Search in sources :

Example 61 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class EinfraPasswordManagerModule method validatePassword.

@Override
public void validatePassword(PerunSession sess, String userLogin, User user) throws InvalidLoginException {
    if (user == null) {
        user = ((PerunBl) sess.getPerun()).getModulesUtilsBl().getUserByLoginInNamespace(sess, userLogin, actualLoginNamespace);
    }
    if (user == null) {
        log.warn("No user was found by login '{}' in {} namespace.", userLogin, actualLoginNamespace);
    } else {
        PerunBl perunBl = ((PerunBl) sess.getPerun());
        // FIXME - find out more convenient place and support other namespaces
        try {
            Attribute attribute = perunBl.getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":lastPwdChangeTimestamp:einfra");
            LocalDateTime now = LocalDateTime.now();
            String value = now.format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"));
            attribute.setValue(value);
            perunBl.getAttributesManagerBl().setAttribute(sess, user, attribute);
        } catch (AttributeNotExistsException ignore) {
        // not supported by namespace
        } catch (Exception ex) {
            log.warn("Unable to set last password change timestamp for {} in {}", userLogin, actualLoginNamespace, ex);
        }
        // set extSources and extSource related attributes
        try {
            List<String> kerberosLogins = new ArrayList<>();
            // Set META and EINFRA userExtSources
            ExtSource extSource = perunBl.getExtSourcesManagerBl().getExtSourceByName(sess, "META");
            UserExtSource ues = new UserExtSource(extSource, userLogin + "@META");
            ues.setLoa(0);
            try {
                perunBl.getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            extSource = perunBl.getExtSourcesManagerBl().getExtSourceByName(sess, "EINFRA");
            ues = new UserExtSource(extSource, userLogin + "@EINFRA");
            ues.setLoa(0);
            try {
                perunBl.getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            extSource = perunBl.getExtSourcesManagerBl().getExtSourceByName(sess, "https://login.ics.muni.cz/idp/shibboleth");
            ues = new UserExtSource(extSource, userLogin + "@meta.cesnet.cz");
            ues.setLoa(0);
            try {
                perunBl.getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            // Store E-INFRA IdP UES
            extSource = perunBl.getExtSourcesManagerBl().getExtSourceByName(sess, "https://idp.e-infra.cz/idp/");
            ues = new UserExtSource(extSource, userLogin + "@idp.e-infra.cz");
            ues.setLoa(0);
            try {
                perunBl.getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            // Store E-INFRA CERT IdP UES
            extSource = perunBl.getExtSourcesManagerBl().getExtSourceByName(sess, "https://idp-cert.e-infra.cz/idp/");
            ues = new UserExtSource(extSource, userLogin + "@idp-cert.e-infra.cz");
            ues.setLoa(0);
            try {
                perunBl.getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            // Store also Kerberos logins
            Attribute kerberosLoginsAttr = perunBl.getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + "kerberosLogins");
            if (kerberosLoginsAttr != null && kerberosLoginsAttr.getValue() != null) {
                kerberosLogins.addAll(kerberosLoginsAttr.valueAsList());
            }
            boolean someChange = false;
            if (!kerberosLogins.contains(userLogin + "@EINFRA")) {
                kerberosLogins.add(userLogin + "@EINFRA");
                someChange = true;
            }
            if (!kerberosLogins.contains(userLogin + "@META")) {
                kerberosLogins.add(userLogin + "@META");
                someChange = true;
            }
            if (someChange && kerberosLoginsAttr != null) {
                kerberosLoginsAttr.setValue(kerberosLogins);
                perunBl.getAttributesManagerBl().setAttribute(sess, user, kerberosLoginsAttr);
            }
        } catch (WrongAttributeAssignmentException | AttributeNotExistsException | ExtSourceNotExistsException | WrongAttributeValueException | WrongReferenceAttributeValueException ex) {
            throw new InternalErrorException(ex);
        }
    }
    // validate password
    super.validatePassword(sess, userLogin, user);
}
Also used : LocalDateTime(java.time.LocalDateTime) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) PerunBl(cz.metacentrum.perun.core.bl.PerunBl) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) PasswordCreationFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordCreationFailedRuntimeException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) PerunRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PerunRuntimeException) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) IOException(java.io.IOException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) PasswordDeletionFailedRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.PasswordDeletionFailedRuntimeException) PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException) LoginNotExistsRuntimeException(cz.metacentrum.perun.core.api.exceptions.rt.LoginNotExistsRuntimeException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) ExtSource(cz.metacentrum.perun.core.api.ExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 62 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class IcsmuniczPasswordManagerModule method validatePassword.

@Override
public void validatePassword(PerunSession sess, String userLogin, User user) throws InvalidLoginException {
    if (user == null) {
        user = ((PerunBl) sess.getPerun()).getModulesUtilsBl().getUserByLoginInNamespace(sess, userLogin, actualLoginNamespace);
    }
    if (user == null) {
        log.warn("No user was found by login '{}' in {} namespace.", userLogin, actualLoginNamespace);
    } else {
        // set extSources and extSource related attributes
        try {
            List<String> kerberosLogins = new ArrayList<>();
            ExtSource extSource = ((PerunBl) sess.getPerun()).getExtSourcesManagerBl().getExtSourceByName(sess, "ICS.MUNI.CZ");
            UserExtSource ues = new UserExtSource(extSource, userLogin + "@ICS.MUNI.CZ");
            ues.setLoa(0);
            try {
                ((PerunBl) sess.getPerun()).getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            // Store also Kerberos logins
            Attribute kerberosLoginsAttr = ((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + "kerberosLogins");
            if (kerberosLoginsAttr != null && kerberosLoginsAttr.getValue() != null) {
                kerberosLogins.addAll((List<String>) kerberosLoginsAttr.getValue());
            }
            if (!kerberosLogins.contains(userLogin + "@ICS.MUNI.CZ") && kerberosLoginsAttr != null) {
                kerberosLogins.add(userLogin + "@ICS.MUNI.CZ");
                kerberosLoginsAttr.setValue(kerberosLogins);
                ((PerunBl) sess.getPerun()).getAttributesManagerBl().setAttribute(sess, user, kerberosLoginsAttr);
            }
        } catch (WrongAttributeAssignmentException | AttributeNotExistsException | ExtSourceNotExistsException | WrongAttributeValueException | WrongReferenceAttributeValueException ex) {
            throw new InternalErrorException(ex);
        }
    }
    // validate password
    super.validatePassword(sess, userLogin, user);
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) PerunBl(cz.metacentrum.perun.core.bl.PerunBl) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 63 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class SitolaPasswordManagerModule method validatePassword.

@Override
public void validatePassword(PerunSession sess, String userLogin, User user) throws InvalidLoginException {
    if (user == null) {
        user = ((PerunBl) sess.getPerun()).getModulesUtilsBl().getUserByLoginInNamespace(sess, userLogin, actualLoginNamespace);
    }
    if (user == null) {
        log.warn("No user was found by login '{}' in {} namespace.", userLogin, actualLoginNamespace);
    } else {
        // set extSources and extSource related attributes
        try {
            List<String> kerberosLogins = new ArrayList<>();
            ExtSource extSource = ((PerunBl) sess.getPerun()).getExtSourcesManagerBl().getExtSourceByName(sess, "SITOLA.FI.MUNI.CZ");
            UserExtSource ues = new UserExtSource(extSource, userLogin + "@SITOLA.FI.MUNI.CZ");
            ues.setLoa(0);
            try {
                ((PerunBl) sess.getPerun()).getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
            // Store also Kerberos logins
            Attribute kerberosLoginsAttr = ((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":" + "kerberosLogins");
            if (kerberosLoginsAttr != null && kerberosLoginsAttr.getValue() != null) {
                kerberosLogins.addAll((List<String>) kerberosLoginsAttr.getValue());
            }
            if (!kerberosLogins.contains(userLogin + "@SITOLA.FI.MUNI.CZ") && kerberosLoginsAttr != null) {
                kerberosLogins.add(userLogin + "@SITOLA.FI.MUNI.CZ");
                kerberosLoginsAttr.setValue(kerberosLogins);
                ((PerunBl) sess.getPerun()).getAttributesManagerBl().setAttribute(sess, user, kerberosLoginsAttr);
            }
        } catch (WrongAttributeAssignmentException | AttributeNotExistsException | ExtSourceNotExistsException | WrongAttributeValueException | WrongReferenceAttributeValueException ex) {
            throw new InternalErrorException(ex);
        }
    }
    // validate password
    super.validatePassword(sess, userLogin, user);
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) PerunBl(cz.metacentrum.perun.core.bl.PerunBl) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) ExtSource(cz.metacentrum.perun.core.api.ExtSource) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 64 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class MuPasswordManagerModule method getUcoFromSessionUser.

/**
 * Return MU UCO of a pwdmanager method caller from his UserExtSource in MU IdP.
 *
 * @param session Session to get user and identity from
 * @return Part of API call params like: "<zmenil>UČO</zmenil>" or empty string.
 */
private String getUcoFromSessionUser(PerunSession session) {
    PerunBl perunBl = (PerunBl) session.getPerun();
    List<UserExtSource> ueses;
    try {
        if (session.getPerunPrincipal().getUser() != null) {
            ueses = perunBl.getUsersManagerBl().getUserExtSources(session, session.getPerunPrincipal().getUser());
        } else {
            return "";
        }
    } catch (Exception ex) {
        return "";
    }
    for (UserExtSource extSource : ueses) {
        if (extSource.getExtSource().getName().equals("https://idp2.ics.muni.cz/idp/shibboleth") && extSource.getExtSource().getType().equals(ExtSourcesManager.EXTSOURCE_IDP)) {
            String login = extSource.getLogin();
            if (login != null) {
                log.debug(" - Action triggered by {}", login.split("@")[0]);
                return "<zmenil>" + login.split("@")[0] + "</zmenil>\n";
            }
        }
    }
    return "";
}
Also used : UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) PerunBl(cz.metacentrum.perun.core.bl.PerunBl) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) XPathExpressionException(javax.xml.xpath.XPathExpressionException) UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) IOException(java.io.IOException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException) PasswordStrengthException(cz.metacentrum.perun.core.api.exceptions.PasswordStrengthException)

Example 65 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class VsupPasswordManagerModule method validatePassword.

@Override
public void validatePassword(PerunSession sess, String userLogin, User user) throws InvalidLoginException {
    if (user == null) {
        user = ((PerunBl) sess.getPerun()).getModulesUtilsBl().getUserByLoginInNamespace(sess, userLogin, actualLoginNamespace);
    }
    if (user == null) {
        log.warn("No user was found by login '{}' in {} namespace.", userLogin, actualLoginNamespace);
    } else {
        // set extSources and extSource related attributes
        try {
            // Add UES in their ActiveDirectory to access Perun by it
            ExtSource extSource = ((PerunBl) sess.getPerun()).getExtSourcesManagerBl().getExtSourceByName(sess, "AD");
            UserExtSource ues = new UserExtSource(extSource, userLogin);
            ues.setLoa(0);
            try {
                ((PerunBl) sess.getPerun()).getUsersManagerBl().addUserExtSource(sess, user, ues);
            } catch (UserExtSourceExistsException ex) {
            // this is OK
            }
        } catch (ExtSourceNotExistsException ex) {
            throw new InternalErrorException(ex);
        }
    }
    // validate password
    super.validatePassword(sess, userLogin, user);
}
Also used : UserExtSourceExistsException(cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) PerunBl(cz.metacentrum.perun.core.bl.PerunBl) ExtSource(cz.metacentrum.perun.core.api.ExtSource) UserExtSource(cz.metacentrum.perun.core.api.UserExtSource) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)

Aggregations

PerunBl (cz.metacentrum.perun.core.bl.PerunBl)130 Attribute (cz.metacentrum.perun.core.api.Attribute)93 Before (org.junit.Before)65 PerunSessionImpl (cz.metacentrum.perun.core.impl.PerunSessionImpl)64 AttributesManagerBl (cz.metacentrum.perun.core.bl.AttributesManagerBl)48 User (cz.metacentrum.perun.core.api.User)41 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)37 ArrayList (java.util.ArrayList)22 Vo (cz.metacentrum.perun.core.api.Vo)21 Facility (cz.metacentrum.perun.core.api.Facility)19 UserExtSource (cz.metacentrum.perun.core.api.UserExtSource)19 ModulesUtilsBl (cz.metacentrum.perun.core.bl.ModulesUtilsBl)19 ExtSource (cz.metacentrum.perun.core.api.ExtSource)16 Member (cz.metacentrum.perun.core.api.Member)16 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)16 UserExtSourceExistsException (cz.metacentrum.perun.core.api.exceptions.UserExtSourceExistsException)16 UsersManagerBl (cz.metacentrum.perun.core.bl.UsersManagerBl)15 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)14 GroupsManagerBl (cz.metacentrum.perun.core.bl.GroupsManagerBl)13 Group (cz.metacentrum.perun.core.api.Group)12