use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.
the class UsersController method handleCreateUpdateException.
/**
* Handle exceptions for the create and update pages
*
* @param ex
* an exception to handle
* @param locale
* The locale to work with
*
* @return A Map<String,String> of errors to render
*/
private Map<String, String> handleCreateUpdateException(Exception ex, Locale locale) {
Map<String, String> errors = new HashMap<>();
if (ex instanceof ConstraintViolationException) {
ConstraintViolationException cvx = (ConstraintViolationException) ex;
logger.debug("User provided data threw ConstrainViolation");
Set<ConstraintViolation<?>> constraintViolations = cvx.getConstraintViolations();
for (ConstraintViolation<?> violation : constraintViolations) {
logger.debug(violation.getMessage());
String errorKey = violation.getPropertyPath().toString();
errors.put(errorKey, violation.getMessage());
}
} else if (ex instanceof DataIntegrityViolationException) {
DataIntegrityViolationException divx = (DataIntegrityViolationException) ex;
logger.debug(divx.getMessage());
if (divx.getMessage().contains(User.USER_EMAIL_CONSTRAINT_NAME)) {
errors.put("email", messageSource.getMessage("user.edit.emailConflict", null, locale));
}
} else if (ex instanceof EntityExistsException) {
EntityExistsException eex = (EntityExistsException) ex;
errors.put(eex.getFieldName(), eex.getMessage());
} else if (ex instanceof PasswordReusedException) {
errors.put("password", messageSource.getMessage("user.edit.passwordReused", null, locale));
}
return errors;
}
use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.
the class UsersController method updateUser.
/**
* Submit a user edit
*
* @param userId
* The id of the user to edit (required)
* @param firstName
* The firstname to update
* @param lastName
* the lastname to update
* @param email
* the email to update
* @param phoneNumber
* the phone number to update
* @param systemRole
* the role to update
* @param password
* the password to update
* @param confirmPassword
* password confirmation
* @param model
* The model to work on
* @param enabled
* whether the user account should be enabled or disabled.
* @param principal
* a reference to the logged in user.
* @param request
* the request
* @return The name of the user view
*/
@RequestMapping(value = "/{userId}/edit", method = RequestMethod.POST)
public String updateUser(@PathVariable Long userId, @RequestParam(required = false) String firstName, @RequestParam(required = false) String lastName, @RequestParam(required = false) String email, @RequestParam(required = false) String phoneNumber, @RequestParam(required = false) String systemRole, @RequestParam(required = false) String password, @RequestParam(required = false) String enabled, @RequestParam(required = false) String confirmPassword, Model model, Principal principal, HttpServletRequest request) {
logger.debug("Updating user " + userId);
Locale locale = LocaleContextHolder.getLocale();
Map<String, String> errors = new HashMap<>();
Map<String, Object> updatedValues = new HashMap<>();
if (!Strings.isNullOrEmpty(firstName)) {
updatedValues.put("firstName", firstName);
}
if (!Strings.isNullOrEmpty(lastName)) {
updatedValues.put("lastName", lastName);
}
if (!Strings.isNullOrEmpty(email)) {
updatedValues.put("email", email);
}
if (!Strings.isNullOrEmpty(phoneNumber)) {
updatedValues.put("phoneNumber", phoneNumber);
}
if (!Strings.isNullOrEmpty(password) || !Strings.isNullOrEmpty(confirmPassword)) {
if (!password.equals(confirmPassword)) {
errors.put("password", messageSource.getMessage("user.edit.password.match", null, locale));
} else {
updatedValues.put("password", password);
}
}
if (isAdmin(principal)) {
logger.debug("User is admin");
if (!Strings.isNullOrEmpty(enabled)) {
updatedValues.put("enabled", true);
} else {
updatedValues.put("enabled", false);
}
if (!Strings.isNullOrEmpty(systemRole)) {
Role newRole = Role.valueOf(systemRole);
updatedValues.put("systemRole", newRole);
}
}
String returnView;
if (errors.isEmpty()) {
try {
User user = userService.updateFields(userId, updatedValues);
returnView = "redirect:/users/" + userId;
// this will update the users gravatar!
if (user != null && principal.getName().equals(user.getUsername())) {
HttpSession session = request.getSession();
session.setAttribute(UserSecurityInterceptor.CURRENT_USER_DETAILS, user);
}
} catch (ConstraintViolationException | DataIntegrityViolationException | PasswordReusedException ex) {
errors = handleCreateUpdateException(ex, locale);
model.addAttribute("errors", errors);
returnView = getEditUserPage(userId, model);
}
} else {
model.addAttribute("errors", errors);
returnView = getEditUserPage(userId, model);
}
return returnView;
}
use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.
the class PasswordResetController method sendNewPassword.
/**
* Send the new password for a given password reset
*
* @param resetId
* The ID of the {@link PasswordReset}
* @param password
* The new password to set
* @param confirmPassword
* Confirm the new password
* @param model
* A model for the given page
* @param locale
* The locale of the request
*
* @return The string name of the success view, or on failure the
* getResetPage view
*/
@RequestMapping(value = "/{resetId}", method = RequestMethod.POST)
public String sendNewPassword(@PathVariable String resetId, @RequestParam String password, @RequestParam String confirmPassword, Model model, Locale locale) {
setAuthentication();
Map<String, String> errors = new HashMap<>();
// read the reset to verify it exists first
PasswordReset passwordReset = passwordResetService.read(resetId);
User user = passwordReset.getUser();
if (!password.equals(confirmPassword)) {
errors.put("password", messageSource.getMessage("user.edit.password.match", null, locale));
}
if (errors.isEmpty()) {
// Set the user's authentication to update the password and log them
// in
Authentication token = new UsernamePasswordAuthenticationToken(user, password, ImmutableList.of(user.getSystemRole()));
SecurityContextHolder.getContext().setAuthentication(token);
try {
userService.changePassword(user.getId(), password);
} catch (ConstraintViolationException ex) {
Set<ConstraintViolation<?>> constraintViolations = ex.getConstraintViolations();
for (ConstraintViolation<?> violation : constraintViolations) {
logger.debug(violation.getMessage());
String errorKey = violation.getPropertyPath().toString();
errors.put(errorKey, violation.getMessage());
}
} catch (PasswordReusedException ex) {
errors.put("password", messageSource.getMessage("user.edit.passwordReused", null, locale));
}
}
if (!errors.isEmpty()) {
model.addAttribute("errors", errors);
return getResetPage(resetId, false, model);
} else {
passwordResetService.delete(resetId);
String email = Base64.getEncoder().encodeToString(user.getEmail().getBytes());
return SUCCESS_REDIRECT + email;
}
}
Aggregations