use of com.cloud.server.auth.UserAuthenticator in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method updateUser.
@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_UPDATE, eventDescription = "updating User")
public UserAccount updateUser(final Long userId, final String firstName, final String lastName, final String email, final String userName, final String password, final String apiKey, final String secretKey, final String timeZone) {
// Input validation
final UserVO user = _userDao.getUser(userId);
if (user == null) {
throw new InvalidParameterValueException("unable to find user by id");
}
if ((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) {
throw new InvalidParameterValueException("Please provide an userApiKey/userSecretKey pair");
}
// If the account is an admin type, return an error. We do not allow this
final Account account = _accountDao.findById(user.getAccountId());
if (account == null) {
throw new InvalidParameterValueException("unable to find user account " + user.getAccountId());
}
// don't allow updating project account
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("unable to find user by id");
}
// don't allow updating system account
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new PermissionDeniedException("user id : " + userId + " is system account, update is not allowed");
}
checkAccess(CallContext.current().getCallingAccount(), AccessType.OperateEntry, true, account);
if (firstName != null) {
if (firstName.isEmpty()) {
throw new InvalidParameterValueException("Firstname is empty");
}
user.setFirstname(firstName);
}
if (lastName != null) {
if (lastName.isEmpty()) {
throw new InvalidParameterValueException("Lastname is empty");
}
user.setLastname(lastName);
}
if (userName != null) {
if (userName.isEmpty()) {
throw new InvalidParameterValueException("Username is empty");
}
// don't allow to have same user names in the same domain
final List<UserVO> duplicatedUsers = _userDao.findUsersByName(userName);
for (final UserVO duplicatedUser : duplicatedUsers) {
if (duplicatedUser.getId() != user.getId()) {
final Account duplicatedUserAccount = _accountDao.findById(duplicatedUser.getAccountId());
if (duplicatedUserAccount.getDomainId() == account.getDomainId()) {
throw new InvalidParameterValueException("User with name " + userName + " already exists in domain " + duplicatedUserAccount.getDomainId());
}
}
}
user.setUsername(userName);
}
if (password != null) {
if (password.isEmpty()) {
throw new InvalidParameterValueException("Password cannot be empty");
}
String encodedPassword = null;
for (final Iterator<UserAuthenticator> en = _userPasswordEncoders.iterator(); en.hasNext(); ) {
final UserAuthenticator authenticator = en.next();
encodedPassword = authenticator.encode(password);
if (encodedPassword != null) {
break;
}
}
if (encodedPassword == null) {
throw new CloudRuntimeException("Failed to encode password");
}
user.setPassword(encodedPassword);
}
if (email != null) {
user.setEmail(email);
}
if (timeZone != null) {
user.setTimezone(timeZone);
}
if (apiKey != null) {
user.setApiKey(apiKey);
}
if (secretKey != null) {
user.setSecretKey(secretKey);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("updating user with id: " + userId);
}
// check if the apiKey and secretKey are globally unique
if (apiKey != null && secretKey != null) {
final Pair<User, Account> apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey);
if (apiKeyOwner != null) {
final User usr = apiKeyOwner.first();
if (usr.getId() != userId) {
throw new InvalidParameterValueException("The api key:" + apiKey + " exists in the system for user id:" + userId + " ,please provide a unique key");
}
}
}
_userDao.update(userId, user);
CallContext.current().putContextParameter(User.class, user.getUuid());
return _userAccountDao.findById(userId);
}
use of com.cloud.server.auth.UserAuthenticator in project cloudstack by apache.
the class ManagementServerImpl method enableAdminUser.
private void enableAdminUser(final String password) {
String encodedPassword = null;
final UserVO adminUser = _userDao.getUser(2);
if (adminUser == null) {
final String msg = "CANNOT find admin user";
s_logger.error(msg);
throw new CloudRuntimeException(msg);
}
if (adminUser.getState() == Account.State.disabled) {
for (final UserAuthenticator authenticator : _userPasswordEncoders) {
encodedPassword = authenticator.encode(password);
if (encodedPassword != null) {
break;
}
}
adminUser.setPassword(encodedPassword);
adminUser.setState(Account.State.enabled);
_userDao.persist(adminUser);
s_logger.info("Admin user enabled");
}
}
use of com.cloud.server.auth.UserAuthenticator in project cloudstack by apache.
the class AccountManagerImplTest method validateCurrentPasswordTestUserAuthenticatedWithProvidedCurrentPasswordViaSecondAuthenticator.
@Test
public void validateCurrentPasswordTestUserAuthenticatedWithProvidedCurrentPasswordViaSecondAuthenticator() {
AccountVO accountVoMock = Mockito.mock(AccountVO.class);
long domainId = 14l;
Mockito.doReturn(domainId).when(accountVoMock).getDomainId();
Mockito.doReturn(accountVoMock).when(_accountDao).findById(accountMockId);
String username = "username";
Mockito.doReturn(username).when(userVoMock).getUsername();
accountManagerImpl._userPasswordEncoders = new ArrayList<>();
UserAuthenticator authenticatorMock1 = Mockito.mock(UserAuthenticator.class);
UserAuthenticator authenticatorMock2 = Mockito.mock(UserAuthenticator.class);
accountManagerImpl._userPasswordEncoders.add(authenticatorMock1);
accountManagerImpl._userPasswordEncoders.add(authenticatorMock2);
Pair<Boolean, ActionOnFailedAuthentication> authenticationResult = new Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication>(true, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
String currentPassword = "currentPassword";
Mockito.doReturn(authenticationResult).when(authenticatorMock2).authenticate(username, currentPassword, domainId, null);
accountManagerImpl.validateCurrentPassword(userVoMock, currentPassword);
Mockito.verify(authenticatorMock1, Mockito.times(1)).authenticate(username, currentPassword, domainId, null);
Mockito.verify(authenticatorMock2, Mockito.times(1)).authenticate(username, currentPassword, domainId, null);
}
use of com.cloud.server.auth.UserAuthenticator in project cloudstack by apache.
the class AccountManagerImpl method updateUser.
@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_UPDATE, eventDescription = "updating User")
public UserAccount updateUser(Long userId, String firstName, String lastName, String email, String userName, String password, String apiKey, String secretKey, String timeZone) {
// Input validation
UserVO user = _userDao.getUser(userId);
if (user == null) {
throw new InvalidParameterValueException("unable to find user by id");
}
if ((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) {
throw new InvalidParameterValueException("Please provide an userApiKey/userSecretKey pair");
}
// If the account is an admin type, return an error. We do not allow this
Account account = _accountDao.findById(user.getAccountId());
if (account == null) {
throw new InvalidParameterValueException("unable to find user account " + user.getAccountId());
}
// don't allow updating project account
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("unable to find user by id");
}
// don't allow updating system account
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new PermissionDeniedException("user id : " + userId + " is system account, update is not allowed");
}
checkAccess(CallContext.current().getCallingAccount(), AccessType.OperateEntry, true, account);
if (firstName != null) {
if (firstName.isEmpty()) {
throw new InvalidParameterValueException("Firstname is empty");
}
user.setFirstname(firstName);
}
if (lastName != null) {
if (lastName.isEmpty()) {
throw new InvalidParameterValueException("Lastname is empty");
}
user.setLastname(lastName);
}
if (userName != null) {
if (userName.isEmpty()) {
throw new InvalidParameterValueException("Username is empty");
}
// don't allow to have same user names in the same domain
List<UserVO> duplicatedUsers = _userDao.findUsersByName(userName);
for (UserVO duplicatedUser : duplicatedUsers) {
if (duplicatedUser.getId() != user.getId()) {
Account duplicatedUserAccount = _accountDao.findById(duplicatedUser.getAccountId());
if (duplicatedUserAccount.getDomainId() == account.getDomainId()) {
throw new InvalidParameterValueException("User with name " + userName + " already exists in domain " + duplicatedUserAccount.getDomainId());
}
}
}
user.setUsername(userName);
}
if (password != null) {
if (password.isEmpty()) {
throw new InvalidParameterValueException("Password cannot be empty");
}
String encodedPassword = null;
for (Iterator<UserAuthenticator> en = _userPasswordEncoders.iterator(); en.hasNext(); ) {
UserAuthenticator authenticator = en.next();
encodedPassword = authenticator.encode(password);
if (encodedPassword != null) {
break;
}
}
if (encodedPassword == null) {
throw new CloudRuntimeException("Failed to encode password");
}
user.setPassword(encodedPassword);
}
if (email != null) {
user.setEmail(email);
}
if (timeZone != null) {
user.setTimezone(timeZone);
}
if (apiKey != null) {
user.setApiKey(apiKey);
}
if (secretKey != null) {
user.setSecretKey(secretKey);
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("updating user with id: " + userId);
}
try {
// check if the apiKey and secretKey are globally unique
if (apiKey != null && secretKey != null) {
Pair<User, Account> apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey);
if (apiKeyOwner != null) {
User usr = apiKeyOwner.first();
if (usr.getId() != userId) {
throw new InvalidParameterValueException("The api key:" + apiKey + " exists in the system for user id:" + userId + " ,please provide a unique key");
} else {
// allow the updation to take place
}
}
}
_userDao.update(userId, user);
} catch (Throwable th) {
s_logger.error("error updating user", th);
throw new CloudRuntimeException("Unable to update user " + userId);
}
CallContext.current().putContextParameter(User.class, user.getUuid());
return _userAccountDao.findById(userId);
}
use of com.cloud.server.auth.UserAuthenticator in project cosmic by MissionCriticalCloud.
the class ManagementServerImpl method enableAdminUser.
private void enableAdminUser(final String password) {
String encodedPassword = null;
final UserVO adminUser = _userDao.getUser(2);
if (adminUser == null) {
final String msg = "CANNOT find admin user";
s_logger.error(msg);
throw new CloudRuntimeException(msg);
}
if (adminUser.getState() == Account.State.disabled) {
for (final UserAuthenticator authenticator : _userPasswordEncoders) {
encodedPassword = authenticator.encode(password);
if (encodedPassword != null) {
break;
}
}
adminUser.setPassword(encodedPassword);
adminUser.setState(Account.State.enabled);
_userDao.persist(adminUser);
s_logger.info("Admin user enabled");
}
}
Aggregations