use of io.hops.hopsworks.common.security.utils.Secret in project hopsworks by logicalclocks.
the class AuthController method validatePassword.
/**
* Validates password and update account audit.
*
* @param user
* @param password
* @return
*/
public boolean validatePassword(Users user, String password) {
validateUser(user);
String userPwdHash = user.getPassword();
Secret secret = new Secret(password, user.getSalt());
if (!userPwdHash.equals(secret.getSha256HexDigest())) {
registerFalseLogin(user);
LOGGER.log(Level.FINEST, "False login attempt by user: {0}", user.getEmail());
return false;
}
resetFalseLogin(user);
return true;
}
use of io.hops.hopsworks.common.security.utils.Secret in project hopsworks by logicalclocks.
the class ApiKeyController method createNewKey.
/**
* Create new key for the give user with the given key name and scopes.
* @param user
* @param keyName
* @param scopes
* @throws UserException
* @throws ApiKeyException
* @return
*/
public String createNewKey(Users user, String keyName, Set<ApiScope> scopes, Boolean reserved) throws UserException, ApiKeyException {
if (user == null) {
throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE);
}
if (keyName == null || keyName.isEmpty()) {
throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_NOT_SPECIFIED, Level.FINE);
}
if (keyName.length() > 45) {
throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_NOT_VALID, Level.FINE);
}
if (scopes == null || scopes.isEmpty()) {
throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_SCOPE_NOT_SPECIFIED, Level.FINE);
}
ApiKey apiKey = apiKeyFacade.findByUserAndName(user, keyName);
if (apiKey != null) {
throw new ApiKeyException(RESTCodes.ApiKeyErrorCode.KEY_NAME_EXIST, Level.FINE);
}
Secret secret = generateApiKey();
Date date = new Date();
apiKey = new ApiKey(user, secret.getPrefix(), secret.getSha256HexDigest(), secret.getSalt(), date, date, keyName, reserved);
List<ApiKeyScope> keyScopes = getKeyScopes(scopes, apiKey);
apiKey.setApiKeyScopeCollection(keyScopes);
apiKeyFacade.save(apiKey);
// run create handlers
ApiKeyHandler.runApiKeyCreateHandlers(apiKeyHandlers, apiKey);
sendCreatedEmail(user, keyName, date, scopes);
return secret.getPrefixPlusSecret();
}
use of io.hops.hopsworks.common.security.utils.Secret in project hopsworks by logicalclocks.
the class UsersController method changePasswordAsAdmin.
private void changePasswordAsAdmin(Users user, String newPassword) throws UserException {
try {
Secret secret = securityUtils.generateSecret(newPassword);
authController.changeUserPasswordAsAdmin(user, secret);
} catch (Exception ex) {
throw new UserException(RESTCodes.UserErrorCode.PASSWORD_RESET_UNSUCCESSFUL, Level.SEVERE, null, ex.getMessage(), ex);
}
}
Aggregations