Search in sources :

Example 6 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImpl method resolveMemberships.

private PrincipalKeys resolveMemberships(final PrincipalKey userKey) {
    final PrincipalKeys directMemberships = queryDirectMemberships(userKey);
    final Set<PrincipalKey> resolvedMemberships = new LinkedHashSet<>(directMemberships.getSet());
    final Set<PrincipalKey> queriedMemberships = new LinkedHashSet<>();
    do {
        final Set<PrincipalKey> newMemberships = new LinkedHashSet<>();
        resolvedMemberships.stream().filter(principal -> !queriedMemberships.contains(principal)).forEach(principal -> {
            final PrincipalKeys indirectMemberships = queryDirectMemberships(principal);
            newMemberships.addAll(indirectMemberships.getSet());
            queriedMemberships.add(principal);
        });
        resolvedMemberships.addAll(newMemberships);
    } while (resolvedMemberships.size() > queriedMemberships.size());
    return PrincipalKeys.from(resolvedMemberships);
}
Also used : LinkedHashSet(java.util.LinkedHashSet) Nodes(com.enonic.xp.node.Nodes) ValueExpr(com.enonic.xp.query.expr.ValueExpr) IdProviderKey(com.enonic.xp.security.IdProviderKey) PrincipalRelationships(com.enonic.xp.security.PrincipalRelationships) FieldExpr(com.enonic.xp.query.expr.FieldExpr) CreateGroupParams(com.enonic.xp.security.CreateGroupParams) IndexService(com.enonic.xp.index.IndexService) ValueFilter(com.enonic.xp.query.filter.ValueFilter) Role(com.enonic.xp.security.Role) SecureRandom(java.security.SecureRandom) Matcher(java.util.regex.Matcher) LogicalExpr(com.enonic.xp.query.expr.LogicalExpr) ContextAccessor(com.enonic.xp.context.ContextAccessor) NodeService(com.enonic.xp.node.NodeService) AuthenticationException(com.enonic.xp.security.auth.AuthenticationException) ContextBuilder(com.enonic.xp.context.ContextBuilder) VerifiedEmailAuthToken(com.enonic.xp.security.auth.VerifiedEmailAuthToken) QueryExpr(com.enonic.xp.query.expr.QueryExpr) UpdateIdProviderParams(com.enonic.xp.security.UpdateIdProviderParams) SystemConstants(com.enonic.xp.security.SystemConstants) SecurityService(com.enonic.xp.security.SecurityService) UserQueryResult(com.enonic.xp.security.UserQueryResult) IdProviderNotFoundException(com.enonic.xp.security.IdProviderNotFoundException) UpdateRoleParams(com.enonic.xp.security.UpdateRoleParams) CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) DEFAULT_ID_PROVIDER_ACL(com.enonic.xp.core.impl.security.SecurityInitializer.DEFAULT_ID_PROVIDER_ACL) PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) PrincipalType(com.enonic.xp.security.PrincipalType) Set(java.util.Set) ValueFactory(com.enonic.xp.data.ValueFactory) Instant(java.time.Instant) AccessControlList(com.enonic.xp.security.acl.AccessControlList) NodeId(com.enonic.xp.node.NodeId) Objects(java.util.Objects) List(java.util.List) SecurityConstants(com.enonic.xp.security.SecurityConstants) Optional(java.util.Optional) RoleKeys(com.enonic.xp.security.RoleKeys) Context(com.enonic.xp.context.Context) Pattern(java.util.regex.Pattern) IdProvider(com.enonic.xp.security.IdProvider) HashFunction(com.google.common.hash.HashFunction) FindNodesByParentParams(com.enonic.xp.node.FindNodesByParentParams) FindNodesByQueryResult(com.enonic.xp.node.FindNodesByQueryResult) RefreshMode(com.enonic.xp.node.RefreshMode) CreateRoleParams(com.enonic.xp.security.CreateRoleParams) CompareExpr(com.enonic.xp.query.expr.CompareExpr) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) CreateNodeParams(com.enonic.xp.node.CreateNodeParams) Node(com.enonic.xp.node.Node) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Callable(java.util.concurrent.Callable) Hashing(com.google.common.hash.Hashing) UsernamePasswordAuthToken(com.enonic.xp.security.auth.UsernamePasswordAuthToken) NodeIdExistsException(com.enonic.xp.node.NodeIdExistsException) NodeNotFoundException(com.enonic.xp.node.NodeNotFoundException) UserQuery(com.enonic.xp.security.UserQuery) Strings(com.google.common.base.Strings) Charset(java.nio.charset.Charset) ImmutableList(com.google.common.collect.ImmutableList) VerifiedUsernameAuthToken(com.enonic.xp.security.auth.VerifiedUsernameAuthToken) PrincipalQuery(com.enonic.xp.security.PrincipalQuery) NodeQuery(com.enonic.xp.node.NodeQuery) IdProviderConfig(com.enonic.xp.security.IdProviderConfig) PrincipalNotFoundException(com.enonic.xp.security.PrincipalNotFoundException) EmailPasswordAuthToken(com.enonic.xp.security.auth.EmailPasswordAuthToken) LinkedHashSet(java.util.LinkedHashSet) PropertyTree(com.enonic.xp.data.PropertyTree) Group(com.enonic.xp.security.Group) IdProviders(com.enonic.xp.security.IdProviders) AuthenticationToken(com.enonic.xp.security.auth.AuthenticationToken) Striped(com.google.common.util.concurrent.Striped) NodeAlreadyExistAtPathException(com.enonic.xp.node.NodeAlreadyExistAtPathException) Principal(com.enonic.xp.security.Principal) NodePath(com.enonic.xp.node.NodePath) UpdateGroupParams(com.enonic.xp.security.UpdateGroupParams) IdProviderAccessControlList(com.enonic.xp.security.acl.IdProviderAccessControlList) AuthenticationInfo(com.enonic.xp.security.auth.AuthenticationInfo) Ints(com.google.common.primitives.Ints) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams) PrincipalQueryResult(com.enonic.xp.security.PrincipalQueryResult) Lock(java.util.concurrent.locks.Lock) Principals(com.enonic.xp.security.Principals) CreateIdProviderParams(com.enonic.xp.security.CreateIdProviderParams) IdProviderAlreadyExistsException(com.enonic.xp.security.IdProviderAlreadyExistsException) PrincipalKey(com.enonic.xp.security.PrincipalKey) ApplyNodePermissionsParams(com.enonic.xp.node.ApplyNodePermissionsParams) FindNodesByParentResult(com.enonic.xp.node.FindNodesByParentResult) PrincipalAlreadyExistsException(com.enonic.xp.security.PrincipalAlreadyExistsException) Clock(java.time.Clock) Preconditions(com.google.common.base.Preconditions) NodeIds(com.enonic.xp.node.NodeIds) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 7 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImpl method doRemoveMemberships.

private void doRemoveMemberships(final PrincipalKey member) {
    final PrincipalKeys memberships = queryDirectMemberships(member);
    if (memberships.isEmpty()) {
        return;
    }
    for (PrincipalKey from : memberships) {
        final PrincipalRelationship relationship = PrincipalRelationship.from(from).to(member);
        final UpdateNodeParams updateNodeParams = PrincipalNodeTranslator.removeRelationshipToUpdateNodeParams(relationship);
        nodeService.update(updateNodeParams);
    }
}
Also used : PrincipalKeys(com.enonic.xp.security.PrincipalKeys) PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) UpdateNodeParams(com.enonic.xp.node.UpdateNodeParams) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 8 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class PrincipalNodeTranslator method relationshipsFromNode.

static PrincipalRelationships relationshipsFromNode(final Node node) {
    final PropertyTree rootDataSet = node.data();
    final List<Property> members = rootDataSet.getProperties(PrincipalPropertyNames.MEMBER_KEY);
    if (members == null || members.isEmpty()) {
        return PrincipalRelationships.empty();
    }
    final ImmutableList.Builder<PrincipalRelationship> relationships = ImmutableList.builder();
    final PrincipalKey relationshipFrom = PrincipalKeyNodeTranslator.toKey(node);
    for (Property member : members) {
        final String memberKey = member.getValue().asString();
        final PrincipalKey relationshipTo = PrincipalKey.from(memberKey);
        final PrincipalRelationship relationship = PrincipalRelationship.from(relationshipFrom).to(relationshipTo);
        relationships.add(relationship);
    }
    return PrincipalRelationships.from(relationships.build());
}
Also used : PrincipalRelationship(com.enonic.xp.security.PrincipalRelationship) ImmutableList(com.google.common.collect.ImmutableList) PropertyTree(com.enonic.xp.data.PropertyTree) Property(com.enonic.xp.data.Property) PrincipalKey(com.enonic.xp.security.PrincipalKey)

Example 9 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImplTest method testUpdateUserDuplicatedEmail.

@Test
public void testUpdateUserDuplicatedEmail() {
    try {
        runAsAdmin(() -> {
            final PrincipalKey userKey1 = PrincipalKey.ofUser(SYSTEM, "User1");
            final CreateUserParams createUser1 = CreateUserParams.create().userKey(userKey1).displayName("User 1").email("same_email@enonic.com").login("User1").password("123456").build();
            final PrincipalKey userKey2 = PrincipalKey.ofUser(SYSTEM, "user2");
            final CreateUserParams createUser2 = CreateUserParams.create().userKey(userKey2).displayName("User 2").email("same_email@enonic.com").login("user2").build();
            final User user1 = securityService.createUser(createUser1);
            securityService.createUser(createUser2);
            final UpdateUserParams updateUserParams = UpdateUserParams.create(user1).email("same_email@enonic.com").build();
            securityService.updateUser(updateUserParams);
            refresh();
        });
        fail("Expected exception");
    } catch (IllegalArgumentException e) {
        assertEquals("A user with email 'same_email@enonic.com' already exists in id provider 'system'", e.getMessage());
    }
}
Also used : CreateUserParams(com.enonic.xp.security.CreateUserParams) User(com.enonic.xp.security.User) UpdateUserParams(com.enonic.xp.security.UpdateUserParams) PrincipalKey(com.enonic.xp.security.PrincipalKey) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 10 with PrincipalKey

use of com.enonic.xp.security.PrincipalKey in project xp by enonic.

the class SecurityServiceImplTest method testCreateUserDuplicatedEmail.

@Test
public void testCreateUserDuplicatedEmail() {
    try {
        runAsAdmin(() -> {
            final PrincipalKey userKey1 = PrincipalKey.ofUser(SYSTEM, "User1");
            final CreateUserParams createUser1 = CreateUserParams.create().userKey(userKey1).displayName("User 1").email("same_email@enonic.com").login("User1").password("123456").build();
            final PrincipalKey userKey2 = PrincipalKey.ofUser(SYSTEM, "user2");
            final CreateUserParams createUser2 = CreateUserParams.create().userKey(userKey2).displayName("User 2").email("same_email@enonic.com").login("user2").build();
            securityService.createUser(createUser1);
            securityService.createUser(createUser2);
        });
        fail("Expected exception");
    } catch (IllegalArgumentException e) {
        assertEquals("A user with email 'same_email@enonic.com' already exists in id provider 'system'", e.getMessage());
    }
}
Also used : CreateUserParams(com.enonic.xp.security.CreateUserParams) PrincipalKey(com.enonic.xp.security.PrincipalKey) AbstractElasticsearchIntegrationTest(com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest) Test(org.junit.jupiter.api.Test)

Aggregations

PrincipalKey (com.enonic.xp.security.PrincipalKey)84 Test (org.junit.jupiter.api.Test)47 PropertyTree (com.enonic.xp.data.PropertyTree)22 User (com.enonic.xp.security.User)18 AbstractElasticsearchIntegrationTest (com.enonic.xp.repo.impl.elasticsearch.AbstractElasticsearchIntegrationTest)15 CreateUserParams (com.enonic.xp.security.CreateUserParams)14 PrincipalKeys (com.enonic.xp.security.PrincipalKeys)14 Instant (java.time.Instant)12 Node (com.enonic.xp.node.Node)10 DescriptorKey (com.enonic.xp.page.DescriptorKey)10 Context (com.enonic.xp.context.Context)9 IdProviderKey (com.enonic.xp.security.IdProviderKey)9 PrincipalRelationship (com.enonic.xp.security.PrincipalRelationship)9 CreateGroupParams (com.enonic.xp.security.CreateGroupParams)8 AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)8 NodeId (com.enonic.xp.node.NodeId)7 NodeQuery (com.enonic.xp.node.NodeQuery)7 ScheduledJob (com.enonic.xp.scheduler.ScheduledJob)7 Group (com.enonic.xp.security.Group)6 AccessControlList (com.enonic.xp.security.acl.AccessControlList)6