Search in sources :

Example 6 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method buildACLSearchParameters.

// TODO: deprecate this to use the new buildACLSearchParameters with permittedDomains, permittedAccounts, and permittedResources as return
@Override
public void buildACLSearchParameters(final Account caller, final Long id, final String accountName, final Long projectId, final List<Long> permittedAccounts, final Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, final boolean listAll, final boolean forProjectInvitation) {
    final Long domainId = domainIdRecursiveListProject.first();
    if (domainId != null) {
        final Domain domain = _domainDao.findById(domainId);
        if (domain == null) {
            throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
        }
        // check permissions
        checkAccess(caller, domain);
    }
    if (accountName != null) {
        if (projectId != null) {
            throw new InvalidParameterValueException("Account and projectId can't be specified together");
        }
        final Account userAccount;
        final Domain domain;
        if (domainId != null) {
            userAccount = _accountDao.findActiveAccount(accountName, domainId);
            domain = _domainDao.findById(domainId);
        } else {
            userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId());
            domain = _domainDao.findById(caller.getDomainId());
        }
        if (userAccount != null) {
            checkAccess(caller, null, false, userAccount);
            // check permissions
            permittedAccounts.add(userAccount.getId());
        } else {
            throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());
        }
    }
    // set project information
    if (projectId != null) {
        if (!forProjectInvitation) {
            if (projectId.longValue() == -1) {
                if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                    permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
                } else {
                    domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly);
                }
            } else {
                final Project project = _projectMgr.getProject(projectId);
                if (project == null) {
                    throw new InvalidParameterValueException("Unable to find project by id " + projectId);
                }
                if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
                    throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId);
                }
                permittedAccounts.add(project.getProjectAccountId());
            }
        }
    } else {
        if (id == null) {
            domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
        }
        if (permittedAccounts.isEmpty() && domainId == null) {
            if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                permittedAccounts.add(caller.getId());
            } else if (!listAll) {
                if (id == null) {
                    permittedAccounts.add(caller.getId());
                } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                    domainIdRecursiveListProject.first(caller.getDomainId());
                    domainIdRecursiveListProject.second(true);
                }
            } else if (domainId == null) {
                if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
                    domainIdRecursiveListProject.first(caller.getDomainId());
                    domainIdRecursiveListProject.second(true);
                }
            }
        } else if (domainId != null) {
            if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                permittedAccounts.add(caller.getId());
            }
        }
    }
}
Also used : UserAccount(com.cloud.legacymodel.user.UserAccount) Account(com.cloud.legacymodel.user.Account) Project(com.cloud.projects.Project) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException) Domain(com.cloud.legacymodel.domain.Domain)

Example 7 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class AccountManagerImplTest method testAuthenticateUser.

@Test
public void testAuthenticateUser() throws UnknownHostException {
    final Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> successAuthenticationPair = new Pair<>(true, null);
    final Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> failureAuthenticationPair = new Pair<>(false, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
    final UserAccountVO userAccountVO = new UserAccountVO();
    userAccountVO.setSource(User.Source.UNKNOWN);
    userAccountVO.setState(Account.State.disabled.toString());
    Mockito.when(_userAccountDao.getUserAccount("test", 1L)).thenReturn(userAccountVO);
    Mockito.when(userAuthenticator.authenticate("test", "fail", 1L, null)).thenReturn(failureAuthenticationPair);
    Mockito.when(userAuthenticator.authenticate("test", null, 1L, null)).thenReturn(successAuthenticationPair);
    Mockito.when(userAuthenticator.authenticate("test", "", 1L, null)).thenReturn(successAuthenticationPair);
    // Test for incorrect password. authentication should fail
    UserAccount userAccount = accountManager.authenticateUser("test", "fail", 1L, InetAddress.getByName("127.0.0.1"), null);
    Assert.assertNull(userAccount);
    // Test for null password. authentication should fail
    userAccount = accountManager.authenticateUser("test", null, 1L, InetAddress.getByName("127.0.0.1"), null);
    Assert.assertNull(userAccount);
    // Test for empty password. authentication should fail
    userAccount = accountManager.authenticateUser("test", "", 1L, InetAddress.getByName("127.0.0.1"), null);
    Assert.assertNull(userAccount);
    // Verifying that the authentication method is only called when password is specified
    Mockito.verify(userAuthenticator, Mockito.times(1)).authenticate("test", "fail", 1L, null);
    Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", null, 1L, null);
    Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", "", 1L, null);
}
Also used : UserAccount(com.cloud.legacymodel.user.UserAccount) Pair(com.cloud.legacymodel.utils.Pair) Test(org.junit.Test)

Example 8 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class LinkDomainToLdapCmd method execute.

@Override
public void execute() throws ServerApiException {
    try {
        final LinkDomainToLdapResponse response = _ldapManager.linkDomainToLdap(domainId, type, name, accountType);
        if (admin != null) {
            LdapUser ldapUser = null;
            try {
                ldapUser = _ldapManager.getUser(admin, type, name);
            } catch (final NoLdapUserMatchingQueryException e) {
                s_logger.debug("no ldap user matching username " + admin + " in the given group/ou", e);
            }
            if (ldapUser != null && !ldapUser.isDisabled()) {
                final Account account = _accountService.getActiveAccountByName(admin, domainId);
                if (account == null) {
                    try {
                        final UserAccount userAccount = _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP);
                        response.setAdminId(String.valueOf(userAccount.getAccountId()));
                        s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
                    } catch (final Exception e) {
                        s_logger.info("an exception occurred while creating account with name " + admin + " in domain " + domainId, e);
                    }
                } else {
                    s_logger.debug("an account with name " + admin + " already exists in the domain " + domainId);
                }
            } else {
                s_logger.debug("ldap user with username " + admin + " is disabled in the given group/ou");
            }
        }
        response.setObjectName("LinkDomainToLdap");
        response.setResponseName(getCommandName());
        setResponseObject(response);
    } catch (final InvalidParameterValueException e) {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.toString());
    }
}
Also used : UserAccount(com.cloud.legacymodel.user.UserAccount) Account(com.cloud.legacymodel.user.Account) NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException) LdapUser(com.cloud.ldap.LdapUser) LinkDomainToLdapResponse(com.cloud.api.response.LinkDomainToLdapResponse) ServerApiException(com.cloud.api.ServerApiException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException) UserAccount(com.cloud.legacymodel.user.UserAccount) NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException) ServerApiException(com.cloud.api.ServerApiException) InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)

Example 9 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class LockUserCmd method execute.

// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
@Override
public void execute() {
    final UserAccount user = _accountService.lockUser(getId());
    if (user != null) {
        final UserResponse response = _responseGenerator.createUserResponse(user);
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } else {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to lock user");
    }
}
Also used : UserResponse(com.cloud.api.response.UserResponse) ServerApiException(com.cloud.api.ServerApiException) UserAccount(com.cloud.legacymodel.user.UserAccount)

Example 10 with UserAccount

use of com.cloud.legacymodel.user.UserAccount in project cosmic by MissionCriticalCloud.

the class DisableUserCmd method execute.

@Override
public void execute() {
    CallContext.current().setEventDetails("UserId: " + getId());
    final UserAccount user = _regionService.disableUser(this);
    if (user != null) {
        final UserResponse response = _responseGenerator.createUserResponse(user);
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
    } else {
        throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to disable user");
    }
}
Also used : UserResponse(com.cloud.api.response.UserResponse) ServerApiException(com.cloud.api.ServerApiException) UserAccount(com.cloud.legacymodel.user.UserAccount)

Aggregations

UserAccount (com.cloud.legacymodel.user.UserAccount)21 Account (com.cloud.legacymodel.user.Account)10 InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)8 ServerApiException (com.cloud.api.ServerApiException)7 UserResponse (com.cloud.api.response.UserResponse)5 CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)5 User (com.cloud.legacymodel.user.User)5 ActionEvent (com.cloud.event.ActionEvent)4 Domain (com.cloud.legacymodel.domain.Domain)4 Pair (com.cloud.legacymodel.utils.Pair)4 CloudAuthenticationException (com.cloud.legacymodel.exceptions.CloudAuthenticationException)3 PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)3 VpnUserVO (com.cloud.network.VpnUserVO)3 AccountResponse (com.cloud.api.response.AccountResponse)2 DomainVO (com.cloud.domain.DomainVO)2 LdapUser (com.cloud.ldap.LdapUser)2 NoLdapUserMatchingQueryException (com.cloud.ldap.NoLdapUserMatchingQueryException)2 UserAuthenticator (com.cloud.server.auth.UserAuthenticator)2 DB (com.cloud.utils.db.DB)2 TransactionStatus (com.cloud.utils.db.TransactionStatus)2