Example 1 with AuthenticationProvider
use of edu.harvard.iq.dataverse.authorization.AuthenticationProvider in project dataverse by IQSS.
the class DataverseUserPage method save.
public String save() {
boolean passwordChanged = false;
if (editMode == EditMode.CHANGE_PASSWORD) {
final AuthenticationProvider prv = getUserAuthProvider();
if (prv.isPasswordUpdateAllowed()) {
if (!prv.verifyPassword(currentUser.getAuthenticatedUserLookup().getPersistentUserId(), currentPassword)) {
FacesContext.getCurrentInstance().addMessage("currentPassword", new FacesMessage(FacesMessage.SEVERITY_ERROR, BundleUtil.getStringFromBundle("user.error.wrongPassword"), null));
return null;
}
prv.updatePassword(currentUser.getAuthenticatedUserLookup().getPersistentUserId(), inputPassword);
passwordChanged = true;
} else {
// erroneous state - we can't change the password for this user, so should not have gotten here. Log and bail out.
logger.log(Level.WARNING, "Attempt to change a password on {0}, whose provider ({1}) does not support password change", new Object[] { currentUser.getIdentifier(), prv });
JH.addMessage(FacesMessage.SEVERITY_ERROR, BundleUtil.getStringFromBundle("user.error.cannotChangePassword"));
return null;
}
}
if (editMode == EditMode.CREATE) {
// Create a new built-in user.
BuiltinUser builtinUser = new BuiltinUser();
builtinUser.setUserName(getUsername());
builtinUser.applyDisplayInfo(userDisplayInfo);
builtinUser.updateEncryptedPassword(PasswordEncryption.get().encrypt(inputPassword), PasswordEncryption.getLatestVersionNumber());
AuthenticatedUser au = authenticationService.createAuthenticatedUser(new UserRecordIdentifier(BuiltinAuthenticationProvider.PROVIDER_ID, builtinUser.getUserName()), builtinUser.getUserName(), builtinUser.getDisplayInfo(), false);
if (au == null) {
// Username already exists, show an error message
getUsernameField().setValid(false);
FacesMessage message = new FacesMessage(FacesMessage.SEVERITY_ERROR, BundleUtil.getStringFromBundle("user.username.taken"), null);
FacesContext context = FacesContext.getCurrentInstance();
context.addMessage(getUsernameField().getClientId(context), message);
return null;
}
// The Authenticated User was just created via the UI, add an initial login timestamp
au = userService.updateLastLogin(au);
// Authenticated user registered. Save the new bulitin, and log in.
builtinUserService.save(builtinUser);
session.setUser(au);
/**
* @todo Move this to
* AuthenticationServiceBean.createAuthenticatedUser
*/
userNotificationService.sendNotification(au, new Timestamp(new Date().getTime()), UserNotification.Type.CREATEACC, null);
// go back to where user came from
if ("dataverse.xhtml".equals(redirectPage)) {
redirectPage = redirectPage + "?alias=" + dataverseService.findRootDataverse().getAlias();
}
try {
redirectPage = URLDecoder.decode(redirectPage, "UTF-8");
} catch (UnsupportedEncodingException ex) {
logger.log(Level.SEVERE, "Server does not support 'UTF-8' encoding.", ex);
redirectPage = "dataverse.xhtml?alias=" + dataverseService.findRootDataverse().getAlias();
}
logger.log(Level.FINE, "Sending user to = {0}", redirectPage);
return redirectPage + (!redirectPage.contains("?") ? "?" : "&") + "faces-redirect=true";
// Happens if user is logged out while editing
} else if (!session.getUser().isAuthenticated()) {
logger.info("Redirecting");
return permissionsWrapper.notAuthorized() + "faces-redirect=true";
} else {
String emailBeforeUpdate = currentUser.getEmail();
AuthenticatedUser savedUser = authenticationService.updateAuthenticatedUser(currentUser, userDisplayInfo);
String emailAfterUpdate = savedUser.getEmail();
editMode = null;
StringBuilder msg = new StringBuilder(passwordChanged ? "Your account password has been successfully changed." : "Your account information has been successfully updated.");
if (!emailBeforeUpdate.equals(emailAfterUpdate)) {
String expTime = ConfirmEmailUtil.friendlyExpirationTime(systemConfig.getMinutesUntilConfirmEmailTokenExpires());
msg.append(" Your email address has changed and must be re-verified. Please check your inbox at ").append(currentUser.getEmail()).append(" and follow the link we've sent. \n\nAlso, please note that the link will only work for the next ").append(expTime).append(" before it has expired.");
// delete unexpired token, if it exists (clean slate)
confirmEmailService.deleteTokenForUser(currentUser);
try {
confirmEmailService.beginConfirm(currentUser);
} catch (ConfirmEmailException ex) {
logger.log(Level.INFO, "Unable to send email confirmation link to user id {0}", savedUser.getId());
}
session.setUser(currentUser);
JsfHelper.addSuccessMessage(msg.toString());
} else {
JsfHelper.addFlashMessage(msg.toString());
}
return null;
}
}
Also used :
FacesContext(javax.faces.context.FacesContext)
UserRecordIdentifier(edu.harvard.iq.dataverse.authorization.UserRecordIdentifier)
AuthenticationProvider(edu.harvard.iq.dataverse.authorization.AuthenticationProvider)
ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)
Timestamp(java.sql.Timestamp)
Date(java.util.Date)
ConfirmEmailException(edu.harvard.iq.dataverse.confirmemail.ConfirmEmailException)
FacesMessage(javax.faces.application.FacesMessage)
Example 2 with AuthenticationProvider
use of edu.harvard.iq.dataverse.authorization.AuthenticationProvider in project dataverse by IQSS.
the class LoginPage method listCredentialsAuthenticationProviders.
public List<AuthenticationProviderDisplayInfo> listCredentialsAuthenticationProviders() {
List<AuthenticationProviderDisplayInfo> infos = new LinkedList<>();
for (String id : authSvc.getAuthenticationProviderIdsOfType(CredentialsAuthenticationProvider.class)) {
AuthenticationProvider authenticationProvider = authSvc.getAuthenticationProvider(id);
infos.add(authenticationProvider.getInfo());
}
return infos;
}
Also used :
CredentialsAuthenticationProvider(edu.harvard.iq.dataverse.authorization.CredentialsAuthenticationProvider)
AuthenticationProvider(edu.harvard.iq.dataverse.authorization.AuthenticationProvider)
ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)
LinkedList(java.util.LinkedList)
AuthenticationProviderDisplayInfo(edu.harvard.iq.dataverse.authorization.AuthenticationProviderDisplayInfo)
Example 3 with AuthenticationProvider
use of edu.harvard.iq.dataverse.authorization.AuthenticationProvider in project dataverse by IQSS.
the class Admin method addProvider.
@Path("authenticationProviders")
@POST
public Response addProvider(AuthenticationProviderRow row) {
try {
AuthenticationProviderRow managed = em.find(AuthenticationProviderRow.class, row.getId());
if (managed != null) {
managed = em.merge(row);
} else {
em.persist(row);
managed = row;
}
if (managed.isEnabled()) {
AuthenticationProvider provider = authSvc.loadProvider(managed);
authSvc.deregisterProvider(provider.getId());
authSvc.registerProvider(provider);
}
return created("/api/admin/authenticationProviders/" + managed.getId(), json(managed));
} catch (AuthorizationSetupException e) {
return error(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
}
}
Also used :
AuthenticationProvider(edu.harvard.iq.dataverse.authorization.AuthenticationProvider)
ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)
AuthenticationProviderRow(edu.harvard.iq.dataverse.authorization.providers.AuthenticationProviderRow)
AuthorizationSetupException(edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 4 with AuthenticationProvider
use of edu.harvard.iq.dataverse.authorization.AuthenticationProvider in project dataverse by IQSS.
the class OAuth2FirstLoginPage method convertExistingAccount.
public String convertExistingAccount() {
BuiltinAuthenticationProvider biap = new BuiltinAuthenticationProvider(builtinUserSvc, passwordValidatorService);
AuthenticationRequest auReq = new AuthenticationRequest();
final List<CredentialsAuthenticationProvider.Credential> creds = biap.getRequiredCredentials();
auReq.putCredential(creds.get(0).getTitle(), getUsername());
auReq.putCredential(creds.get(1).getTitle(), getPassword());
try {
AuthenticatedUser existingUser = authenticationSvc.getCreateAuthenticatedUser(BuiltinAuthenticationProvider.PROVIDER_ID, auReq);
authenticationSvc.updateProvider(existingUser, newUser.getServiceId(), newUser.getIdInService());
builtinUserSvc.removeUser(existingUser.getUserIdentifier());
session.setUser(existingUser);
AuthenticationProvider newUserAuthProvider = authenticationSvc.getAuthenticationProvider(newUser.getServiceId());
JsfHelper.addSuccessMessage(BundleUtil.getStringFromBundle("oauth2.convertAccount.success", Arrays.asList(newUserAuthProvider.getInfo().getTitle())));
return "/dataverse.xhtml?faces-redirect=true";
} catch (AuthenticationFailedException ex) {
setAuthenticationFailed(true);
return null;
}
}
Also used :
AuthenticationFailedException(edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationFailedException)
BuiltinAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider)
CredentialsAuthenticationProvider(edu.harvard.iq.dataverse.authorization.CredentialsAuthenticationProvider)
AuthenticationProvider(edu.harvard.iq.dataverse.authorization.AuthenticationProvider)
BuiltinAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider)
AuthenticationRequest(edu.harvard.iq.dataverse.authorization.AuthenticationRequest)
AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)
Aggregations
AuthenticationProvider (edu.harvard.iq.dataverse.authorization.AuthenticationProvider)4
ShibAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)3
CredentialsAuthenticationProvider (edu.harvard.iq.dataverse.authorization.CredentialsAuthenticationProvider)2
AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)2
AuthenticationProviderDisplayInfo (edu.harvard.iq.dataverse.authorization.AuthenticationProviderDisplayInfo)1
AuthenticationRequest (edu.harvard.iq.dataverse.authorization.AuthenticationRequest)1
UserRecordIdentifier (edu.harvard.iq.dataverse.authorization.UserRecordIdentifier)1
AuthenticationFailedException (edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationFailedException)1
AuthorizationSetupException (edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException)1
AuthenticationProviderRow (edu.harvard.iq.dataverse.authorization.providers.AuthenticationProviderRow)1
BuiltinAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinAuthenticationProvider)1
ConfirmEmailException (edu.harvard.iq.dataverse.confirmemail.ConfirmEmailException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Timestamp (java.sql.Timestamp)1
Date (java.util.Date)1
LinkedList (java.util.LinkedList)1
FacesMessage (javax.faces.application.FacesMessage)1
FacesContext (javax.faces.context.FacesContext)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
