use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class GetUserCmd method execute.
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
final UserAccount result = _accountService.getUserByApiKey(getApiKey());
if (result != null) {
final UserResponse response = _responseGenerator.createUserResponse(result);
if (StringUtils.isNotBlank(response.getSecretKey())) {
response.setSecretKey("SecretKey only visible when generating a new key");
}
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new InvalidParameterValueException("User with specified API key does not exist");
}
}
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class UpdateUserCmd method execute.
@Override
public void execute() {
CallContext.current().setEventDetails("UserId: " + getId());
final UserAccount user = _regionService.updateUser(this);
if (user != null) {
final UserResponse response = _responseGenerator.createUserResponse(user);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update user");
}
}
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class LdapAuthenticator method authenticate.
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<>(false, null);
}
boolean result = false;
ActionOnFailedAuthentication action = null;
if (_ldapManager.isLdapEnabled()) {
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
final LdapTrustMapVO ldapTrustMapVO = _ldapManager.getDomainLinkedToLdap(domainId);
if (ldapTrustMapVO != null) {
ldapGroupName = DistinguishedNameParser.parseLeafName(ldapTrustMapVO.getName());
try {
final LdapUser ldapUser = _ldapManager.getUser(username, ldapTrustMapVO.getType().toString(), ldapTrustMapVO.getName());
if (!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
if (result) {
if (user == null) {
// import user to cloudstack
createCloudStackUserAccount(ldapUser, domainId, ldapTrustMapVO.getAccountType());
} else {
enableUserInCloudStack(user);
}
}
} else {
// disable user in cloudstack
disableUserInCloudStack(user);
}
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug(e.getMessage());
}
} else {
// domain is not linked to ldap follow normal authentication
if (user != null) {
try {
final LdapUser ldapUser = _ldapManager.getUser(username);
if (!ldapUser.isDisabled()) {
result = _ldapManager.canAuthenticate(ldapUser.getPrincipal(), password);
} else {
s_logger.debug("user with principal " + ldapUser.getPrincipal() + " is disabled in ldap");
}
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug(e.getMessage());
}
}
}
if (!result && user != null) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
}
return new Pair<>(result, action);
}
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class LinkDomainToLdapCmd method execute.
@Override
public void execute() throws ServerApiException {
try {
final LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
if (admin != null) {
LdapUser ldapUser = null;
try {
ldapUser = _ldapManager.getUser(admin, type, name);
} catch (final NoLdapUserMatchingQueryException e) {
s_logger.debug("no ldap user matching username " + admin + " in the given group/ou", e);
}
if (ldapUser != null && !ldapUser.isDisabled()) {
final Account account = _accountService.getActiveAccountByName(admin, domainId);
if (account == null) {
try {
final UserAccount userAccount = _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
response.setAdminId(String.valueOf(userAccount.getAccountId()));
s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
} catch (final Exception e) {
s_logger.info("an exception occurred while creating account with name " + admin + " in domain " + domainId, e);
}
} else {
s_logger.debug("an account with name " + admin + " already exists in the domain " + domainId);
}
} else {
s_logger.debug("ldap user with username " + admin + " is disabled in the given group/ou");
}
}
response.setObjectName("LinkDomainToLdap");
response.setResponseName(getCommandName());
setResponseObject(response);
} catch (final InvalidParameterValueException e) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
}
}
use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.
the class SHA256SaltedUserAuthenticator method authenticate.
/* (non-Javadoc)
* @see com.cloud.server.auth.UserAuthenticator#authenticate(java.lang.String, java.lang.String, java.lang.Long, java.util.Map)
*/
@Override
public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Retrieving user: " + username);
}
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
s_logger.debug("Username or Password cannot be empty");
return new Pair<>(false, null);
}
boolean realUser = true;
final UserAccount user = _userAccountDao.getUserAccount(username, domainId);
if (user == null) {
s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
realUser = false;
}
/* Fake Data */
String realPassword = new String(s_defaultPassword);
byte[] salt = new String(s_defaultSalt).getBytes();
if (realUser) {
final String[] storedPassword = user.getPassword().split(":");
if (storedPassword.length != 2) {
s_logger.warn("The stored password for " + username + " isn't in the right format for this authenticator");
realUser = false;
} else {
realPassword = storedPassword[1];
salt = Base64.decode(storedPassword[0]);
}
}
try {
final String hashedPassword = encode(password, salt);
/* constantTimeEquals comes first in boolean since we need to thwart timing attacks */
final boolean result = constantTimeEquals(realPassword, hashedPassword) && realUser;
ActionOnFailedAuthentication action = null;
if (!result && realUser) {
action = ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT;
}
return new Pair<>(result, action);
} catch (final NoSuchAlgorithmException e) {
throw new CloudRuntimeException("Unable to hash password", e);
} catch (final UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable to hash password", e);
}
}
Aggregations