//# 7 errors, 87 messages
//#
/*
    //#BaseAPIHandler.java:1:1: class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
 * Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  The ASF licenses this file to You
 * under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.  For additional information regarding
 * copyright in this work, please see the NOTICE file in the top level
 * directory of this distribution.
 */
/*
 * Created on Apr 11, 2003
 */
package org.apache.roller.weblogger.webservices.xmlrpc;

import java.io.Serializable;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xmlrpc.XmlRpcException;
import org.apache.roller.weblogger.config.WebloggerConfig;
import org.apache.roller.weblogger.business.WebloggerFactory;
import org.apache.roller.weblogger.business.UserManager;
import org.apache.roller.weblogger.pojos.User;
import org.apache.roller.weblogger.pojos.Weblog;
import org.apache.roller.weblogger.util.cache.CacheManager;
import org.apache.roller.weblogger.util.Utilities;
import org.apache.xmlrpc.common.XmlRpcNotAuthorizedException;

/**
 * Base API handler does user validation, provides exception types, etc.
 * @author David M Johnson
 */
public class BaseAPIHandler implements Serializable {
    static final long serialVersionUID = -698186274794937582L;
    
    private static Log mLogger =
    //#BaseAPIHandler.java:44: method: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init
    //#BaseAPIHandler.java:44: Warning: method not available
    //#    -- call on LogFactory org.apache.commons.logging.LogFactory:getFactory()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init
    //#    unanalyzed callee: LogFactory org.apache.commons.logging.LogFactory:getFactory()
    //#BaseAPIHandler.java:44: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getInstance(Class)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getInstance(Class)
    //#output(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Descendant_Table[org/apache/roller/weblogger/webservices/xmlrpc/BaseAPIHandler]
    //#output(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.flushPageCache(Lorg/apache/roller/weblogger/pojos/Weblog;)V
    //#output(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.validate(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Lorg/apache/roller/weblogger/pojos/Weblog;
    //#output(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.validateUser(Ljava/lang/String;Ljava/lang/String;)Z
    //#output(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): mLogger
    //#presumption(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): org.apache.commons.logging.LogFactory:getFactory(...)@44 != null
    //#post(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Descendant_Table[org/apache/roller/weblogger/webservices/xmlrpc/BaseAPIHandler] == &__Dispatch_Table
    //#post(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.flushPageCache(Lorg/apache/roller/weblogger/pojos/Weblog;)V == &flushPageCache
    //#post(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.validate(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Lorg/apache/roller/weblogger/pojos/Weblog; == &validate
    //#post(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): __Dispatch_Table.validateUser(Ljava/lang/String;Ljava/lang/String;)Z == &validateUser
    //#post(org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init): init'ed(mLogger)
    //#BaseAPIHandler.java:44: end of method: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler__static_init
            LogFactory.getFactory().getInstance(BaseAPIHandler.class);
    
    public static final int AUTHORIZATION_EXCEPTION = 0001;
    public static final String AUTHORIZATION_EXCEPTION_MSG =
            "Invalid Username and/or Password";
    
    public static final int UNKNOWN_EXCEPTION = 1000;
    public static final String UNKNOWN_EXCEPTION_MSG =
            "An error occured processing your request";
    
    public static final int UNSUPPORTED_EXCEPTION = 1001;
    public static final String UNSUPPORTED_EXCEPTION_MSG =
            "Unsupported method - Roller does not support this method";
    
    public static final int USER_DISABLED = 1002;
    public static final String USER_DISABLED_MSG =
            "User is disabled";
    
    public static final int WEBLOG_NOT_FOUND = 1003;
    public static final String WEBLOG_NOT_FOUND_MSG =
            "Weblog is not found or is disabled";
    
    public static final int WEBLOG_DISABLED = 1004;
    public static final String WEBLOG_DISABLED_MSG =
            "Weblog is not found or is disabled";
    
    public static final int BLOGGERAPI_DISABLED = 1005;
    public static final String BLOGGERAPI_DISABLED_MSG =
            "Weblog does not exist or XML-RPC disabled in web";
    
    public static final int BLOGGERAPI_INCOMPLETE_POST = 1006;
    public static final String BLOGGERAPI_INCOMPLETE_POST_MSG =
            "Incomplete weblog entry";
    
    public static final int INVALID_POSTID = 2000;
    public static final String INVALID_POSTID_MSG =
            "The entry postid you submitted is invalid";
    
    //public static final int NOBLOGS_EXCEPTION = 3000;
    //public static final String NOBLOGS_EXCEPTION_MSG =
    //"There are no categories defined for your user";
    
    public static final int UPLOAD_DENIED_EXCEPTION = 4000;
    public static final String UPLOAD_DENIED_EXCEPTION_MSG =
            "Upload denied";
    
    //------------------------------------------------------------------------
    public BaseAPIHandler() {
    //#BaseAPIHandler.java:92: method: void org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler()
    }
    //#BaseAPIHandler.java:93: end of method: void org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler()
    
    //------------------------------------------------------------------------
    //public void prep( HttpServletRequest req )
    //{
    //mRoller = RollerContext.getWeblogger(req);
    //mContextUrl = RollerContext.getRollerContext(req).getAbsoluteContextUrl(req);
    //
    
    //------------------------------------------------------------------------
    /**
     * Returns website, but only if user authenticates and is authorized to edit.
     * @param blogid   Blogid sent in request (used as website's hanldle)
     * @param username Username sent in request
     * @param password Password sent in requeset
     */
    protected Weblog validate(String blogid, String username, String password)
    throws Exception {
        boolean authenticated = false;
    //#BaseAPIHandler.java:111: method: Weblog org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.validate(String, String, String)
    //#input(Weblog validate(String, String, String)): blogid
    //#input(Weblog validate(String, String, String)): mLogger
    //#input(Weblog validate(String, String, String)): password
    //#input(Weblog validate(String, String, String)): username
    //#output(Weblog validate(String, String, String)): return_value
    //#pre[2] (Weblog validate(String, String, String)): (soft) mLogger != null
    //#pre[3] (Weblog validate(String, String, String)): (soft) password != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@120 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@119 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@119 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.pojos.User:getEnabled(...)@121 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.pojos.Weblog:getEnableBloggerApi(...)@127 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.pojos.Weblog:getEnabled(...)@126 != null
    //#presumption(Weblog validate(String, String, String)): org.apache.roller.weblogger.util.Utilities:encodePassword(...)@136 != null
    //#post(Weblog validate(String, String, String)): return_value != null
    //#test_vector(Weblog validate(String, String, String)): java.lang.String:equalsIgnoreCase(...)@135: {0}, {1}
    //#test_vector(Weblog validate(String, String, String)): org.apache.roller.weblogger.business.UserManager:getWebsiteByHandle(...)@123: Addr_Set{null}, Inverse{null}
        boolean userEnabled = false;
        boolean weblogEnabled = false;
        boolean apiEnabled = false;
        boolean weblogFound = false;
        Weblog website = null;
        User user = null;
    //#BaseAPIHandler.java:117: Warning: unused assignment
    //#    unused assignment into user
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    Attribs:  Uncertain
        try {
            UserManager userMgr = WebloggerFactory.getWeblogger().getUserManager();
    //#BaseAPIHandler.java:119: Warning: method not available
    //#    -- call on Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#BaseAPIHandler.java:119: Warning: method not available
    //#    -- call on UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
            user = userMgr.getUserByUserName(username);
    //#BaseAPIHandler.java:120: Warning: method not available
    //#    -- call on User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
            userEnabled = user.getEnabled().booleanValue();
    //#BaseAPIHandler.java:121: Warning: method not available
    //#    -- call on Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
            
            website = userMgr.getWebsiteByHandle(blogid);
    //#BaseAPIHandler.java:123: Warning: method not available
    //#    -- call on Weblog org.apache.roller.weblogger.business.UserManager:getWebsiteByHandle(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: Weblog org.apache.roller.weblogger.business.UserManager:getWebsiteByHandle(String)
            if (website != null) {
                weblogFound = true;
                weblogEnabled = website.getEnabled().booleanValue();
    //#BaseAPIHandler.java:126: Warning: method not available
    //#    -- call on Boolean org.apache.roller.weblogger.pojos.Weblog:getEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: Boolean org.apache.roller.weblogger.pojos.Weblog:getEnabled()
                apiEnabled = website.getEnableBloggerApi().booleanValue();
    //#BaseAPIHandler.java:127: Warning: method not available
    //#    -- call on Boolean org.apache.roller.weblogger.pojos.Weblog:getEnableBloggerApi()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: Boolean org.apache.roller.weblogger.pojos.Weblog:getEnableBloggerApi()
            }
            
            if (user != null) {
                // are passwords encrypted
                String encrypted =
    //#BaseAPIHandler.java:132: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
                        WebloggerConfig.getProperty("passwds.encryption.enabled");
                //System.out.print("password was [" + password + "] ");
                if ("true".equalsIgnoreCase(encrypted)) {
                    password = Utilities.encodePassword(password,
    //#BaseAPIHandler.java:136: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#BaseAPIHandler.java:136: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.util.Utilities:encodePassword(String, String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.util.Utilities:encodePassword(String, String)
                            WebloggerConfig.getProperty("passwds.encryption.algorithm"));
                }
                authenticated = password.equals(user.getPassword());
    //#BaseAPIHandler.java:139: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.pojos.User:getPassword()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.pojos.User:getPassword()
            }
        } catch (Exception e) {
            mLogger.error("ERROR internal error validating user", e);
    //#BaseAPIHandler.java:142: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:error(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:error(Object, Throwable)
        }
        
        if ( !authenticated ) {
    //#BaseAPIHandler.java:145: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    authenticated == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    basic block: bb_10
    //#    assertion: authenticated == 1
    //#    VN: authenticated
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(AUTHORIZATION_EXCEPTION_MSG);
        }
        if ( !userEnabled ) {
    //#BaseAPIHandler.java:148: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    userEnabled == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    basic block: bb_10
    //#    assertion: userEnabled == 1
    //#    VN: userEnabled
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(USER_DISABLED_MSG);
        }
        if ( !weblogEnabled ) {
    //#BaseAPIHandler.java:151: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    weblogEnabled == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    basic block: bb_10
    //#    assertion: weblogEnabled == 1
    //#    VN: weblogEnabled
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(WEBLOG_DISABLED_MSG);
        }
        if ( !weblogFound ) {
            throw new XmlRpcException(WEBLOG_NOT_FOUND, WEBLOG_NOT_FOUND_MSG);
    //#BaseAPIHandler.java:155: ?conditional throw
    //#    weblogFound == 1
    //#    severity: MEDIUM
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    basic block: bb_10
    //#    assertion: weblogFound == 1
    //#    VN: weblogFound
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp
        }
        if ( !apiEnabled ) {
    //#BaseAPIHandler.java:157: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    apiEnabled == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: Weblog validate(String, String, String)
    //#    basic block: bb_12
    //#    assertion: apiEnabled == 1
    //#    VN: apiEnabled
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(BLOGGERAPI_DISABLED_MSG);
        }
        return website;
    //#BaseAPIHandler.java:160: end of method: Weblog org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.validate(String, String, String)
    }
    
    //------------------------------------------------------------------------
    /**
     * Returns true if username/password are valid and user is not disabled.
     * @param username Username sent in request
     * @param password Password sent in requeset
     */
    protected boolean validateUser(String username, String password)
    throws Exception {
        boolean authenticated = false;
    //#BaseAPIHandler.java:171: method: bool org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.validateUser(String, String)
    //#input(bool validateUser(String, String)): mLogger
    //#input(bool validateUser(String, String)): password
    //#input(bool validateUser(String, String)): username
    //#output(bool validateUser(String, String)): return_value
    //#pre[1] (bool validateUser(String, String)): (soft) mLogger != null
    //#presumption(bool validateUser(String, String)): org.apache.roller.weblogger.business.UserManager:getUserByUserName(...)@177 != null
    //#presumption(bool validateUser(String, String)): org.apache.roller.weblogger.business.Weblogger:getUserManager(...)@176 != null
    //#presumption(bool validateUser(String, String)): org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger(...)@176 != null
    //#presumption(bool validateUser(String, String)): org.apache.roller.weblogger.pojos.User:getEnabled(...)@179 != null
    //#presumption(bool validateUser(String, String)): org.apache.roller.weblogger.pojos.User:getPassword(...)@190 != null
    //#post(bool validateUser(String, String)): return_value == 1
    //#test_vector(bool validateUser(String, String)): java.lang.Boolean:booleanValue(...)@179: {0}, {1}
    //#test_vector(bool validateUser(String, String)): java.lang.String:equalsIgnoreCase(...)@185: {0}, {1}
        boolean enabled = false;
        User user = null;
    //#BaseAPIHandler.java:173: Warning: unused assignment
    //#    unused assignment into user
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    Attribs:  Uncertain
        try {
            
            UserManager userMgr = WebloggerFactory.getWeblogger().getUserManager();
    //#BaseAPIHandler.java:176: Warning: method not available
    //#    -- call on Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: Weblogger org.apache.roller.weblogger.business.WebloggerFactory:getWeblogger()
    //#BaseAPIHandler.java:176: Warning: method not available
    //#    -- call on UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: UserManager org.apache.roller.weblogger.business.Weblogger:getUserManager()
            user = userMgr.getUserByUserName(username);
    //#BaseAPIHandler.java:177: Warning: method not available
    //#    -- call on User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: User org.apache.roller.weblogger.business.UserManager:getUserByUserName(String)
            
            enabled = user.getEnabled().booleanValue();
    //#BaseAPIHandler.java:179: Warning: method not available
    //#    -- call on Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: Boolean org.apache.roller.weblogger.pojos.User:getEnabled()
            if (enabled) {
                // are passwords encrypted?
                String encrypted =
    //#BaseAPIHandler.java:182: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
                        WebloggerConfig.getProperty("passwds.encryption.enabled");
                //System.out.print("password was [" + password + "] ");
                if ("true".equalsIgnoreCase(encrypted)) {
                    password = Utilities.encodePassword(password,
    //#BaseAPIHandler.java:186: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.config.WebloggerConfig:getProperty(String)
    //#BaseAPIHandler.java:186: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.util.Utilities:encodePassword(String, String)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.util.Utilities:encodePassword(String, String)
                            WebloggerConfig.getProperty("passwds.encryption.algorithm"));
                }
                //System.out.println("is now [" + password + "]");
                authenticated = user.getPassword().equals(password);
    //#BaseAPIHandler.java:190: Warning: method not available
    //#    -- call on String org.apache.roller.weblogger.pojos.User:getPassword()
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: String org.apache.roller.weblogger.pojos.User:getPassword()
                if (authenticated) {
                    //WebloggerFactory.getWeblogger().setUser(user);
                }
            }
        } catch (Exception e) {
            mLogger.error("ERROR internal error validating user", e);
    //#BaseAPIHandler.java:196: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:error(Object, Throwable)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:error(Object, Throwable)
        }
        
        if ( !enabled ) {
    //#BaseAPIHandler.java:199: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    enabled == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    basic block: bb_8
    //#    assertion: enabled == 1
    //#    VN: enabled
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(USER_DISABLED_MSG);
        }
        
        if ( !authenticated ) {
    //#BaseAPIHandler.java:203: ?org/apache/xmlrpc/common/XmlRpcNotAuthorizedException check
    //#    authenticated == 1
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: bool validateUser(String, String)
    //#    basic block: bb_8
    //#    assertion: authenticated == 1
    //#    VN: authenticated
    //#    Expected: {-Inf..-1, 1..+Inf}
    //#    Bad: {0}
    //#    Attribs:  Int  Bad singleton  Bad overlaps +/-1000  Bad > Exp  Uncertain
            throw new XmlRpcNotAuthorizedException(AUTHORIZATION_EXCEPTION_MSG);
        }
        return authenticated;
    //#BaseAPIHandler.java:206: end of method: bool org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.validateUser(String, String)
    }
    
    //------------------------------------------------------------------------
    protected void flushPageCache(Weblog website) throws Exception {
        CacheManager.invalidate(website);
    //#BaseAPIHandler.java:211: method: void org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.flushPageCache(Weblog)
    //#BaseAPIHandler.java:211: Warning: method not available
    //#    -- call on void org.apache.roller.weblogger.util.cache.CacheManager:invalidate(Weblog)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
    //#    method: void flushPageCache(Weblog)
    //#    unanalyzed callee: void org.apache.roller.weblogger.util.cache.CacheManager:invalidate(Weblog)
    //#input(void flushPageCache(Weblog)): website
    }
    //#BaseAPIHandler.java:212: end of method: void org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler.flushPageCache(Weblog)
}
    //#BaseAPIHandler.java:: end of class: org.apache.roller.weblogger.webservices.xmlrpc.BaseAPIHandler
