Search in sources :

Example 1 with SaltedPasswordDigest

use of edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest in project webprotege by protegeproject.

the class ResetPasswordActionHandler method execute.

@Nonnull
@Override
public ResetPasswordResult execute(@Nonnull ResetPasswordAction action, @Nonnull ExecutionContext executionContext) {
    final String emailAddress = action.getResetPasswordData().getEmailAddress();
    try {
        Optional<UserId> userId = userDetailsManager.getUserByUserIdOrEmail(emailAddress);
        if (!userId.isPresent()) {
            return new ResetPasswordResult(INVALID_EMAIL_ADDRESS);
        }
        Optional<UserDetails> userDetails = userDetailsManager.getUserDetails(userId.get());
        if (!userDetails.isPresent()) {
            return new ResetPasswordResult(INVALID_EMAIL_ADDRESS);
        }
        if (!userDetails.get().getEmailAddress().isPresent()) {
            return new ResetPasswordResult(INVALID_EMAIL_ADDRESS);
        }
        if (!userDetails.get().getEmailAddress().get().equalsIgnoreCase(emailAddress)) {
            return new ResetPasswordResult(INVALID_EMAIL_ADDRESS);
        }
        String pwd = IdUtil.getBase62UUID();
        Salt salt = saltProvider.get();
        SaltedPasswordDigest saltedPasswordDigest = passwordDigestAlgorithm.getDigestOfSaltedPassword(pwd, salt);
        authenticationManager.setDigestedPassword(userId.get(), saltedPasswordDigest, salt);
        mailer.sendEmail(userId.get(), emailAddress, pwd, ex -> {
            throw new RuntimeException(ex);
        });
        logger.info("The password for {} has been reset.  " + "An email has been sent to {} that contains the new password.", userId.get().getUserName(), emailAddress);
        return new ResetPasswordResult(SUCCESS);
    } catch (Exception e) {
        logger.error("Could not reset the user password " + "associated with the email " + "address {}.  The following " + "error occurred: {}.", emailAddress, e.getMessage(), e);
        return new ResetPasswordResult(INTERNAL_ERROR);
    }
}
Also used : Salt(edu.stanford.bmir.protege.web.shared.auth.Salt) UserDetails(edu.stanford.bmir.protege.web.shared.user.UserDetails) UserId(edu.stanford.bmir.protege.web.shared.user.UserId) SaltedPasswordDigest(edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest) ResetPasswordResult(edu.stanford.bmir.protege.web.shared.chgpwd.ResetPasswordResult) Nonnull(javax.annotation.Nonnull)

Example 2 with SaltedPasswordDigest

use of edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest in project webprotege by protegeproject.

the class DigestedPassword_TestCase method shouldGenerateSameDigestedPassword.

@Test
public void shouldGenerateSameDigestedPassword() {
    PasswordDigestAlgorithm passwordDigestAlgorithm = new PasswordDigestAlgorithm(new Md5DigestAlgorithmProvider());
    Salt salt = new Salt(BaseEncoding.base16().lowerCase().decode(SALT));
    SaltedPasswordDigest digest = passwordDigestAlgorithm.getDigestOfSaltedPassword("password", salt);
    assertThat(digest.getBytes(), is(BaseEncoding.base16().lowerCase().decode(DIGESTED_PASSWORD)));
}
Also used : Salt(edu.stanford.bmir.protege.web.shared.auth.Salt) SaltedPasswordDigest(edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest) Md5DigestAlgorithmProvider(edu.stanford.bmir.protege.web.shared.auth.Md5DigestAlgorithmProvider) PasswordDigestAlgorithm(edu.stanford.bmir.protege.web.shared.auth.PasswordDigestAlgorithm) Test(org.junit.Test)

Example 3 with SaltedPasswordDigest

use of edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest in project webprotege by protegeproject.

the class CreateUserAccountExecutor method execute.

public void execute(UserId userId, EmailAddress emailAddress, String clearTextPassword, DispatchServiceCallback<CreateUserAccountResult> callback) {
    Salt salt = saltProvider.get();
    SaltedPasswordDigest saltedPasswordDigest = passwordDigestAlgorithm.getDigestOfSaltedPassword(clearTextPassword, salt);
    dispatchServiceManager.execute(new CreateUserAccountAction(userId, emailAddress, saltedPasswordDigest, salt), callback);
}
Also used : Salt(edu.stanford.bmir.protege.web.shared.auth.Salt) SaltedPasswordDigest(edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest) CreateUserAccountAction(edu.stanford.bmir.protege.web.shared.user.CreateUserAccountAction)

Example 4 with SaltedPasswordDigest

use of edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest in project webprotege by protegeproject.

the class UserRecordConverter method fromDocument.

@Override
public UserRecord fromDocument(@Nonnull Document document) {
    String userId = document.getString(USER_ID);
    String realName = document.getString(REAL_NAME);
    String email = orEmptyString(document.getString(EMAIL_ADDRESS));
    String avatar = orEmptyString(document.getString(AVATAR_URL));
    Salt salt = new SaltReadConverter().convert(document.getString(SALT));
    SaltedPasswordDigest password = new SaltedPasswordDigestReadConverter().convert(document.getString(SALTED_PASSWORD_DIGEST));
    return new UserRecord(UserId.getUserId(userId), realName, email, avatar, salt, password);
}
Also used : Salt(edu.stanford.bmir.protege.web.shared.auth.Salt) SaltedPasswordDigest(edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest)

Example 5 with SaltedPasswordDigest

use of edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest in project webprotege by protegeproject.

the class SaltedPasswordDigestWriteConverterTestCase method setUp.

@Before
public void setUp() throws Exception {
    converter = new SaltedPasswordDigestWriteConverter();
    digest = new SaltedPasswordDigest(bytes);
}
Also used : SaltedPasswordDigest(edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest) Before(org.junit.Before)

Aggregations

SaltedPasswordDigest (edu.stanford.bmir.protege.web.shared.auth.SaltedPasswordDigest)8 Salt (edu.stanford.bmir.protege.web.shared.auth.Salt)5 Test (org.junit.Test)3 Before (org.junit.Before)2 MongoClient (com.mongodb.MongoClient)1 Md5DigestAlgorithmProvider (edu.stanford.bmir.protege.web.shared.auth.Md5DigestAlgorithmProvider)1 PasswordDigestAlgorithm (edu.stanford.bmir.protege.web.shared.auth.PasswordDigestAlgorithm)1 ResetPasswordResult (edu.stanford.bmir.protege.web.shared.chgpwd.ResetPasswordResult)1 CreateUserAccountAction (edu.stanford.bmir.protege.web.shared.user.CreateUserAccountAction)1 UserDetails (edu.stanford.bmir.protege.web.shared.user.UserDetails)1 UserId (edu.stanford.bmir.protege.web.shared.user.UserId)1 Nonnull (javax.annotation.Nonnull)1