Merge pull request #173 from zanata/new-openid-login-screen

New openid login screen

pom.xml

@@ -27,7 +27,7 @@
       <gwt.version>2.5.0</gwt.version>
       <icu4j.version>4.8</icu4j.version>
       <lombok.source.dir>${project.build.sourceDirectory}/org/zanata</lombok.source.dir>
-      <lucene.version>3.5.0</lucene.version>
+      <lucene.version>3.6.2</lucene.version>
       <seam.version>2.3.1.Final</seam.version>
       <gwteventservice.version>1.2.1</gwteventservice.version>
       <okapi.version>0.22</okapi.version>

zanata-war/pom.xml

@@ -40,7 +40,7 @@
         <groovy.eclipse.batch.version>2.1.5-03</groovy.eclipse.batch.version>
         <groovy.eclipse.compiler.version>2.7.0-01</groovy.eclipse.compiler.version>
 
-      <zanata.web.assets.version>1</zanata.web.assets.version>
+      <zanata.web.assets.version>2</zanata.web.assets.version>
     </properties>
 
 	<build>

zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java

@@ -270,6 +270,11 @@ public boolean isJaasAuth()
       return this.loginModuleNames.containsKey(AuthenticationType.JAAS);
    }
 
+   public boolean isMultiAuth()
+   {
+      return loginModuleNames.size() > 1;
+   }
+
    public String getLoginModuleName(AuthenticationType authType)
    {
       return this.loginModuleNames.get(authType);

zanata-war/src/main/java/org/zanata/action/AccountMergeAction.java

@@ -100,7 +100,7 @@ public boolean getAccountsValid()
 
    public void loginToMergingAccount()
    {
-      authenticationManager.openIdAuthenticate(this.providerType, this.username, new AccountMergeAuthCallback());
+      authenticationManager.openIdAuthenticate(this.providerType, new AccountMergeAuthCallback());
    }
 
    public boolean isAccountSelected()

zanata-war/src/main/java/org/zanata/action/CredentialsAction.java

@@ -76,10 +76,6 @@ public class CredentialsAction implements Serializable
    @DataModelSelection
    private HCredentials selectedCredentials;
 
-   private String credentialsUsername;
-
-   private OpenIdProviderType providerType;
-
 
    public void loadUserCredentials()
    {
@@ -88,38 +84,11 @@ public void loadUserCredentials()
       userCredentials = new ArrayList<HCredentials>( account.getCredentials() );
    }
 
-   public String getProviderType()
-   {
-      return providerType != null ? providerType.toString() : "";
-   }
-
-   public void setProviderType(String providerType)
-   {
-      try
-      {
-         this.providerType = OpenIdProviderType.valueOf(providerType);
-      }
-      catch (IllegalArgumentException e)
-      {
-         this.providerType = OpenIdProviderType.Generic;
-      }
-   }
-
    public List<HCredentials> getUserCredentials()
    {
       return userCredentials;
    }
 
-   public void setCredentialsUsername(String credentialsUsername)
-   {
-      this.credentialsUsername = credentialsUsername;
-   }
-
-   public String getCredentialsUsername()
-   {
-      return credentialsUsername;
-   }
-
    public void remove()
    {
       HAccount account = accountDAO.findById( authenticatedAccount.getId(), false );
@@ -133,13 +102,14 @@ public void cancel()
       // See pages.xml
    }
 
-   public void verifyCredentials()
+   public void verifyCredentials(String providerTypeStr)
    {
+      OpenIdProviderType providerType = OpenIdProviderType.valueOf(providerTypeStr);
       HOpenIdCredentials newCreds = new HOpenIdCredentials();
       newCreds.setAccount(authenticatedAccount);
 
       authenticationManager.openIdAuthenticate(
-            this.providerType, this.credentialsUsername, new CredentialsCreationCallback(newCreds) );
+            providerType, new CredentialsCreationCallback(newCreds) );
    }
 
    public boolean isGoogleOpenId( String openId )

zanata-war/src/main/java/org/zanata/action/LoginAction.java

@@ -33,6 +33,9 @@
 import org.zanata.security.ZanataCredentials;
 import org.zanata.security.openid.OpenIdProviderType;
 
+import lombok.Getter;
+import lombok.Setter;
+
 /**
  * This action takes care of logging a user into the system. It contains logic
  * to handle the different authentication mechanisms offered by the system.
@@ -55,116 +58,63 @@ public class LoginAction implements Serializable
    @In
    private ApplicationConfiguration applicationConfiguration;
 
-   @In
-   private AccountDAO accountDAO;
-
-   @In(create = true)
-   private InactiveAccountAction inactiveAccountAction;
-
+   @Getter @Setter
    private String username;
 
+   @Getter @Setter
    private String password;
 
-   private String authProvider;
+   @Getter @Setter
+   private String openId = "http://";
 
-
-   public String getUsername()
-   {
-      return username;
-   }
-
-   public void setUsername(String username)
-   {
-      this.username = username;
-   }
-
-   public String getPassword()
-   {
-      return password;
-   }
-
-   public void setPassword(String password)
-   {
-      this.password = password;
-   }
-
-   public String getAuthProvider()
-   {
-      return authProvider;
-   }
-
-   public void setAuthProvider(String authProvider)
-   {
-      this.authProvider = authProvider;
-   }
-
-   /**
-    * Prepares authentication credentials based on the passed parameters.
-    */
-   private void prepareCredentials()
+   public String login()
    {
-      AuthenticationType authType = null;
-      OpenIdProviderType openIdProviderType = null;
-
-      credentials.setUsername( username );
-      credentials.setPassword( password );
-
-      // All others
-      if (authProvider == null)
+      credentials.setUsername(username);
+      credentials.setPassword(password);
+      if (applicationConfiguration.isInternalAuth())
       {
-         if (applicationConfiguration.isInternalAuth())
-         {
-            authType = AuthenticationType.INTERNAL;
-         }
-         else if (applicationConfiguration.isJaasAuth())
-         {
-            authType = AuthenticationType.JAAS;
-         }
-         else if (applicationConfiguration.isKerberosAuth())
-         {
-            authType = AuthenticationType.KERBEROS;
-         }
+         credentials.setAuthType(AuthenticationType.INTERNAL);
       }
-      // Open Id / internal auth
-      else
+      else if (applicationConfiguration.isJaasAuth())
       {
-         try
-         {
-            // If it is open Id
-            openIdProviderType = OpenIdProviderType.valueOf(authProvider);
-            authType = AuthenticationType.OPENID;
-         }
-         catch (Exception e)
-         {
-            // If it's not open id, it might be another authentication type
-            openIdProviderType = null;
-            authType = AuthenticationType.valueOf(authProvider);
-         }
+         credentials.setAuthType(AuthenticationType.JAAS);
       }
 
-      credentials.setAuthType( authType );
-      credentials.setOpenIdProviderType( openIdProviderType );
-   }
-
-   public String login()
-   {
-      this.prepareCredentials();
-      String loginResult = null;
+      String loginResult;
 
       switch (credentials.getAuthType())
       {
-      case OPENID:
-         loginResult = authenticationManager.openIdLogin();
-         break;
       case INTERNAL:
+         credentials.setAuthType(AuthenticationType.INTERNAL);
          loginResult = authenticationManager.internalLogin();
          break;
       case JAAS:
+         credentials.setAuthType(AuthenticationType.JAAS);
          loginResult = authenticationManager.jaasLogin();
          break;
       // Kerberos auth happens on its own
+      default:
+         throw new RuntimeException("login() only supports internal or jaas authentication");
       }
 
       return loginResult;
    }
+
+   /**
+    * Only for open id.
+    * @param authProvider Open Id authentication provider.
+    */
+   public String openIdLogin(String authProvider)
+   {
+      OpenIdProviderType providerType = OpenIdProviderType.valueOf(authProvider);
+
+      if( providerType == OpenIdProviderType.Generic )
+      {
+         credentials.setUsername(openId);
+      }
+
+      credentials.setAuthType(AuthenticationType.OPENID);
+      credentials.setOpenIdProviderType(providerType);
+      return authenticationManager.openIdLogin();
+   }
 }

zanata-war/src/main/java/org/zanata/security/AuthenticationManager.java

@@ -177,23 +177,8 @@ public void kerberosLogin()
     */
    public String openIdLogin()
    {
-      // Federated OpenId providers
-      if (zanataOpenId.isFederatedProvider())
-      {
-         // NB: Credentials' user name must be set to something or else login
-         // will fail. The real user name will be asked
-         // by the provider
-         credentials.setUsername("zanata");
-      }
-
+      zanataOpenId.setProvider(credentials.getOpenIdProviderType());
       String loginResult = identity.login(AuthenticationType.OPENID);
-
-      if (zanataOpenId.isFederatedProvider())
-      {
-         // Clear out the credentials again
-         credentials.setUsername("");
-      }
-
       return loginResult;
    }
 
@@ -204,17 +189,14 @@ public String openIdLogin()
     * authentication attempt is finished.
     * 
     * @param openIdProviderType Open Id provider to use for authentication
-    * @param username User name. The provider will use this username to
-    *           construct an Open Id.
     * @param callback Contains the logic to execute after the authentication
     *           attempt.
     */
-   public void openIdAuthenticate(OpenIdProviderType openIdProviderType, String username, OpenIdAuthCallback callback)
+   public void openIdAuthenticate(OpenIdProviderType openIdProviderType, OpenIdAuthCallback callback)
    {
       ZanataCredentials volatileCreds = new ZanataCredentials();
       volatileCreds.setAuthType(AuthenticationType.OPENID);
       volatileCreds.setOpenIdProviderType(openIdProviderType);
-      volatileCreds.setUsername(username);
       zanataOpenId.login(volatileCreds, callback);
    }
 

zanata-war/src/main/java/org/zanata/security/FacesSecurityEvents.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2013, Red Hat, Inc. and individual contributors as indicated by the
+ * @author tags. See the copyright.txt file in the distribution for a full
+ * listing of individual contributors.
+ * 
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ * 
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.zanata.security;
+
+import org.jboss.seam.ScopeType;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.Startup;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.international.StatusMessage;
+
+import static org.jboss.seam.annotations.Install.APPLICATION;
+
+/**
+ * Override the {@link org.jboss.seam.security.FacesSecurityEvents} component to
+ * alter default values.
+ *
+ * @author Carlos Munoz <a href="mailto:camunoz@redhat.com">camunoz@redhat.com</a>
+ */
+@Name("org.jboss.seam.security.facesSecurityEvents")
+@Scope(ScopeType.APPLICATION)
+@Install(precedence = APPLICATION, classDependencies = "javax.faces.context.FacesContext")
+@BypassInterceptors
+@Startup
+public class FacesSecurityEvents extends org.jboss.seam.security.FacesSecurityEvents
+{
+   @Override
+   public StatusMessage.Severity getLoginFailedMessageSeverity()
+   {
+      return StatusMessage.Severity.ERROR;
+   }
+}

zanata-war/src/main/java/org/zanata/security/ZanataOpenId.java

@@ -377,9 +377,4 @@ public void setProvider( OpenIdProviderType providerType )
          }
       }
    }
-
-   public boolean isFederatedProvider()
-   {
-      return this.openIdProvider instanceof GoogleOpenIdProvider;
-   }
 }

zanata-war/src/main/java/org/zanata/security/openid/FedoraOpenIdProvider.java

@@ -30,13 +30,12 @@
  */
 public class FedoraOpenIdProvider extends GenericOpenIdProvider
 {
-   private static final String FEDORA_OPENID_FORMAT = "http://{0}.id.fedoraproject.org/";
-   private static final Pattern FEDORA_OPENID_PATTERN = Pattern.compile("http://(.*).id.fedoraproject.org/");
+   private static final Pattern FEDORA_OPENID_PATTERN = Pattern.compile("http://((.+).)?id.fedoraproject.org/");
 
    @Override
    public String getOpenId(String username)
    {
-      return MessageFormat.format(FEDORA_OPENID_FORMAT, username);
+      return "http://id.fedoraproject.org/";
    }
 
    @Override