Examples with AuthenticatedUser edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser used on opensource projects

Example 21 with AuthenticatedUser

use of edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser in project dataverse by IQSS.

the class AuthenticationServiceBean method convertBuiltInToShib.

// TODO should probably be moved to the Shib provider - this is a classic Shib-specific
// use case. This class should deal with general autnetications.
@Deprecated
public /**
 * @deprecated. Switch to convertBuiltInUserToRemoteUser instead.
 * @todo. Switch to convertBuiltInUserToRemoteUser instead.
 */
AuthenticatedUser convertBuiltInToShib(AuthenticatedUser builtInUserToConvert, String shibProviderId, UserIdentifier newUserIdentifierInLookupTable) {
    logger.info("converting user " + builtInUserToConvert.getId() + " from builtin to shib");
    String builtInUserIdentifier = builtInUserToConvert.getIdentifier();
    logger.info("builtin user identifier: " + builtInUserIdentifier);
    TypedQuery<AuthenticatedUserLookup> typedQuery = em.createQuery("SELECT OBJECT(o) FROM AuthenticatedUserLookup AS o WHERE o.authenticatedUser = :auid", AuthenticatedUserLookup.class);
    typedQuery.setParameter("auid", builtInUserToConvert);
    AuthenticatedUserLookup authuserLookup;
    try {
        authuserLookup = typedQuery.getSingleResult();
    } catch (NoResultException | NonUniqueResultException ex) {
        logger.info("exception caught: " + ex);
        return null;
    }
    if (authuserLookup == null) {
        return null;
    }
    String oldProviderId = authuserLookup.getAuthenticationProviderId();
    logger.info("we expect this to be 'builtin': " + oldProviderId);
    authuserLookup.setAuthenticationProviderId(shibProviderId);
    String oldUserLookupIdentifier = authuserLookup.getPersistentUserId();
    logger.info("this should be 'pete' or whatever the old builtin username was: " + oldUserLookupIdentifier);
    String perUserShibIdentifier = newUserIdentifierInLookupTable.getLookupStringPerAuthProvider();
    authuserLookup.setPersistentUserId(perUserShibIdentifier);
    /**
     * @todo this should be a transaction of some kind. We want to update
     * the authenticateduserlookup and also delete the row from the
     * builtinuser table in a single transaction.
     */
    em.persist(authuserLookup);
    String builtinUsername = builtInUserIdentifier.replaceFirst(AuthenticatedUser.IDENTIFIER_PREFIX, "");
    BuiltinUser builtin = builtinUserServiceBean.findByUserName(builtinUsername);
    if (builtin != null) {
        // These were created by AuthenticationResponse.Status.BREAKOUT in canLogInAsBuiltinUser
        List<PasswordResetData> oldTokens = passwordResetServiceBean.findPasswordResetDataByDataverseUser(builtin);
        for (PasswordResetData oldToken : oldTokens) {
            em.remove(oldToken);
        }
        em.remove(builtin);
    } else {
        logger.info("Couldn't delete builtin user because could find it based on username " + builtinUsername);
    }
    AuthenticatedUser shibUser = lookupUser(shibProviderId, perUserShibIdentifier);
    if (shibUser != null) {
        return shibUser;
    }
    return null;
}

Example 22 with AuthenticatedUser

use of edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser in project dataverse by IQSS.

the class AuthenticationServiceBean method convertBuiltInUserToRemoteUser.

public AuthenticatedUser convertBuiltInUserToRemoteUser(AuthenticatedUser builtInUserToConvert, String newProviderId, UserIdentifier newUserIdentifierInLookupTable) {
    logger.info("converting user " + builtInUserToConvert.getId() + " from builtin to remote");
    String builtInUserIdentifier = builtInUserToConvert.getIdentifier();
    logger.info("builtin user identifier: " + builtInUserIdentifier);
    TypedQuery<AuthenticatedUserLookup> typedQuery = em.createQuery("SELECT OBJECT(o) FROM AuthenticatedUserLookup AS o WHERE o.authenticatedUser = :auid", AuthenticatedUserLookup.class);
    typedQuery.setParameter("auid", builtInUserToConvert);
    AuthenticatedUserLookup authuserLookup;
    try {
        authuserLookup = typedQuery.getSingleResult();
    } catch (NoResultException | NonUniqueResultException ex) {
        logger.info("exception caught: " + ex);
        return null;
    }
    if (authuserLookup == null) {
        return null;
    }
    String oldProviderId = authuserLookup.getAuthenticationProviderId();
    logger.info("we expect this to be 'builtin': " + oldProviderId);
    authuserLookup.setAuthenticationProviderId(newProviderId);
    String oldUserLookupIdentifier = authuserLookup.getPersistentUserId();
    logger.info("this should be 'pete' or whatever the old builtin username was: " + oldUserLookupIdentifier);
    String perUserIdentifier = newUserIdentifierInLookupTable.getLookupStringPerAuthProvider();
    authuserLookup.setPersistentUserId(perUserIdentifier);
    /**
     * @todo this should be a transaction of some kind. We want to update
     * the authenticateduserlookup and also delete the row from the
     * builtinuser table in a single transaction.
     */
    em.persist(authuserLookup);
    String builtinUsername = builtInUserIdentifier.replaceFirst(AuthenticatedUser.IDENTIFIER_PREFIX, "");
    BuiltinUser builtin = builtinUserServiceBean.findByUserName(builtinUsername);
    if (builtin != null) {
        // These were created by AuthenticationResponse.Status.BREAKOUT in canLogInAsBuiltinUser
        List<PasswordResetData> oldTokens = passwordResetServiceBean.findPasswordResetDataByDataverseUser(builtin);
        for (PasswordResetData oldToken : oldTokens) {
            em.remove(oldToken);
        }
        em.remove(builtin);
    } else {
        logger.info("Couldn't delete builtin user because could find it based on username " + builtinUsername);
    }
    AuthenticatedUser nonBuiltinUser = lookupUser(newProviderId, perUserIdentifier);
    if (nonBuiltinUser != null) {
        return nonBuiltinUser;
    }
    return null;
}

Example 23 with AuthenticatedUser

use of edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser in project dataverse by IQSS.

the class OAuth2FirstLoginPage method createNewAccount.

public String createNewAccount() {
    AuthenticatedUserDisplayInfo newAud = new AuthenticatedUserDisplayInfo(newUser.getDisplayInfo().getFirstName(), newUser.getDisplayInfo().getLastName(), getSelectedEmail(), newUser.getDisplayInfo().getAffiliation(), newUser.getDisplayInfo().getPosition());
    final AuthenticatedUser user = authenticationSvc.createAuthenticatedUser(newUser.getUserRecordIdentifier(), getUsername(), newAud, true);
    session.setUser(user);
    /**
     * @todo Move this to AuthenticationServiceBean.createAuthenticatedUser
     */
    userNotificationService.sendNotification(user, new Timestamp(new Date().getTime()), UserNotification.Type.CREATEACC, null);
    final OAuth2TokenData tokenData = newUser.getTokenData();
    tokenData.setUser(user);
    tokenData.setOauthProviderId(newUser.getServiceId());
    oauth2Tokens.store(tokenData);
    return "/dataverse.xhtml?faces-redirect=true";
}

Example 24 with AuthenticatedUser

use of edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser in project dataverse by IQSS.

the class ShibGroupProvider method groupsFor.

@Override
public Set<ShibGroup> groupsFor(RoleAssignee ra, DvObject o) {
    if (ra instanceof User) {
        User user = (User) ra;
        Set<ShibGroup> shibGroups = new HashSet<>();
        if (user instanceof AuthenticatedUser) {
            AuthenticatedUser authenticatedUser = (AuthenticatedUser) user;
            Set<ShibGroup> groupsFor = shibGroupService.findFor(authenticatedUser);
            for (ShibGroup shibGroup : groupsFor) {
                shibGroup.setShibGroupProvider(this);
            }
            return groupsFor;
        }
        return shibGroups;
    } else {
        return Collections.emptySet();
    }
}

Example 25 with AuthenticatedUser

use of edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser in project dataverse by IQSS.

the class ExplicitGroup method getContainedRoleAssgineeIdentifiers.

/**
 * Returns all the role assignee identifiers in this group. <br>
 * <b>Note</b> some of the identifiers may be stale (i.e. group deleted but
 * identifiers lingered for a while).
 *
 * @return A list of the role assignee identifiers.
 */
public Set<String> getContainedRoleAssgineeIdentifiers() {
    Set<String> retVal = new TreeSet<>();
    retVal.addAll(containedRoleAssignees);
    for (ExplicitGroup subg : containedExplicitGroups) {
        retVal.add(subg.getIdentifier());
    }
    for (AuthenticatedUser au : containedAuthenticatedUsers) {
        retVal.add(au.getIdentifier());
    }
    return retVal;
}