Examples with User com.bakdata.conquery.models.auth.entities.User used on opensource projects

Example 26 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class AdminProcessor method getPermissionOverviewAsCSV.

/**
 * Renders the permission overview for certain {@link User} in form of a CSV.
 */
public String getPermissionOverviewAsCSV(Collection<User> users) {
    StringWriter sWriter = new StringWriter();
    CsvWriter writer = config.getCsv().createWriter(sWriter);
    List<String> scope = config.getAuthorizationRealms().getOverviewScope();
    // Header
    writeAuthOverviewHeader(writer, scope);
    // Body
    for (User user : users) {
        writeAuthOverviewUser(writer, scope, user, storage, config);
    }
    return sWriter.toString();
}

Example 27 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class UIProcessor method getAuthOverview.

public FEAuthOverview getAuthOverview() {
    Collection<FEAuthOverview.OverviewRow> overview = new TreeSet<>();
    for (User user : getStorage().getAllUsers()) {
        Collection<Group> userGroups = AuthorizationHelper.getGroupsOf(user, getStorage());
        List<Role> effectiveRoles = user.getRoles().stream().map(getStorage()::getRole).collect(Collectors.toList());
        userGroups.forEach(g -> effectiveRoles.addAll(g.getRoles().stream().map(getStorage()::getRole).collect(Collectors.toList())));
        overview.add(FEAuthOverview.OverviewRow.builder().user(user).groups(userGroups).effectiveRoles(effectiveRoles).build());
    }
    return FEAuthOverview.builder().overview(overview).build();
}

Example 28 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class ExcelRenderer method setMetaData.

/**
 * Include meta data in the xlsx such as the title, owner/author, tag and the name of this instance.
 */
private <E extends ManagedExecution<?> & SingleTableResult> void setMetaData(E exec) {
    final POIXMLProperties.CoreProperties coreProperties = workbook.getXSSFWorkbook().getProperties().getCoreProperties();
    coreProperties.setTitle(exec.getLabelWithoutAutoLabelSuffix());
    final User owner = exec.getOwner();
    coreProperties.setCreator(owner != null ? owner.getLabel() : config.getApplicationName());
    coreProperties.setKeywords(String.join(" ", exec.getTags()));
    final POIXMLProperties.ExtendedProperties extendedProperties = workbook.getXSSFWorkbook().getProperties().getExtendedProperties();
    extendedProperties.setApplication(config.getApplicationName());
}

Example 29 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class JwtPkceVerifyingRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Optional<JwtPkceVerifyingRealmFactory.IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
    if (idpConfigurationOpt.isEmpty()) {
        log.warn("Unable to start authentication, because idp configuration is not available.");
        return null;
    }
    JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
    log.trace("Creating token verifier");
    TokenVerifier<AccessToken> verifier = TokenVerifier.create(((BearerToken) token).getToken(), AccessToken.class).withChecks(new TokenVerifier.RealmUrlCheck(idpConfiguration.getIssuer()), TokenVerifier.SUBJECT_EXISTS_CHECK, activeVerifier).withChecks(tokenChecks).publicKey(idpConfiguration.getPublicKey()).audience(allowedAudience);
    String subject;
    log.trace("Verifying token");
    AccessToken accessToken = null;
    try {
        verifier.verify();
        accessToken = verifier.getToken();
    } catch (VerificationException e) {
        log.trace("Verification failed", e);
        throw new IncorrectCredentialsException(e);
    }
    subject = accessToken.getSubject();
    if (subject == null) {
        // Should not happen, as sub is mandatory in an access_token
        throw new UnsupportedTokenException("Unable to extract a subject from the provided token.");
    }
    log.trace("Authentication successfull for subject {}", subject);
    UserId userId = new UserId(subject);
    User user = storage.getUser(userId);
    if (user != null) {
        log.trace("Successfully authenticated user {}", userId);
        return new ConqueryAuthenticationInfo(user, token, this, true);
    }
    // Try alternative ids
    List<UserId> alternativeIds = new ArrayList<>();
    for (String alternativeIdClaim : alternativeIdClaims) {
        Object altId = accessToken.getOtherClaims().get(alternativeIdClaim);
        if (!(altId instanceof String)) {
            log.trace("Found no value for alternative id claim {}", alternativeIdClaim);
            continue;
        }
        userId = new UserId((String) altId);
        user = storage.getUser(userId);
        if (user != null) {
            log.trace("Successfully mapped subject {} using user id {}", subject, userId);
            return new ConqueryAuthenticationInfo(user, token, this, true);
        }
    }
    throw new UnknownAccountException("The user id was unknown: " + subject);
}

Example 30 with User

use of com.bakdata.conquery.models.auth.entities.User in project conquery by bakdata.

the class AuthorizationController method flatCopyUser.

/**
 * Creates a copy of an existing user. The copied user has the same effective permissions as the original user
 * at the time of copying, but these are flatted. This means that the original user might hold certain permissions
 * through inheritance from roles or groups, the copy will hold the permissions directly.
 * @param originUser The user to make a flat copy of
 * @param namePrefix The prefix for the id of the new copied user
 * @return A flat copy of the referenced user
 */
public static User flatCopyUser(@NonNull User originUser, String namePrefix, @NonNull MetaStorage storage) {
    final UserId originUserId = originUser.getId();
    if (Strings.isNullOrEmpty(namePrefix)) {
        throw new IllegalArgumentException("There must be a prefix");
    }
    // Find a new user id that is not used yet
    String name = null;
    do {
        name = namePrefix + UUID.randomUUID() + originUserId.getName();
    } while (storage.getUser(new UserId(name)) != null);
    // Retrieve original user and its effective permissions
    // Copy inherited permissions
    Set<ConqueryPermission> copiedPermission = new HashSet<>();
    copiedPermission.addAll(originUser.getEffectivePermissions());
    // Give read permission to all executions the original user owned
    copiedPermission.addAll(storage.getAllExecutions().stream().filter(originUser::isOwner).map(exc -> exc.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Give read permission to all form configs the original user owned
    copiedPermission.addAll(storage.getAllFormConfigs().stream().filter(originUser::isOwner).map(conf -> conf.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Create copied user
    User copy = new User(name, originUser.getLabel(), storage);
    storage.addUser(copy);
    copy.updatePermissions(copiedPermission);
    return copy;
}