Search in sources :

Example 1 with PasswordBasedAuthenticationDataSource

use of org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource in project archiva by apache.

the class ArchivaUserManagerAuthenticator method authenticate.

@Override
public AuthenticationResult authenticate(AuthenticationDataSource ds) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
    boolean authenticationSuccess = false;
    String username = null;
    Exception resultException = null;
    PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
    List<AuthenticationFailureCause> authnResultErrors = new ArrayList<>();
    for (UserManager userManager : userManagers) {
        try {
            log.debug("Authenticate: {} with userManager: {}", source, userManager.getId());
            User user = userManager.findUser(source.getUsername());
            username = user.getUsername();
            if (user.isLocked()) {
                // throw new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
                AccountLockedException e = new AccountLockedException("Account " + source.getUsername() + " is locked.", user);
                log.warn("{}", e.getMessage());
                resultException = e;
                authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_LOCKED_USER_EXCEPTION, e.getMessage()));
            }
            if (user.isPasswordChangeRequired() && source.isEnforcePasswordChange()) {
                // throw new MustChangePasswordException( "Password expired.", user );
                MustChangePasswordException e = new MustChangePasswordException("Password expired.", user);
                log.warn("{}", e.getMessage());
                resultException = e;
                authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()));
            }
            PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
            log.debug("PasswordEncoder: {}", encoder.getClass().getName());
            boolean isPasswordValid = encoder.isPasswordValid(user.getEncodedPassword(), source.getPassword());
            if (isPasswordValid) {
                log.debug("User {} provided a valid password", source.getUsername());
                try {
                    securityPolicy.extensionPasswordExpiration(user);
                    authenticationSuccess = true;
                    // REDBACK-151 do not make unnessesary updates to the user object
                    if (user.getCountFailedLoginAttempts() > 0) {
                        user.setCountFailedLoginAttempts(0);
                        if (!userManager.isReadOnly()) {
                            userManager.updateUser(user);
                        }
                    }
                    return new AuthenticationResult(true, source.getUsername(), null);
                } catch (MustChangePasswordException e) {
                    user.setPasswordChangeRequired(true);
                    // throw e;
                    resultException = e;
                    authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()).user(user));
                }
            } else {
                log.warn("Password is Invalid for user {} and userManager '{}'.", source.getUsername(), userManager.getId());
                authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Password is Invalid for user " + source.getUsername() + ".").user(user));
                try {
                    securityPolicy.extensionExcessiveLoginAttempts(user);
                } finally {
                    if (!userManager.isReadOnly()) {
                        userManager.updateUser(user);
                    }
                }
            // return new AuthenticationResult( false, source.getUsername(), null, authnResultExceptionsMap );
            }
        } catch (UserNotFoundException e) {
            log.warn("Login for user {} and userManager {} failed. user not found.", source.getUsername(), userManager.getId());
            resultException = e;
            authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Login for user " + source.getUsername() + " failed. user not found."));
        } catch (Exception e) {
            log.warn("Login for user {} and userManager {} failed, message: {}", source.getUsername(), userManager.getId(), e.getMessage());
            e.printStackTrace();
            resultException = e;
            authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, "Login for user " + source.getUsername() + " failed, message: " + e.getMessage()));
        }
    }
    return new AuthenticationResult(authenticationSuccess, username, resultException, authnResultErrors);
}
Also used : UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException) User(org.apache.archiva.redback.users.User) PasswordEncoder(org.apache.archiva.redback.policy.PasswordEncoder) ArrayList(java.util.ArrayList) RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException) AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException) UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException) MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException) AuthenticationFailureCause(org.apache.archiva.redback.authentication.AuthenticationFailureCause) UserManager(org.apache.archiva.redback.users.UserManager) PasswordBasedAuthenticationDataSource(org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource)

Aggregations

ArrayList (java.util.ArrayList)1 RepositoryAdminException (org.apache.archiva.admin.model.RepositoryAdminException)1 AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)1 AuthenticationFailureCause (org.apache.archiva.redback.authentication.AuthenticationFailureCause)1 AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)1 PasswordBasedAuthenticationDataSource (org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource)1 AccountLockedException (org.apache.archiva.redback.policy.AccountLockedException)1 MustChangePasswordException (org.apache.archiva.redback.policy.MustChangePasswordException)1 PasswordEncoder (org.apache.archiva.redback.policy.PasswordEncoder)1 User (org.apache.archiva.redback.users.User)1 UserManager (org.apache.archiva.redback.users.UserManager)1 UserNotFoundException (org.apache.archiva.redback.users.UserNotFoundException)1