Search in sources :

Example 1 with PasswordReusedException

use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.

the class UsersController method handleCreateUpdateException.

/**
 * Handle exceptions for the create and update pages
 *
 * @param ex
 *            an exception to handle
 * @param locale
 *            The locale to work with
 *
 * @return A Map<String,String> of errors to render
 */
private Map<String, String> handleCreateUpdateException(Exception ex, Locale locale) {
    Map<String, String> errors = new HashMap<>();
    if (ex instanceof ConstraintViolationException) {
        ConstraintViolationException cvx = (ConstraintViolationException) ex;
        logger.debug("User provided data threw ConstrainViolation");
        Set<ConstraintViolation<?>> constraintViolations = cvx.getConstraintViolations();
        for (ConstraintViolation<?> violation : constraintViolations) {
            logger.debug(violation.getMessage());
            String errorKey = violation.getPropertyPath().toString();
            errors.put(errorKey, violation.getMessage());
        }
    } else if (ex instanceof DataIntegrityViolationException) {
        DataIntegrityViolationException divx = (DataIntegrityViolationException) ex;
        logger.debug(divx.getMessage());
        if (divx.getMessage().contains(User.USER_EMAIL_CONSTRAINT_NAME)) {
            errors.put("email", messageSource.getMessage("user.edit.emailConflict", null, locale));
        }
    } else if (ex instanceof EntityExistsException) {
        EntityExistsException eex = (EntityExistsException) ex;
        errors.put(eex.getFieldName(), eex.getMessage());
    } else if (ex instanceof PasswordReusedException) {
        errors.put("password", messageSource.getMessage("user.edit.passwordReused", null, locale));
    }
    return errors;
}
Also used : HashMap(java.util.HashMap) ConstraintViolation(javax.validation.ConstraintViolation) ConstraintViolationException(javax.validation.ConstraintViolationException) PasswordReusedException(ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException) EntityExistsException(ca.corefacility.bioinformatics.irida.exceptions.EntityExistsException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 2 with PasswordReusedException

use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.

the class UsersController method updateUser.

/**
 * Submit a user edit
 *
 * @param userId
 *            The id of the user to edit (required)
 * @param firstName
 *            The firstname to update
 * @param lastName
 *            the lastname to update
 * @param email
 *            the email to update
 * @param phoneNumber
 *            the phone number to update
 * @param systemRole
 *            the role to update
 * @param password
 *            the password to update
 * @param confirmPassword
 *            password confirmation
 * @param model
 *            The model to work on
 * @param enabled
 *            whether the user account should be enabled or disabled.
 * @param principal
 *            a reference to the logged in user.
 * @param request
 * 		      the request
 * @return The name of the user view
 */
@RequestMapping(value = "/{userId}/edit", method = RequestMethod.POST)
public String updateUser(@PathVariable Long userId, @RequestParam(required = false) String firstName, @RequestParam(required = false) String lastName, @RequestParam(required = false) String email, @RequestParam(required = false) String phoneNumber, @RequestParam(required = false) String systemRole, @RequestParam(required = false) String password, @RequestParam(required = false) String enabled, @RequestParam(required = false) String confirmPassword, Model model, Principal principal, HttpServletRequest request) {
    logger.debug("Updating user " + userId);
    Locale locale = LocaleContextHolder.getLocale();
    Map<String, String> errors = new HashMap<>();
    Map<String, Object> updatedValues = new HashMap<>();
    if (!Strings.isNullOrEmpty(firstName)) {
        updatedValues.put("firstName", firstName);
    }
    if (!Strings.isNullOrEmpty(lastName)) {
        updatedValues.put("lastName", lastName);
    }
    if (!Strings.isNullOrEmpty(email)) {
        updatedValues.put("email", email);
    }
    if (!Strings.isNullOrEmpty(phoneNumber)) {
        updatedValues.put("phoneNumber", phoneNumber);
    }
    if (!Strings.isNullOrEmpty(password) || !Strings.isNullOrEmpty(confirmPassword)) {
        if (!password.equals(confirmPassword)) {
            errors.put("password", messageSource.getMessage("user.edit.password.match", null, locale));
        } else {
            updatedValues.put("password", password);
        }
    }
    if (isAdmin(principal)) {
        logger.debug("User is admin");
        if (!Strings.isNullOrEmpty(enabled)) {
            updatedValues.put("enabled", true);
        } else {
            updatedValues.put("enabled", false);
        }
        if (!Strings.isNullOrEmpty(systemRole)) {
            Role newRole = Role.valueOf(systemRole);
            updatedValues.put("systemRole", newRole);
        }
    }
    String returnView;
    if (errors.isEmpty()) {
        try {
            User user = userService.updateFields(userId, updatedValues);
            returnView = "redirect:/users/" + userId;
            // this will update the users gravatar!
            if (user != null && principal.getName().equals(user.getUsername())) {
                HttpSession session = request.getSession();
                session.setAttribute(UserSecurityInterceptor.CURRENT_USER_DETAILS, user);
            }
        } catch (ConstraintViolationException | DataIntegrityViolationException | PasswordReusedException ex) {
            errors = handleCreateUpdateException(ex, locale);
            model.addAttribute("errors", errors);
            returnView = getEditUserPage(userId, model);
        }
    } else {
        model.addAttribute("errors", errors);
        returnView = getEditUserPage(userId, model);
    }
    return returnView;
}
Also used : Locale(java.util.Locale) DTUser(ca.corefacility.bioinformatics.irida.ria.web.models.datatables.DTUser) User(ca.corefacility.bioinformatics.irida.model.user.User) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) PasswordReusedException(ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException) ProjectRole(ca.corefacility.bioinformatics.irida.model.enums.ProjectRole) Role(ca.corefacility.bioinformatics.irida.model.user.Role) ConstraintViolationException(javax.validation.ConstraintViolationException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with PasswordReusedException

use of ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException in project irida by phac-nml.

the class PasswordResetController method sendNewPassword.

/**
 * Send the new password for a given password reset
 *
 * @param resetId
 *            The ID of the {@link PasswordReset}
 * @param password
 *            The new password to set
 * @param confirmPassword
 *            Confirm the new password
 * @param model
 *            A model for the given page
 * @param locale
 *            The locale of the request
 *
 * @return The string name of the success view, or on failure the
 *         getResetPage view
 */
@RequestMapping(value = "/{resetId}", method = RequestMethod.POST)
public String sendNewPassword(@PathVariable String resetId, @RequestParam String password, @RequestParam String confirmPassword, Model model, Locale locale) {
    setAuthentication();
    Map<String, String> errors = new HashMap<>();
    // read the reset to verify it exists first
    PasswordReset passwordReset = passwordResetService.read(resetId);
    User user = passwordReset.getUser();
    if (!password.equals(confirmPassword)) {
        errors.put("password", messageSource.getMessage("user.edit.password.match", null, locale));
    }
    if (errors.isEmpty()) {
        // Set the user's authentication to update the password and log them
        // in
        Authentication token = new UsernamePasswordAuthenticationToken(user, password, ImmutableList.of(user.getSystemRole()));
        SecurityContextHolder.getContext().setAuthentication(token);
        try {
            userService.changePassword(user.getId(), password);
        } catch (ConstraintViolationException ex) {
            Set<ConstraintViolation<?>> constraintViolations = ex.getConstraintViolations();
            for (ConstraintViolation<?> violation : constraintViolations) {
                logger.debug(violation.getMessage());
                String errorKey = violation.getPropertyPath().toString();
                errors.put(errorKey, violation.getMessage());
            }
        } catch (PasswordReusedException ex) {
            errors.put("password", messageSource.getMessage("user.edit.passwordReused", null, locale));
        }
    }
    if (!errors.isEmpty()) {
        model.addAttribute("errors", errors);
        return getResetPage(resetId, false, model);
    } else {
        passwordResetService.delete(resetId);
        String email = Base64.getEncoder().encodeToString(user.getEmail().getBytes());
        return SUCCESS_REDIRECT + email;
    }
}
Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) Set(java.util.Set) HashMap(java.util.HashMap) Authentication(org.springframework.security.core.Authentication) ConstraintViolation(javax.validation.ConstraintViolation) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset) ConstraintViolationException(javax.validation.ConstraintViolationException) PasswordReusedException(ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

PasswordReusedException (ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException)3 HashMap (java.util.HashMap)3 ConstraintViolationException (javax.validation.ConstraintViolationException)3 User (ca.corefacility.bioinformatics.irida.model.user.User)2 ConstraintViolation (javax.validation.ConstraintViolation)2 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 EntityExistsException (ca.corefacility.bioinformatics.irida.exceptions.EntityExistsException)1 ProjectRole (ca.corefacility.bioinformatics.irida.model.enums.ProjectRole)1 PasswordReset (ca.corefacility.bioinformatics.irida.model.user.PasswordReset)1 Role (ca.corefacility.bioinformatics.irida.model.user.Role)1 DTUser (ca.corefacility.bioinformatics.irida.ria.web.models.datatables.DTUser)1 Locale (java.util.Locale)1 Set (java.util.Set)1 HttpSession (javax.servlet.http.HttpSession)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 Authentication (org.springframework.security.core.Authentication)1