Examples with UserId com.bakdata.conquery.models.identifiable.ids.specific.UserId used on opensource projects

Example 11 with UserId

use of com.bakdata.conquery.models.identifiable.ids.specific.UserId in project conquery by bakdata.

the class IntrospectionDelegatingRealm method extractId.

private static UserId extractId(TokenIntrospectionSuccessResponse successResponse) {
    String identifier = successResponse.getUsername();
    if (StringUtils.isBlank(identifier)) {
        identifier = successResponse.getStringParameter("preferred_username");
    }
    if (StringUtils.isBlank(identifier)) {
        identifier = successResponse.getStringParameter("email");
    }
    if (StringUtils.isBlank(identifier)) {
        throw new IllegalStateException("Unable to retrieve a user identifier from validated token. Dismissing the token.");
    }
    UserId userId = new UserId(identifier);
    log.trace("Extracted UserId {}", userId);
    return userId;
}

Example 12 with UserId

use of com.bakdata.conquery.models.identifiable.ids.specific.UserId in project conquery by bakdata.

the class JwtPkceVerifyingRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    Optional<JwtPkceVerifyingRealmFactory.IdpConfiguration> idpConfigurationOpt = idpConfigurationSupplier.get();
    if (idpConfigurationOpt.isEmpty()) {
        log.warn("Unable to start authentication, because idp configuration is not available.");
        return null;
    }
    JwtPkceVerifyingRealmFactory.IdpConfiguration idpConfiguration = idpConfigurationOpt.get();
    log.trace("Creating token verifier");
    TokenVerifier<AccessToken> verifier = TokenVerifier.create(((BearerToken) token).getToken(), AccessToken.class).withChecks(new TokenVerifier.RealmUrlCheck(idpConfiguration.getIssuer()), TokenVerifier.SUBJECT_EXISTS_CHECK, activeVerifier).withChecks(tokenChecks).publicKey(idpConfiguration.getPublicKey()).audience(allowedAudience);
    String subject;
    log.trace("Verifying token");
    AccessToken accessToken = null;
    try {
        verifier.verify();
        accessToken = verifier.getToken();
    } catch (VerificationException e) {
        log.trace("Verification failed", e);
        throw new IncorrectCredentialsException(e);
    }
    subject = accessToken.getSubject();
    if (subject == null) {
        // Should not happen, as sub is mandatory in an access_token
        throw new UnsupportedTokenException("Unable to extract a subject from the provided token.");
    }
    log.trace("Authentication successfull for subject {}", subject);
    UserId userId = new UserId(subject);
    User user = storage.getUser(userId);
    if (user != null) {
        log.trace("Successfully authenticated user {}", userId);
        return new ConqueryAuthenticationInfo(user, token, this, true);
    }
    // Try alternative ids
    List<UserId> alternativeIds = new ArrayList<>();
    for (String alternativeIdClaim : alternativeIdClaims) {
        Object altId = accessToken.getOtherClaims().get(alternativeIdClaim);
        if (!(altId instanceof String)) {
            log.trace("Found no value for alternative id claim {}", alternativeIdClaim);
            continue;
        }
        userId = new UserId((String) altId);
        user = storage.getUser(userId);
        if (user != null) {
            log.trace("Successfully mapped subject {} using user id {}", subject, userId);
            return new ConqueryAuthenticationInfo(user, token, this, true);
        }
    }
    throw new UnknownAccountException("The user id was unknown: " + subject);
}

Example 13 with UserId

use of com.bakdata.conquery.models.identifiable.ids.specific.UserId in project conquery by bakdata.

the class AuthorizationController method flatCopyUser.

/**
 * Creates a copy of an existing user. The copied user has the same effective permissions as the original user
 * at the time of copying, but these are flatted. This means that the original user might hold certain permissions
 * through inheritance from roles or groups, the copy will hold the permissions directly.
 * @param originUser The user to make a flat copy of
 * @param namePrefix The prefix for the id of the new copied user
 * @return A flat copy of the referenced user
 */
public static User flatCopyUser(@NonNull User originUser, String namePrefix, @NonNull MetaStorage storage) {
    final UserId originUserId = originUser.getId();
    if (Strings.isNullOrEmpty(namePrefix)) {
        throw new IllegalArgumentException("There must be a prefix");
    }
    // Find a new user id that is not used yet
    String name = null;
    do {
        name = namePrefix + UUID.randomUUID() + originUserId.getName();
    } while (storage.getUser(new UserId(name)) != null);
    // Retrieve original user and its effective permissions
    // Copy inherited permissions
    Set<ConqueryPermission> copiedPermission = new HashSet<>();
    copiedPermission.addAll(originUser.getEffectivePermissions());
    // Give read permission to all executions the original user owned
    copiedPermission.addAll(storage.getAllExecutions().stream().filter(originUser::isOwner).map(exc -> exc.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Give read permission to all form configs the original user owned
    copiedPermission.addAll(storage.getAllFormConfigs().stream().filter(originUser::isOwner).map(conf -> conf.createPermission(Ability.READ.asSet())).collect(Collectors.toSet()));
    // Create copied user
    User copy = new User(name, originUser.getLabel(), storage);
    storage.addUser(copy);
    copy.updatePermissions(copiedPermission);
    return copy;
}

Example 14 with UserId

use of com.bakdata.conquery.models.identifiable.ids.specific.UserId in project conquery by bakdata.

the class ApiTokenRealm method doGetAuthenticationInfo.

@Override
public ConqueryAuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    if (!(token instanceof ApiToken)) {
        return null;
    }
    final ApiToken apiToken = ((ApiToken) token);
    ApiTokenHash tokenHash = apiToken.hashToken();
    // Clear the token
    apiToken.clear();
    ApiTokenData tokenData = tokenStorage.get(tokenHash);
    if (tokenData == null) {
        log.trace("Unknown token, cannot map token hash to token data. Aborting authentication");
        throw new IncorrectCredentialsException();
    }
    if (LocalDate.now().isAfter(tokenData.getExpirationDate())) {
        log.info("Supplied token expired on: {}", tokenData.getExpirationDate());
        throw new ExpiredCredentialsException("Supplied token is expired");
    }
    final ApiTokenData.MetaData metaData = new ApiTokenData.MetaData(LocalDate.now());
    tokenStorage.updateMetaData(tokenData.getId(), metaData);
    final UserId userId = tokenData.getUserId();
    final User user = storage.getUser(userId);
    if (user == null) {
        throw new UnknownAccountException("The UserId does not map to a user: " + userId);
    }
    return new ConqueryAuthenticationInfo(new TokenScopedUser(user, tokenData), token, this, false);
}

Example 15 with UserId

use of com.bakdata.conquery.models.identifiable.ids.specific.UserId in project conquery by bakdata.

the class SerializingStoreDumpTest method testCorruptValueDump.

/**
 * Tests if entries with corrupted values are dumped.
 */
@Test
public void testCorruptValueDump() throws IOException {
    // Set dump directory to this tests temp-dir
    config.setUnreadableDataDumpDirectory(tmpDir);
    {
        // Open a store and insert a valid key-value pair (UserId & User)
        SerializingStore<UserId, User> store = createSerializedStore(config, env, Validators.newValidator(), USER_STORE_ID);
        store.add(user.getId(), user);
    }
    {
        // Open that store again, with a different config to insert a corrupt entry
        // (UserId & ManagedQuery)
        SerializingStore<UserId, QueryDescription> store = createSerializedStore(config, env, Validators.newValidator(), new StoreInfo<>(USER_STORE_ID.getName(), UserId.class, QueryDescription.class));
        store.add(new UserId("testU2"), cQuery);
    }
    {
        // Reopen the store with the initial value and try to iterate over all entries
        // (this triggers the dump or removal of invalid entries)
        SerializingStore<UserId, User> store = createSerializedStore(config, env, Validators.newValidator(), USER_STORE_ID);
        IterationStatistic expectedResult = new IterationStatistic();
        expectedResult.setTotalProcessed(2);
        expectedResult.setFailedKeys(0);
        expectedResult.setFailedValues(1);
        // Iterate (do nothing with the entries themselves)
        IterationStatistic result = store.forEach((k, v, s) -> {
        });
        assertThat(result).isEqualTo(expectedResult);
    }
    // Test if the correct number of dumpfiles was generated
    Condition<File> dumpFileCond = new Condition<>(f -> f.getName().endsWith(SerializingStore.DUMP_FILE_EXTENTION), "dump file");
    assertThat(tmpDir.listFiles()).areExactly(1, dumpFileCond);
    // Test if the dump is correct
    File dumpFile = getDumpFile(dumpFileCond);
    assertThat((QueryDescription) Jackson.MAPPER.readerFor(QueryDescription.class).readValue(dumpFile)).isEqualTo(cQuery);
}