null) {
Env.setContext(m_ctx, "#AD_User_ID", user.getAD_User_ID() );
Env.setContext(m_ctx, "#SalesRep_ID", user.getAD_User_ID() );
}
//
KeyNamePair[] roles = m_login.getRoles(userTextField.getText(), client);
// delete existing rol/org items
if (roleCombo.getItemCount() > 0)
roleCombo.removeAllItems();
if (orgCombo.getItemCount() > 0)
orgCombo.removeAllItems();
// No Clients
if (roles == null || roles.length == 0)
{
statusBar.setStatusLine(txt_RoleError, true);
m_comboActive = false;
return;
}
// initial rol
KeyNamePair iniValue = null;
String iniDefault = Ini.getProperty(Ini.P_ROLE); String iniDefault = Ini.getProperty(Ini.P_ROLE);
// fill roles // fill roles
@ -693,97 +767,47 @@ public final class ALogin extends CDialog
if (roles[i].getName().equals(iniDefault)) if (roles[i].getName().equals(iniDefault))
iniValue = roles[i]; iniValue = roles[i];
} }
if (iniValue != null)
roleCombo.setSelectedItem(iniValue);
// If we have only one role, we can hide the combobox - metas-2009_0021_AP1_G94
if (roleCombo.getItemCount() == 1 && ! MSysConfig.getBooleanValue(MSysConfig.ALogin_ShowOneRole, true))
{
roleCombo.setSelectedIndex(0);
roleLabel.setVisible(false);
roleCombo.setVisible(false);
}
else
{
roleLabel.setVisible(true);
roleCombo.setVisible(true);
}
userTextField.setBackground(AdempierePLAF.getFieldBackground_Normal());
passwordField.setBackground(AdempierePLAF.getFieldBackground_Normal());
//
this.setTitle(hostField.getDisplay());
statusBar.setStatusLine(txt_LoggedIn);
m_comboActive = false;
roleComboChanged();
return true;
} // tryConnection
/**
* Role changed - fill Client List
*/
private void roleComboChanged ()
{
KeyNamePair role = (KeyNamePair)roleCombo.getSelectedItem();
if (role == null || m_comboActive)
return;
log.config(": " + role);
m_comboActive = true;
//
KeyNamePair[] clients = m_login.getClients(role);
// delete existing client/org items
if (clientCombo.getItemCount() > 0)
clientCombo.removeAllItems();
if (orgCombo.getItemCount() > 0)
orgCombo.removeAllItems();
// No Clients
if (clients == null || clients.length == 0)
{
statusBar.setStatusLine(txt_RoleError, true);
m_comboActive = false;
return;
}
// initial client
KeyNamePair iniValue = null;
String iniDefault = Ini.getProperty(Ini.P_CLIENT);
// fill clients
for (int i = 0; i < clients.length; i++)
{
clientCombo.addItem(clients[i]);
if (clients[i].getName().equals(iniDefault))
iniValue = clients[i];
}
// fini // fini
if (iniValue != null) if (iniValue != null)
clientCombo.setSelectedItem(iniValue); roleCombo.setSelectedItem(iniValue);
// //
// If we have only one role, we can hide the combobox - metas-2009_0021_AP1_G94
if(roleCombo.getItemCount()==1 && ! MSysConfig.getBooleanValue(MSysConfig.ALogin_ShowOneRole, true))
{
roleCombo.setSelectedIndex(0);
roleCombo.setVisible(false);
roleCombo.setVisible(false);
roleLabel.setVisible(false);
}
m_comboActive = false; m_comboActive = false;
clientComboChanged(); roleComboChanged();
} // roleComboChanged } // roleComboChanged
/** /**
* Client changed - fill Org & Warehouse List * role changed - fill Org & Warehouse List
*/ */
private void clientComboChanged() private void roleComboChanged()
{ {
KeyNamePair client = (KeyNamePair)clientCombo.getSelectedItem(); KeyNamePair rol = (KeyNamePair)roleCombo.getSelectedItem();
if (client == null || m_comboActive) if (rol == null || m_comboActive)
return; return;
log.config(": " + client); log.config(": " + rol);
m_comboActive = true; m_comboActive = true;
// @Trifon - Set Proper "#AD_Client_ID", #AD_User_ID and "#SalesRep_ID"
// https://sourceforge.net/tracker/?func=detail&aid=2957215&group_id=176962&atid=879332 if( Env.getContextAsInt(m_ctx, "#AD_Client_ID") > 0 )
Env.setContext(m_ctx, "#AD_Client_ID", client.getKey()); {
MUser user = MUser.get (m_ctx, userTextField.getText(), new String (passwordField.getPassword()) ); MUser user = MUser.get (m_ctx, userTextField.getText());
if (user != null) { if (user != null) {
Env.setContext(m_ctx, "#AD_User_ID", user.getAD_User_ID() ); Env.setContext(m_ctx, "#AD_User_ID", user.getAD_User_ID() );
Env.setContext(m_ctx, "#SalesRep_ID", user.getAD_User_ID() ); Env.setContext(m_ctx, "#SalesRep_ID", user.getAD_User_ID() );
}
} }
// //
KeyNamePair[] orgs = m_login.getOrgs(client); KeyNamePair[] orgs = m_login.getOrgs(rol);
// delete existing cleint items // delete existing cleint items
if (orgCombo.getItemCount() > 0) if (orgCombo.getItemCount() > 0)
orgCombo.removeAllItems(); orgCombo.removeAllItems();

View File

@ -333,10 +333,7 @@ public class AdempiereWebUI extends Window implements EventListener<Event>, IWeb
appDesktop.logout(); appDesktop.logout();
Executions.getCurrent().getDesktop().getSession().getAttributes().clear(); Executions.getCurrent().getDesktop().getSession().getAttributes().clear();
MSession mSession = MSession.get(Env.getCtx(), false); AEnv.logout();
if (mSession != null) {
mSession.logout();
}
SessionManager.clearSession(); SessionManager.clearSession();
super.getChildren().clear(); super.getChildren().clear();

View File

@ -49,6 +49,7 @@ import org.compiere.model.Lookup;
import org.compiere.model.MAcctSchema; import org.compiere.model.MAcctSchema;
import org.compiere.model.MLookup; import org.compiere.model.MLookup;
import org.compiere.model.MQuery; import org.compiere.model.MQuery;
import org.compiere.model.MSession;
import org.compiere.util.CCache; import org.compiere.util.CCache;
import org.compiere.util.CLogger; import org.compiere.util.CLogger;
import org.compiere.util.CacheMgt; import org.compiere.util.CacheMgt;
@ -189,9 +190,13 @@ public final class AEnv
public static void logout() public static void logout()
{ {
Env.logout(); String sessionID = Env.getContext(Env.getCtx(), "#AD_Session_ID");
windowCache.remove(sessionID);
// End Session
MSession session = MSession.get(Env.getCtx(), false); // finish
if (session != null)
session.logout();
//
} }
/** /**
@ -240,12 +245,12 @@ public final class AEnv
log.config("Window=" + WindowNo + ", AD_Window_ID=" + AD_Window_ID); log.config("Window=" + WindowNo + ", AD_Window_ID=" + AD_Window_ID);
GridWindowVO mWindowVO = null; GridWindowVO mWindowVO = null;
String locale = Env.getLanguage(Env.getCtx()).getLocale().toString(); String sessionID = Env.getContext(Env.getCtx(), "#AD_Session_ID");
if (AD_Window_ID != 0 && Ini.isCacheWindow()) // try cache if (AD_Window_ID != 0 && Ini.isCacheWindow()) // try cache
{ {
synchronized (windowCache) synchronized (windowCache)
{ {
CCache<Integer,GridWindowVO> cache = windowCache.get(locale); CCache<Integer,GridWindowVO> cache = windowCache.get(sessionID);
if (cache != null) if (cache != null)
{ {
mWindowVO = cache.get(AD_Window_ID); mWindowVO = cache.get(AD_Window_ID);
@ -267,11 +272,11 @@ public final class AEnv
{ {
synchronized (windowCache) synchronized (windowCache)
{ {
CCache<Integer,GridWindowVO> cache = windowCache.get(locale); CCache<Integer,GridWindowVO> cache = windowCache.get(sessionID);
if (cache == null) if (cache == null)
{ {
cache = new CCache<Integer, GridWindowVO>("AD_Window", 10); cache = new CCache<Integer, GridWindowVO>("AD_Window", 10);
windowCache.put(locale, cache); windowCache.put(sessionID, cache);
} }
cache.put(AD_Window_ID, mWindowVO); cache.put(AD_Window_ID, mWindowVO);
} }