Example 86 with User
use of com.auth0.flickr2.domain.User in project structr by structr.
the class JWTHelper method getPrincipalForRefreshToken.
public static Principal getPrincipalForRefreshToken(final String refreshToken) throws FrameworkException {
final String jwtSecretType = Settings.JWTSecretType.getValue();
Map<String, Claim> claims = null;
switch(jwtSecretType) {
default:
case "secret":
final String secret = Settings.JWTSecret.getValue();
claims = validateTokenWithSecret(refreshToken, secret);
break;
case "keypair":
final RSAPublicKey publicKey = getPublicKeyForToken();
final RSAPrivateKey privateKey = getPrivateKeyForToken();
if (publicKey == null || privateKey == null) {
break;
}
claims = validateTokenWithKeystore(refreshToken, Algorithm.RSA256(publicKey, privateKey));
break;
case "jwks":
throw new FrameworkException(400, "will not validate refresh_token because authentication is not handled by this instance");
}
if (claims == null) {
return null;
}
final String tokenId = claims.get("tokenId").asString();
final String tokenType = claims.get("tokenType").asString();
if (tokenId == null || tokenType == null || !StringUtils.equals(tokenType, "refresh_token")) {
return null;
}
Principal user = AuthHelper.getPrincipalForCredential(StructrApp.key(Principal.class, "refreshTokens"), new String[] { tokenId }, false);
if (user == null) {
return null;
}
Principal.removeRefreshToken(user, tokenId);
return user;
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
FrameworkException(org.structr.common.error.FrameworkException)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
NullClaim(com.auth0.jwt.impl.NullClaim)
Claim(com.auth0.jwt.interfaces.Claim)
Principal(org.structr.core.entity.Principal)
Example 87 with User
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class Auth0Filter method doFilter.
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
// clean caches in a background thread, only one task at a time, checks for clean interval of 60s
executor.submit(this::cleanCache);
final HttpServletRequest req = (HttpServletRequest) servletRequest;
final HttpServletResponse res = (HttpServletResponse) servletResponse;
log.log(Level.INFO, String.format("Http Request [%s %s %s %d]", req.getMethod(), req.getRequestURI(), req.getRemoteAddr(), req.getContentLengthLong()));
initFilters();
FilterResult result;
result = allowedHostsFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = headersFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = optionsResendVerificationEmailFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (req.getMethod().equals("OPTIONS")) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
result = publicViewFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
} else if (result == FilterResult.NEXT) {
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (System.getenv("SKIP_SECURITY") != null) {
// try to consume test user from request header
fakeUserLogin(req);
filterChain.doFilter(servletRequest, servletResponse);
return;
}
if (req.getPathInfo() == null || !req.getPathInfo().startsWith("/paymentNotify/")) {
final String accessToken = getAccessToken(req);
// we do not have the token at all, or we failed to obtain verifier
if (accessToken == null || verifier == null) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// we failed to verify the token
final DecodedJWT jwt;
try {
jwt = JWT.decode(accessToken);
verifier.verify(jwt.getToken());
} catch (Exception e) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// the token is expired
if (Instant.now().isAfter(jwt.getExpiresAt().toInstant())) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
// we are safe to go, make sure we have user info
final AuthenticatedUser.AuthUserInfo authUserInfo = getAuthenticatedUser(accessToken);
if (!accessToken.equals(authUserInfo.accessToken) || authUserInfo.user == null || (authUserInfo.lastUpdated + TOKEN_REFRESH_PERIOD <= System.currentTimeMillis()) || (!authUserInfo.user.isEmailVerified() && authUserInfo.lastUpdated + UNVERIFIED_TOKEN_REFRESH_PERIOD <= System.currentTimeMillis())) {
final Semaphore s = semaphores.computeIfAbsent(accessToken, key -> new Semaphore(1));
final boolean firstLogin = authUserInfo.user == null;
if (s.tryAcquire()) {
// only one thread must do that at the same time
try {
final AuthenticatedUser.AuthUserInfo newAuthUserInfo = new AuthenticatedUser.AuthUserInfo();
// try to get user info 3 times in a row with 500ms delays
for (int i = 0; i < 3 && newAuthUserInfo.user == null; i++) {
try {
newAuthUserInfo.user = getUserInfo(accessToken);
} catch (Auth0Exception a0e) {
try {
Thread.sleep(500);
} catch (InterruptedException ie) {
// NOP
}
}
}
// we still could not get user info
if (newAuthUserInfo.user == null) {
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
s.release();
return;
}
newAuthUserInfo.accessToken = accessToken;
newAuthUserInfo.lastUpdated = System.currentTimeMillis();
authUserCache.put(accessToken, newAuthUserInfo);
authenticatedUser.setAuthUserInfo(newAuthUserInfo);
authenticatedUser.checkUser(firstLogin);
} finally {
s.release();
}
} else {
try {
s.acquire();
s.release();
// we might have a different session id for the same user
if (authenticatedUser.getAuthUserInfo().user == null) {
AuthenticatedUser.AuthUserInfo newAuthUserInfo = authUserCache.get(accessToken);
authenticatedUser.setAuthUserInfo(newAuthUserInfo);
// we do not need to check the user again, it was already done in the first session
}
} catch (InterruptedException ie) {
// do nothing
}
}
}
}
result = resendVerificationEmailFilter.doFilter(req, res);
if (result == FilterResult.BREAK) {
return;
}
try {
filterChain.doFilter(servletRequest, servletResponse);
} catch (RuntimeException e) {
log.log(Level.SEVERE, "Unable to serve request: ", e);
sentryFacade.reportError(e);
res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getLocalizedMessage());
}
}
Also used :
Auth0Exception(com.auth0.exception.Auth0Exception)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Semaphore(java.util.concurrent.Semaphore)
ServletException(javax.servlet.ServletException)
Auth0Exception(com.auth0.exception.Auth0Exception)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Example 88 with User
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class Auth0Filter method getUserInfo.
private User getUserInfo(final String accessToken) throws Auth0Exception {
final AuthAPI auth0 = new AuthAPI(domain, clientId, clientSecret);
final Request<UserInfo> info = auth0.userInfo(accessToken);
final Map<String, Object> values = info.execute().getValues();
final String nickname = (String) values.get("nickname");
final String sub = (String) values.get("sub");
final String name = (String) values.get("name");
final String email = (String) values.get("email");
final Boolean emailVerified = (Boolean) values.get("email_verified");
final User user = new User(email == null ? (sub.startsWith("google-oauth2") ? nickname + "@gmail.com" : name) : email);
user.setAuthIds(new HashSet<>(Arrays.asList(sub)));
user.setName(name);
user.setEmailVerified(emailVerified != null && emailVerified);
return user;
}Example 89 with User
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class UserFacade method patchCurrentUser.
public User patchCurrentUser(final User user, final String language) {
final User currentUser = authenticatedUser.getCurrentUser();
boolean sendPushNotification = false;
if (user.hasNewsletter() != null) {
currentUser.setNewsletter(user.hasNewsletter());
// so that en is default
mailerService.setUserSubscription(currentUser, !Language.fromString(language).equals(Language.CS));
}
if (user.hasAgreement() != null) {
currentUser.setAgreement(user.hasAgreement());
if (user.hasAgreement()) {
currentUser.setAgreementDate(ZonedDateTime.now());
}
}
if (user.getWizardDismissed() != null) {
currentUser.setWizardDismissed(user.getWizardDismissed());
}
if (user.getReferral() != null && (currentUser.getReferral() == null || "".equals(currentUser.getReferral())) && !user.getReferral().equals(Utils.strHexTo36(currentUser.getId()))) {
currentUser.setReferral(user.getReferral());
}
if (user.getName() != null && StringUtils.compare(user.getName(), currentUser.getName()) != 0) {
currentUser.setName(user.getName());
try {
userAuth0Utils.renameUser(user.getName());
} catch (Auth0Exception e) {
throw new UnsuccessfulOperationException("Unable to update user name: ", e);
}
sendPushNotification = true;
}
if (user.getNotifications() != null) {
currentUser.setNotifications(user.getNotifications());
sendPushNotification = true;
}
if (user.getLanguage() != null) {
currentUser.setLanguage(user.getLanguage());
sendPushNotification = true;
}
final User updatedUser;
if (sendPushNotification) {
updatedUser = updateUserAndSendNotification(null, currentUser.getId(), currentUser);
} else {
updatedUser = userDao.updateUser(currentUser.getId(), currentUser);
}
userCache.updateUser(updatedUser.getEmail(), updatedUser);
logUserVerified(currentUser, updatedUser);
return updatedUser;
}
Also used :
User(io.lumeer.api.model.User)
UpdateCurrentUser(io.lumeer.engine.api.event.UpdateCurrentUser)
CreateOrUpdateUser(io.lumeer.engine.api.event.CreateOrUpdateUser)
RemoveUser(io.lumeer.engine.api.event.RemoveUser)
UnsuccessfulOperationException(io.lumeer.engine.api.exception.UnsuccessfulOperationException)
Auth0Exception(com.auth0.exception.Auth0Exception)
Example 90 with User
use of com.auth0.flickr2.domain.User in project engine by Lumeer.
the class UserFacade method createUsersWithDefaultData.
private List<User> createUsersWithDefaultData(final String organizationId, @Nullable final String projectId, final List<User> users) {
List<InitialUserData> dataList = initialUserDataDao.get();
Map<String, List<DefaultViewConfig>> defaultViewConfigsMap = new HashMap<>();
List<Project> projects = projectDao.getAllProjects();
List<User> createdUsers = users.stream().map(user -> {
User storedUser = userDao.getUserByEmail(user.getEmail());
if (storedUser == null) {
user.setOrganization(organizationId);
user.setDefaultWorkspace(new DefaultWorkspace(organizationId, projectId));
patchNewUserDefaultData(user, projects, dataList, defaultViewConfigsMap);
return createUserAndSendNotification(organizationId, user);
}
storedUser.setOrganizations(UserUtil.mergeOrganizations(storedUser.getOrganizations(), Set.of(organizationId)));
if (storedUser.getDefaultWorkspace() == null) {
storedUser.setDefaultWorkspace(new DefaultWorkspace(organizationId, projectId));
}
User updatedUser = updateExistingUser(organizationId, storedUser);
return keepOnlyCurrentOrganization(updatedUser, organizationId);
}).collect(Collectors.toList());
Map<String, String> emailToIdMap = createdUsers.stream().collect(Collectors.toMap(User::getEmail, User::getId));
for (Project project : projects) {
List<DefaultViewConfig> configs = defaultViewConfigsMap.getOrDefault(project.getId(), new ArrayList<>()).stream().peek(config -> config.setUserId(emailToIdMap.get(config.getUserId()))).collect(Collectors.toList());
if (configs.size() > 0) {
defaultViewConfigDao.setProject(project);
defaultViewConfigDao.insertConfigs(configs);
}
}
return createdUsers;
}
Also used :
RoleUtils(io.lumeer.api.util.RoleUtils)
ProjectDao(io.lumeer.storage.api.dao.ProjectDao)
ZonedDateTime(java.time.ZonedDateTime)
User(io.lumeer.api.model.User)
UpdateDefaultWorkspace(io.lumeer.engine.api.event.UpdateDefaultWorkspace)
InvitationType(io.lumeer.api.model.InvitationType)
StringUtils(org.apache.commons.lang3.StringUtils)
DefaultViewConfigDao(io.lumeer.storage.api.dao.DefaultViewConfigDao)
Resource(io.lumeer.api.model.common.Resource)
Map(java.util.Map)
UserAuth0Utils(io.lumeer.core.auth.UserAuth0Utils)
Permission(io.lumeer.api.model.Permission)
RoleType(io.lumeer.api.model.RoleType)
DataDocument(io.lumeer.engine.api.data.DataDocument)
ResourceNotFoundException(io.lumeer.storage.api.exception.ResourceNotFoundException)
TimeZone(java.util.TimeZone)
Auth0Exception(com.auth0.exception.Auth0Exception)
Set(java.util.Set)
Feedback(io.lumeer.api.model.Feedback)
Collectors(java.util.stream.Collectors)
UpdateCurrentUser(io.lumeer.engine.api.event.UpdateCurrentUser)
UserLoginDao(io.lumeer.storage.api.dao.UserLoginDao)
Objects(java.util.Objects)
Nullable(org.jetbrains.annotations.Nullable)
CreateOrUpdateUser(io.lumeer.engine.api.event.CreateOrUpdateUser)
List(java.util.List)
Optional(java.util.Optional)
ReloadGroups(io.lumeer.engine.api.event.ReloadGroups)
Utils(io.lumeer.core.util.Utils)
UserDao(io.lumeer.storage.api.dao.UserDao)
HashMap(java.util.HashMap)
Perspective(io.lumeer.api.model.Perspective)
DefaultViewConfig(io.lumeer.api.model.DefaultViewConfig)
GroupDao(io.lumeer.storage.api.dao.GroupDao)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Inject(javax.inject.Inject)
OrganizationDao(io.lumeer.storage.api.dao.OrganizationDao)
Language(io.lumeer.api.model.Language)
Role(io.lumeer.api.model.Role)
FeedbackDao(io.lumeer.storage.api.dao.FeedbackDao)
UserInvitation(io.lumeer.api.model.UserInvitation)
UserOnboarding(io.lumeer.api.model.UserOnboarding)
Organization(io.lumeer.api.model.Organization)
Event(javax.enterprise.event.Event)
RemoveUser(io.lumeer.engine.api.event.RemoveUser)
UserUtil(io.lumeer.api.util.UserUtil)
InitialUserData(io.lumeer.api.model.InitialUserData)
ProductDemo(io.lumeer.api.model.ProductDemo)
DefaultWorkspace(io.lumeer.api.model.DefaultWorkspace)
Project(io.lumeer.api.model.Project)
UnsuccessfulOperationException(io.lumeer.engine.api.exception.UnsuccessfulOperationException)
InitialUserDataDao(io.lumeer.storage.api.dao.InitialUserDataDao)
RequestScoped(javax.enterprise.context.RequestScoped)
NotificationsSettings(io.lumeer.api.model.NotificationsSettings)
Collections(java.util.Collections)
BadFormatException(io.lumeer.core.exception.BadFormatException)
User(io.lumeer.api.model.User)
UpdateCurrentUser(io.lumeer.engine.api.event.UpdateCurrentUser)
CreateOrUpdateUser(io.lumeer.engine.api.event.CreateOrUpdateUser)
RemoveUser(io.lumeer.engine.api.event.RemoveUser)
UpdateDefaultWorkspace(io.lumeer.engine.api.event.UpdateDefaultWorkspace)
DefaultWorkspace(io.lumeer.api.model.DefaultWorkspace)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Project(io.lumeer.api.model.Project)
InitialUserData(io.lumeer.api.model.InitialUserData)
List(java.util.List)
ArrayList(java.util.ArrayList)
DefaultViewConfig(io.lumeer.api.model.DefaultViewConfig)
Aggregations
Algorithm (com.auth0.jwt.algorithms.Algorithm)64
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)60
IOException (java.io.IOException)51
Test (org.junit.Test)46
JWT (com.auth0.jwt.JWT)42
Instant (java.time.Instant)39
java.util (java.util)37
Duration (java.time.Duration)36
TechnicalException (io.gravitee.repository.exceptions.TechnicalException)35
Maps (io.gravitee.common.util.Maps)34
DEFAULT_JWT_ISSUER (io.gravitee.rest.api.service.common.JWTHelper.DefaultValues.DEFAULT_JWT_ISSUER)34
User (io.gravitee.repository.management.model.User)33
ConfigurableEnvironment (org.springframework.core.env.ConfigurableEnvironment)32
UserRepository (io.gravitee.repository.management.api.UserRepository)30
io.gravitee.rest.api.model (io.gravitee.rest.api.model)30
JWTVerifier (com.auth0.jwt.JWTVerifier)28
MetadataPage (io.gravitee.common.data.domain.MetadataPage)28
MembershipRepository (io.gravitee.repository.management.api.MembershipRepository)28
Membership (io.gravitee.repository.management.model.Membership)28
UserStatus (io.gravitee.repository.management.model.UserStatus)28
