Examples with PasswordOperationTimeoutException cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException used on opensource projects

Example 1 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method reserveRandomPassword.

@Override
public void reserveRandomPassword(PerunSession sess, User user, String loginNamespace) throws PasswordCreationFailedException, LoginNotExistsException, PasswordOperationTimeoutException, PasswordStrengthFailedException, InvalidLoginException {
    log.info("Reserving password for {} in login-namespace {}.", user, loginNamespace);
    // Get login.
    try {
        Attribute attr = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + AttributesManager.LOGIN_NAMESPACE + ":" + loginNamespace);
        if (attr.getValue() == null) {
            throw new LoginNotExistsException("Attribute containing login has empty value. Namespace: " + loginNamespace);
        }
        // Create the password
        PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
        try {
            module.reserveRandomPassword(sess, attr.valueAsString());
        } catch (PasswordCreationFailedRuntimeException e) {
            throw new PasswordCreationFailedException(e);
        } catch (PasswordOperationTimeoutRuntimeException e) {
            throw new PasswordOperationTimeoutException(e);
        } catch (PasswordStrengthFailedRuntimeException e) {
            throw new PasswordStrengthFailedException(e);
        } catch (InvalidLoginException e) {
            throw e;
        } catch (Exception ex) {
            // fallback for exception compatibility
            throw new PasswordCreationFailedException("Password creation failed for " + loginNamespace + ":" + attr.valueAsString() + ".", ex);
        }
    } catch (AttributeNotExistsException e) {
        throw new LoginNotExistsException(e);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
}

Example 2 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method reservePassword.

@Override
public void reservePassword(PerunSession sess, User user, String loginNamespace, String password) throws PasswordCreationFailedException, LoginNotExistsException, PasswordOperationTimeoutException, PasswordStrengthFailedException, InvalidLoginException, PasswordStrengthException {
    log.info("Reserving password for {} in login-namespace {}.", user, loginNamespace);
    // Get login.
    try {
        Attribute attr = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + AttributesManager.LOGIN_NAMESPACE + ":" + loginNamespace);
        if (attr.getValue() == null) {
            throw new LoginNotExistsException("Attribute containing login has empty value. Namespace: " + loginNamespace);
        }
        // Create the password
        PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
        try {
            module.reservePassword(sess, attr.valueAsString(), password);
        } catch (PasswordCreationFailedRuntimeException e) {
            throw new PasswordCreationFailedException(e);
        } catch (PasswordOperationTimeoutRuntimeException e) {
            throw new PasswordOperationTimeoutException(e);
        } catch (PasswordStrengthFailedRuntimeException e) {
            throw new PasswordStrengthFailedException(e);
        } catch (InvalidLoginException | PasswordStrengthException e) {
            throw e;
        } catch (Exception ex) {
            // fallback for exception compatibility
            throw new PasswordCreationFailedException("Password creation failed for " + loginNamespace + ":" + attr.valueAsString() + ".", ex);
        }
    } catch (AttributeNotExistsException e) {
        throw new LoginNotExistsException(e);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
}

Example 3 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class GroupsManagerBlImpl method deleteAnyGroup.

/**
 * If forceDelete is false, delete only group which has no subgroup and no member.
 * If forceDelete is true, delete group with all subgroups and members.
 *
 * @param sess
 * @param group
 * @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
 * @throws InternalErrorException
 * @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
 * @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
 */
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
    Vo vo = this.getVo(sess, group);
    if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
        if (!forceDelete)
            throw new RelationExistsException("Group group=" + group + " contains subgroups");
        // get subgroups of this group
        List<Group> subGroups = getSubGroups(sess, group);
        for (Group subGroup : subGroups) {
            deleteAnyGroup(sess, subGroup, true);
        }
    }
    if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
        throw new RelationExistsException("Group group=" + group + " contains members");
    }
    List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
    try {
        for (AssignedResource assignedResource : assignedResources) {
            if (assignedResource.getSourceGroupId() == null) {
                getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
            } else {
                getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
            }
        }
        // remove group's attributes
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
    } catch (GroupNotDefinedOnResourceException ex) {
        throw new ConsistencyErrorException(ex);
    } catch (AttributeValueException ex) {
        throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
    }
    // delete all Groups reserved logins from KDC
    List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
    for (Integer appId : list) {
        // for each application
        for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
            // for all reserved logins - delete them in ext. system (e.g. KDC)
            try {
                // left = namespace / right = login
                getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
            } catch (LoginNotExistsException ex) {
                log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
            } catch (InvalidLoginException e) {
                throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
            } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
                throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
            }
        }
    }
    // delete all Groups reserved logins from DB
    getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
    // remove all assigned ExtSources to this group
    List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
    for (ExtSource source : assignedSources) {
        try {
            getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
        } catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
            // Just log this, because if method can't remove it, it is probably not assigned now
            log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
        }
    }
    // 1. remove all relations with group g as an operand group.
    // this removes all relations that depend on this group
    List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
    for (Integer groupId : relations) {
        removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
    }
    // 2. remove all relations with group as a result group
    // We can remove relations without recalculation (@see removeRelationMembers)
    // because all dependencies of group were deleted in step 1.
    groupsManagerImpl.removeResultGroupRelations(sess, group);
    // Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
    List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
    // delete all member-group attributes
    for (Member member : membersFromDeletedGroup) {
        try {
            perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
        } catch (AttributeValueException ex) {
            throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
        } catch (MemberGroupMismatchException e) {
            throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
        }
    }
    // remove admin roles of group
    List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
    for (Facility facility : facilitiesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
    for (Group group1 : groupsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
    for (Resource resource : resourcesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
    for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
        try {
            perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        }
    }
    List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
    for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
    for (Vo vo1 : vosWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove admins of this group
    List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // Deletes also all direct and indirect members of the group
    getGroupsManagerImpl().deleteGroup(sess, vo, group);
    logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
    getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}

Example 4 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class MembersManagerImpl method rejectAllMemberOpenApplications.

@Override
public void rejectAllMemberOpenApplications(PerunSession sess, Member member) {
    try {
        List<Integer> ids = jdbc.query("select id from application " + "where user_id=? and vo_id=? and state not in (?, ?)", new SingleColumnRowMapper<>(Integer.class), member.getUserId(), member.getVoId(), rejected, approved);
        if (ids.isEmpty()) {
            return;
        }
        MapSqlParameterSource parameters = new MapSqlParameterSource();
        parameters.addValue("ids", ids);
        parameters.addValue("userId", sess.getPerunPrincipal().getUserId());
        parameters.addValue("state", rejected);
        namedParameterJdbcTemplate.update("update application set state=:state, modified_at=" + Compatibility.getSysdate() + ", modified_by_uid=:userId " + "where id in (:ids)", parameters);
        // get all reserved logins
        List<Pair<String, String>> logins = namedParameterJdbcTemplate.query("select namespace,login from application_reserved_logins " + "where app_id in (:ids)", parameters, (resultSet, arg1) -> new Pair<>(resultSet.getString("namespace"), resultSet.getString("login")));
        // delete passwords for reserved logins
        for (Pair<String, String> login : logins) {
            try {
                // left = namespace / right = login
                ((PerunBl) sess.getPerun()).getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
            } catch (LoginNotExistsException ex) {
                log.error("Login: {} not exists while deleting passwords in rejected applications for member: {}", login.getLeft(), member);
            } catch (PasswordOperationTimeoutException | InvalidLoginException | PasswordDeletionFailedException e) {
                throw new InternalErrorException("Unable to delete password for Login: " + login.getLeft() + " in rejected applications for member: " + member + ".", e);
            }
        }
        // free any login from reservation when application is rejected
        namedParameterJdbcTemplate.update("delete from application_reserved_logins " + "where app_id in (:ids)", parameters);
    } catch (RuntimeException e) {
        throw new InternalErrorException(e);
    }
}

Example 5 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method deletePassword.

@Override
public void deletePassword(PerunSession sess, String userLogin, String loginNamespace) throws LoginNotExistsException, PasswordDeletionFailedException, PasswordOperationTimeoutException, InvalidLoginException {
    log.info("Deleting password for {} in login-namespace {}.", userLogin, loginNamespace);
    // Delete the password
    PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
    try {
        module.deletePassword(sess, userLogin);
    } catch (PasswordDeletionFailedRuntimeException e) {
        throw new PasswordDeletionFailedException(e);
    } catch (LoginNotExistsRuntimeException e) {
        throw new LoginNotExistsException(e);
    } catch (PasswordOperationTimeoutRuntimeException e) {
        throw new PasswordOperationTimeoutException(e);
    } catch (InvalidLoginException e) {
        throw e;
    } catch (Exception ex) {
        // fallback for exception compatibility
        throw new PasswordDeletionFailedException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".", ex);
    }
}