This is an automated email from the ASF dual-hosted git repository.
jamesyong pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new ad0211a Improved: Display last-visited-time popup after login
(OFBIZ-12148) (#266)
ad0211a is described below
commit ad0211ab2d965563f54c1b9c7f9c2a093984a11c
Author: James Yong <[email protected]>
AuthorDate: Mon Feb 8 00:04:29 2021 +0800
Improved: Display last-visited-time popup after login (OFBIZ-12148) (#266)
Improved: Display last-visited-time popup after login (OFBIZ-12148)
To allow users to know of any unauthorised access to their accounts.
Thanks: Michael for review
---
framework/common/config/SecurityUiLabels.xml | 5 ++
.../common/webcommon/WEB-INF/common-controller.xml | 4 +
framework/security/config/security.properties | 5 ++
.../org/apache/ofbiz/webapp/AfterLoginEvents.java | 100 +++++++++++++++++++++
4 files changed, 114 insertions(+)
diff --git a/framework/common/config/SecurityUiLabels.xml
b/framework/common/config/SecurityUiLabels.xml
index 3c88bc8..6426938 100644
--- a/framework/common/config/SecurityUiLabels.xml
+++ b/framework/common/config/SecurityUiLabels.xml
@@ -505,6 +505,11 @@
<value xml:lang="zh">浏览名称</value>
<value xml:lang="zh-TW">檢視名稱</value>
</property>
+ <property key="LastVisitOn">
+ <value xml:lang="en">Your last visit was on ${jsLastVisit}</value>
+ <value xml:lang="zh">您上次访问的时间是 ${jsLastVisit}</value>
+ <value xml:lang="zh-TW">您上次訪問的時間是 ${jsLastVisit}</value>
+ </property>
<property key="LookupUserLogin">
<value xml:lang="de">Benutzer Anmeldung suchen</value>
<value xml:lang="en">Lookup User Login</value>
diff --git a/framework/common/webcommon/WEB-INF/common-controller.xml
b/framework/common/webcommon/WEB-INF/common-controller.xml
index 36b10c9..e35662c 100644
--- a/framework/common/webcommon/WEB-INF/common-controller.xml
+++ b/framework/common/webcommon/WEB-INF/common-controller.xml
@@ -39,6 +39,10 @@ under the License.
<!-- Events to run on every request after all other processing (chains
exempt) -->
</postprocessor>
+ <after-login>
+ <event name="showLastVisit" type="java"
path="org.apache.ofbiz.webapp.AfterLoginEvents" invoke="showLastVisit"/>
+ </after-login>
+
<!-- Security Mappings -->
<request-map uri="checkLogin">
<description>Verify a user is logged in.</description>
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index 2947ce4..702971a 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -228,3 +228,8 @@ templateClassResolver=
#-- people may like to allow more than what is allowed OOTB
#-- As it name says, allowAllUploads opens all possibilities
allowAllUploads=
+
+#-- Popup last-visited time from database after user has logged in.
+#-- So users can know of any unauthorised access to their accounts.
+#-- Default is true.
+afterlogin.lastvisit.show=
\ No newline at end of file
diff --git
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
new file mode 100644
index 0000000..7744126
--- /dev/null
+++
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/AfterLoginEvents.java
@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+
*******************************************************************************/
+package org.apache.ofbiz.webapp;
+
+import org.apache.ofbiz.base.util.Debug;
+import org.apache.ofbiz.base.util.UtilHttp;
+import org.apache.ofbiz.base.util.UtilProperties;
+import org.apache.ofbiz.common.JsLanguageFilesMappingUtil;
+import org.apache.ofbiz.entity.Delegator;
+import org.apache.ofbiz.entity.GenericEntityException;
+import org.apache.ofbiz.entity.GenericValue;
+import org.apache.ofbiz.entity.util.EntityListIterator;
+import org.apache.ofbiz.entity.util.EntityQuery;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.sql.Timestamp;
+import java.text.SimpleDateFormat;
+import java.util.Locale;
+
+public class AfterLoginEvents {
+
+ private static final String MODULE = AfterLoginEvents.class.getName();
+ private static final String SCRIPT_SHOW_LAST_VISIT_DATE;
+
+ static {
+ SCRIPT_SHOW_LAST_VISIT_DATE = "<span
id='showLastVisit'></span><script>"
+ + "importLibrary(%s, function () {\n"
+ + "var dateFormat = Date.CultureInfo.formatPatterns.shortDate
+ ' ' + Date.CultureInfo.formatPatterns.longTime;\n"
+ + "var jsLastVisit = new Date('%s').toString(dateFormat);\n"
+ + "var message = `%s`;\n"
+ + "$('#showLastVisit').replaceWith(message);\n"
+ + "});\n</script>";
+ }
+
+ public static String showLastVisit(HttpServletRequest request,
HttpServletResponse response) {
+
+ boolean show = UtilProperties.getPropertyAsBoolean("security",
"afterlogin.lastvisit.show", true);
+ if (!show) {
+ return "success";
+ }
+
+ // guard against re-popup while moving to other web application when
tomcat SSO is enabled
+ if (!"login".equals(request.getAttribute("thisRequestUri"))) {
+ return "success";
+ }
+
+ HttpSession session = request.getSession();
+ Delegator delegator = (Delegator) request.getAttribute("delegator");
+ GenericValue userLogin = (GenericValue)
session.getAttribute("userLogin");
+
+ String userLoginId = (String) userLogin.get("userLoginId");
+
+ try (EntityListIterator eli = EntityQuery.use(delegator)
+ .from("Visit")
+ .where("userLoginId", userLoginId)
+ .orderBy("-fromDate")
+ .cursorScrollInsensitive()
+ .maxRows(2)
+ .queryIterator()) {
+ if (eli != null) {
+ GenericValue visit = null;
+ int count = 0;
+ while ((visit = eli.next()) != null) {
+ if (count == 1) {
+ Timestamp fromDate = visit.getTimestamp("fromDate");
+ Locale locale = UtilHttp.getLocale(request);
+ String libJs = "['" +
JsLanguageFilesMappingUtil.getFile("datejs", locale.toString()) + "']";
+ SimpleDateFormat formatter = new SimpleDateFormat("EE
MMM d y H:m:s ZZZ");
+ String dateString = formatter.format(fromDate);
+ String lastVisitedOn =
UtilProperties.getMessage("SecurityUiLabels", "LastVisitOn", locale);
+ request.setAttribute("_UNSAFE_EVENT_MESSAGE_",
String.format(SCRIPT_SHOW_LAST_VISIT_DATE, libJs, dateString, lastVisitedOn));
+ }
+ count++;
+ }
+ }
+ } catch (GenericEntityException e) {
+ Debug.logError(e, MODULE);
+ return "error";
+ }
+ return "success";
+ }
+}
