Examples with PasswordOperationTimeoutException cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException used on opensource projects

Example 6 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method deletePassword.

@Override
public void deletePassword(PerunSession sess, User user, String loginNamespace) throws LoginNotExistsException, PasswordDeletionFailedException, PasswordOperationTimeoutException, InvalidLoginException {
    log.info("Deleting password for {} in login-namespace {}.", user, loginNamespace);
    // Delete the password
    PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
    try {
        Attribute attr = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + AttributesManager.LOGIN_NAMESPACE + ":" + loginNamespace);
        if (attr.getValue() == null) {
            throw new LoginNotExistsException("Attribute containing login has empty value. Namespace: " + loginNamespace);
        }
        module.deletePassword(sess, attr.valueAsString());
    } catch (PasswordDeletionFailedRuntimeException e) {
        throw new PasswordDeletionFailedException(e);
    } catch (LoginNotExistsRuntimeException e) {
        throw new LoginNotExistsException(e);
    } catch (PasswordOperationTimeoutRuntimeException e) {
        throw new PasswordOperationTimeoutException(e);
    } catch (Exception ex) {
        // fallback for exception compatibility
        throw new PasswordDeletionFailedException("Password deletion failed for " + loginNamespace + ": " + user + ".", ex);
    }
}

Example 7 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method deleteUser.

private void deleteUser(PerunSession sess, User user, boolean forceDelete, boolean anonymizeInstead) throws RelationExistsException, MemberAlreadyRemovedException, UserAlreadyRemovedException, SpecificUserAlreadyRemovedException, AnonymizationNotSupportedException {
    List<Member> members = getPerunBl().getMembersManagerBl().getMembersByUser(sess, user);
    if (members != null && (members.size() > 0)) {
        if (forceDelete) {
            for (Member member : members) {
                getPerunBl().getMembersManagerBl().deleteMember(sess, member);
            }
        } else {
            throw new RelationExistsException("Members exist");
        }
    }
    if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && forceDelete) {
        getPerunBl().getSecurityTeamsManagerBl().removeUserFromAllBlacklists(sess, user);
    } else if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && !forceDelete) {
        throw new RelationExistsException("User is blacklisted by some security team. Deletion would cause loss of this information.");
    }
    // First delete all associated external sources to the user
    removeAllUserExtSources(sess, user);
    getPerunBl().getAuditer().log(sess, new AllUserExtSourcesDeletedForUser(user));
    // delete all authorships of users publications
    getUsersManagerImpl().removeAllAuthorships(sess, user);
    // delete all mailchange request related to user
    getUsersManagerImpl().removeAllPreferredEmailChangeRequests(sess, user);
    // delete all pwdreset request related to user
    getUsersManagerImpl().removeAllPasswordResetRequests(sess, user);
    // get all reserved logins of user
    List<Pair<String, String>> logins = getUsersManagerImpl().getUsersReservedLogins(user);
    // delete them from KDC
    for (Pair<String, String> login : logins) {
        try {
            // !! left = namespace / right = login
            this.deletePassword(sess, login.getRight(), login.getLeft());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of an account at {} for user {} with login {}.", login.getLeft(), user, login.getRight());
            } else {
                throw new RelationExistsException("Error during deletion of an account at " + login.getLeft() + " for user " + user + " with login " + login.getRight() + ".");
            }
        }
    }
    // delete them from DB
    getUsersManagerImpl().deleteUsersReservedLogins(user);
    // Remove all possible passwords associated with logins (stored in attributes)
    for (Attribute loginAttribute : getPerunBl().getAttributesManagerBl().getLogins(sess, user)) {
        try {
            this.deletePassword(sess, (String) loginAttribute.getValue(), loginAttribute.getFriendlyNameParameter());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of the account at {} for user {} with login {}.", loginAttribute.getFriendlyNameParameter(), user, loginAttribute.getValue());
            } else {
                throw new RelationExistsException("Error during deletion of the account at " + loginAttribute.getFriendlyNameParameter() + " for user " + user + " with login " + loginAttribute.getValue() + ".");
            }
        }
    }
    // Delete, keep or anonymize assigned attributes
    try {
        // User-Facilities one
        getPerunBl().getAttributesManagerBl().removeAllUserFacilityAttributes(sess, user);
        // Users one
        if (anonymizeInstead) {
            List<String> attributesToAnonymize = BeansUtils.getCoreConfig().getAttributesToAnonymize();
            List<String> attributesToKeep = BeansUtils.getCoreConfig().getAttributesToKeep();
            List<Attribute> userAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
            for (Attribute attribute : userAttributes) {
                // Skip core and virtual attributes
                if (getPerunBl().getAttributesManagerBl().isCoreAttribute(sess, attribute) || getPerunBl().getAttributesManagerBl().isVirtAttribute(sess, attribute)) {
                    continue;
                }
                // Skip attributes configured to keep untouched
                if (attributesToKeep.contains(attribute.getName()) || // Attributes like 'login-namespace:mu' are configured as 'login-namespace:*'
                (!attribute.getFriendlyNameParameter().isEmpty() && attributesToKeep.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    continue;
                }
                // Anonymize configured attributes
                if (attributesToAnonymize.contains(attribute.getName()) || (!attribute.getFriendlyNameParameter().isEmpty() && attributesToAnonymize.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    Attribute anonymized = getPerunBl().getAttributesManagerBl().getAnonymizedValue(sess, user, attribute);
                    getPerunBl().getAttributesManagerBl().setAttribute(sess, user, anonymized);
                } else {
                    // Delete remaining attributes
                    getPerunBl().getAttributesManagerBl().removeAttribute(sess, user, attribute);
                }
            }
        } else {
            getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, user);
        }
    } catch (WrongAttributeValueException | WrongReferenceAttributeValueException | WrongAttributeAssignmentException ex) {
        // All members are deleted => there are no required attributes => all attributes can be removed
        throw new ConsistencyErrorException(ex);
    }
    // Remove user authz
    AuthzResolverBlImpl.removeAllUserAuthz(sess, user);
    // delete even inactive links
    usersManagerImpl.deleteSponsorLinks(sess, user);
    // Remove all users bans
    List<BanOnFacility> bansOnFacility = getPerunBl().getFacilitiesManagerBl().getBansForUser(sess, user.getId());
    for (BanOnFacility banOnFacility : bansOnFacility) {
        try {
            getPerunBl().getFacilitiesManagerBl().removeBan(sess, banOnFacility.getId());
        } catch (BanNotExistsException ex) {
        // it is ok, we just want to remove it anyway
        }
    }
    // Remove all sponsored user authz of his owners
    if (user.isSponsoredUser())
        AuthzResolverBlImpl.removeAllSponsoredUserAuthz(sess, user);
    if (anonymizeInstead) {
        getUsersManagerImpl().anonymizeUser(sess, user);
        // delete all users applications and submitted data, this is needed only when 'anonymizeInstead'
        // because applications are deleted on cascade when user's row is deleted in DB
        getUsersManagerImpl().deleteUsersApplications(user);
    } else {
        // Finally delete the user
        getUsersManagerImpl().deleteUser(sess, user);
        getPerunBl().getAuditer().log(sess, new UserDeleted(user));
    }
}

Example 8 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method reservePassword.

@Override
public void reservePassword(PerunSession sess, String userLogin, String loginNamespace, String password) throws PasswordCreationFailedException, PasswordOperationTimeoutException, PasswordStrengthFailedException, InvalidLoginException, PasswordStrengthException {
    log.info("Reserving password for {} in login-namespace {}.", userLogin, loginNamespace);
    // Reserve the password
    PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
    try {
        module.reservePassword(sess, userLogin, password);
    } catch (PasswordCreationFailedRuntimeException e) {
        throw new PasswordCreationFailedException(e);
    } catch (PasswordOperationTimeoutRuntimeException e) {
        throw new PasswordOperationTimeoutException(e);
    } catch (PasswordStrengthFailedRuntimeException e) {
        throw new PasswordStrengthFailedException(e);
    } catch (InvalidLoginException | PasswordStrengthException e) {
        throw e;
    } catch (Exception ex) {
        // fallback for exception compatibility
        throw new PasswordCreationFailedException("Password creation failed for " + loginNamespace + ":" + userLogin + ".", ex);
    }
}

Example 9 with PasswordOperationTimeoutException

use of cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException in project perun by CESNET.

the class UsersManagerBlImpl method changePassword.

@Override
public void changePassword(PerunSession sess, User user, String loginNamespace, String oldPassword, String newPassword, boolean checkOldPassword) throws LoginNotExistsException, PasswordDoesntMatchException, PasswordChangeFailedException, PasswordOperationTimeoutException, PasswordStrengthFailedException, InvalidLoginException, PasswordStrengthException {
    log.info("Changing password for {} in login-namespace {}.", user, loginNamespace);
    // Get User login in loginNamespace
    Attribute userLogin;
    try {
        userLogin = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:" + loginNamespace);
    } catch (AttributeNotExistsException e) {
        throw new LoginNotExistsException(e);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
    PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
    // Check password if it was requested
    if (checkOldPassword) {
        try {
            module.checkPassword(sess, userLogin.valueAsString(), oldPassword);
        } catch (PasswordDoesntMatchRuntimeException e) {
            throw new PasswordDoesntMatchException(e);
        } catch (PasswordOperationTimeoutRuntimeException e) {
            throw new PasswordOperationTimeoutException(e);
        } catch (Exception ex) {
            // fallback for exception compatibility
            throw new PasswordDoesntMatchException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".", ex);
        }
    }
    // Change the password
    try {
        module.changePassword(sess, userLogin.valueAsString(), newPassword);
    } catch (PasswordChangeFailedRuntimeException e) {
        throw new PasswordChangeFailedException(e);
    } catch (PasswordOperationTimeoutRuntimeException e) {
        throw new PasswordOperationTimeoutException(e);
    } catch (PasswordStrengthFailedRuntimeException e) {
        throw new PasswordStrengthFailedException(e);
    } catch (InvalidLoginException | PasswordStrengthException e) {
        throw e;
    } catch (Exception ex) {
        // fallback for exception compatibility
        throw new PasswordChangeFailedException("Password change failed for " + loginNamespace + ":" + userLogin + ".", ex);
    }
    // validate and set user ext sources
    try {
        this.validatePassword(sess, user, loginNamespace);
    } catch (PasswordCreationFailedException ex) {
        throw new PasswordChangeFailedException(ex);
    }
}