Examples with AccountSelector com.zimbra.soap.type.AccountSelector used on opensource projects

Example 1 with AccountSelector

use of com.zimbra.soap.type.AccountSelector in project zm-mailbox by Zimbra.

the class ZMailbox method changePassword.

private ZChangePasswordResult changePassword(String key, AccountBy by, String oldPassword, String newPassword, String virtualHost) throws ServiceException {
    if (mTransport == null) {
        throw ZClientException.CLIENT_ERROR("must call setURI before calling changePassword", null);
    }
    AccountSelector account = new AccountSelector(SoapConverter.TO_SOAP_ACCOUNT_BY.apply(by), key);
    ChangePasswordRequest req = new ChangePasswordRequest(account, oldPassword, newPassword);
    req.setVirtualHost(virtualHost);
    ChangePasswordResponse res = invokeJaxb(req);
    return new ZChangePasswordResult(res);
}

Example 2 with AccountSelector

use of com.zimbra.soap.type.AccountSelector in project zm-mailbox by Zimbra.

the class ZMailbox method authByPassword.

public ZAuthResult authByPassword(Options options, String password) throws ServiceException {
    if (mTransport == null) {
        throw ZClientException.CLIENT_ERROR("must call setURI before calling authenticate", null);
    }
    AccountSelector account = new AccountSelector(com.zimbra.soap.type.AccountBy.name, options.getAccount());
    AuthRequest auth = new AuthRequest(account, password);
    auth.setPassword(password);
    auth.setTwoFactorCode(options.getTwoFactorCode());
    auth.setVirtualHost(options.getVirtualHost());
    auth.setRequestedSkin(options.getRequestedSkin());
    auth.setCsrfSupported(options.getCsrfSupported());
    auth.setDeviceTrusted(options.getTrustedDevice());
    if (options.getTrustedDevice()) {
        auth.setDeviceTrusted(true);
    }
    if (options.getAuthToken() != null) {
        auth.setAuthToken(new AuthToken(options.getAuthToken().getValue(), false));
    }
    if (options.getDeviceId() != null) {
        auth.setDeviceId(options.getDeviceId());
    }
    if (options.getTrustedDeviceToken() != null) {
        auth.setTrustedDeviceToken(options.getTrustedDeviceToken());
    }
    if (options.getGenerateDeviceId()) {
        auth.setGenerateDeviceId(true);
    }
    addAttrsAndPrefs(auth, options);
    AuthResponse authRes = invokeJaxb(auth);
    ZAuthResult r = new ZAuthResult(authRes);
    r.setSessionId(mTransport.getSessionId());
    return r;
}

Example 3 with AccountSelector

use of com.zimbra.soap.type.AccountSelector in project zm-mailbox by Zimbra.

the class GetAdminConsoleUIComp method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    GetAdminConsoleUICompRequest req = JaxbUtil.elementToJaxb(request);
    AccountSelector accountSel = req.getAccount();
    DistributionListSelector dlSel = req.getDl();
    Element resp = zsc.createElement(AdminConstants.GET_ADMIN_CONSOLE_UI_COMP_RESPONSE);
    if ((null != accountSel) && (null != dlSel)) {
        throw ServiceException.INVALID_REQUEST("can only specify eith account or dl", null);
    }
    Account authedAcct = getAuthenticatedAccount(zsc);
    Set<String> added = new HashSet<String>();
    GroupMembership aclGroups = null;
    if (accountSel != null) {
        AccountBy by = accountSel.getBy().toKeyAccountBy();
        String key = accountSel.getKey();
        Account acct = prov.get(by, key);
        AccountHarvestingCheckerUsingCheckRight checker = new AccountHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewAccountAdminUI);
        if (acct == null) {
            defendAgainstAccountHarvestingWhenAbsent(by, key, zsc, checker);
        } else {
            if (!authedAcct.getId().equals(acct.getId())) {
                defendAgainstAccountHarvesting(acct, by, key, zsc, checker);
            }
            addValues(acct, resp, added, false);
            aclGroups = prov.getGroupMembership(acct, true);
        }
    } else if (dlSel != null) {
        Key.DistributionListBy by = dlSel.getBy().toKeyDistributionListBy();
        String key = dlSel.getKey();
        DistributionList dl = prov.getDLBasic(by, key);
        GroupHarvestingCheckerUsingCheckRight checker = new GroupHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewDistributionListAdminUI);
        if (dl == null) {
            defendAgainstGroupHarvestingWhenAbsent(by, key, zsc, checker);
        } else {
            defendAgainstGroupHarvesting(dl, by, key, zsc, checker);
            addValues(dl, resp, added, false);
            aclGroups = prov.getGroupMembership(dl, true);
        }
    } else {
        // use the authed account
        addValues(authedAcct, resp, added, false);
        aclGroups = prov.getGroupMembership(authedAcct, true);
    }
    if (aclGroups != null) {
        for (String groupId : aclGroups.groupIds()) {
            DistributionList dl = prov.get(Key.DistributionListBy.id, groupId);
            addValues(dl, resp, added, true);
        }
    }
    return resp;
}

Example 4 with AccountSelector

use of com.zimbra.soap.type.AccountSelector in project zm-mailbox by Zimbra.

the class TestAuthentication method testAccountLockout.

public void testAccountLockout() throws Exception {
    String wrongPassword1 = "test1234";
    String wrongPassword2 = "test12345";
    Account acct = TestUtil.getAccount(USER_NAME);
    acct.setPasswordLockoutMaxFailures(2);
    acct.setPasswordLockoutEnabled(true);
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
    AccountSelector acctSel = new AccountSelector(com.zimbra.soap.type.AccountBy.name, acct.getName());
    AuthRequest req = new AuthRequest(acctSel, wrongPassword1);
    // Verify lockout happen after 2 invalid login using same password.
    Element resp;
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    Assert.assertTrue("account is not lockedout", verifyLockedoutAndReactivateAccount(acct, transport));
    // Add Soap protocol to PasswordLockoutSuppressionProtocols
    acct.setPasswordLockoutSuppressionProtocols(PasswordLockoutSuppressionProtocols.soap);
    // Verify lock out should not happen after 2 invalid login using same password and next login with different invalid password should be locked out.
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    Assert.assertTrue("account is not active", acct.getAccountStatus().equals(AccountStatus.active));
    req = new AuthRequest(acctSel, wrongPassword2);
    try {
        resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    } catch (ServiceException e) {
    }
    Assert.assertTrue("account is not lockedout", verifyLockedoutAndReactivateAccount(acct, transport));
    acct.setPasswordLockoutSuppressionEnabled(false);
}

Example 5 with AccountSelector

use of com.zimbra.soap.type.AccountSelector in project zm-mailbox by Zimbra.

the class TestAuthentication method testAuthViaPreauthToken.

/**
     * test auth request with preauth in SOAP instead of login/password
     * @throws Exception
     */
public void testAuthViaPreauthToken() throws Exception {
    long timestamp = System.currentTimeMillis();
    long expires = timestamp + 60000;
    String domainPreAuthKey = setUpAndReturnDomainAuthKey();
    Account a = TestUtil.getAccount(USER_NAME);
    AccountSelector acctSel = new AccountSelector(com.zimbra.soap.type.AccountBy.name, a.getName());
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
    AuthRequest req = new AuthRequest(acctSel);
    HashMap<String, String> params = new HashMap<String, String>();
    params.put("account", a.getName());
    params.put("by", "name");
    params.put("timestamp", timestamp + "");
    params.put("expires", expires + "");
    PreAuth preAuth = new PreAuth().setExpires(expires).setTimestamp(timestamp).setValue(PreAuthKey.computePreAuth(params, domainPreAuthKey));
    req = req.setPreauth(preAuth);
    Element resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    AuthResponse authResp = JaxbUtil.elementToJaxb(resp);
    assertTrue("Lifetime is invalid", authResp.getLifetime() < expires - timestamp);
    String newAuthToken = authResp.getAuthToken();
    assertNotNull("should have received a new authtoken", newAuthToken);
    assertTrue("should have a received a non-empty authtoken", newAuthToken.length() > 0);
    AuthToken at = ZimbraAuthToken.getAuthToken(newAuthToken);
    assertTrue("new auth token should be registered", at.isRegistered());
    assertFalse("new auth token should not be expired yet", at.isExpired());
}