Example 1 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class GetUserCmd method execute.
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
final UserAccount result = _accountService.getUserByApiKey(getApiKey());
if (result != null) {
final UserResponse response = _responseGenerator.createUserResponse(result);
if (StringUtils.isNotBlank(response.getSecretKey())) {
response.setSecretKey("SecretKey only visible when generating a new key");
}
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new InvalidParameterValueException("User with specified API key does not exist");
}
}
Also used :
UserResponse(com.cloud.api.response.UserResponse)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
UserAccount(com.cloud.legacymodel.user.UserAccount)
Example 2 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class UpdateUserCmd method execute.
@Override
public void execute() {
CallContext.current().setEventDetails("UserId: " + getId());
final UserAccount user = _regionService.updateUser(this);
if (user != null) {
final UserResponse response = _responseGenerator.createUserResponse(user);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update user");
}
}
Also used :
UserResponse(com.cloud.api.response.UserResponse)
ServerApiException(com.cloud.api.ServerApiException)
UserAccount(com.cloud.legacymodel.user.UserAccount)
Example 3 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class LdapAuthenticator method authenticate.
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<>(false, null);
}
boolean result = false;
ActionOnFailedAuthentication action = null;
if (_ldapManager.isLdapEnabled()) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
final LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
if (ldapTrustMapVO != null) {
ldapGroupName = DistinguishedNameParser.parseLeafName(ldapTrustMapVO.getName());
try {
final LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType().toString(), ldapTrustMapVO.getName());
if (!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
if (result) {
if (user == null) {
// import user to cloudstack
createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
} else {
enableUserInCloudStack(user);
}
}
} else {
// disable user in cloudstack
disableUserInCloudStack(user);
}
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug(e.getMessage());
}
} else {
// domain is not linked to ldap follow normal authentication
if (user != null) {
try {
final LdapUser ldapUser = _ldapManager.getUser(username);
if (!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
} else {
s_logger.debug("user with principal " + ldapUser.getPrincipal() + " is disabled in ldap");
}
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug(e.getMessage());
}
}
}
if (!result && user != null) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
}
return new Pair<>(result, action);
}
Also used :
UserAccount(com.cloud.legacymodel.user.UserAccount)
Pair(com.cloud.legacymodel.utils.Pair)
Example 4 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class LinkDomainToLdapCmd method execute.
@Override
public void execute() throws ServerApiException {
try {
final LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
if (admin != null) {
LdapUser ldapUser = null;
try {
ldapUser = _ldapManager.getUser(admin, type, name);
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug("no ldap user matching username " + admin + " in the given group/ou", e);
}
if (ldapUser != null && !ldapUser.isDisabled()) {
final Account account = _accountService.getActiveAccountByName(admin, domainId);
if (account == null) {
try {
final UserAccount userAccount = _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
response.setAdminId(String.valueOf(userAccount.getAccountId()));
s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
} catch (final Exception e) {
s_logger.info("an exception occurred while creating account with name " + admin + " in domain " + domainId, e);
}
} else {
s_logger.debug("an account with name " + admin + " already exists in the domain " + domainId);
}
} else {
s_logger.debug("ldap user with username " + admin + " is disabled in the given group/ou");
}
}
response.setObjectName("LinkDomainToLdap");
response.setResponseName(getCommandName());
setResponseObject(response);
} catch (final InvalidParameterValueException e) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
}
}
Also used :
UserAccount(com.cloud.legacymodel.user.UserAccount)
Account(com.cloud.legacymodel.user.Account)
NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException)
LdapUser(com.cloud.ldap.LdapUser)
LinkDomainToLdapResponse(com.cloud.api.response.LinkDomainToLdapResponse)
ServerApiException(com.cloud.api.ServerApiException)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
UserAccount(com.cloud.legacymodel.user.UserAccount)
NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException)
ServerApiException(com.cloud.api.ServerApiException)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Example 5 with UserAccount
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class SHA256SaltedUserAuthenticator method authenticate.
/* (non-Javadoc)
* @see com.cloud.server.auth.UserAuthenticator#authenticate(java.lang.String, java.lang.String, java.lang.Long, java.util.Map)
*/
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<>(false, null);
}
boolean realUser = true;
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
realUser = false;
}
/* Fake Data */
String realPassword = new String(s_defaultPassword);
byte[] salt = new String(s_defaultSalt).getBytes();
if (realUser) {
final String[] storedPassword = user.getPassword().split(":");
if (storedPassword.length != 2) {
s_logger.warn("The stored password for " + username + " isn't in the right format for this authenticator");
realUser = false;
} else {
realPassword = storedPassword[1];
salt = Base64.decode(storedPassword[0]);
}
}
try {
final String hashedPassword = encode(password, salt);
/* constantTimeEquals comes first in boolean since we need to thwart timing attacks */
final boolean result = constantTimeEquals(realPassword, hashedPassword) && realUser;
ActionOnFailedAuthentication action = null;
if (!result && realUser) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
return new Pair<>(result, action);
} catch (final NoSuchAlgorithmException e) {
throw new CloudRuntimeException("Unable to hash password", e);
} catch (final UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable to hash password", e);
}
}
Also used :
CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UserAccount(com.cloud.legacymodel.user.UserAccount)
Pair(com.cloud.legacymodel.utils.Pair)
Aggregations
UserAccount (com.cloud.legacymodel.user.UserAccount)21
Account (com.cloud.legacymodel.user.Account)10
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)8
ServerApiException (com.cloud.api.ServerApiException)7
UserResponse (com.cloud.api.response.UserResponse)5
CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)5
User (com.cloud.legacymodel.user.User)5
ActionEvent (com.cloud.event.ActionEvent)4
Domain (com.cloud.legacymodel.domain.Domain)4
Pair (com.cloud.legacymodel.utils.Pair)4
CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)3
PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)3
VpnUserVO (com.cloud.network.VpnUserVO)3
AccountResponse (com.cloud.api.response.AccountResponse)2
DomainVO (com.cloud.domain.DomainVO)2
LdapUser (com.cloud.ldap.LdapUser)2
NoLdapUserMatchingQueryException (com.cloud.ldap.NoLdapUserMatchingQueryException)2
UserAuthenticator (com.cloud.server.auth.UserAuthenticator)2
DB (com.cloud.utils.db.DB)2
TransactionStatus (com.cloud.utils.db.TransactionStatus)2
