fix #1002 use encoded username as usercode

2017-04-20 23:02:29 +09:00 · 2017-04-20 23:02:29 +09:00 · ba87380806
commit ba87380806
parent 6451d6966d
2 changed files with 72 additions and 8 deletions
--- a/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
@ -28,8 +28,11 @@ import javax.servlet.http.HttpSession;
 import org.codelibs.core.collection.LruHashMap;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.Constants;
+import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
+import org.lastaflute.core.security.PrimaryCipher;
+import org.lastaflute.web.login.LoginManager;
 import org.lastaflute.web.util.LaRequestUtil;
 import org.lastaflute.web.util.LaResponseUtil;

@ -37,17 +40,17 @@ public class UserInfoHelper {
    @Resource
    protected SearchLogHelper searchLogHelper;

-    public int resultDocIdsCacheSize = 20;
+    protected int resultDocIdsCacheSize = 20;

-    public String cookieName = "fsid";
+    protected String cookieName = "fsid";

-    public String cookieDomain;
+    protected String cookieDomain;

-    public int cookieMaxAge = 30 * 24 * 60 * 60;// 1 month
+    protected int cookieMaxAge = 30 * 24 * 60 * 60;// 1 month

-    public String cookiePath;
+    protected String cookiePath = "/";

-    public Boolean cookieSecure;
+    protected Boolean cookieSecure;

    public String getUserCode() {
        final HttpServletRequest request = LaRequestUtil.getRequest();
@ -57,6 +60,11 @@ public class UserInfoHelper {
            return userCode;
        }

+        userCode = getUserCodeFromUserBean(request);
+        if (StringUtil.isNotBlank(userCode)) {
+            return userCode;
+        }
+
        userCode = getUserCodeFromRequest(request);
        if (StringUtil.isNotBlank(userCode)) {
            return userCode;
@ -77,6 +85,33 @@ public class UserInfoHelper {
        return userCode;
    }

+    protected String getUserCodeFromUserBean(final HttpServletRequest request) {
+        final LoginManager loginManager = ComponentUtil.getComponent(LoginManager.class);
+        if (loginManager == null) {
+            return null;
+        }
+
+        String userCode =
+                loginManager.getSavedUserBean().filter(u -> !FessUserBean.EMPTY_USER_ID.equals(u.getUserId()))
+                        .map(u -> u.getUserId().toString()).orElse(StringUtil.EMPTY);
+        if (StringUtil.isBlank(userCode)) {
+            return null;
+        }
+
+        final PrimaryCipher cipher = ComponentUtil.getPrimaryCipher();
+        if (cipher == null) {
+            return null;
+        }
+
+        userCode = cipher.encrypt(userCode);
+        request.setAttribute(Constants.USER_CODE, userCode);
+        final String cookieValue = getUserCodeFromCookie(request);
+        if (cookieValue != null) {
+            updateCookie(cookieValue, 0);
+        }
+        return userCode;
+    }
+
    protected String getUserCodeFromRequest(final HttpServletRequest request) {
        final FessConfig fessConfig = ComponentUtil.getFessConfig();
        final String userCode = request.getParameter(fessConfig.getUserCodeRequestParameter());
@ -107,8 +142,12 @@ public class UserInfoHelper {
        final HttpServletRequest request = LaRequestUtil.getRequest();
        request.setAttribute(Constants.USER_CODE, userCode);

+        updateCookie(userCode, cookieMaxAge);
+    }
+
+    protected void updateCookie(final String userCode, final int age) {
        final Cookie cookie = new Cookie(cookieName, userCode);
-        cookie.setMaxAge(cookieMaxAge);
+        cookie.setMaxAge(age);
        if (StringUtil.isNotBlank(cookieDomain)) {
            cookie.setDomain(cookieDomain);
        }
@ -174,4 +213,28 @@ public class UserInfoHelper {
        }
        return resultDocIdsCache;
    }
+
+    public void setResultDocIdsCacheSize(int resultDocIdsCacheSize) {
+        this.resultDocIdsCacheSize = resultDocIdsCacheSize;
+    }
+
+    public void setCookieName(String cookieName) {
+        this.cookieName = cookieName;
+    }
+
+    public void setCookieDomain(String cookieDomain) {
+        this.cookieDomain = cookieDomain;
+    }
+
+    public void setCookieMaxAge(int cookieMaxAge) {
+        this.cookieMaxAge = cookieMaxAge;
+    }
+
+    public void setCookiePath(String cookiePath) {
+        this.cookiePath = cookiePath;
+    }
+
+    public void setCookieSecure(Boolean cookieSecure) {
+        this.cookieSecure = cookieSecure;
+    }
 }
--- a/src/main/java/org/codelibs/fess/mylasta/action/FessUserBean.java
+++ b/src/main/java/org/codelibs/fess/mylasta/action/FessUserBean.java
@ -31,6 +31,7 @@ public class FessUserBean extends TypicalUserBean<String> { // #change_it also L
    //                                                                          ==========
    /** The serial version UID for object serialization. (Default) */
    private static final long serialVersionUID = 1L;
+    public static final String EMPTY_USER_ID = "<empty>";
    private final FessUser user;

    // ===================================================================================
@ -99,7 +100,7 @@ public class FessUserBean extends TypicalUserBean<String> { // #change_it also L

            @Override
            public String getUserId() {
-                return "<empty>";
+                return EMPTY_USER_ID;
            }

            @Override