Examples with PasswordManagerModule cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule used on opensource projects

Example 1 with PasswordManagerModule

use of cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule in project perun by CESNET.

the class UsersManagerBlImpl method managePassword.

/**
	 * Calls external program which do the job with the password.
	 *
	 * Return codes of the external program
	 * If password check fails then return 1
	 * If there is no handler for loginNamespace return 2
	 * If setting of the new password failed return 3
	 *
	 * @param sess
	 * @param operation
	 * @param userLogin
	 * @param loginNamespace
	 * @param password
	 * @throws InternalErrorException
	 */
protected void managePassword(PerunSession sess, String operation, String userLogin, String loginNamespace, String password) throws InternalErrorException {
    // If new PWDMGR module exists, use-it
    PasswordManagerModule module = null;
    try {
        module = getPasswordManagerModule(sess, loginNamespace);
    } catch (Exception ex) {
    // silently skip
    }
    if (module != null) {
        if (operation.equals(PASSWORD_RESERVE)) {
            try {
                module.reservePassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_RESERVE_RANDOM)) {
            try {
                module.reserveRandomPassword(sess, userLogin);
                return;
            } catch (Exception ex) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_CHECK)) {
            try {
                module.checkPassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordDoesntMatchRuntimeException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_VALIDATE)) {
            module.validatePassword(sess, userLogin);
            return;
        }
        if (operation.equals(PASSWORD_CHANGE)) {
            try {
                module.changePassword(sess, userLogin, password);
                return;
            } catch (Exception ex) {
                throw new PasswordChangeFailedRuntimeException("Password change failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
        if (operation.equals(PASSWORD_DELETE)) {
            try {
                module.deletePassword(sess, userLogin);
                return;
            } catch (Exception ex) {
                throw new PasswordDeletionFailedRuntimeException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".");
            }
        }
    }
    // use good old way
    // Check validity of original password
    ProcessBuilder pb = new ProcessBuilder(BeansUtils.getCoreConfig().getPasswordManagerProgram(), operation, loginNamespace, userLogin);
    Process process;
    try {
        process = pb.start();
    } catch (IOException e) {
        throw new InternalErrorException(e);
    }
    InputStream es = process.getErrorStream();
    if (operation.equals(PASSWORD_CHANGE) || operation.equals(PASSWORD_CHECK) || operation.equals(PASSWORD_RESERVE)) {
        OutputStream os = process.getOutputStream();
        if (password == null || password.isEmpty()) {
            throw new EmptyPasswordRuntimeException("Password for " + loginNamespace + ":" + userLogin + " cannot be empty.");
        }
        // Write password to the stdin of the program
        PrintWriter pw = new PrintWriter(os, true);
        pw.write(password);
        pw.close();
    }
    // If non-zero exit code is returned, then try to read error output
    try {
        if (process.waitFor() != 0) {
            if (process.exitValue() == 1) {
                throw new PasswordDoesntMatchRuntimeException("Old password doesn't match for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 3) {
                throw new PasswordChangeFailedRuntimeException("Password change failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 4) {
                throw new PasswordCreationFailedRuntimeException("Password creation failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 5) {
                throw new PasswordDeletionFailedRuntimeException("Password deletion failed for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 6) {
                throw new LoginNotExistsRuntimeException("User login doesn't exists in underlying system for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 11) {
                throw new PasswordStrengthFailedRuntimeException("Password to set doesn't match expected restrictions for " + loginNamespace + ":" + userLogin + ".");
            } else if (process.exitValue() == 12) {
                throw new PasswordOperationTimeoutRuntimeException("Operation with password exceeded expected limit for " + loginNamespace + ":" + userLogin + ".");
            } else {
                // Some other error occured
                BufferedReader inReader = new BufferedReader(new InputStreamReader(es));
                StringBuffer errorMsg = new StringBuffer();
                String line;
                try {
                    while ((line = inReader.readLine()) != null) {
                        errorMsg.append(line);
                    }
                } catch (IOException e) {
                    throw new InternalErrorException(e);
                }
                throw new InternalErrorException(errorMsg.toString());
            }
        }
    } catch (InterruptedException e) {
        throw new InternalErrorException(e);
    }
}

Example 2 with PasswordManagerModule

use of cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule in project perun by CESNET.

the class MembersManagerBlImpl method createSingleSponsoredMemberFromCSV.

/**
 * Creates a new user from given data and sponsors him in the given vo.
 *
 * @param sess sess
 * @param vo vo, where the new user will be sponsored
 * @param namespace namespace used to define an external system where
 *                  the user will have a new login generated (currently, only 'mu' namespace is supported)
 * @param data values used to create the new user.
 *             Required values are - firstname, lastname, urn:perun:user:attribute-def:def:preferredMail
 *             Optional values are - urn:perun:user:attribute-def:def:note
 * @param sponsor user, who will be set as a sponsor to the newly created user
 * @param validityTo validity of the sponsorship. If null, the sponsorship will not be automatically canceled.
 * @param url base URL of Perun Instance
 * @param validation Which type of validation to perform. If you are using ASYNC, do not call this method in a cycle!
 * @param groups groups, to which will be the created users assigned
 * @return result of the procedure
 */
private Map<String, Object> createSingleSponsoredMemberFromCSV(PerunSession sess, Vo vo, String namespace, Map<String, String> data, User sponsor, LocalDate validityTo, boolean sendActivationLink, String url, Validation validation, List<Group> groups) {
    for (String requiredField : SPONSORED_MEMBER_REQUIRED_FIELDS) {
        if (!data.containsKey(requiredField)) {
            log.error("Invalid data passed, missing required value: {}", requiredField);
            throw new InternalErrorException("Invalid data passed, missing required value: " + requiredField);
        }
    }
    Set<String> additionalValues = new HashSet<>(data.keySet());
    additionalValues.removeAll(SPONSORED_MEMBER_REQUIRED_FIELDS);
    for (String valueName : additionalValues) {
        if (!SPONSORED_MEMBER_ADDITIONAL_FIELDS.contains(valueName)) {
            log.error("Not allowed additional value passed, value: {}", valueName);
            throw new InternalErrorException("Not allowed additional value passed, value: " + valueName);
        }
    }
    // We don't want these values to be set as attributes
    additionalValues.removeIf(val -> !val.startsWith(ATTR_PREFIX));
    String email = data.get(A_U_PREF_MAIL);
    SponsoredUserData input = new SponsoredUserData();
    input.setNamespace(namespace);
    input.setFirstName(data.get("firstname"));
    input.setLastName(data.get("lastname"));
    input.setEmail(email);
    String password = null;
    if (isNotBlank(namespace)) {
        PasswordManagerModule module = getPerunBl().getUsersManagerBl().getPasswordManagerModule(sess, namespace);
        password = module.generateRandomPassword(sess, null);
        input.setPassword(password);
    }
    if (data.containsKey("login")) {
        input.setLogin(data.get("login"));
    }
    // create sponsored member
    Map<String, Object> status = new HashMap<>();
    Member member = null;
    try {
        member = createSponsoredMember(sess, input, vo, sponsor, validityTo, sendActivationLink, url, validation);
        User user = perunBl.getUsersManagerBl().getUserByMember(sess, member);
        // get login to return
        String login = null;
        if (isNotBlank(namespace)) {
            login = perunBl.getAttributesManagerBl().getAttribute(sess, user, PasswordManagerModule.LOGIN_PREFIX + namespace).valueAsString();
        }
        status.put(LOGIN, login);
        status.put(PASSWORD, password);
        setAdditionalValues(sess, additionalValues, data, user, member);
        // we must pass member back for the purpose of validation
        status.put(MEMBER, member);
        status.put(STATUS, OK);
    } catch (Exception e) {
        log.error("Failed to create a sponsored user.", e);
        status.put(STATUS, e.getMessage());
    }
    if (groups != null && !groups.isEmpty()) {
        Map<Integer, String> groupAssignmentErrors = new HashMap<>();
        if (member != null) {
            for (Group group : groups) {
                try {
                    perunBl.getGroupsManagerBl().addMember(sess, group, member);
                } catch (Exception e) {
                    groupAssignmentErrors.put(group.getId(), e.getMessage());
                    log.error("Failed to add a member to a group. Member: {}, Group: {}", member, group, e);
                }
            }
        }
        status.put(GROUP_ADDING_ERRORS, groupAssignmentErrors);
    }
    return status;
}

Example 3 with PasswordManagerModule

use of cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule in project perun by CESNET.

the class MembersManagerBlImpl method createSponsoredMembers.

@Override
public List<Map<String, String>> createSponsoredMembers(PerunSession sess, Vo vo, String namespace, List<String> names, String email, User sponsor, LocalDate validityTo, boolean sendActivationLink, String url, Validation validation) {
    List<Map<String, String>> result = new ArrayList<>();
    PasswordManagerModule module = getPerunBl().getUsersManagerBl().getPasswordManagerModule(sess, namespace);
    Set<Member> createdMembers = new HashSet<>();
    for (String name : names) {
        Map<String, String> accountDataToReturn = new HashMap<>();
        SponsoredUserData data = new SponsoredUserData();
        data.setNamespace(namespace);
        if (name.contains(";")) {
            String[] split = name.split(";", 2);
            data.setFirstName(split[0]);
            data.setLastName(split[1]);
        } else {
            data.setGuestName(name);
        }
        String password = module.generateRandomPassword(sess, null);
        // create sponsored member
        User user;
        try {
            // async validation must be performed at the end, not directly during member creation
            Validation localValidation = (Objects.equals(Validation.ASYNC, validation)) ? Validation.NONE : validation;
            Member member = createSponsoredMember(sess, data, vo, sponsor, validityTo, sendActivationLink, url, localValidation);
            user = perunBl.getUsersManagerBl().getUserByMember(sess, member);
            // get login to return
            String login = perunBl.getAttributesManagerBl().getAttribute(sess, user, PasswordManagerModule.LOGIN_PREFIX + namespace).valueAsString();
            accountDataToReturn.put(STATUS, OK);
            accountDataToReturn.put(LOGIN, login);
            accountDataToReturn.put(PASSWORD, password);
            accountDataToReturn.put(NAME, name);
            result.add(accountDataToReturn);
            createdMembers.add(member);
        } catch (Exception e) {
            accountDataToReturn.put(NAME, name);
            accountDataToReturn.put(STATUS, e.getMessage());
            result.add(accountDataToReturn);
        }
    }
    // perform async validation if necessary
    if (Objects.equals(Validation.ASYNC, validation)) {
        for (Member member : createdMembers) {
            getPerunBl().getMembersManagerBl().validateMemberAsync(sess, member);
        }
    }
    return result;
}

Example 4 with PasswordManagerModule

use of cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_eduteams_nicknameTest method setUp.

@Before
public void setUp() throws Exception {
    classInstance = new urn_perun_user_attribute_def_def_login_namespace_eduteams_nickname();
    session = mock(PerunSessionImpl.class);
    user = new User();
    attributeToCheck = new Attribute();
    attributeToCheck.setNamespace(AttributesManager.NS_USER_ATTR_DEF);
    attributeToCheck.setFriendlyName("login-namespace:eduteams-nickname");
    PerunBl perunBl = mock(PerunBl.class);
    when(session.getPerunBl()).thenReturn(perunBl);
    ModulesUtilsBl modulesUtilsBl = mock(ModulesUtilsBl.class);
    when(perunBl.getModulesUtilsBl()).thenReturn(modulesUtilsBl);
    UsersManagerBl usersManagerBl = mock(UsersManagerBl.class);
    when(perunBl.getUsersManagerBl()).thenReturn(usersManagerBl);
    PasswordManagerModule module = mock(GenericPasswordManagerModule.class);
    when(session.getPerunBl().getUsersManagerBl().getPasswordManagerModule(session, "eduteams-nickname")).thenReturn(module);
}

Example 5 with PasswordManagerModule

use of cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule in project perun by CESNET.

the class urn_perun_user_attribute_def_def_login_namespace_fenix_nicknameTest method setUp.

@Before
public void setUp() throws Exception {
    classInstance = new urn_perun_user_attribute_def_def_login_namespace_fenix_nickname();
    session = mock(PerunSessionImpl.class);
    user = new User();
    attributeToCheck = new Attribute();
    attributeToCheck.setNamespace(AttributesManager.NS_USER_ATTR_DEF);
    attributeToCheck.setFriendlyName("login-namespace:fenix-nickname");
    PerunBl perunBl = mock(PerunBl.class);
    when(session.getPerunBl()).thenReturn(perunBl);
    ModulesUtilsBl modulesUtilsBl = mock(ModulesUtilsBl.class);
    when(perunBl.getModulesUtilsBl()).thenReturn(modulesUtilsBl);
    UsersManagerBl usersManagerBl = mock(UsersManagerBl.class);
    when(perunBl.getUsersManagerBl()).thenReturn(usersManagerBl);
    PasswordManagerModule module = mock(GenericPasswordManagerModule.class);
    when(session.getPerunBl().getUsersManagerBl().getPasswordManagerModule(session, "fenix-nickname")).thenReturn(module);
}