Search in sources :

Example 1 with PasswordDoesntMatchRuntimeException

use of cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException in project perun by CESNET.

the class UsersManagerBlImpl method managePassword.

/**
	 * Calls external program which do the job with the password.
	 *
	 * Return codes of the external program
	 * If password check fails then return 1
	 * If there is no handler for loginNamespace return 2
	 * If setting of the new password failed return 3
	 *
	 * @param sess
	 * @param operation
	 * @param userLogin
	 * @param loginNamespace
	 * @param password
	 * @throws InternalErrorException
	 */
protected void managePassword(PerunSession sess, String operation, String userLogin, String loginNamespace, String password) throws InternalErrorException {
    // If new PWDMGR module exists, use-it
    PasswordManagerModule module = null;
    try {
        module = getPasswordManagerModule(sess, loginNamespace);
    } catch (Exception ex) {
    // silently skip
    }
    if (module != null) {
        if (operation.equals(PASSWORD_RESERVE)) {
            try {
                module.reservePassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_RESERVE_RANDOM)) {
            try {
                module.reserveRandomPassword(sess, userLogin);
                return;
            } catch (Exception ex) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_CHECK)) {
            try {
                module.checkPassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordDoesntMatchRuntimeException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_VALIDATE)) {
            module.validatePassword(sess, userLogin);
            return;
        }
        if (operation.equals(PASSWORD_CHANGE)) {
            try {
                module.changePassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordChangeFailedRuntimeException("Password change failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_DELETE)) {
            try {
                module.deletePassword(sess, userLogin);
                return;
            } catch (Exception ex) {
                throw new PasswordDeletionFailedRuntimeException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
    }
    // use good old way
    // Check validity of original password
    ProcessBuilder pb = new ProcessBuilder(BeansUtils.getCoreConfig().getPasswordManagerProgram(), operation, loginNamespace, userLogin);
    Process process;
    try {
        process = pb.start();
    } catch (IOException e) {
        throw new InternalErrorException(e);
    }
    InputStream es = process.getErrorStream();
    if (operation.equals(PASSWORD_CHANGE) || operation.equals(PASSWORD_CHECK) || operation.equals(PASSWORD_RESERVE)) {
        OutputStream os = process.getOutputStream();
        if (password == null || password.isEmpty()) {
            throw new EmptyPasswordRuntimeException("Password for " + loginNamespace + ":" + userLogin + " cannot be empty.");
        }
        // Write password to the stdin of the program
        PrintWriter pw = new PrintWriter(os, true);
        pw.write(password);
        pw.close();
    }
    // If non-zero exit code is returned, then try to read error output
    try {
        if (process.waitFor() != 0) {
            if (process.exitValue() == 1) {
                throw new PasswordDoesntMatchRuntimeException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 3) {
                throw new PasswordChangeFailedRuntimeException("Password change failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 4) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 5) {
                throw new PasswordDeletionFailedRuntimeException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 6) {
                throw new LoginNotExistsRuntimeException("User login doesn't exists in underlying system for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 11) {
                throw new PasswordStrengthFailedRuntimeException("Password to set doesn't match expected restrictions for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 12) {
                throw new PasswordOperationTimeoutRuntimeException("Operation with password exceeded expected limit for " + loginNamespace + ":" + userLogin + ".");
            } else {
                // Some other error occured
                BufferedReader inReader = new BufferedReader(new InputStreamReader(es));
                StringBuffer errorMsg = new StringBuffer();
                String line;
                try {
                    while ((line = inReader.readLine()) != null) {
                        errorMsg.append(line);
                    }
                } catch (IOException e) {
                    throw new InternalErrorException(e);
                }
                throw new InternalErrorException(errorMsg.toString());
            }
        }
    } catch (InterruptedException e) {
        throw new InternalErrorException(e);
    }
}
Also used : InputStreamReader(java.io.InputStreamReader) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException) LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException) IOException(java.io.IOException) PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException) PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException) PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException) PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException) IOException(java.io.IOException) PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException) EmptyPasswordRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.EmptyPasswordRuntimeException) PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException) LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException) EmptyPasswordRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.EmptyPasswordRuntimeException) PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException) PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException) PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException) PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException) PasswordManagerModule(cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule) BufferedReader(java.io.BufferedReader) PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException) PrintWriter(java.io.PrintWriter)

Example 2 with PasswordDoesntMatchRuntimeException

use of cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException in project perun by CESNET.

the class UsersManagerBlImpl method changePassword.

@Override
public void changePassword(PerunSession sess, User user, String loginNamespace, String oldPassword, String newPassword, boolean checkOldPassword) throws LoginNotExistsException, PasswordDoesntMatchException, PasswordChangeFailedException, PasswordOperationTimeoutException, PasswordStrengthFailedException, InvalidLoginException, PasswordStrengthException {
    log.info("Changing password for {} in login-namespace {}.", user, loginNamespace);
    // Get User login in loginNamespace
    Attribute userLogin;
    try {
        userLogin = getPerunBl().getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:" + loginNamespace);
    } catch (AttributeNotExistsException e) {
        throw new LoginNotExistsException(e);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
    PasswordManagerModule module = getPasswordManagerModule(sess, loginNamespace);
    // Check password if it was requested
    if (checkOldPassword) {
        try {
            module.checkPassword(sess, userLogin.valueAsString(), oldPassword);
        } catch (PasswordDoesntMatchRuntimeException e) {
            throw new PasswordDoesntMatchException(e);
        } catch (PasswordOperationTimeoutRuntimeException e) {
            throw new PasswordOperationTimeoutException(e);
        } catch (Exception ex) {
            // fallback for exception compatibility
            throw new PasswordDoesntMatchException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".", ex);
        }
    }
    // Change the password
    try {
        module.changePassword(sess, userLogin.valueAsString(), newPassword);
    } catch (PasswordChangeFailedRuntimeException e) {
        throw new PasswordChangeFailedException(e);
    } catch (PasswordOperationTimeoutRuntimeException e) {
        throw new PasswordOperationTimeoutException(e);
    } catch (PasswordStrengthFailedRuntimeException e) {
        throw new PasswordStrengthFailedException(e);
    } catch (InvalidLoginException | PasswordStrengthException e) {
        throw e;
    } catch (Exception ex) {
        // fallback for exception compatibility
        throw new PasswordChangeFailedException("Password change failed for " + loginNamespace + ":" + userLogin + ".", ex);
    }
    // validate and set user ext sources
    try {
        this.validatePassword(sess, user, loginNamespace);
    } catch (PasswordCreationFailedException ex) {
        throw new PasswordChangeFailedException(ex);
    }
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) PasswordCreationFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordCreationFailedException) PasswordOperationTimeoutRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordOperationTimeoutRuntimeException) RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException) MemberAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.MemberAlreadyRemovedException) PasswordCreationFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordCreationFailedException) UserExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceAlreadyRemovedException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException) PasswordStrengthFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException) PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException) SpecificUserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserAlreadyRemovedException) AlreadyReservedLoginException(cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException) SpecificUserOwnerAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.SpecificUserOwnerAlreadyRemovedException) IllegalArgumentException(cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) AlreadyAdminException(cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException) PasswordChangeFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordChangeFailedException) PasswordResetLinkExpiredException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkExpiredException) InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException) UserExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceNotExistsException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) MemberNotExistsException(cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException) PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException) UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException) LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException) PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException) PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException) UserAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.UserAlreadyRemovedException) PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) RelationNotExistsException(cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException) PasswordDoesntMatchException(cz.metacentrum.perun.core.api.exceptions.PasswordDoesntMatchException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException) PasswordResetLinkNotValidException(cz.metacentrum.perun.core.api.exceptions.PasswordResetLinkNotValidException) UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException) PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException) AnonymizationNotSupportedException(cz.metacentrum.perun.core.api.exceptions.AnonymizationNotSupportedException) PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException) PasswordDoesntMatchRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDoesntMatchRuntimeException) PasswordChangeFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException) PasswordStrengthFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordStrengthFailedRuntimeException) InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException) PasswordManagerModule(cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule) GenericPasswordManagerModule(cz.metacentrum.perun.core.impl.modules.pwdmgr.GenericPasswordManagerModule) PasswordStrengthFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthFailedException) PasswordDoesntMatchException(cz.metacentrum.perun.core.api.exceptions.PasswordDoesntMatchException) PasswordChangeFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordChangeFailedException) PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException)

Aggregations

LoginNotExistsRuntimeException (cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException)2 PasswordChangeFailedRuntimeException (cz.metacentrum.perun.core.api.exceptions.rt.PasswordChangeFailedRuntimeException)2 PasswordCreationFailedRuntimeException (cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException)2 PasswordDeletionFailedRuntimeException (cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException)2 Attribute (cz.metacentrum.perun.core.api.Attribute)1 AlreadyAdminException (cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException)1 AlreadyReservedLoginException (cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException)1 AnonymizationNotSupportedException (cz.metacentrum.perun.core.api.exceptions.AnonymizationNotSupportedException)1 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)1 BanNotExistsException (cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)1 ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)1 ExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)1 IllegalArgumentException (cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)1 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)1 InvalidLoginException (cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)1 LoginNotExistsException (cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)1 MemberAlreadyRemovedException (cz.metacentrum.perun.core.api.exceptions.MemberAlreadyRemovedException)1 MemberNotExistsException (cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException)1 PasswordChangeFailedException (cz.metacentrum.perun.core.api.exceptions.PasswordChangeFailedException)1 PasswordCreationFailedException (cz.metacentrum.perun.core.api.exceptions.PasswordCreationFailedException)1