/**
* Most of the code in the Qalingo project is copyrighted Hoteia and licensed
* under the Apache License Version 2.0 (release version 0.8.0)
* http://www.apache.org/licenses/LICENSE-2.0
*
* Copyright (c) Hoteia, 2012-2014
* http://www.hoteia.com - http://twitter.com/hoteia - contact@hoteia.com
*
*/
package org.hoteia.qalingo.core.web.mvc.controller.openid;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.hoteia.qalingo.core.Constants;
import org.hoteia.qalingo.core.domain.AttributeDefinition;
import org.hoteia.qalingo.core.domain.Customer;
import org.hoteia.qalingo.core.domain.CustomerAttribute;
import org.hoteia.qalingo.core.domain.CustomerGroup;
import org.hoteia.qalingo.core.domain.Market;
import org.hoteia.qalingo.core.domain.MarketArea;
import org.hoteia.qalingo.core.pojo.RequestData;
import org.hoteia.qalingo.core.security.util.SecurityUtil;
import org.hoteia.qalingo.core.service.AttributeService;
import org.hoteia.qalingo.core.service.GroupRoleService;
import org.hoteia.qalingo.core.service.CustomerService;
import org.hoteia.qalingo.core.service.WebManagementService;
import org.hoteia.qalingo.core.service.openid.OpenIdAuthentication;
import org.hoteia.qalingo.core.service.openid.OpenIdException;
import org.hoteia.qalingo.core.service.openid.OpenIdService;
import org.hoteia.qalingo.core.web.mvc.controller.AbstractFrontofficeQalingoController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
/**
*
* <p>
* <a href="AbstractOpenIdFrontofficeController.java.html"><i>View Source</i></a>
* </p>
*
* @author Denis Gosset <a href="http://www.hoteia.com"><i>Hoteia.com</i></a>
*
*/
public abstract class AbstractOpenIdFrontofficeController extends AbstractFrontofficeQalingoController {
protected final Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
protected OpenIdService openIdService;
@Autowired
protected CustomerService customerService;
@Autowired
protected GroupRoleService customerGroupService;
@Autowired
protected WebManagementService webManagementService;
@Autowired
protected AttributeService attributeService;
@Autowired
protected SecurityUtil securityUtil;
void handleAuthenticationData(final HttpServletRequest request, final OpenIdAuthentication auth) throws Exception {
final RequestData requestData = requestUtil.getRequestData(request);
final Market market = requestData.getMarket();
final MarketArea marketArea = requestData.getMarketArea();
final String email = auth.getEmail();
Customer customer = customerService.getCustomerByLoginOrEmail(email);
if(customer == null){
// CREATE A NEW CUSTOMER
customer = new Customer();
customer = webManagementService.buildAndSaveNewCustomer(requestData, market, marketArea, customer);
customer.setLogin(email);
customer.setPassword(securityUtil.generatePassword());
customer.setEmail(email);
customer.setFirstname(auth.getFirstname());
customer.setLastname(auth.getLastname());
if(StringUtils.isNotEmpty(auth.getGender())){
customer.setGender(auth.getGender());
}
CustomerAttribute attribute = new CustomerAttribute();
AttributeDefinition attributeDefinition = attributeService.getAttributeDefinitionByCode(CustomerAttribute.CUSTOMER_ATTRIBUTE_SCREENAME);
attribute.setAttributeDefinition(attributeDefinition);
String screenName = "";
if(StringUtils.isNotEmpty(auth.getLastname())){
if(StringUtils.isNotEmpty(auth.getLastname())){
screenName = auth.getLastname();
if(screenName.length() > 1){
screenName = screenName.substring(0, 1);
}
if(!screenName.endsWith(".")){
screenName = screenName + ". ";
}
}
}
screenName = screenName + auth.getFirstname();
attribute.setShortStringValue(screenName);
customer.getAttributes().add(attribute);
if(StringUtils.isNotEmpty(auth.getLanguage())){
customer.setDefaultLocale(auth.getLanguage());
}
customerService.saveOrUpdateCustomer(customer);
}
// Login the new customer
securityUtil.authenticationCustomer(request, customer);
// Update the customer session
requestUtil.updateCurrentCustomer(request, customer);
}
void checkNonce(String nonce) {
// check response_nonce to prevent replay-attack:
if (nonce==null || nonce.length()<20){
throw new OpenIdException("Verify failed.");
}
// make sure the time of server is correct:
long nonceTime = getNonceTime(nonce);
long diff = Math.abs(System.currentTimeMillis() - nonceTime);
if (diff > Constants.ONE_HOUR){
throw new OpenIdException("Bad nonce time.");
}
}
long getNonceTime(String nonce) {
try {
return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.parse(nonce.substring(0, 19) + "+0000")
.getTime();
}
catch(ParseException e) {
throw new OpenIdException("Bad nonce time.");
}
}
}